comodo firewall so weak ?

Discussion in 'other firewalls' started by mantra, May 4, 2011.

Thread Status:
Not open for further replies.
  1. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,127
    Hi

    i have comodo firewall last version under xp sp3

    well i found a weird behavior


    i installed comodo some moths ago , and i had firefox 3.6.1 installed
    i create some rules for firefox

    but when i update firefox 3 to 4 (and added new components and disabled others) , comodo did not pop up a window to warning me about the new version of firefox

    i mean the size , hash of firefox.exe did change , but comodo 5 last version did not notice and even did not warning me

    i disabled secure application

    in short a firefox.exe lamed by malware could by pass comodo so easly ?

    thanks
     
  2. burebista

    burebista Registered Member

    Joined:
    Mar 4, 2010
    Posts:
    208
    Location:
    Romania
    It's digitally signed by Mozilla thus it's on whitelist so no popups.
     
  3. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,127
    but i disabled the the whitelist
     
  4. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    Comodo firewall doesn't work that way , meaning ... if you have rule for example Firefox and you update Firefox , rule that you made for it will still apply , it doesn't matter that hash for Firefox has changed.
     
  5. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,127
    so if i add a component (that could be a beak for my privacy ) or a malware overwrite firefox , comodo doesn't detect it ?

    even outpost 2.0 ,6 years ago was able to do it
     
  6. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    Yes comodo detect if the file is different, maybe your comodo is not configured as you think.
    Have you checked the option "create rules for safe applications" in the firewall settings?
    Maybe is because you manually acepted the the digital certificate of Mozilla with firefox v3 and firefox 4 uses de same certificate.
     
    Last edited: May 4, 2011
  7. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    I'm talking about firewall only , so I'm not sure what do you mean exactly.
    I'm using only firewall component , so I don't know if other features would detect your scenario.
     
  8. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,127
    yes , i have checked the option "create rules for safe applications" , in short in ON
    what should i turn on ?

    thanks to everbody
    cheers
     
  9. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    I don't believe you can do what you want with Comodo.
    If you have rule created for some app. and that app. changes via update or something else , existing rules will still apply.
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Go back to comodo firewall 2.0 it has hash check on allowed executables :p
     
  11. IceCube1010

    IceCube1010 Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    963
    Location:
    Earth
    Wow! Great Memory! It was nice when security was so simple.
    Ice
     
  12. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    some times whitelisting programs can be a pain too as malware writers are getting a way around:D o_O
     
  13. bollity

    bollity Registered Member

    Joined:
    May 9, 2009
    Posts:
    179
    pc tools firewall will ask you if the file changed.comodo will not ask if the file is in the same path. if file path changed it will ask for permission.
     
  14. drakhil

    drakhil Registered Member

    Joined:
    Jun 27, 2010
    Posts:
    15
    comodo has a novel cloud based system and firewall checks for any abnormal activity almost real time in cloud and allows it if found safe
    this is a method to prevent common users to face lesser perplexing alerts
    they have sandbox based security also which automatically sandboxes any unknown program thus restricting it's capability to cause any potential damage
    regards
    Akhil
     
  15. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    If malware attemts to replace/overwrite an executable, D+ will alert you. If you do it yourself in Explorer or it's done with a signed installer, you probably won't be alerted, depending on your settings. I'm trying out OA right now so I can't check.
     
  16. Heimdall

    Heimdall Registered Member

    Joined:
    Jul 29, 2009
    Posts:
    176
  17. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,127
    without d+ , comodo is really weak
     
  18. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    Without D+, it's little more than a packet filter which can't be criticized for duties it's not expected to perform.
     
  19. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    This is why D+ is there but still you have the sandbox.

    Anyway it's like say "Norton without the AV is really weak..."
     
    Last edited: May 6, 2011
  20. jnthn

    jnthn Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    185
    But why do these modern firewalls rely so heavily on their HIPS components? Can't they implement something like the old Kerio that warns if the application's MD5 hash has changed without requiring HIPS to be on?

    I believe Outpost also behaves similar to Comodo in that it'll only warn of changed executable if the HIPS is enabled.
     
  21. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    If the file is trusted because is in the whitelist or you already made it trusted manually and gave it access to internet in a FW popup where is the problem?
    Maybe only if somebody uses the FW alone, anyway if somebody is really interested you can add this idea to the whitelist, is a good one.
     
  22. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    No the sandbox is part of D+.
    "If Defense+ is deactivated permanently, this option will have no effect."
     
  23. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    I mean just disabling D+ (right click on the icon -> D+ -> Disable)
     
  24. jnthn

    jnthn Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    185
    This was my point actually. If a user only installs the firewall and no D+, rules are enforced via filename/file path. Comodo will not prompt the user if the executable connecting out has changed unlike Kerio which doesn't have HIPS but still alerts the user that the executable's hash has changed and asks to allow the outgoing connection or not.
     
  25. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    The firewall is desgned to work together with the rest of the suite.
    Probably they haven't added this feature because it will be overlaping with D+, also almost everybody install at least, the FW, D+ and the sandbox. If you only want a firewall with MD5 check try another, or you can add this idea to the comodo whitelist.

    If you remove features to any other suite will happen the same thing, but only Comodo and avast allow you to install what you want
     
Loading...
Thread Status:
Not open for further replies.