Gladiator Security Forum > About Comodo Firewall

Gladiator Security Forum > Security Software & Hardware > Firewalls & Routers

Kees1958

Oct 21 2006, 08:44 PM

Question,

Last time I tried Comodo (two months ago). It promissed to protect against dll injection, but it failed ZAPAS, next I tried a few leak test (Wallbreaker, DNStester, Breakout1+2) and they failed. Is this a known problem or did I configurate Comodo wrong.

I had heard a lot of good things of Comodo, so I can't believe Comodo fails these test. Could an exprienced Comodo user repeat these test and tell me whether Comodo passed?

Thanks in advance

Kees

Chachazz

Oct 21 2006, 09:05 PM

Kees 1958 - first, testing would need to be done with the newest current version - no?
Two months ago - Comodo firewall like all new product has been a work-in-progress and has very significant changes over that 2 mo. time. See the version releases above.

Suggest that questions about these tests be best taken up directly with the Comodo owners and technical experts at their forums.

Will be moving this post to Firewall Discussions forum in short time (we are in the "updates" forum right now)

stidyup

Jan 21 2007, 08:59 AM

http://forums.comodo.com/

Comodo Forum

stidyup

Jan 21 2007, 10:27 AM

Leak Test Results

QUOTE

Interpretation of results

The clear winners of our tests are Comodo Personal Firewall 2.3.6.81 and Jetico Personal Firewall 2.0.0.16 beta. Whilst Comodo is the best on its highest security settings, Jetico has the best default settings configuration. On the highest security settings, Comodo failed only the Coat leak-test, Jetico failed against Breakout and pcAudit. These results are excellent! What is more, both firewalls are still in development and we can expect that they will pass all tests in their future versions. Congratulations!

Another important result of our tests is firewall scoring against FPR. FPR stands for Fake Protection Revealer. This leak-test was implemented to reveal cheating on leak-tests. Outpost Firewall PRO 4.0 (971.584.079) was convicted of such cheating. It passes all leak-tests except FPR because of the implementation of user mode hooks (ring3) for security purposes. Our article Design of ideal personal firewall clearly says that ring3 hooks can not be used for security critical features. FPR does nothing but unhooks ring3 hooks which is always possible and thus bypasses such protection. This means that Outpost Firewall PRO cheats to be very strong against leak-tests but in fact it is very weak against real malware. The vendor of Outpost claims that Outpost is strong against the malware on this field but the reality is quite different. Another firewall that implements fake protection using user mode hooks only to bypass some leak-tests is Privatefirewall 5.0.8.11. Other firewalls that use ring3 hooks improperly are Sunbelt Kerio Personal Firewall 4.3.268 and Look 'n' Stop 2.05p2. However, their hooks did not affect their test results that much. And unlike Outpost, their hooks were not implemented to mislead the end-users.

Ten of the tested firewalls were marked with Very poor or None anti-leak protection. This result is quite worrying because it shows that even today, when the malware programs are very sophisticated, still a lot of vendors simply do not care about the outbound connection control seriously.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.