Hi all,
I recently read several reports on Comodo Firewall and looked into the
company behind the product (security firm who sale security certicates
and other services). However, apart from reading reports made by
others is it possible to monitor the effectiveness of the firewall
and, if so, how could this be done?
Any advice would be most welcome.
ST.
news:1183414725.345810.27160@c77g2000hse.googlegroups.com...
> Hi all,
> I recently read several reports on Comodo Firewall and looked into the
> company behind the product (security firm who sale security certicates
> and other services). However, apart from reading reports made by others...
In short, what do the reports from 'others' reveal?
> ...is it possible to monitor the effectiveness of the firewall
> and, if so, how could this be done?
It can't be done, 3rd party PFW's aren't effective, they give you a wrong
sense of security.
> Any advice would be most welcome.
Steer away from 3rd party PFW's.
shaun_j_thomas@yahoo.co.uk wrote:
> Hi all,
> I recently read several reports on Comodo Firewall and looked into the
> company behind the product (security firm who sale security certicates
> and other services). However, apart from reading reports made by
> others is it possible to monitor the effectiveness of the firewall
> and, if so, how could this be done?
Trivial: take any advanced rootkit analysis tool that shows kernel hooks.
You'll find that, even when not installing the application control crap,
Comodo happily hooks NtCreateFile, NtRegistryOpen, NtCreateProcess,
NtOpenProcess and some more, as well as various user-mode routines. Yikes,
such a shitload should never be installed on any production machine!
Post removed (X-No-Archive: yes)
Bart Bailey wrote:
> In Message-ID:<5etl46F39hs4uU1@mid.dfncis.de> posted on Tue, 03 Jul 2007
> 02:55:25 +0200, Sebastian G. wrote: Begin
>
>> Trivial: take any advanced rootkit analysis tool that shows kernel hooks.
>
> Suggestion: IceSword - http://tinyurl.com/2f9osa
IceSword only shows hooks created via modified SSDT entries (which is
sufficient in this case). But generally I'd recommend System Virginity
Verifier, which also checks for binary patches and some kernel objects.
(Before you ask: Yes, I've seen some "security" software patching function
prologues.)