|
Posted by on July 2, 2007, 6:18 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hi all,
I recently read several reports on Comodo Firewall and looked into the
company behind the product (security firm who sale security certicates
and other services). However, apart from reading reports made by
others is it possible to monitor the effectiveness of the firewall
and, if so, how could this be done?
Any advice would be most welcome.
ST.
|
|
Posted by Kayman on July 2, 2007, 7:05 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Hi all,
> I recently read several reports on Comodo Firewall and looked into the
> company behind the product (security firm who sale security certicates
> and other services). However, apart from reading reports made by others...
In short, what do the reports from 'others' reveal?
> ...is it possible to monitor the effectiveness of the firewall
> and, if so, how could this be done?
It can't be done, 3rd party PFW's aren't effective, they give you a wrong
sense of security.
> Any advice would be most welcome.
Steer away from 3rd party PFW's.
|
|
Posted by Sebastian G. on July 2, 2007, 8:55 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> Hi all,
> I recently read several reports on Comodo Firewall and looked into the
> company behind the product (security firm who sale security certicates
> and other services). However, apart from reading reports made by
> others is it possible to monitor the effectiveness of the firewall
> and, if so, how could this be done?
Trivial: take any advanced rootkit analysis tool that shows kernel hooks.
You'll find that, even when not installing the application control crap,
Comodo happily hooks NtCreateFile, NtRegistryOpen, NtCreateProcess,
NtOpenProcess and some more, as well as various user-mode routines. Yikes,
such a shitload should never be installed on any production machine!
|
|
Posted by Bart Bailey on July 2, 2007, 10:15 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>Trivial: take any advanced rootkit analysis tool that shows kernel hooks.
Suggestion: IceSword - http://tinyurl.com/2f9osa
--
Bart
|
|
Posted by Sebastian G. on July 2, 2007, 10:36 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> 02:55:25 +0200, Sebastian G. wrote: Begin
>
>> Trivial: take any advanced rootkit analysis tool that shows kernel hooks.
>
> Suggestion: IceSword - http://tinyurl.com/2f9osa
IceSword only shows hooks created via modified SSDT entries (which is
sufficient in this case). But generally I'd recommend System Virginity
Verifier, which also checks for binary patches and some kernel objects.
(Before you ask: Yes, I've seen some "security" software patching function
prologues.)
|
| Similar Threads | Posted | | Comodo Firewall | October 10, 2006, 8:15 pm |
| Comodo firewall | January 20, 2007, 11:56 pm |
| Comodo Personal Firewall | November 18, 2005, 1:13 am |
| Comodo Personal Firewall | April 1, 2006, 8:09 am |
| How's Comodo firewall doing? | April 16, 2006, 12:22 pm |
| Re: Removing Comodo Firewall | June 5, 2006, 8:50 am |
| Comodo Personal Firewall | June 8, 2006, 10:07 pm |
| Is Comodo perspective firewall? | January 11, 2007, 5:12 pm |
| Comodo Firewall Problem | March 17, 2007, 8:34 pm |
| Comodo Free Firewall any good? | February 23, 2007, 9:33 pm |
|
XML site map