Comodo Firewall Test Suite

There is no sense to test product developed by the same company that developed the test. It would be much more interesting to test Comodo aganist the tests developed by other company. Unfortunately, other companies do not care about marketing tests

Ohhh. if somebody paid me 1000 EUR I'd prepared in 1-2 weeks at least 5 tests that break any version of Comodo.

 

Like it has already been stated before in this post. These leaktests for the most part are standard and not created by Comodo. These tests are a good way to gauge any fw/hips combo. It just happens that Comodo releases them because their product, defense+, is a very capable hips program.

 

A-ha, you're right, I'm using latest translators beta too

Anyway, it's very fast and easy test..
If we're looking for "professional" tests, we should watch Matousec test, imho

What they mean is, probably, that Comodo put only tests that Comodo's firewall passes, while EQS in many cases is much better than D+ or OA

 

When we start to compare the difference between 280 and 340 the "most" is inappropriate. For exampe, submitting autorun does not mean this autorun will be allowed to start. Creating a file in system32 with admin account cannot be regarded as leak as well. So ... who makes a test makes the rules. There is not any doubt if a game goes according to YOUR rules you have a favour. Other people can have other points of view on what is LEAK. As for me, LEAK is an evidence information leaked from your computer. But Comodo tests show "fail" even in case your computer is unplugged from any connection, which is completely misleading.

Take a look at matousec tests. They only say "fail" in case confirmation was received from a remote site. Comparing to matousec these tests are nothing, but PR company to make you think Comodo is better than the others. But this is not true.

 

To make it faster with OA you can untick "Prompt on unknown programs" checkbox, then you can "Close GUI Interface" and all the alerts will be supressed and auto-answered "block" and "Don't remember my decision". With these options all the test takes 5 seconds

If you don't have "Close GUI interface" option, you can open Firewall->"Program access" tab and press Ctrl+Alt+S, which brings you to so called "Smart" mode (something like Eastern Egg)

As for EQS, I'm very interested to know where it is better than OA. I respect the both products, but OA is my "weakness", so my quriosity is explainable

 

What the hell is your problem?

The guy gave an opinion and all you can say is "if somebody paid me 1000 EUR I'd prepared in 1-2 weeks at least 5 tests that break any version of Comodo", You know what mate... If you are so much against Comodo for whatever reason (I don't care), Then maybe you should keep your mouth shut, and stop making biased opinions with NO evidence what so ever, And keeping on topic; NOT reaching pockets for money.

 

Just other leaktests... calm down With EQS v3.41 alone, i get 260/340. It all depends on your personal rules. If it fails, you can fix it.

Can someone test Malware Defender? This is a pretty good hips too and we may mave good suprises.

Edit: forget it, got it from another thread.

 

Was it the 320/340 result?
Well, don't believe the hype.
I've tested MD with out of the box settings and the Windows Firewall turned off.

230/340, XP SP3, MD v1.2.0 b5
240/340, Vista SP1, MD v1.1.3

MD failed the following tests.
1. Hijacking: ActiveDesktop
3. Hijacking: ChangeDebuggerPath -> only XP
5. Hijacking: SupersedeServiceDll
9. Impersonation: BITS
10. Impersonation: Coat
14. InfoSend: DNS Test
15. InfoSend: ICMP Test
16. Injection: AdvancedProcessTermination
19. Injection: DupHandles
20. Injection: KnownDlls
29. Invasion: RawDisk

Cheers

 

Retested and edited post........
https://www.wilderssecurity.com/showpost.php?p=1345332&postcount=269

 

My main problem is you have not any sense of humour traces

You think 1000 is not enough ?

 

retested and got 330 out of 340 with Comodo IS.
Pretty strange anyway.

 

Tested on Windows Vista Home Premium SP1 32bit with Windows Firewall and Norton Antivirus 2009 on it....

 

If I don't have it set to proactive security I get a 330/340 failing the startup programs one. Anyone know what it different in the proactive security settings that stops this?

 

What are your settings for KIS? My wife's laptop is on default settings with KIS 2009 (Vista Home Premium) and it only scored 110.

I just tried it will all options on high and got 110 again.

 

Lol strange to see all the different scores with the same softwares Leaktests coding problem? Probably.

 

@Alcyon

Pls pass along your next rule sets hints and if you can just what you are exploring right now to elevate even more protections to be expected once your ideas and mind is made up on what to expect for v3.41.

Thanks and never misss a beat in all your new ideals that you are creating to keep EQS the very best HIPS thats ever been devised ever before.

Your loyal supporter and friend

EASTER

 

There can be a difference btw leaktests and real malwares. That's what annoying me a little.

Anyway, time for another battery of tests.

 

Just tried it on XP SP2 with NIS 2009 and scored 10/340. Gotta love this.

 

With OFP2009 and its hips alone, i get 230/340.

Hijacking: ActiveDesktop = Vulnerable
Hijacking: ChangeDebuggerPath = Vulnerable
Hijacking: SupercedeServiceDll = Vulnerable
Hijacking: UIHost = Vulnerable
Impersonation: BITS = Vulnerable
Injection: AdvancedProcessTermination =Vulnerable
Injection: DupeHandles = Vulnerable
Injection: KnownDlls = Vulnerable
Invasion: FileDrop = Vulnerable
Invasion: RawDisk = Vulnerable
RootkitInstallation: ChangeDrivePath = Vulnerable

 

Me too, with Advanced Host Protection.
With default settings (Optimal Host Protection) 170/340.
Both with XP.

A few other results, all with default settings except for the mentioned.

a-squared Anti-Malware (XP) - 70/340

DefenseWall HIPS, clt.exe untrusted (Vista) - 250/340

GeSWall Pro, clt.exe isolated (XP) - 150/340

KIS 2009, Interactive Mode (XP) - 260/340
KIS 2009, Interactive Mode (Vista) - 210/340
KIS 2009, Automatic Mode (XP) - 30/340

NIS 2009, Advanced Event Monitoring enabled (XP) - 120/340
NIS 2009, default settings (XP) - 30/340

Real-time Defender (XP) - 220/340

System Safety Monitor (Vista) - 270/340

Cheers

 

In a german security forum (rokop-security.de) some one mentioned that vista stand alone will reach 100/340. Link to the Discussion: click

If Windows XP standalone reaches less (or more) the results mentioned must be seperated between the two operating systems to get comparable results.

Edit: as i read on rokop-security another user got different results with the same os and the same av. -.-

 

If the truth be known i could easily set up EQS 3.41 to PASS all those with ease such as a SRP type lockout rule. But i'll give it a go by allowing some passages and see what the results return.

EASTER

 

I use GDATA IS 2009 and my score was around 200. But i dont care so much about this test. I belive that my antimalware and antivirus engine would block any rough program from entering my machine, if it was a real threat and not just a test, in the first place.

I visit the page where you could download this test and under another folder there where a whole set of other tests that i downloaded and run. GDATA block most of them. And that, for me, is satisfying!

I am behind a router and my internet supplier uses proxy server so i dont pay much attention to this test.

Man i cant sleep! Its 01.24 nighttime here.

 

Take a window bed view, turn off your PC, and maybe that will help.

 

Or some are running it under their admin accounts while others under their limited accounts. With OPFW2009, Host Protection off, and using Malware Defender, I get 310/340 under limited account; 260/340 under admin account.

Is there a "rule" under which account type this should be run?