Comodo Firewall

Hi all,
I recently read several reports on Comodo Firewall and looked into the
company behind the product (security firm who sale security certicates
and other services). However, apart from reading reports made by
others is it possible to monitor the effectiveness of the firewall
and, if so, how could this be done?

Any advice would be most welcome.

ST.
shaun_j_thomas [ Di, 03 Juli 2007 00:18 ] [ ID #1757983 ]

Re: Comodo Firewall

<shaun_j_thomas [at] yahoo.co.uk> wrote in message
news:1183414725.345810.27160 [at] c77g2000hse.googlegroups.com...
> Hi all,
> I recently read several reports on Comodo Firewall and looked into the
> company behind the product (security firm who sale security certicates
> and other services). However, apart from reading reports made by others...

In short, what do the reports from 'others' reveal?

> ...is it possible to monitor the effectiveness of the firewall
> and, if so, how could this be done?

It can't be done, 3rd party PFW's aren't effective, they give you a wrong
sense of security.

> Any advice would be most welcome.

Steer away from 3rd party PFW's.
Kayman [ Di, 03 Juli 2007 01:05 ] [ ID #1759095 ]

Re: Comodo Firewall

shaun_j_thomas [at] yahoo.co.uk wrote:

> Hi all,
> I recently read several reports on Comodo Firewall and looked into the
> company behind the product (security firm who sale security certicates
> and other services). However, apart from reading reports made by
> others is it possible to monitor the effectiveness of the firewall
> and, if so, how could this be done?


Trivial: take any advanced rootkit analysis tool that shows kernel hooks.
You'll find that, even when not installing the application control crap,
Comodo happily hooks NtCreateFile, NtRegistryOpen, NtCreateProcess,
NtOpenProcess and some more, as well as various user-mode routines. Yikes,
such a shitload should never be installed on any production machine!
Sebastian Gottschalk [ Di, 03 Juli 2007 02:55 ] [ ID #1759098 ]

Re: Comodo Firewall

Post removed (X-No-Archive: yes)
Notifier Deamon [ Di, 03 Juli 2007 04:15 ] [ ID #1759101 ]

Re: Comodo Firewall

Bart Bailey wrote:

> In Message-ID:<5etl46F39hs4uU1 [at] mid.dfncis.de> posted on Tue, 03 Jul 2007
> 02:55:25 +0200, Sebastian G. wrote: Begin
>
>> Trivial: take any advanced rootkit analysis tool that shows kernel hooks.
>
> Suggestion: IceSword - http://tinyurl.com/2f9osa

IceSword only shows hooks created via modified SSDT entries (which is
sufficient in this case). But generally I'd recommend System Virginity
Verifier, which also checks for binary patches and some kernel objects.

(Before you ask: Yes, I've seen some "security" software patching function
prologues.)
Sebastian Gottschalk [ Di, 03 Juli 2007 04:36 ] [ ID #1759102 ]
Miscellaneous » comp.security.firewalls » Comodo Firewall

Vorheriges Thema: Firewall rules
Nächstes Thema: Router blocking 1 site? Gateway model WGR 200

[ Startseite ] [ Administrator ] [ Suche ] [ Hinweise ] [ Impressum ]

Powered by FudForum