COMODO Firewall 3.9.95478

Discussion in 'other anti-malware software' started by SystemJunkie, May 28, 2009.

Thread Status:
Not open for further replies.
  1. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    A known issue re-occured once again, after re-installation the problem disappeared for the moment.

    http://i44.tinypic.com/2d0xa9x.png

    Silently rattened by unknown cause, diagnostic says once again ok.

    Some other incompat issue: I tried Ad-Aware anniversary edition but that caused a crash of Comodo GUI.

    System: Vista 64 SP2.
     
  2. 3xist

    3xist Guest

    SystemJunkie,

    Can you please list all the software you running here please? Or a better alternative instead of me trying to resolve it would be to do a Bug Report in the Comodo Forums.

    Cheers,
    Josh
     
  3. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Too late for bugreport, I already re-installed Comodo.

    I use a lot of software but relevant is probably only the one with driver. I erased the list due to lack of response,
    furthermore I think it is nearly impossible to find the bug or weakness with such a enumeration.
    Probably truecrypt 6.2 driver interferes in some way.
     
    Last edited: May 28, 2009
  4. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
  5. 3xist

    3xist Guest

    v3.10 will be available soon... Let's see if that resolves anything.

    Cheers,
    Josh
     
  6. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Will that be the version incl. new features like Smart Mode without the current workaround? (I expect Smart Mode to be just that; smarter, so that no manual actions need to be done to install legit software not yet completely seen by COMODO.)
     
  7. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Great! BTW Comodo is not the only top of the notch firewall that suffers from this unknown attack, Outpost 2009 64 bit was attacked too. They tunneled thunderbird and managed to destroy latest outpost too. The Ip that thunderbirds uses to connect to mozilla seems to be exploited by this hacker crew. If someone uses mozillas mail client I suggest people to block thunderbirds connection server. I made a protocol of the intrusive traffic if someone is interested.

    The problem is the server ability of browsers and mail clients, if one blocks server ability they also block this viral packets but you can´t surf, if you allow browser, you can surf but this viral traffic is always on board with its attached poisoned packets. I doubt that this is govware, it is too aggressive, this looks like experienced and globally organized hackers at work.

    Little screen summary of interesting occurances:
    http://i44.tinypic.com/2eeehs8.png
    (I did not allow these events on the screen)

    Attack method as usual.. probably HTTP/Mailclient-tunneling/poisoning, OS subversion.
    System: Windows Vista 64 SP2.

    In all events I set the firewalls on tightest level maximum security for both, all extras, packet analysis,
    ipv6 disallow, arp block.. Comodo has the advantage that one can cultivate a huge ip range block list.
     
    Last edited: Jun 10, 2009
  8. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    SystemJunkie

    I see the've also taken over the GUI's and changed most of them into German lol. Only kidding !

    govware, DOD etc etc, yeah you never know do ya !

    Just noticed your tag " Resident Conspiracy Theorist " like it.
     
  9. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    WHat do you want to tell? I really don´t know what you want to say? You think that the firewalls are both buggy?

    You think these screens are just for fun? Probably you are kidding.

    Do you know? I see a lot of names in http-traffic shall I enumerate them here?
    You would wonder how many of them are known.. I guess soon it is time for a full report to a anti-cybercrime org.

    Audiodg (security obscurity) wants to terminate ntoskrnl that might be kidding but only from windows vista.
     
    Last edited: Jun 10, 2009
  10. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    SystemJunkie

    As i said i was only kidding/joking. I didn't really think the GUI's had been changed into German by Malware or anything else !

    Yes you're right, and i do know, only too well. I used to frequently analyise my firewall logs in real time. To my utter surprise daily i found probes from, DOD and numerous other .GOV type IP addys. Not only that but inocent sounding ones like forestry commision etc etc, and also some big name companys with links to you know who. I know cos i looked 'em all up.

    I was told it was nothing to be concerned about, just " normal " traffic, or faked IP's. Still not one got through, whoever they were/are. I think there is a lot more to this than just coincidence etc. I'm not worried at all, just curious as to why.

    Regards,

    S
     
  11. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    At least your firewall didn´t crash. Probes and IDS reports are usual but not if firewalls crash on a regular basic, even different ones and especially when your sniffer shows active http tunneling without a trigger. I monitored this on many systems, no matter if Amd, no matter if Intel, no matter if virtualized, no matter if windows vista or windows xp or 32 bits or 64 bits, firewalled or not, no matter if using linux in windows or reverted, they are simply everywhere, this is globally organized crime.
     
    Last edited: Jun 11, 2009
  12. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    365
    The problem with your applications such as your web browser and email client is they are acting as servers. Haven't you tried sandboxing them?
    Better yet, you can try to use a firewall with stateful packet inspection and not just stateful-like.
     
  13. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Any useful links for 64 bit OS are appreciated.

    But maybe it could be even more safe to switch back to 32 bit with full kernel overview and without the latest ms traps like audiodg restriction, patchguard and co. Audiodg can be misused to protect malware, this way it evades in a very efficient way all sorts of control mechanisms.
     
    Last edited: Jun 11, 2009
  14. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    365
Loading...
Thread Status:
Not open for further replies.