Page 1 of 2 12 LastLast
Results 1 to 20 of 24

Thread: How good is Comodo Internet Security?

  1. #1
    nik
    Guest

    How good is Comodo Internet Security?

    Hello ppl,

    I recently installed Comodo Internet Security and I would like to know your
    opinion on this application and how trustworthy it is.
    Will it keep my computer safe from online attcks and viruses given I don't
    download vicius apps myseld and not visiting porn sites?


  2. #2
    Burkhard Ott
    Guest

    Re: How good is Comodo Internet Security?

    Am Tue, 23 Dec 2008 16:31:16 +0200 schrieb nik:

    > I recently installed Comodo Internet Security and I would like to know your
    > opinion on this application and how trustworthy it is.


    not trustworthy.

    > Will it keep my computer safe from online attcks and viruses given I
    > don't download vicius apps myseld and not visiting porn sites?


    No.

    cheers

  3. #3
    VanguardLH
    Guest

    Re: How good is Comodo Internet Security?

    nik wrote:

    > Hello ppl,
    >
    > I recently installed Comodo Internet Security and I would like to know your
    > opinion on this application and how trustworthy it is.
    > Will it keep my computer safe from online attcks and viruses given I don't
    > download vicius apps myseld and not visiting porn sites?


    Comodo Firewall Pro is excellent. The included HIPS (Defense+) is
    excellent.
    The antivirus component sucks. It never got out of its beta status for
    around 2 years to deliberately keep it out of independent testing to
    prove/disprove its pest coverage. I've used Comodo's firewall (both in
    v2 without HIPS and v3 with HIPS) and it is a top free firewall with
    only one or two commercial firewalls being better. Typically it and
    Tallemu's Online Armor (OA) are at the 2nd and 3rd position for
    firewalls (free and paid). HIPS takes getting used to due to all the
    prompts and why both CPF and OA include whitelists of known good apps to
    reduce the prompt count although some users are more paranoid and want
    prompting on all applications.

    There are arguments (some very good by some highly educated network
    experts) as to why a software firewall won't really protect you from
    nasties (once they get deposited and become active on your host). The
    Windows firewall or the one in your router are sufficient for outside
    attacks (except you can still get DOS'ed) while they and better software
    firewalls are really only good to keep the good apps obeying your wants
    and the feeble malware constrained. HIPS can become daunting to many
    users, especially non-experts because the prompts require knowledge of
    the apps or OS that the typical user may not have. They make the wrong
    choices, either clicking OK to every prompt which obviates the point of
    the firewall and/or HIPS or constraining the actions allowed for a
    process so that the app won't function correctly or can even cause OS
    problems. Threatfire attempts to be a HIPS that is transparent to the
    user (it is a behavioral analyzer) but it misses too much malware, has
    false positives, and really doesn't work well with other security
    products, like Avast's WebShield or GeSWall, causing problems of it
    always stuck in "initializing" mode to s-e-v-e-r-e-l-y slowing your host
    to where you believe it is hung. Nice idea but Threatfire doesn't work
    well with other security products, and Threatfire isn't a total
    solution. Of course, the user can decide to disable Defense+ (HIPS) in
    CFP to eliminate all those prompts and having to investigate all those
    choices.

    I wouldn't bother with the antivirus component. Alas, Comodo has
    decided to drop distribution of just their firewall and now is
    distributing their Internet suite product but hopefully the CIS install
    lets you NOT include their antivirus component. For antivirus, and for
    something free, use Avast or Avira (but with Avira you'll need to find
    the tricks to get rid of the splash screen and their adware nag on
    updates). I like Avast better versus Avira that has had me waste too
    much time on false positives. The paid versions of both include
    additional protection features but I feel comfortable enough with the
    free versions. Plus I use GeSWall Free to isolate the web browser using
    stronger policies than just running under a LUA (limited user account)
    token which simply removes some privileges from the browser's process.

    GeSWall Free isolates *all* instances of the web browser no matter if it
    was started directly or as a child process, like when clicking on a URL
    link in an e-mail. DropMyRights, SysInternal's psexec, and other
    similar utilites can run the web browser using a LUA token but only for
    that particular instance of the web browser, not when started as a child
    process of some other program. Online Armor has its Run Safer mode (and
    the author of DropMyRights has his RunSafer utility to set restricted
    policies on the web browser) that you can enable for an allowed
    application to run under an LUA token but to turn it off means having to
    wade through OA or rerun the policy utility to disable that option on
    that program and that which is way too much hassle for me. Windows
    Update, Adobe Flash update, and many other update or install sites will
    not function with the browser under reduced rights or under GeSWall
    under its isolated environment and severely reduced rights. I want the
    web browser protected nearly most of the time but have an easy way to
    switch to an unprotected mode, and GeSWall gives me that. I already
    have virtual machines for more protection when trialing unknown or
    untrusted software and didn't need another level of protection
    granularity between restricting the web browser under my production
    environment to running it unfettered but within a VM, so sandboxing was
    needed by me and GeSWall fit the need to restrict my browser.

    Exploits, like the recent one with IE that could deliver a small payload
    due to a buffer overrun, are isolated within GeSWall or a sandbox so
    this protects you until the browser gets updated. However, there is
    also Comodo Memory Firewall (not a firewall but a memory protection
    utility to guard against buffer overruns) which is better than the
    software DEP in Windows XP or Vista (which only protects against one
    specific type of SEH chain corruption). CMF covers what DEP covers and
    more. Instead of trapping the payload that got through an exploit
    through the browser, CMF would detect the overrun and prompt to have you
    terminate the process. CMF is called SafeSurf in CPF; that is, CPF v3
    now includes CMF renamed as SafeSurf (however, it also included the Ask
    Toolbar garbage which you should uninstall using Add/Remove Programs
    after completing the CPF + SafeSurf install).

    Their web site has you downloading their CIS product when you try to
    download just their CPF product. During the install, I'd suggest NOT
    including their antivirus product. Use a better free antivirus program.
    Do include the SafeSurf component (but follow with an uninstall of the
    Ask Toolbar), or separately get CMF.

    CIS all components: No.
    CIS with all but antivirus: Yes.
    Add a good antivirus program (Avast, Avira).
    Logon under a limited Windows account, or run Internet-facing apps, like
    the web browser, under LUA token, in an isolated environment, under
    tighter policies, or sandboxed.

    Note that you can add something like HIPS to the Windows firewall by
    using software restriction policies. Use the group policy editor
    (gpedit.msc) and go under Computer Config -> Windows Settings ->
    Security Settings -> Software Restrictions -> Additional Rules. Add a
    path to identify the program that you don't want to block from loading.
    This can even be done for Microsoft's own wgatray.exe program. I use it
    for some others that I never want to allow load.

    After trialing many security products (all free for those that I
    considered keeping for myself), my suite boiled down to:

    VirtualPC 2007 (or VMWare Server)
    - Test unknown or untrusted software.
    - OS is clean (no security software). Prevents interference with good
    programs. Lets bad programs exhibit their behavior since many will
    quiesce when they detect that security software (although a few also
    quiesce when they notice they are running inside a VM).
    - VirtualPC is easier to use than VMWare but VMWare has some nice
    additional features.

    Windows Firewall
    - Decided not to use HIPS anymore. Got tired of all the investigations
    to make intelligent choices regarding the prompts.
    - With the router's firewall, have double-layered inbound-only
    protection.
    - Other reasons not necessary to get into here but basically to simplify
    my setup and for compatibility.

    Avast Antivirus
    - Standard, Network, and Web shields enabled.
    - Other shields are disabled as they are not applicable (don't use the
    apps covered by those shields) or don't want them (like e-mail scanning
    which is superfluous and often causes timing or mail session problems).

    GeSWall
    - Provides isolated environment for web browsers.
    - Enforces severe privilege restrictions on web browsers beyond just
    using an LUA token.
    - Isolates ALL instances of web browsers no matter if opened directly or
    started as a child process.
    - Allows easy switch to non-protected browser using a titlebar button.
    Needed for Windows Updates and several other trusted sites.
    - No noticed impact on browsing speed.
    - Less interference than using a sandbox (most of which are no longer
    available for free or no longer supported, and Sandboxie turns into
    once-a-day nagware after its 30-day trial).
    - Free whereas Bufferzone and Defensewall are not; however, free version
    of GesWall only isolates web browsers but which is the primary infection
    vector into a host with e-mail coming in 2nd place.

    Returnil
    - Saves changes to a differencing [virtual] disk. You can discard them
    through a reboot.
    - Enabling the protection does not require a reboot.
    - Can test unknown or untrusted software in my production environment
    but restore the drive back to its prior state to completely erase the
    new software from the drive (and not even have to bother uninstalling
    it).
    - Similar products are Microsoft's SteadyState (free) and ShadowSurfer
    (was free but no more).

    All this stuff is free. It all works together, too, with no conflict
    and no noticeable slowdowns (except when testing software inside a VM).

  4. #4
    Volker Birk
    Guest

    Re: How good is Comodo Internet Security?

    nik <nikos1337@gmail.com> wrote:
    > I recently installed Comodo Internet Security and I would like to know your
    > opinion on this application and how trustworthy it is.


    You don't need a "Personal Firewall".

    Yours,
    VB.
    --
    "Any sufficiently advanced technology is indistinguishable from magic."

    Clarke's third law

  5. #5
    1PW
    Guest

    Re: How good is Comodo Internet Security?

    On 12/23/2008 06:31 AM, nik sent:
    > Hello ppl,
    >
    > I recently installed Comodo Internet Security and I would like to know
    > your opinion on this application and how trustworthy it is.


    Comodo's _firewall_ is one of the fine replacements for the Windows
    embedded firewall. I use their free firewall myself. However, you will
    find that many of us prefer to use individual solutions for our
    computer's various security threats and *not* the all-in-one security
    "suites" that seem to promise it all.

    > Will it keep my computer safe from online attacks and viruses given I
    > don't download vicious apps myself and not visiting porn sites?


    No. Not all of our security software will protect you from your
    occasional lapses in judgment. A web site that /was/ malware free a few
    minutes ago, is not necessarily safe a few minutes from now.

    Do extensive self-paced study, You will find many satisfactory freeware
    solutions for the many facets of computer security threats.

    --
    1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

  6. #6
    Kayman
    Guest

    Re: How good is Comodo Internet Security?

    On Tue, 23 Dec 2008 16:31:16 +0200, nik wrote:

    > Hello ppl,
    > I recently installed Comodo Internet Security and I would like to know your
    > opinion on this application and how trustworthy it is.
    > Will it keep my computer safe from online attcks and viruses given I don't
    > download vicius apps myseld and not visiting porn sites?


    I'd steer away from any Internet Security Suites, they're are a waste of
    your hard-earned dollars! And (especially) 3rd party personal firewalls
    (PFW) are mostly badly coded, almost always very cumbersome to remove from
    the operating systems and more importantly don't add anything to your
    desired securitry!

    "*Security is a process not a product*" (Bruce Schneier).

    10 Immutable Laws of Security.
    http://technet.microsoft.com/en-us/l.../cc722487.aspx

    For WinXP the most dependable defenses are:-
    1. Do not work as Administrator; For day-to-day work routinely use a
    Least-privileged User Account (LUA).
    Applying the Principle of Least Privilege to User Accounts on WindowsXP
    http://technet.microsoft.com/en-us/l.../bb456992.aspx

    2. Secure (Harden) your operating system.
    http://www.5starsupport.com/tutorial...ng-windows.htm

    3. Don't expose services to public networks.
    Windows XP Service Pack 3 Service Configurations
    http://www.blackviper.com/WinXP/servicecfg.htm

    4. Keep your operating (OS) system (and all software on it)updated/patched.
    How to configure and use Automatic Updates in Windows XP
    http://support.microsoft.com/kb/306525
    http://www.update.microsoft.com/wind....aspx?ln=en-us

    4a.Got SP3 yet?
    Why Service Packs are Better Than Patches.
    http://www.microsoft.com/technet/arc....mspx?mfr=true

    5. Reconsider the usage of IE and OE.
    Utilizing another browser application and e-mail provider can add to the
    overall security of the OS.
    Consider: Opera,FireFox or Seamonkey and PegasusMail,Thunderbird,or WLM.

    5a.If you insist using IE - Secure (Harden) Internet Explorer.
    Internet Explorer7 Desktop Security Guide.
    http://www.microsoft.com/downloads/d...displaylang=en

    6. Review your installed 3rd party software applications/utilities; Remove
    clutter, *including* all Anti-WhatEver ware and 3rd party software
    personal firewall application (PFW) - the one which claims:
    "It can stop/control malicious outbound traffic".

    7. If on dial-up Internet connection, activate the build-in firewall.
    Windows XP: How to turn on your firewall.
    http://www.microsoft.com/protect/com...rewall/xp.mspx

    7a.Configure Windows by using:
    Seconfig XP 1.1
    http://seconfig.sytes.net/

    7b.If on high-speed Internet connection use a Router and implement
    Countermeasures against DNSChanger.
    http://extremesecurity.blogspot.com/...-hijacked.html

    7c.And (just in case) Wired Equivalent Privacy (WEP) has been superseded by
    Wi-Fi Protected Access (WPA).

    8. Utilize one (1) each 'real-time' anti-virus and anti-spy application.
    Consider: Avira AntiVir PersonalEdition Classic - Free
    and Windows Defender.

    9. Employ back-up application(s).
    Windows XP Backup Made Easy
    http://www.microsoft.com/windowsxp/u..._03july14.mspx
    Consider: Acronis, Casper or Norton Ghost and ERUNT.

    9a.Utilize vital operating system monitor utilities/applications.
    Consider: Process Explorer, AutoRuns, TCPView, WALLWATCHER, Wireshark,
    Port Reporter etc.

    10.Routinely practice Safe-Hex.
    http://www.claymania.com/safe-hex.html

    The least preferred defenses are:-
    Myriads of popular anti-whatever (*real-time*) applications and staying
    ignorant.

    Note:
    Avoiding Rootkit Infection.
    "The rules to avoid rootkit infection are for the most part the same as
    avoiding any malware infection however there are some special
    considerations:
    Because rootkits meddle with the operating system itself they *require*
    full Administrator rights to install. Hence infection can be avoided by
    running Windows from an account with *lesser* privileges" (LUA in XP and
    UAC in Vista).

    Good luck :)

  7. #7
    nik
    Guest

    Re: How good is Comodo Internet Security?



    Ο "VanguardLH" <V@nguard.LH> *γραψε στο μήνυμα
    news:giri1l$vbc$1@news.motzarella.org...
    >
    > nik wrote:
    >
    >> Hello ppl,
    >>
    >> I recently installed Comodo Internet Security and I would like to know
    >> your
    >> opinion on this application and how trustworthy it is.
    >> Will it keep my computer safe from online attcks and viruses given I
    >> don't
    >> download vicius apps myseld and not visiting porn sites?

    >


    > CIS all components: No.
    > CIS with all but antivirus: Yes.
    > Add a good antivirus program (Avast, Avira).
    > Logon under a limited Windows account, or run Internet-facing apps, like
    > the web browser, under LUA token, in an isolated environment, under
    > tighter policies, or sandboxed.
    >

    First of all thank you very much fopr your thorough answer.

    I have decided to keep CPF but I have removed the antivirus component as you
    said.

    As for AV Avira is very ncie I used it and avast too but a new player seems
    stronger than those 2 avs are.
    Its name is Ikarus Virus Utilities v1.0.91

    I have just installed it and it has detected trojan dropper and infection
    that avira and avast couldn’t detect.
    So iam keep ikarus but as a con its very heavey prodeuct because I have
    onl;y 512 MB of sdram.

    Now whats your opinion about Ikarus? have you tried it out yourself?

    as for the LUA ia have always used xp and logged in as an administrator.
    you mean I should create a new user account but limited or a guest one and
    use that?

    but then hopw will I be able to install new application if iam on LUA mode?

    As for a browser iam currently using Google's Chrome. If I use Sandbox will
    it be able to save files from web pages on my hdd?


  8. #8
    Wolfgang Kueter
    Guest

    Re: How good is Comodo Internet Security?

    nik wrote:

    > as for the LUA ia have always used xp and logged in as an administrator.
    > you mean I should create a new user account but limited


    Yiu should have done that in the first minute after installing XP.

    > or a guest one and
    > use that?
    >
    > but then hopw will I be able to install new application if iam on LUA
    > mode?


    Just the normal way:

    - log out as user
    - log in as administrator, install the software
    - log out as administrator
    - log in as user and use the software

    Wolfgang

  9. #9
    nik
    Guest

    Re: How good is Comodo Internet Security?



    Ο "Wolfgang Kueter" <wolfgang@shconnect.de> *γραψε στο μήνυμα
    news:gittlv$sgs$1@news.shlink.de...
    >
    > nik wrote:
    >
    >> as for the LUA ia have always used xp and logged in as an administrator.
    >> you mean I should create a new user account but limited

    >
    > Yiu should have done that in the first minute after installing XP.


    I just created one right now although it feel unfamiliar with it :-)

    >> or a guest one and
    >> use that?
    >>
    >> but then hopw will I be able to install new application if iam on LUA
    >> mode?

    >
    > Just the normal way:
    >
    > - log out as user
    > - log in as administrator, install the software
    > - log out as administrator
    > - log in as user and use the software


    Well iam a kind of guy that tries out every day new applications and games.

    It will be a tedious task having each time iw ant to install an app logging
    out and logging in again 4 times.

    Is there a way while being in LUA mode to be able to install new
    applications or remove old ones without having to logout and login again as
    admin and then logout again so to use them?

    Something similar to linux which just by providing the root password while
    so one can make system wide changes.

    Is there an option on LUA to run/install somehtign as addministrator?


  10. #10
    VanguardLH
    Guest

    Re: How good is Comodo Internet Security?

    nik wrote:

    > Ikarus Virus


    It isn't that new. I just found a blog that mentions it back in October
    2007 (http://www.av-comparatives.org/weblog/?p=78). Yet I don't see
    Ikarus listed in any of their comparative reports (to see how well is
    its coverage). I did find a Sep 2007 white paper there for a separate
    test (http://av-comparatives.org/seiten/er...e/ikarus07.pdf). Read
    the last sentence of section 4. Maybe they've gotten better since then
    regarding false positives, so that it detected something not found by
    other antivirus programs may simply mean it was a false positive. Did
    you ever submit the suspect file to the multi-scanner sites of
    VirusTotal (http://www.virustotal.com/) or Jotti
    (http://virusscan.jotti.org/)?

    http://www.ikarus.at/
    Never trialed it. I'll wait until they get an English version web site.

    > as for the LUA ia have always used xp and logged in as an
    > administrator. you mean I should create a new user account but
    > limited or a guest one and use that?
    >
    > but then hopw will I be able to install new application if iam on LUA
    > mode?


    You can choose to create a new Windows account that is a limited
    (standard) account. That will restrict what you can do, and what
    malware can do, too. Of course, to install software you will probably
    have to logoff and logon under an admin-level account. This is a
    nuisance but has been a long-time recommendation by those that don't
    want to bother using protection utilities on their web browser while
    logged under an admin-level account. Using a limited Windows account
    is a lot of hassle but it does have some advantages. I have way to
    many duties and activities that require using an admin-level account to
    waste my time trying to use a limited Windows account. I'd be
    repeatedly bouncing between my standard and admin-level accounts during
    the day.

    A process can be made to run under a LUA (limited user account) token.
    That is, the process will have the same privileges as that token. Since
    the token has the limitation of a standard user account, that process
    is also limited. But that only applies when you run that process under
    the limited environment. When using DropMyRights, SysInternals'
    psexec, or other such utilities that run the child process under
    limited privileges, only the process they start is limited. So if you
    use them to start the web browser, that instance of the web browser is
    limited and you get more protection. If you do not use them to start
    the web browser but instead start the web browser directly, you are
    running an unlimited browser process just like you are now. Since
    these utilities only limit the process they start, they will not limit
    the same process started by some other application, like e-mail. So
    they do not help to limit the browser when, say, you click on a URL in
    an e-mail. The only time you'll have a limited browser is when you
    specifically use these utilities to drop their privileges. Unless you
    use these utilities to load the web browser, your web browser will be
    running unlimited.

    The author of DropMyRights also wrote a RunSafer utility. It modifies
    policies for the application to reduce its privileges. That means that
    program will always run limited no matter what application started it.
    However, when you need to run unlimited, like when visiting Windows
    Update, doing an Adobe Flash update, etc., you can't until you rerun
    that utility to remove those limiting policies. The same is true of
    Online Armor and its Run Safer option you can enable on an application.
    It will always run that application under limited privileges and you're
    stuck having to wade through their config screens to disable the Run
    Safer option and then go start that application. A lot of hassle.

    GeSWall is both a policy enforcer and a near-sandbox. Not only does
    GeSWall enforce the limited privileges of running a process under a LUA
    token but restricts it even further as to where in the registry and
    file system that the restricted process can write or read. Anything
    downloaded by that restricted process is tracked as untrusted and
    you'll get warned when you try to run it that it is untrusted. If the
    payload gets ran, like using a buffer overrun exploit, it is ran inside
    the isolated mode in which that restricted process is running under
    control of GeSWall. A sandbox, like Sandboxie, is even more
    restrictive than GeSWall but also more a nuisance to use if you do want
    to keep something of your browser session. The next further
    restrictive step is to use a virtual machine.

    You could just use DropMyRights or SysInternals psexec to limit the web
    browser only when you want it limited, like making a shortcut for it on
    your desktop and Quicklaunch toolbar. However, that would be the only
    time your browser is limited. Clicking on a URL link in an e-mail or
    some application whose help uses the browser to look at the online
    pages for that help would mean that browser is unlimited. One some of
    my hosts, I use GeSWall to automatically ensure that every web browser
    instance is limited and also isolated no matter who started it, plus I
    can easily switch back to non-isolated, unlimited mode for the browser
    just by clicking a "G" button in the titlebar. One some of my other
    hosts, I don't use GeSWall and instead just use the SysInternals'
    psexec program (or I could use DropMyRights) to limit just the
    instances of the browser that I choose to start. Depends on the
    software config on a host and how comfortable you feel with what level
    of interfering security. All security interferes with your work, some
    methods being worst than others.

    > As for a browser iam currently using Google's Chrome. If I use Sandbox
    > will it be able to save files from web pages on my hdd?


    Google bought GreenBorder which was a sandboxing utility. They
    incorporated it into their Chrome web browser. There is also
    separation between each tab that you open in that it starts another
    process plus each is using the GreenBorder technology to sandbox each
    tab's process. I haven't experimented much with Chrome. While it does
    have some very good advances for web browser features, I simply don't
    like it. Not just because of its slimlined UI but mostly for a lack of
    features along with the lack of an army of add-ons to customize it. For
    one, when using a sandbox for the web browser, like Sandboxie, I can
    choose to keep some content from sandboxed environment when I close the
    browser. Can't do that with the sandboxed tab processes for Chrome.
    If wanted to go further than GeSWall to limit and protect my web
    browsers, I'd probably look into Sandboxie (alas, their free version is
    just too crippled in that it won't protect all instances of an
    application no matter who starts it and it turns into nagware after the
    30-day trial). I do hope that it will spur Microsoft and Mozilla to
    incorporate similar sandboxing into their browsers. See Google's comic
    strip for more info about Chrome and its limited sandboxing scheme on
    page 25 at:

    http://www.google.com/googlebooks/chrome/

  11. #11
    Ansgar -59cobalt- Wiechers
    Guest

    Re: How good is Comodo Internet Security?

    nik <nikos1337@gmail.com> wrote:
    > ? "Wolfgang Kueter" <wolfgang@shconnect.de> ?????? ??? ??????
    >> nik wrote:
    >>> but then hopw will I be able to install new application if iam on LUA
    >>> mode?

    >>
    >> Just the normal way:
    >>
    >> - log out as user
    >> - log in as administrator, install the software
    >> - log out as administrator
    >> - log in as user and use the software

    >
    > Well iam a kind of guy that tries out every day new applications and
    > games.
    >
    > It will be a tedious task having each time iw ant to install an app
    > logging out and logging in again 4 times.


    "Fast User Switching" or "Run As..." come to mind ...

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  12. #12
    Ansgar -59cobalt- Wiechers
    Guest

    Re: How good is Comodo Internet Security?

    VanguardLH <V@nguard.lh> wrote:
    > A process can be made to run under a LUA (limited user account) token.
    > That is, the process will have the same privileges as that token. Since
    > the token has the limitation of a standard user account, that process
    > is also limited. But that only applies when you run that process under
    > the limited environment. When using DropMyRights, SysInternals'
    > psexec, or other such utilities that run the child process under
    > limited privileges, only the process they start is limited. So if you
    > use them to start the web browser, that instance of the web browser is
    > limited and you get more protection.


    Since Microsoft has documented that the *desktop* not the process is the
    security boundary with Windows, that's most definitely *not* what you
    want to do. Instead you want to create an LUA, do your everyday work
    with that account, and only switch to an admin account to do
    administrative work.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  13. #13
    VanguardLH
    Guest

    Re: How good is Comodo Internet Security?

    Ansgar -59cobalt- Wiechers wrote:

    > VanguardLH <V@nguard.lh> wrote:
    >> A process can be made to run under a LUA (limited user account) token.
    >> That is, the process will have the same privileges as that token. Since
    >> the token has the limitation of a standard user account, that process
    >> is also limited. But that only applies when you run that process under
    >> the limited environment. When using DropMyRights, SysInternals'
    >> psexec, or other such utilities that run the child process under
    >> limited privileges, only the process they start is limited. So if you
    >> use them to start the web browser, that instance of the web browser is
    >> limited and you get more protection.

    >
    > Since Microsoft has documented that the *desktop* not the process is the
    > security boundary with Windows, that's most definitely *not* what you
    > want to do. Instead you want to create an LUA, do your everyday work
    > with that account, and only switch to an admin account to do
    > administrative work.
    >
    > cu
    > 59cobalt


    Huh? Just where did I ever mention the desktop process (the first
    instance of explorer.exe) being the parent of all processes? It can be.
    It might not. I said these utilities only limited the child process it
    starts and why they are NOT complete solutions if and only if you demand
    that all instances of a particular process be limited. The part you
    snipped out was were I mentioned that other solutions take care of
    limiting ALL instances of that program no matter how it was started.
    Some folks like it always protected (but might also want some means of
    temporarily disabling the protection) so the method of using a utility
    for those instances you want to protect is what they want. They don't
    want to use a limited Windows account. Some want all instances
    protected for only some programs but not all of them so the 3rd party
    utilities, like GeSWall, DefenseWall, Bufferzone, Sandboxie, SafeSpace,
    etc., let them default to limiting those processes but they still have
    an "out" when limiting the process makes it unusable.

    Please provide a references to that Microsoft documentation.

    The "desktop" is just explorer.exe handling it. You could, if you
    wanted to and found one that was usable, replace that desktop program
    with some 3rd party program. Securing the boundary of a process is how
    you secure it. You don't need to backtrack through every parent process
    in the chain since it isn't the parent(s) that are committing the
    actions that you want to secure. Even the 3 techniques that Microsoft
    went with in Vista (User Access Control, Mandatory Integrity Control,
    and User Interface Privilege Isolation) do not try to secure at the
    desktop since only sometimes is that instance of explorer.exe the parent
    process.

    http://blogs.msdn.com/ie/archive/2006/02/09/528963.aspx

    I never said that the desktop (first explorer.exe instance) is what you
    run using an LUA token and then hope every child process started by it
    is then also ran with limited privileges. I didn't say that every
    process that the user starts, that is started as a child process, is
    scheduled, or otherwise started is a child of the desktop process. I
    said you use the LUA token on the process (program) that you want to
    restrict - at the level at which you which to enforce those limitations
    and for every child process started thereafter from that limited parent
    process.

    The majority of your programs are local and don't need to be limited.
    It is your Internet-facing apps that you want to limit, with the web
    browser being the primary target and e-mail client is the 2nd target.
    I'd like to see just how productive you would be in a software QA
    position in trying to install, uninstall, and debug programs while under
    a limited Windows account. Whether a limited Windows account is the
    solution depends entirely on how you use your own host and for what
    tasks. Hell, even many games won't play under a limited account. You
    say to only switch to an admin-level account when there are admin tasks
    to perform. What if those admin tasks constitute the large number or
    majority of the user's tasks? Security is great but ONLY if it doesn't
    get in the way of the user performing the tasks they want to perform.
    So how many multiple levels of doors do you lock when you leave your
    house? After you starting adding several levels, when would you realize
    that they are getting too much in your way?

    Your browser running under a limited (standard) Windows account or
    loaded under restrictions of a LUA token while you are logged in as an
    admin will still have the same set of limited privileges. You haven't
    gained anything going to a limited Windows account for the browser that
    you couldn't have had while running it under an admin account with the
    same limitations. The same loss of privileges for the web browser
    occurs under the limited account or under the LUA token.

    If you want to see what privileges your browser has, get SysInternals'
    Process Explorer. Right-click on the browser process in Process
    Explorer and look at its properties to see it security properties
    (privileges). You don't have any more privileges running under a LUA
    token under an admin account as you do for it running under a limited
    account.

    http://msdn.microsoft.com/en-us/libr...83(VS.85).aspx

    1) Limited account + web browser
    2) Admin account + web browser + LUA token
    Same reduced privileges for both 1 and 2.

    Also, running with reduced privileges is only one layer in malware
    protection. Don't expect it to protect you from all pests. Do you
    think Google Earth cannot be installed under a limited account? It
    installs because it simply deposits (copies) files into the user's
    profile path to which they have write access, and it will run from there
    because the user had execute permissions there, too. The "install" is
    simply a copy and it will run under that limited account. That the
    payload cannot perform some functions doesn't prevent it from, say,
    deleting all your files since the user under a limited account can do
    that, too. Don't expect limited privileges to provide some magic bullet
    against malware. It's just another layer of protection.

  14. #14
    VanguardLH
    Guest

    Re: How good is Comodo Internet Security?

    Ansgar wrote:

    > nik wrote:
    >>
    >> Wolfgang Kueter wrote:
    >>>
    >>> nik wrote:
    >>>> but then hopw will I be able to install new application if iam on
    >>>> LUA mode?
    >>>
    >>> Just the normal way: - log out as user - log in as administrator,
    >>> install the software - log out as administrator - log in as user
    >>> and use the software

    >>
    >> It will be a tedious task having each time iw ant to install an app
    >> logging out and logging in again 4 times.

    >
    > "Fast User Switching" or "Run As..." come to mind ...


    Providing the host has enough memory to accommodate leaving all the
    processes running from the limited account so you can switch to another
    admin-level account. Fast User Switching leaves all the processes
    running. Plus is isn't just software installs for why users may need
    to be logged under an admin-level account. Fast User Switching (FUS)
    will add 10MB of memory consumption to each context (each active
    account), and then there's the memory consumed by each application you
    run in the other concurrent active account. That 10MB can vary widely
    greatly depending on how many startup programs are loaded when you open
    the other account through FUS (Startup folder, Run registry key,
    winlogon events, and other startup locales in the registry); however,
    you really shouldn't be loading much in your admin-level account but
    even the security programs will consume memory.

    There are also some applications that won't run under Fast User
    Switching (because they won't run concurrently under multiple active
    Windows accounts). Some clipboard manager utilities come to mind. They
    weren't designed to have multiples of themself running as the same time,
    especially under different accounts with different privileges
    (policies). The were designed to run under an NT environment but not
    under a multi-user environment. The user would have to ensure that such
    programs did not get loaded on login for the admin-level account to
    prevent the duplicity. Yeah, you could get rid of this software but it
    might be something you really want or truly need to do your work. The
    point of the computer is to do the tasks that you want. You pick your
    applications based on your needs and then choose the OS. The other way
    around has you selecting the OS and using its security features but
    maybe losing critical applications because they won't work under
    concurrent active accounts. You need the application first (to do your
    required tasks), not the OS (which is just the plate on which you serve
    the meal). Also, in the KB 294739 article below, you might have
    installed (or you might later install) an app that interferes with Fast
    User Switching (FUS). There have been many users that complained that
    they were using FUS and then it stopped working. I believe another
    reason FUS stops working is if the user enabled offline files
    (http://support.microsoft.com/kb/307853). It is also possible to
    programmatically enable/disable FUS or do it via a registry edit, which
    means malware can do it, too.

    There is also the problem of trying to share resources across the
    multiple active accounts. An open file handle for a file in folder
    could cause problems in the other account that wants to delete the
    folder or have write permission to that file.

    Remember that Fast User Switching is *not* available when connected to a
    domain for Windows XP (it is available when on a domain when using
    Vista). It is only available in a workgroup setting because it only
    lets you switch between local accounts. nik never mentioned WHICH
    version of Windows that he is using, or if he is logging onto a domain
    or logging on locally (into a workgroup). Read
    http://support.microsoft.com/?kbid=294739 and
    http://windowsitpro.com/article/arti...indows-xp.html.

    As I recall, if Fast User Switching is enabled, you're stuck having to
    use the Fisher-Price Welcome Screen in order to select the other account
    to switch to. This is one of the first tweaks I do after a WinXP
    install to get rid of the Fisher-Price fluff crap. Note that you should
    NEVER use the Administrator account even to do admin tasks. Always
    create another admin-level account (i.e., in the Administrators group)
    and use that one. If your Administrator profile gets corrupt and you
    cannot load its desktop, you're screwed, so use a secondary admin-level
    account and leave the Administrator account completely alone except in
    case of extreme emergency. The Administrator account will disappear
    from the Welcome Screen once you define another admin-level account (a
    registry hack can put it back, or twice tap the Ctrl+Alt+Del key combo
    to bring up the classic login screen).

    When using the Welcome Screen, you divulge half your logon credentials
    to anyone that can see that screen, like when letting other users use
    your host (even when using their own accounts). Besides trying to get
    my password, I'd also like to make they try getting my logon name.

    Some users like to leave the password blank to their account for ease in
    logging in although it removes a major security feature of NT-based
    Windows. FUS requires that at least one of the accounts between which
    you are switching has a non-blank password.

    Be careful of locking yourself out of your accounts. A security policy
    locks an account if too many unsuccessful logon attempts are executed
    against an account. You can see these values in the group policy editor
    (gpedit.msc) or local security policy editor (secpol.msc). If you are
    the only user of your host, this probably won't happen. If you let
    others share your host and they use FUS to try cycling to another
    account and do it enough times then they could lockout your account(s).
    If you share and use FUS, you might want to reconsider the current
    settings for the lockout security policies (to shorten the lockout
    period and the number of bad attempts). If you're on a domain, you
    don't get to modify those policies that get pushed to your host (unless
    you have an admin login on the domain that gives you privileges to your
    own host to make registry edits using .reg files in your Startup
    folder).

    Many software installs that require admin privileges to complete will
    also require a reboot. That means you will be slamming your other
    account that you switched away from but which may still have
    applications running and open files. Make sure to close all apps in the
    other non-admin account before you permit the reboot for the install in
    the admin account (hopefully the install will prompt for a reboot
    instead of just doing it without permission).

    I haven't bothered to investigate into any security vulnerabilities of
    using Fast User Switching simply because I don't use it myself (i.e.,
    for me, any vulnerabilities would be a non-issue).

    There can be advantages to Fast User Switching. There can also be
    disadvantages and pitfalls but if you can avoid them without losing any
    tasks that you need to perform then it's one way to do most of your
    tasks under a limited account and have an admin-level account within
    easy reach.

  15. #15
    Ansgar -59cobalt- Wiechers
    Guest

    Re: How good is Comodo Internet Security?

    VanguardLH <V@nguard.lh> wrote:
    > Ansgar wrote:
    >> nik wrote:
    >>> Wolfgang Kueter wrote:
    >>>> nik wrote:
    >>>>> but then hopw will I be able to install new application if iam on
    >>>>> LUA mode?
    >>>>
    >>>> Just the normal way: - log out as user - log in as administrator,
    >>>> install the software - log out as administrator - log in as user
    >>>> and use the software
    >>>
    >>> It will be a tedious task having each time iw ant to install an app
    >>> logging out and logging in again 4 times.

    >>
    >> "Fast User Switching" or "Run As..." come to mind ...

    >
    > Providing the host has enough memory to accommodate leaving all the
    > processes running from the limited account so you can switch to
    > another admin-level account. Fast User Switching leaves all the
    > processes running. Plus is isn't just software installs for why users
    > may need to be logged under an admin-level account. Fast User
    > Switching (FUS) will add 10MB of memory consumption to each context
    > (each active account), and then there's the memory consumed by each
    > application you run in the other concurrent active account.


    In a day and age where RAM is measured in GB rather than MB, and for a
    system with only a single user like the OP seems to have, that's hardly
    a problem.

    [...]
    > There are also some applications that won't run under Fast User
    > Switching (because they won't run concurrently under multiple active
    > Windows accounts). Some clipboard manager utilities come to mind.
    > They weren't designed to have multiples of themself running as the
    > same time, especially under different accounts with different
    > privileges (policies). The were designed to run under an NT
    > environment but not under a multi-user environment.


    Don't use b0rken software. Problem solved.

    [...]
    > Note that you should NEVER use the Administrator account even to do
    > admin tasks.


    That's plain and utter nonsense. I'd like to see a single valid reason
    for this ridiculous claim.

    > Always create another admin-level account (i.e., in the Administrators
    > group) and use that one. If your Administrator profile gets corrupt
    > and you cannot load its desktop, you're screwed, so use a secondary
    > admin-level account and leave the Administrator account completely
    > alone except in case of extreme emergency.


    Boot the recovery console, rename the administrator profile, reboot, log
    in as administrator. A new profile will be created. Not that it were a
    bad thing to have a backup admin account, it's just not necessary.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  16. #16
    Ansgar -59cobalt- Wiechers
    Guest

    Re: How good is Comodo Internet Security?

    VanguardLH <V@nguard.lh> wrote:
    > Ansgar -59cobalt- Wiechers wrote:
    >> VanguardLH <V@nguard.lh> wrote:
    >>> A process can be made to run under a LUA (limited user account) token.
    >>> That is, the process will have the same privileges as that token. Since
    >>> the token has the limitation of a standard user account, that process
    >>> is also limited. But that only applies when you run that process under
    >>> the limited environment. When using DropMyRights, SysInternals'
    >>> psexec, or other such utilities that run the child process under
    >>> limited privileges, only the process they start is limited. So if you
    >>> use them to start the web browser, that instance of the web browser is
    >>> limited and you get more protection.

    >>
    >> Since Microsoft has documented that the *desktop* not the process is the
    >> security boundary with Windows, that's most definitely *not* what you
    >> want to do. Instead you want to create an LUA, do your everyday work
    >> with that account, and only switch to an admin account to do
    >> administrative work.

    >
    > Huh? Just where did I ever mention the desktop process (the first
    > instance of explorer.exe) being the parent of all processes?


    You didn't. And I never said you did. You missed my point.

    > It can be. It might not. I said these utilities only limited the
    > child process it starts and why they are NOT complete solutions if and
    > only if you demand that all instances of a particular process be
    > limited. The part you snipped out was were I mentioned that other
    > solutions take care of limiting ALL instances of that program no
    > matter how it was started. Some folks like it always protected (but
    > might also want some means of temporarily disabling the protection) so
    > the method of using a utility for those instances you want to protect
    > is what they want. They don't want to use a limited Windows account.
    > Some want all instances protected for only some programs but not all
    > of them so the 3rd party utilities, like GeSWall, DefenseWall,
    > Bufferzone, Sandboxie, SafeSpace, etc., let them default to limiting
    > those processes but they still have an "out" when limiting the process
    > makes it unusable.
    >
    > Please provide a references to that Microsoft documentation.


    http://support.microsoft.com/default...b;en-us;327618

    The article refers to system services, but of course the very same
    applies to all interactive processes (read: processes with windows
    attached to them) running with elevated privileges.

    > The "desktop" is just explorer.exe handling it.


    Ummm... yes, I am well aware that explorer.exe manages the desktop. I'm
    also aware of how the default shell can be changed. However, that
    doesn't change a single thing about how the window messaging system
    works.

    > You could, if you wanted to and found one that was usable, replace
    > that desktop program with some 3rd party program. Securing the
    > boundary of a process is how you secure it.


    Unfortunately it's not that easy, since the Windows GUI adds another
    method for IPC (sending messages between windows) that does not have any
    security system at all (or, judging from the blog article you mentioned
    below, did not have one before Vista). That leaves it up to each single
    programmer to handle incoming messages, and Visual Studio's default is,
    of course, to use the default handlers provided by Microsoft.

    Apparently Vista introduced some kind of privilege separation there, so
    Vista may be fine (assuming that this system is working in the first
    place). However, if the OP uses XP or earlier (not sure if he does,
    AFAICS he didn't mention his OS) that simply won't work.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  17. #17
    nik gr
    Guest

    Re: How good is Comodo Internet Security?



    "Ansgar -59cobalt- Wiechers" <usenet-2008@planetcobalt.net>
    news:giulvoUbvrL2@news.in-ulm.de...
    >
    > VanguardLH <V@nguard.lh> wrote:
    >> A process can be made to run under a LUA (limited user account) token.
    >> That is, the process will have the same privileges as that token. Since
    >> the token has the limitation of a standard user account, that process
    >> is also limited. But that only applies when you run that process under
    >> the limited environment. When using DropMyRights, SysInternals'
    >> psexec, or other such utilities that run the child process under
    >> limited privileges, only the process they start is limited. So if you
    >> use them to start the web browser, that instance of the web browser is
    >> limited and you get more protection.

    >
    > Since Microsoft has documented that the *desktop* not the process is the
    > security boundary with Windows, that's most definitely *not* what you
    > want to do.


    I didn't understand these sentense. Can you please put it simpler?

    > Instead you want to create an LUA, do your everyday work
    > with that account, and only switch to an admin account to do
    > administrative work.


    But as an aswer to me in a previous post in this thread you said that
    administrative tasks can be done with ease by selecting "Run as..." within a
    LUA. Correct?
    So, why switching back and forth from LUA to admin-level when he can do out
    admin task within our LUA enviroment?



  18. #18
    nik gr
    Guest

    Re: How good is Comodo Internet Security?



    Ο "VanguardLH" <V@nguard.LH> *γραψε στο μήνυμα
    news:giut1p$7ra$1@news.motzarella.org...

    > 1) Limited account + web browser
    > 2) Admin account + web browser + LUA token


    Very nice and straightforward comparisation.

    > Same reduced privileges for both 1 and 2.


    But PLUS extra functionality in case (2) where all admin tasks such
    (install, update, remove.debug) can be performed with ease and without the
    hassle of switchign back and forth to deifferent-level accounts.

    > Also, running with reduced privileges is only one layer in malware
    > protection. Don't expect it to protect you from all pests. Do you
    > think Google Earth cannot be installed under a limited account? It
    > installs because it simply deposits (copies) files into the user's
    > profile path to which they have write access, and it will run from there
    > because the user had execute permissions there, too. The "install" is
    > simply a copy and it will run under that limited account. That the
    > payload cannot perform some functions doesn't prevent it from, say,
    > deleting all your files since the user under a limited account can do
    > that, too. Don't expect limited privileges to provide some magic bullet
    > against malware. It's just another layer of protection.


    a) At that point can you please explain to me the GREATEST REASONS of
    running under a windows limited account or running under LUA token under
    admin account opposed of running as iam now, which is JUST PURE admin level?

    I would be understanding this better if you can tell me in case of an
    ypothetical infection of a malware (i.e.trojan horse) what this can do to an
    admin level account that wouldn’t be able to do in a limited account.

    Lets say the infection came place from firefox visiting an infected webpage.


    b) One last thing folks I would like to ask is for example lest say I keep
    using my admin account running my internet-facsing apps apps full
    privileged.

    Why do all the security stuff you mentioned when I have CPF installed on my
    admin account which is eligible to notify me on EVERY malicious possible
    action a malware that’s found its way into my system trying to perform?

    If ti tried to put itself on winxp startup it will tell me about it and I
    block it, same way if it tries to inject data to another proccess I will be
    notified and block it, or if it tries to use windows services to abuse them
    and hide it self I will also be notified to blcom it.

    So ig I have such good protection with CPF why bother installing software
    like DropMyRigths or 'psexec'? CPF is a tough cop and spy as to what happens
    on my system and NOTHING WILL EVER BE INSTALLED OR DO SOEMTHIGN HARMUFULL
    WITHOUT ME KNOWING ABOUT IT AND ALLOW IT?

    Won't you agree with me?!



  19. #19
    VanguardLH
    Guest

    Re: How good is Comodo Internet Security?

    Ansgar -59cobalt- Wiechers wrote:

    > VanguardLH <V@nguard.lh> wrote:
    >> Ansgar wrote:
    >>> nik wrote:
    >>>> Wolfgang Kueter wrote:
    >>>>> nik wrote:
    >>>>>> but then hopw will I be able to install new application if iam on
    >>>>>> LUA mode?
    >>>>>
    >>>>> Just the normal way: - log out as user - log in as administrator,
    >>>>> install the software - log out as administrator - log in as user
    >>>>> and use the software
    >>>>
    >>>> It will be a tedious task having each time iw ant to install an app
    >>>> logging out and logging in again 4 times.
    >>>
    >>> "Fast User Switching" or "Run As..." come to mind ...

    >>
    >> Providing the host has enough memory to accommodate leaving all the
    >> processes running from the limited account so you can switch to
    >> another admin-level account. Fast User Switching leaves all the
    >> processes running. Plus is isn't just software installs for why users
    >> may need to be logged under an admin-level account. Fast User
    >> Switching (FUS) will add 10MB of memory consumption to each context
    >> (each active account), and then there's the memory consumed by each
    >> application you run in the other concurrent active account.

    >
    > In a day and age where RAM is measured in GB rather than MB, and for a
    > system with only a single user like the OP seems to have, that's hardly
    > a problem.


    Which also means the OS and apps will fill up more as there is more
    available. Users still have to limit what they can concurrently have
    running if they also want their host to remain responsive.

    >> There are also some applications that won't run under Fast User
    >> Switching (because they won't run concurrently under multiple active
    >> Windows accounts). Some clipboard manager utilities come to mind.
    >> They weren't designed to have multiples of themself running as the
    >> same time, especially under different accounts with different
    >> privileges (policies). The were designed to run under an NT
    >> environment but not under a multi-user environment.

    >
    > Don't use b0rken software. Problem solved.


    Not your choice. Sometimes no other choice is available to the user,
    either. Again, you first choose the apps that do your tasks. The OS is
    secondary and consequential to the apps that you must use. So are you
    going to pay another $20,000 for some other somewhat but not exactly
    equivalent vertical app that was coded specifically to your small
    company's needs when the programmer is no longer around to recode that
    old software to rewrite a new version from scratch?
    Apps first, OS second.

    >> Note that you should NEVER use the Administrator account even to do
    >> admin tasks.

    >
    > That's plain and utter nonsense. I'd like to see a single valid reason
    > for this ridiculous claim.


    The part you chose to deliberately snip out gave the reason. The
    solution you provide below regarding the cause that you snipped out may
    not be an option at the time the problem occurs.

    > Boot the recovery console, rename the administrator profile, reboot, log
    > in as administrator. A new profile will be created. Not that it were a
    > bad thing to have a backup admin account, it's just not necessary.


    The vast number of users do NOT install the Recovery Console (.dat image
    file) to have it easily available as a boot-time selection. They have
    to go hunting for their install CD - if they have one since many
    pre-builts only include a recovery CD with an image or no CD at all and
    the recovery image is in a hidden hard disk partition, and for both are
    not usable for booting to the Recovery Console. Also, if the user has
    SATA drives, they then have to go hunting for a floppy on which they
    have previously stored the SATA drivers and then remember to hit F6 at
    the start of the load of the Recovery Console.

    Most users don't even do backups whether logical file backups or image
    backups. And you think they're going to have the Recovery Console
    setup? Uh huh.

  20. #20
    VanguardLH
    Guest

    Re: How good is Comodo Internet Security?

    Ansgar -59cobalt- Wiechers wrote:

    > VanguardLH <V@nguard.lh> wrote:
    >>
    >> Please provide a references to that Microsoft documentation.

    >
    > http://support.microsoft.com/default...b;en-us;327618


    Thanks for the info. Regarding services, my recollection is that you
    always had to design them to be non-interactive; otherwise, they could
    hang waiting for human intervention that never occurs. Back when we QA
    folks (not programmers per se) had to convert a program into a service
    using srvany, one of the requirements was that the program must not have
    any UI and require no human intervention. Of the security products that
    I've tested, some use a service but have a separate UI app to control
    its configuration or behavior.

    Regarding the messaging system between windows, that's what the
    application virtualization, sandboxing, or isolation security product is
    supposed to be controlling or restricting between the red (isolated) and
    green (non-isolated) processes.

    >> You could, if you wanted to and found one that was usable, replace
    >> that desktop program with some 3rd party program. Securing the
    >> boundary of a process is how you secure it.

    >
    > Unfortunately it's not that easy, since the Windows GUI adds another
    > method for IPC (sending messages between windows) that does not have any
    > security system at all (or, judging from the blog article you mentioned
    > below, did not have one before Vista). That leaves it up to each single
    > programmer to handle incoming messages, and Visual Studio's default is,
    > of course, to use the default handlers provided by Microsoft.


    That I didn't know. Thanks for the info. My reading of the isolation
    security apps that I was interested in was that they do control the
    window messaging between red and green apps.

Similar Threads

  1. #@*!!! Anonymous anger rampant on Internet
    By Roody in forum General Discussion Board
    Replies: 1
    Last Post: 11-03-08, 11:01 AM
  2. Internet Sharing Not Working
    By khuramyz in forum Networking Forum
    Replies: 3
    Last Post: 02-07-08, 06:58 AM
  3. Can't connect to internet, abandoned by ISP
    By cmoseman in forum General Broadband Forum
    Replies: 8
    Last Post: 11-07-07, 01:14 PM
  4. 'Homeland Security wants master key for the Internet'
    By Brk in forum General Discussion Board
    Replies: 13
    Last Post: 04-03-07, 12:54 AM
  5. U.S.-Mexico Agreement Provides Social Security Funds to Illegal Aliens
    By knightmare in forum General Discussion Board
    Replies: 12
    Last Post: 02-18-07, 01:52 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •