COMODO Internet Security 3.5.56968.437 released

Discussion in 'other firewalls' started by Fuzzfas, Dec 2, 2008.

Thread Status:
Not open for further replies.
  1. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Last edited: Dec 2, 2008
  2. 3xist

    3xist Guest

    Yeah, Update was pulled back. I guess we will wait till Egemen goes on the forums. There are other fixes too apart from Matousec bug.
     
  3. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    yes they pull it back :(

    hope new one popup soon :p
     
  4. 3xist

    3xist Guest

    It now be out tomorrow (Wednesday).
     
  5. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    703
    Hi

    Doesn't seem that Comodo can get anything right at the moment?

    Not confidence inspiring is it?

    Terry
     
  6. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    I think Comodo's free offer to the pubblic is unprecedented. But i also think they should have kept the firewall and antivirus as separate products. The more code you put into one product, the more likely it gets to have bugs.

    D+ already has a very complicated job to do, i don't think it helped adding a built in AV, which is still immature btw.

    In any case, Comodo IS is probably the best free security product out there, as far as level of security is concerned.

    Every application has bugs, it's inevitable. For me the Matousec bug is of secondary importance. I would prefer live with that bug , but have improvements in the firewall TCP and UDP performance and abbandon the extensive use of registry for rules, which is said, that is the cause of slowdown , once you make many rules in Comodo.
     
  7. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    What is exactly Matousec bug? When option in software is broken it is software bug or you think only Matousec can kill it?
     
  8. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    If you mean that being able to kill Comodo in not Paranoid mode is Matousec bug, I'm afraid you are very very wrong. HIPS product should be able to protect itself from termination in any mode. Also I think older tests (with default settings) were more correct. Most users use default settings and it is kinda logical that a vendor provides default settings as the best settings product can have. It would be silly not to go this way. And if default settings are not secure, then it should be clearly stated.

    I just wonder, will there be a time when Comodo stops to blame others for ther own bugs ?
     
    Last edited: Dec 3, 2008
  9. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    +1 :thumb:
    Or at least have the results in the same table for the default settings.

    Fax
     
  10. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Yeah, i meant the bug that was found in Matousec, relax. I was bored to explain it again, since there has been extensive talk about it, my bad.
     
  11. 3xist

    3xist Guest

    I'm sorry, I meant the bug YOU guys (Matousec) Found. Sorry for the misunderstanding. BTW there hasn't been a user that has reported any problems with the default settings in CIS 3.5x/CFP 3.0x, That includes virus problems - And believe me Comodo would NOT leave you vulnerable knowingly, Despite your so called "leak tests"

    So far you're the first to complain about it to be honest! :) Anyway I think this thread can be closed since it's a dup.
     
  12. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    Why whould I believe you ? "In God we trust" :)
    This is a problem. Most people just "believe". Also, from what I saw, most Comodo users have additional security, so Comodo theoretical fail has very low chances to be converted in a real fail.

    And as IT professional I should say, there is no difference in real threats and leak tests. If you analize real threats close, you'll see that ~99.99% of them are nothing, but child toys any HIPS system can stop. But there always are the chances something new appears. For example, some time ago Comodo didn't have DDA detection (not too long ago), but you said in those times "believe me, Comodo is rock". Still without DDA detection something like Rustok could do with your computer whatever it wished. Now, when there is a correspondent DDA test, you can be sure that this vector of attack is under control. But who knows, may be there are some others ? So how can you say "believe me" ? :)
     
  13. robinb

    robinb Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    456
    Location:
    NJ
    a major update popped up on CIS this morning and it asked for a reboot.
    mine says 3.54.57173.439

    also here is a thought. As said first i had installed it with firewall only and not defense + which is the HIPS part of the firewall.

    I know find things are going slower than they did with just the firewall, but look at all the trojans getting into peoples computers now a days. Why have defense + if they are getting through anyway?

    Also, with defense + if you have no clue what you are doing and you "allow" something that should not be allowed- you are defeating the purpose.

    And if you stay away from the bad sites, and have webguard on like with Avira doesn't that work like a HIPS?

    Do I really need the defense + if I am running Avira Premium?
    I can see I would need this if I was running the free version that has no webguard.
    AVG also runs webguard in their free version and their pro. So in these cases is defense + overkill?

    comments?

    robin
     
  14. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    A webgaurd is not HIPS, you dont need HIPS unless your gonna get hit with a zero day attack (new unknown malware) but i cant predict your future - bummer
     
  15. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    I think that's is normal when running a HIPS to have somewhat a slowdown. When you have hooks and tripwires everywhere, it's logical...

    Those people that get all those trojans are running Comodo with D+? If so, they should read Comodo's manual, because i think that 99,999% of the cases, they let something execute and Comodo won't protect you from shooting yourself on the foot.

    Yes, i don't know why, but many people run Comodo thinking that since it has a thorough HIPS coverage, it will become panacea without them doing anything. Clueless people, shouldn't be running Comodo with D+, because exactly the whole purpose of a pop up, is to be able to answer it after thinking, not after clicking for fun. So, if someone has no clue of what he is doing in Comodo, he 'd rather uninstall it and use a nice behav blocker, sandbox, policy sandbox (like DW) or Drive sentry/PrevX edge etc.

    No, it doesn't work like a HIPS. But if you 're a bit lucky you won't be infected.

    The whole philosophy behind running a classical HIPS, is that your antivirus may NOT have the malware you will encounter in its signature database. If it doesn't , then be it Premium , with webguard or not, it won't "see" the malware, while the HIPS will. Because the HIPS doesn't care about signatures. It is made to intercept anything for which you haven't given permission.

    The problem is that webguard isn't some kind of separate entity. It is based on the same engine the rest of the antivirus is based on. If your antivirus doesn't have the signature of the malware you will encounter, webguard or no webguard, it makes no difference.

    If you don't understand D+, consider using Sandboxie, Returnil, Defensewall, Threatfire, PrevX Edge, Mamutu, Geswall, Shadow Defender and the likes.
     
  16. robinb

    robinb Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    456
    Location:
    NJ
    thanks for the answers, I plan to use defense + especially now that you explained it better. I would just like it not to slow down the web browser so much, why can't they just make it so it doesn't do this?

    robin
     
  17. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    In deed, in past Matousec perf TCP and UDP tests, Comodo 3 was getting about 83-85/100. So there is a slowdown. But if you look at it, there is even worse!

    http://www.matousec.com/projects/firewall-challenge/level.php?num=1#level-limit

    Why they don't work on this? Because, all people care is about leak tests. So software houses work primarily on the HIPS part in order to pass more leak tests. In fact, the firewalls that get 100/100 in the TCP and UDP tests, are the ones with no HIPS or that initially had no HIPS. So, these fellas, not having a HIPS, they were working exclusively on their firewall. While Comodo, OA and the like, were too busy working on their HIPS. It has been removed now, since Matouce stopped testing these 2 tests (which were the only that really interested me), but Comodo 3 was at about 83-85 in both TCP and UDP, OA was i think over 90 in TCP , but around 65 in UDP.
     
  18. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    501
    I'm not sure about Comodo ,on my PC works perfect with the large nr of connections.
    OA poor,65 UDP score matches with what i've experienced on it's version 3 first release.Hope they will correct this insted of "improving" the HIPS.
     
  19. Leolas

    Leolas Registered Member

    Joined:
    Jun 18, 2008
    Posts:
    58
    Location:
    Modena, Italy
    Beta .151 scored >90%, don't know how much scores the last one

    https://www.wilderssecurity.com/showthread.php?t=214178
     
  20. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    So let me get this straight. Alex_S is actually Matousec? (not that i would be surprised). So he posted the UDP Perf result here instead of his site? Or it's just an "unofficial" test made by a "casual" user?


    As far as i am concerned, Matousec's tests in Perf TCP/UDP match my experience. I was actually writing in this forum about how Ashampoo, Kerio 2 and PC tools were swifter before any tests came out. Comodo adds a biiiit of a lag to my browsing and slightly higher pings. OA doesn't collaborate with Emule, kad gets firewalled, so there is something wrong with UDP. But it feels a tad faster than Comodo in browsing.

    Ashampoo, Kerio 2, Rising, PC tools, windows firewall, Ghostwall beat them both in swiftness.
     
  21. 3xist

    3xist Guest

    Nothing is 100%. Not one vendor, or security product can guarantee 100% protection. Every vendor will have it's little bugs, obviously. Including Comodo, Online Armor, Outpost, Kaspersky etc. How can I say "believe me?" Well that's something you're going to need to TRUST for your self!

    You're right, leak tests are really just "to see if your car can brake" and real threats preform REAL malware actions! Like the Comodo Leak Test Suite, They implemented real rookit, startup, etc tests in that suite << That is a great testing suite to test real malware!

    Mate. "REAL THREATS" can do ANY harm. It's the leak tests that do nothing, but are child toys to "TEST" your HIPS/Firewall that are useless in real life, Comodo did the good thing and put real malware tests out in its suite using rookit techniques, etc. Real malware tests implementation is something Matousec needs to look at. Not to see (with real life scenarios):
    1) Can your car brake?
    2) What will happen if you turn the steering wheel?
    3) is that "really" a stop sign?

    That's what matousec are doing. And considering how many times they have apologized to Comodo and a few other vendors for testing wrong, Well... I'll leave it up to you guys I guess! Don't get me wrong, I wish matousec well in the future. But right now people now and in 5 years time need real malware tests, because malware is growing more rapidly then ever then "LEAK TESTS"
     
  22. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
  23. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    Nope. Take it higher, I'm Bill Gates :)
     
  24. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    This is my main point
    If it was opensource and was not buggy it would be really great. Though it counts "Error" as "Fail" which is complely incorrect. And nobody except Comodo devs really knows what does mean "Fail". With Matousec tests you do not need "to trust", because you see in the surces what does mean "Fail", for example
    I disagree. Some CLT tests are "artificial", for example active desktop, ICMP, DDE, DNS API, FileDrop. Others duplicate the tests Matou had for long. I have found only one interesting test, that is "KnownDlls". But this technique was described back in 1999. I have a feeling Comodo implemented the tests after some limited set of real malwares to test their own work, but actually real malwares use much more different techniques. But I agree, they also have some good. Just do not overestimate them. They are a small and not categorized set of not very good coded tests.

    From the other side Matou "Termination tests" are really great. If you can disable security then you can do anything.

    Then just take a look. I have already studied every one :)
     
    Last edited: Dec 4, 2008
  25. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Although the performance tests are interesting, without testing on filtering im afraid those are also misleading. Firewalls with SPI mixed with firewalls with no SPI, no connection tracking in UDP and so on..
     
Loading...
Thread Status:
Not open for further replies.