Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Comodo
Comodo CIS Bug fix policy
Message
<blockquote data-quote="Decopi" data-source="post: 1101085" data-attributes="member: 67091"><p>DNS providers (1.1.1.1, 1.0.0.1, whatever) are not direct IP addresses (they are just DNS resolvers). Therefore, at Comodo, any malware can use svchost to connect to any IP, using any DNS resolver. For example, one of your rules is: "<strong><em>C:\Windows\System32\svchost.exe Allow UDP Out Any 1.0.0.1 Any 53 DNS-Cloudflare</em></strong>"... means that in your Comodo a malware using svchost can connect to any IP trough 1.0.0.1</p><p>At Comodo, the only way to customize svchost is by customizing IPs, not the DNS resolver, but the direct comm between svchost and any specific IP. And that's impossible to be done, because daily your device uses thousands of different IPs.</p><p></p><p></p><p></p><p>Again, limiting the port won't limit any IP.</p><p>At Comodo, any malware using Windows Services, svchost or any file labeled as "safe"/"trusted"... the malware will have comms to any IP.</p><p>And again, in this example also you can't customize IPs at Comodo for Windows Time or for other Windows Service because Microsoft IPs change weekly.</p><p></p><p></p><p></p><p>I do respect your opinion! But I disagree. IMHO is a major flaw! At Comodo, any malware can exploit a "safe"/"trusted" file, having comms to any IP.</p><p>Comodo firewall is a placebo.</p><p></p><p></p><p></p><p>Here is not the right thread, but I ensure you that Windows Firewall and several other third-party firewall, they not just have a better GUI than Comodo, but they allow the complete customization of any file (including Windows Services, svchost, etc etc etc).</p><p></p><p></p><p></p><p>Again, with all due respect, I disagree.</p><p>Comodo is built in modules. And you and me are talking specifically about Firewall. And Comodo Firewall has dangerous breaches. It's unacceptable to justify or to minimize or to omit any security breach in Comodo Firewall by pointing to another module.</p><p>That said, it's always important to remember that the Comodo Containment module itself has several security breaches.</p><p></p><p></p><p></p><p>Totally agree with you! Excellent comment.</p><p>And also it'll be nice to see Comodo incorporating a strong real antivirus/antimalware, with new modules based in virus/malware detection (not "blocker", "deny-all", "zero-trust" blah blah blah).</p><p>However, based on the past 20 years, it's easier to discover that The Earth is flat, than to see Comodo fixing bugs or incorporating modern technologies.</p></blockquote><p></p>
[QUOTE="Decopi, post: 1101085, member: 67091"] DNS providers (1.1.1.1, 1.0.0.1, whatever) are not direct IP addresses (they are just DNS resolvers). Therefore, at Comodo, any malware can use svchost to connect to any IP, using any DNS resolver. For example, one of your rules is: "[B][I]C:\Windows\System32\svchost.exe Allow UDP Out Any 1.0.0.1 Any 53 DNS-Cloudflare[/I][/B]"... means that in your Comodo a malware using svchost can connect to any IP trough 1.0.0.1 At Comodo, the only way to customize svchost is by customizing IPs, not the DNS resolver, but the direct comm between svchost and any specific IP. And that's impossible to be done, because daily your device uses thousands of different IPs. Again, limiting the port won't limit any IP. At Comodo, any malware using Windows Services, svchost or any file labeled as "safe"/"trusted"... the malware will have comms to any IP. And again, in this example also you can't customize IPs at Comodo for Windows Time or for other Windows Service because Microsoft IPs change weekly. I do respect your opinion! But I disagree. IMHO is a major flaw! At Comodo, any malware can exploit a "safe"/"trusted" file, having comms to any IP. Comodo firewall is a placebo. Here is not the right thread, but I ensure you that Windows Firewall and several other third-party firewall, they not just have a better GUI than Comodo, but they allow the complete customization of any file (including Windows Services, svchost, etc etc etc). Again, with all due respect, I disagree. Comodo is built in modules. And you and me are talking specifically about Firewall. And Comodo Firewall has dangerous breaches. It's unacceptable to justify or to minimize or to omit any security breach in Comodo Firewall by pointing to another module. That said, it's always important to remember that the Comodo Containment module itself has several security breaches. Totally agree with you! Excellent comment. And also it'll be nice to see Comodo incorporating a strong real antivirus/antimalware, with new modules based in virus/malware detection (not "blocker", "deny-all", "zero-trust" blah blah blah). However, based on the past 20 years, it's easier to discover that The Earth is flat, than to see Comodo fixing bugs or incorporating modern technologies. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
