Does Matousec test Comodo with Defense+ or just the firewall?

Discussion in 'other firewalls' started by ratchet, May 16, 2009.

Thread Status:
Not open for further replies.
  1. ratchet

    ratchet Registered Member

    Joined:
    Feb 20, 2006
    Posts:
    1,908
    I only use the firewall (I believe it was termed "Enterprise" at install) and ThreatFire. Just to cut back on the apps I have, I've been thinking about dropping TF but I don't really want D+ if my point is to downsize.
     
  2. Mattchu

    Mattchu Registered Member

    Joined:
    Nov 8, 2008
    Posts:
    49
    Location:
    UK
    Matousecs` tests are now not just about testing pure firewall ability, they involve all manner of leak, break, and bash etc, so to answer your question YES Defence+ is the module responsable for passing a number of these tests.

    They are now more of an IPS test.
     
  3. nielsson

    nielsson Registered Member

    Joined:
    May 13, 2009
    Posts:
    18
    D+ "enchants" your firewall against leaks. keyloggers and trojans and similar uses tricks to lure your firewall to believing that the traffic sent are coming from something its not. Most leaky firewalls will allow a trojan or similar to send your info out without an alert.

    A none leaky firewall scores well at matousec..
     
  4. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    As others have said, Matousec is really a HIPS test. In very broad terms, a firewall really worries about connections, ports, protocols, IPs and works at the packet level, a HIPS worries about processes and what they do when you put the packets together. Two classic issues with firewalls are proxy holes (Sygate was famous for that) and browser hijacking. And not just by malware, but by nuisance ware. If you use a transparent proxy, like avast! for example, your classic firewall can't see any of your applications trying to access the internet-the only programs that actually access the internet are the mail and web proxies that intercept the requests by your applications. So some firewalls add features to try and monitor the localhost loop-Comodo doesn't, it uses D+ to allow/block processes that use localhost. And this can be difficult in the firewall because this localhost loop is used for lots of other local communications by applications. Another classic example is browser hijacking. Most common place to see an example is when you go to the "about" tab on a program, and there is a link there to go to a homepage. This uses IE or some other browser to get there, and since the browser has been allowed access to the internet, your firewall never sees the attempt by the other program. You need a HIPS function to allow/block access to your browsers by other programs. And these are just a couple of the standard leaks that are incidental to the use of non-malware if you don't have HIPS functions. And the malware can use much more sophisticated ways to get out without being seen by the firewall-or even the HIPS. So you can either start adding HIPS stuff to the firewall, or integrate a HIPS with it so all the antileak things get done in one place, and generally more efficiently. Go run the Comodo leak tests with D+ turned off and see what you get, for example. I tried the experiment with OA, BTW. and got 330/340 with the OA HIPS on, 110/340 with it off using the Comodo leak tests.
     
    Last edited: May 19, 2009
  5. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Seeing how the test has had for quite some time SSM, ProSecurity, Malware Defender in high ranking places and that includes Mamutu and Threatfire, the question should rather be:

    "Does Matousec actually test firewalls or just the HIPS?" :argh:
     
  6. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Indeed :) Though the trend now is very firmly towards suites/integrated functionality so the lines are always blurring.

    There was one true firewall test - the performance tests for TCP and UDP. These were removed. IMO, renaming the test from the firewall challenge was long overdue.
     
  7. demoneye

    demoneye Registered Member

    Joined:
    Dec 30, 2007
    Posts:
    1,356
    Location:
    ISRHell
    nice sig ssj100 :)


    and D+ is nice and easy to use , best among the best of its kind , and total free + unbelievable big team behind support , check D+ (comodo) forum and u will see your self what i am talking about :)

    cheers
     
    Last edited: May 19, 2009
Loading...
Thread Status:
Not open for further replies.