Comodo Bypassing settings protection using magic pipe Vulnerability

Discussion in 'other firewalls' started by gre87y, Mar 1, 2007.

Thread Status:
Not open for further replies.
  1. gre87y

    gre87y Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    164
    http://www.matousec.com/info/advisories/Comodo-Bypassing-settings-protection-using-magic-pipe.php
     
    Last edited by a moderator: Mar 1, 2007
  2. jadinolf

    jadinolf Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    465
    Location:
    Ojai, CA
    So are you saying that we shouldn't use Comodo?

    What are the risks?
     
  3. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Yep, Matousec Experts are saying that you shouldn't use ANY FIREWALL AT ALL, obviously. Read the reviews carefully on their site, ESPECIALLY the bolded sentences. If they take a firewall and test it, you can be pretty sure that it willl be labeled as "almost worthless". "The one you are currently using is crap, and the other one is crap also, and so are all other alternatives we have tested". No, really, let's get serious, these kind of reviews should not be available for general public insight. If you are not aware that the bugs and flaws are pretty normal part of every software ever compiled (not just security apps), and that absolute protection is impossible to achieve, you would leave matousec.com trembling with fear. I just wonder how many users uninstalled their current firewall and installled the other one after visiting and revisiting Matousec reviews. As it seems that everyone with no exception is absolutely sure that these guys are genuine experts, the same is my impression. But I don't think their intention is to scare us average Joes off, but to force and help vendors to produce the best possible software. So I would say that these reviews are aimed to vendors in first place, and to people who understand that hitech terminology they are using. BTW, can someone please explain me what the hell is "magic pipe"? (I wouldn't mind puffing a smoke or two from that pipe :D :D) And those "very special conditions"... What's the chance of meeting those conditions? 0.1%? 0.01%? More likely 0.001.

    Hey jadinolf

    Of course you should use Comodo, it's an excellent firewall. It's not my preference, I think it's not matured enough yet, but it's development is in constant progress, which is very good. Those guys at Comodo are working very hard, and I am sure that they will give us an exceptional piece of software in no time.

    Please, stop posting Matousec's reviews here. Or any for that matter. Wouldn't it be nice if the users of security software who post on this forum would give advices out of their OWN experiences? These forums are visited in large numbers by newcomers to security who just want a simple advice and simple solution. Do not confuse them with 'magic pipes'.

    Sorry if a was a bit harsh, but I had to say something after seing that jadinolf's question.

    My regards,

    Seer.
     
  4. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Wilders is a security forums for experts, who knows, how to take those reviews, but I agree, that it should not posted on common forums. I like those reviews, they reveal interesting and usefull info. By the way, you could also say, that AV-Comparatives results should not be posted here either, becuase newbies ussually look on the overall score and then they switch to the AV, which got the best "score". Yes, there are some newbies, but they will visit only once, asking for "the best" or they will stay and then they will learn, how to accept info.
     
  5. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Hello The TOM_SK. :D

    Well, I realize that I perhaps went over the line a bit in my previous post. But you will agree with me that there are no 'Experts' on this thread discussing that Matousec advisory. All I see is jadinolf questioning himself whether or not should he continue to use his current protection. I don't really believe that this is the result that Matousec experts want to produce. I saw this thread started by gre87y a few days ago, and didn't know what to reply, as I am certainly no expert on magic pipes or other damn pipes. I believe that the gre87y's motive of posting this advisory was a demand of a better explanation, and some common word advices from experts around here. But the third day is passing, and the experts are nowhere to be found so far. If we all take Matousec's reviews so seriously, wouldn't you expect to see a bunch of experts discussing and arguing this advisories. No, noone even dares to question Matousec, they are simply took for granted. The point is in fact that 99% of visitors on Matousec.com (or wildersssecurity.com for that matter) don't understand a word they are saying, and use the following logic: "Oooh, these guys at Matousec sound sooo techie, I don't get a word they're saying, so they must be some serious experts. OK, I won't bother using my brains too much, I'll just look at the tables and choose the number 1 from it. Now I fel soooo secure." This is so ridiculous and unacceptable for me, wouldn't you agree? Now, Tom, as neither you or I can 'translate' that last advisory on Comodo from Matousec and help gre87y and jadinolf (or ourselves), I STILL expect to see not one but several expert comments, and I would also very much like to see at least one expert (though I really don't know how to define an 'expert') criticizing Matousec. I don't think newbies are so rare on Wilders, take a closer look, the majority of people here have little or mediocre knowledge of computer security (I certainly belong in either group). Also, Tom, would you mind telling me why do YOU like Matousec's reviews, and how do you find their reviews useful?

    Regards,

    The Seer
     
  6. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Matousec's reviews have been discussed many times (Firewall termination defense, which firewalls pass all leaktests), this is just one advisory, so there is actually nothing to discuss. Matousec has already found out, that Comodo uses CRC32 instead of at least MD5 and this update just shows another "bug", which makes me think, that there really is not a perfect firewall and I believed, that Comodo was better than others. I personally do not care about firewalls too much, since I use none, but I just want to know, which one to recommend.

    Why do I trust to Matousek? Well at first, we mailed a few times long time ago and I got the impression, that he is a skilled man. Second, his advisores are published on other security webpages, like Secunia, Security Focus or Security Team and those are trustfull pages.

    Well lets talk about this advisory. I admit, that I do not fully understand it, but that is the point of it. Now I will spend some time looking for some info about it and I will learn more about it, what would not happen, if it would not be posted in here. Security Team reveals the POC actions in detail and it confirmed me, in other words, I have learned, that disabling debug privileges is a good idea, because without them, this POC would not work. I guess, that pipe is randomly generated name, like token but I have no idea, what is a magic pipe.
     
  7. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Yes, my friend, you hit the right spot there when you said that there is no perfect firewall, and let me just add that there will NEVER be a perfect firewall either. But if you say that you base your confidence in Matousec on trust, isn't the same case with vendors? You (well not you, I am speaking in general terms) should then base your confidence in a certain vendor on trust aswell. No vendor has ever let ME down yet, and I have nothing bad to say about any firewall, and that includes native XP. I am sorry that I can't discuss this advisory with you, as I am certainly not qualified to do it. I am also uder the impression that Matousec knows his business as you are, and as I have no clear idea what he is talking about, I pretty much use the same logic from my previous post: listen to the elder geek.
    But I admit that I would very much like to see Matousec Firewall Pro. And some advisories on it also... :)

    Seer
     
  8. CReal

    CReal Registered Member

    Joined:
    Feb 17, 2007
    Posts:
    42
    Such advisories with exotic ways of bypassing settings etc,are all good in theory,but come on,what is the chance that one running Comodo firewall will encounter a malware that will be able to apply this kind of attack?

    Or if we suppose that such a sophisticated malware will exist,if you allow it to execute ,i think you will have much bigger headaches than worrying about Comodo's settings.If it can do that,i bet it can do much more damage and personally i would simply format.

    Such kind of possible attacks,are absolutely no reason for abbandoning a firewall.After all,there are other security applications that can protect both the registry and Comodo itself.In any case,with a such a "nasty" already on my pc,i would nuke the installation asap.
     
  9. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Hello CReal.

    :thumb: :thumb:
    That's exactly what I was trying to say. You nicely shorten it a bit. ;)
     
  10. Dwarden

    Dwarden Registered Member

    Joined:
    Apr 11, 2003
    Posts:
    176
    Location:
    Czech Republic
    well one would say after publishing that advisory , chance of encoutering malware with such type of attack drastically raised ...

    yet i'm fine that Matousec posts his advisories ... in the end we all get better products :) (invisible magic hand of market forcing companies to improve :D
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello,
    Named Pipe Some info
    Anonymous Pipe Some info
     
  12. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Hey, Stem

    Just the right man for this thread, and with a concrete action on the spot.

    Thanks. Very useful. I'll be taking a good look.
     
  13. jadinolf

    jadinolf Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    465
    Location:
    Ojai, CA
    Thanks for the comments guys.
     
Loading...
Thread Status:
Not open for further replies.