|
Posted by nik gr on December 27, 2008, 8:46 am
If you were Registered and logged in, you could reply and use other advanced thread options
>
> nik gr wrote:
>
>>>
>>>> I recently installed Comodo Internet Security and I would like to know
>>>> your
>>>> opinion on this application and how trustworthy it is.
>>>
>>> You don't need a "Personal Firewall".
>>
>> Okey, perhaps you want to tell me why and how will I keep being aware of
>> what happenign to my system when a malware tries to compromise it, in
>> case I
>> get infected?
>>
>> Routers and hardware firewalls wotn save my ass when windows get infected
>> and malware nest in my system creating outgoing connection to download
>> some
>> more malstuff and update themselves.....
>
> Once infected, the firewall (and just the firewall) won't help you
> recover or protect your system. Firewalls are to regulate traffic
> between hosts, like prevented unsolicited intrusions. You can also use
> them with app rules to regulate which [good and many malware] apps can
> connect out from your host to where they can connect. Since they are
> software running on your host, they can be thwarted but most good
> software firewalls also have a kernel-level component to prevent most
> types of compromise. Don't expect a firewall to protect you from
> infection. After all, when you choose to download the file or execute
> it in an e-mail, your firewall is powerless. For an exploit that uses a
> buffer overrun to deliver a tiny payload (that then goes out to get the
> rest of the malware), you've already told your firewall in its app rules
> to allow the web browser to connect and transfer that payload. However,
> CFP is not just a firewall so the arguments against software firewalls,
> in general, is not directly applicable. CFP also has its SafeSurf (aka
> Comodo Memory Firewall) to guard against buffer overruns. It also
> contains its HIPS function that lets you regulate which file is allowed
> to load into memory and execute from there (whether you rely on their
> whitelist or go paranoid and make all decisions yourself). It includes
> heuristics for behavioral analysis to detect malicious behavior. It
> isn't JUST a firewall but its product name usually engenders the same
> staid arguments against old and simplistic firewalls and that they are
> NOT to protect against infection except merely as a consequence of your
> configuration of them with app rules which is only a simplistic form of
> protection itself (and why HIPS goes beyond just deciding which file can
> load to run but also what actions it is allow to perform). Alas, the
> problem with HIPS is that you, the user, have to understand what the
> prompts mean - so, again, it still comes down to the USER as the primary
> infection vector into a host. Also, while HIPS let you decide just what
> is allowed to load and what a process can do, that still doesn't equate
> to limiting privileges on that process (most actions that you regulate
> via HIPS are not exactly the same as what limiting privileges does
> although there can be quite a bit of overlap).
>
> Perhaps Ansgar and Volker would like to elucidate on they DO use for
> security software on their own hosts. Not just what upstream appliances
> they may employ in a more-corporate-like environment but what, say, they
> use themselves at home or on their laptop (when it roams).
iam not expecting CPF to remove the infection from my host but I DO expect
the malware within my system to be disfunctional because any action it migth
want to execute thas messes with the OS I expect the fw to notify me about
it and then I will block it.
So perhaps I will be infected by something but CPF wont allow it to make any
hurm because I will block any strange attempt I'll see.
Volker just said "Tou don't need a fw" and that all?
No justification for his claim?
WELL SHOULD WE OR SHOULD WE NOT USE PERSONAL FIREWALLS?!
OPINIONS DIFFER AS I SEE BUT ON THE OTHER HAND HARDWARE FIREWALLS ARENT
EVERYTHING.
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map