COMODO Firewall 3.9.95478

A known issue re-occured once again, after re-installation the problem disappeared for the moment.

http://i44.tinypic.com/2d0xa9x.png

Silently rattened by unknown cause, diagnostic says once again ok.

Some other incompat issue: I tried Ad-Aware anniversary edition but that caused a crash of Comodo GUI.

System: Vista 64 SP2.

 

SystemJunkie,

Can you please list all the software you running here please? Or a better alternative instead of me trying to resolve it would be to do a Bug Report in the Comodo Forums.

Cheers,
Josh

 

Too late for bugreport, I already re-installed Comodo.

I use a lot of software but relevant is probably only the one with driver. I erased the list due to lack of response,
furthermore I think it is nearly impossible to find the bug or weakness with such a enumeration.
Probably truecrypt 6.2 driver interferes in some way.

 

Another crash attack:
http://i44.tinypic.com/10z3iuh.png

This happened a lot the last months.
http://i43.tinypic.com/1zoaq1h.png
and the GUI crash
http://i40.tinypic.com/1672u6q.png

The second time, this version is not secure at all!
Any new version available?

 

v3.10 will be available soon... Let's see if that resolves anything.

Cheers,
Josh

 

Will that be the version incl. new features like Smart Mode without the current workaround? (I expect Smart Mode to be just that; smarter, so that no manual actions need to be done to install legit software not yet completely seen by COMODO.)

 

Great! BTW Comodo is not the only top of the notch firewall that suffers from this unknown attack, Outpost 2009 64 bit was attacked too. They tunneled thunderbird and managed to destroy latest outpost too. The Ip that thunderbirds uses to connect to mozilla seems to be exploited by this hacker crew. If someone uses mozillas mail client I suggest people to block thunderbirds connection server. I made a protocol of the intrusive traffic if someone is interested.

The problem is the server ability of browsers and mail clients, if one blocks server ability they also block this viral packets but you can´t surf, if you allow browser, you can surf but this viral traffic is always on board with its attached poisoned packets. I doubt that this is govware, it is too aggressive, this looks like experienced and globally organized hackers at work.

Little screen summary of interesting occurances:
http://i44.tinypic.com/2eeehs8.png
(I did not allow these events on the screen)

Attack method as usual.. probably HTTP/Mailclient-tunneling/poisoning, OS subversion.
System: Windows Vista 64 SP2.

In all events I set the firewalls on tightest level maximum security for both, all extras, packet analysis,
ipv6 disallow, arp block.. Comodo has the advantage that one can cultivate a huge ip range block list.

 

SystemJunkie

I see the've also taken over the GUI's and changed most of them into German lol. Only kidding !

govware, DOD etc etc, yeah you never know do ya !

Just noticed your tag " Resident Conspiracy Theorist " like it.

 

WHat do you want to tell? I really don´t know what you want to say? You think that the firewalls are both buggy?

You think these screens are just for fun? Probably you are kidding.

Do you know? I see a lot of names in http-traffic shall I enumerate them here?
You would wonder how many of them are known.. I guess soon it is time for a full report to a anti-cybercrime org.

Audiodg (security obscurity) wants to terminate ntoskrnl that might be kidding but only from windows vista.

 

SystemJunkie

As i said i was only kidding/joking. I didn't really think the GUI's had been changed into German by Malware or anything else !

Yes you're right, and i do know, only too well. I used to frequently analyise my firewall logs in real time. To my utter surprise daily i found probes from, DOD and numerous other .GOV type IP addys. Not only that but inocent sounding ones like forestry commision etc etc, and also some big name companys with links to you know who. I know cos i looked 'em all up.

I was told it was nothing to be concerned about, just " normal " traffic, or faked IP's. Still not one got through, whoever they were/are. I think there is a lot more to this than just coincidence etc. I'm not worried at all, just curious as to why.

Regards,

S

 

At least your firewall didn´t crash. Probes and IDS reports are usual but not if firewalls crash on a regular basic, even different ones and especially when your sniffer shows active http tunneling without a trigger. I monitored this on many systems, no matter if Amd, no matter if Intel, no matter if virtualized, no matter if windows vista or windows xp or 32 bits or 64 bits, firewalled or not, no matter if using linux in windows or reverted, they are simply everywhere, this is globally organized crime.

 

The problem with your applications such as your web browser and email client is they are acting as servers. Haven't you tried sandboxing them?
Better yet, you can try to use a firewall with stateful packet inspection and not just stateful-like.

 

Any useful links for 64 bit OS are appreciated.

But maybe it could be even more safe to switch back to 32 bit with full kernel overview and without the latest ms traps like audiodg restriction, patchguard and co. Audiodg can be misused to protect malware, this way it evades in a very efficient way all sorts of control mechanisms.

 

Here you go... http://www.mntolympus.org/SPFSPIFWS.html