Comodo passes all leak tests

Discussion in 'other firewalls' started by drmjx, Jun 12, 2006.

Thread Status:
Not open for further replies.
  1. drmjx

    drmjx Registered Member

    Joined:
    Jun 12, 2006
    Posts:
    4
    Location:
    Sydney, Australia
    Just tested all the leak tests jetico failed at, and the new cpf picked them all up. Could someone confirm that? (the tests on the web site, from March 06 were done with cpf v1)...
    Then i retrospectively went and did the other tests and they were all picked up. Edit: Comodo certainly claim all this..

    I did have an issue of some sites not loading but I think it's just my machine :D
     
  2. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    hmm i think jetico passes all the leaktests mentioned on the firewall test site now too. there's only one test that comes to mind that i'm not sure either jetico or comodo has passed yet, the pcflank leak test found here:
    http://www.pcflank.com/pcflankleaktest.htm

    you could try that
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi zopzop,
    Jetico does pass the pcflank leak test, as Jetico will "popup" the leaktest attempted access. (This is with IE already started / connected to the internet)

    I never got as far as to test Comodo with this test.
     
  4. drmjx

    drmjx Registered Member

    Joined:
    Jun 12, 2006
    Posts:
    4
    Location:
    Sydney, Australia
    zopzop, just tried comodo, and it passed it. As for jetico passing all tests, is there a newer version available because the version I downloaded was the one tested?
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi drmjx,
    Which "tests" do you mean. I have not found Jetico to fail a leaktest yet.
    I will re-run any tests to check.
     
  6. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    well, jumper fails on mine although I had wrote a rule later but I have forgot what it was as I deleted it to retest a few weeks ago!
     
  7. drmjx

    drmjx Registered Member

    Joined:
    Jun 12, 2006
    Posts:
    4
    Location:
    Sydney, Australia
    http://www.firewallleaktester.com/tests_overview.php

    bottom of the page, view results; once there, the headers of the tests are linked to binaries. Sorry, it's been a long night :)
     
  8. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Jetico fails on this, as this is a registry "attack", Jetico does not protect the registry. I use SSM to cover this.
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi drmjx,
    Does Comodo (this is now on version 2?) pass the 2 "breakout" tests? (windows_Message) (I had forgotten about these,..I dont use IE, so these tests are of no concern to me, personally)

    EDIT,
    By the way,.. Jetico does pass the DNStester, as it flags this access
     
    Last edited: Jun 12, 2006
  10. drmjx

    drmjx Registered Member

    Joined:
    Jun 12, 2006
    Posts:
    4
    Location:
    Sydney, Australia
    Stem,

    Comodo passes DNStester, Breakout1, Jumper (identified as non-passable by jetico).

    With breakout2 the app manages to set active desktop (fair enough as it's localised), but no web page is set. I'd appreciate if someone could confirm this, have to run to work :)
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    From my use of Jetico, I will argue about the DNStester results, but not about the others (its why I use SSM,.. and even SSM, at this time, will not intercept the windows_message leaktest, Thats why I dont use IE, (well one reason))

    I am impressed if comodo is passing the "Breakout test",... well done.

    Regards
     
  12. charincol

    charincol Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    113
    On my system, DNSTester is blocked by Jetico, as I do not run the Windows DNS service. I run treewalkDNS. Breakout1 does nothing as far as I can tell (meaning there is no change, nothing pops up to say it was successful, nothing starts) when I run it, presumably because I have stripped windows messenger out of my XP. Breakout2 tried to change my wallpaper to an active desktop screen but it fails, because active desktop received the same fate as WM before XP made my PC its home. Jumper shuts down windows explorer.exe, but my taskbar never comes back up so IE doesn't open (I'm guessing because of other "vulnerabilities" I've stripped out.) Of course they could be something , but they at least are not successful at producing the results they are supposed to. So my layered protection of not having unneccesary Windows components even installed and Jetico blocks all of them for me, without the resources of Comodo.

    I did have to disable AppDefend/RegDefend so the tests would run.
     
  13. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hello,

    Be sure to not base you security on what is disabled, since a malware could start it back. If you anyway want to go this way, ensure that you are asked/warn when a disabled service tries to start.

    Regards,
    gkweb.
     
  14. charincol

    charincol Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    113
    Enabled DNS Client service and ran DNSTester again. Jetico passes. So that does end up being all listed.
     
  15. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hello,

    My reply was not targetted to Jetico specifically, but more generally to the general argument I have seen many times about the workaround of disabling the Windows DNS client service to prevent the leak from occuring. I wanted to state it was not a good defense, and that if you want to go this way, ensure you block svchost.exe from executing with the following command line "C:\WINDOWS\system32\svchost.exe -k NetworkService" OR install a firewall passing the leak (it's better).

    Some users after reading your post could have thought it was that easy and could have thought to be protected like this, hence my post.

    About Jetico and DNStester, I wasn't able to have consistent results, sometimes it was passing it, but sometimes not. But it has nothing to do with what I wanted to point out.

    To finish, indeed disabling what is not needed is a good baseline, and adding layers to your security is what I've always advised :
    http://www.firewallleaktester.com/advices.htm

    BTW I very like AppDefend too, especially because you can allow an exe to run (e.g svchost) but deny it to run with a particular command line (e.g the DNS client service above).

    Regards,
    gkweb.
     
  16. neonSurge

    neonSurge Registered Member

    Joined:
    May 16, 2006
    Posts:
    55
    Well if you test, you will see that it passes with flying colors....The correct criteria of the test is to give full access right to the internet explorer and then test...The firewall must show PCFlank.exe as the connection initiator. If jetico says PCFlank is trying to connect, then it passes.
    In my system, jetico does not pass PCFlank test.
     
  17. Melih-Comodo

    Melih-Comodo Former Poster

    Joined:
    May 10, 2006
    Posts:
    70
    Thanks STEM ;-)

    Comodo Firewall passes all tests apart from breakout-2 (we pass breakout-1). All these are passed using the Comodo firewall out of box, without requiring any intervention from the user.

    Also we pass the PCFlank test.

    On Thursday 15th June, we will release a new version that will pass the BITSAdmin leak test (that has been revelaed few days ago).

    PS: We already are well under way with building the protection in order to pass the breakout-2 test and that should be out soon ;-)

    Thanks
    Melih
     
  18. neonSurge

    neonSurge Registered Member

    Joined:
    May 16, 2006
    Posts:
    55

    Breakout tests do not test only internet explorer but any application. I mean the threat exists for any application. www.firewallleaktester.com has its mozilla/firefox version available for download.

    J
     
  19. zopzop

    zopzop Registered Member

    Joined:
    Apr 6, 2006
    Posts:
    632
    melih, excellent job as always. any news on when (if) comodo will be toned down a bit when it comes to resource use? on my desktop it eats up about 30megs of ram (i don't care cause i have 2gigs of ram) but my laptop with a measly 512 megs of ram, every little bit of ram counts :)

    jetico, for example uses anywhere from 8-10megs (last time i checked).
     
  20. khazars

    khazars Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    124
    Location:
    Glasgow, Scotland
    Yea, Jetico fails dnstester, breakout and jumper but it hasn't had an update for nearly a year and the last two leaktests are more recent!

    We'll just have to wait for the new release and see how it does then!
     
  21. Melih-Comodo

    Melih-Comodo Former Poster

    Joined:
    May 10, 2006
    Posts:
    70
    Thanks.

    First week of July we will have the version with really reduced ram usage.

    Melih
     
  22. Melih-Comodo

    Melih-Comodo Former Poster

    Joined:
    May 10, 2006
    Posts:
    70

    I agree we should wait and see, but I believe that the speed of response is a very important aspect, as any newly discovered leak test is a vulnerability for the Firewall and it must be updated to patch it. This is why we are releasing an upgrade this thursday to protect against BITSAdmin leak test.

    thanks
    Melih
     
  23. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi, yes I have run this before for firefox, but nothing happened. I have just downloaded and run again, SSM intercepts: popup: command line: breakout_mozilla_firefox.exe. So it can be blocked there, but even if I allow this through SSM, (with firefox already running) no connections (or any outbound) are made. (I have been running a network analyzer just to confirm)
     
  24. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland

    Great news there Melih.
     
  25. Melih-Comodo

    Melih-Comodo Former Poster

    Joined:
    May 10, 2006
    Posts:
    70
    Comodo now passes the BITS leak test. (I think the only firewall to pass this leak test fresh out of box)

    this is a really nasty leak.
    you can read about the leak here http://www.firewallleaktester.com/news.htm#57

    (I know the guy who runs this site thinks there is only one way to protect it, well, someone has to break the news to him, his statement is incorrect now that Comodo protects agains this leak test out of box, with no messing around with settings :) )

    thanks
    Melih
     
    Last edited: Jun 25, 2006
Loading...
Thread Status:
Not open for further replies.