Page 2 of 2 FirstFirst 12
Results 21 to 24 of 24

Thread: How good is Comodo Internet Security?

  1. #21
    Ansgar -59cobalt- Wiechers
    Guest

    Re: How good is Comodo Internet Security?

    VanguardLH <V@nguard.lh> wrote:
    > Ansgar -59cobalt- Wiechers wrote:
    >> VanguardLH <V@nguard.lh> wrote:
    >>> Providing the host has enough memory to accommodate leaving all the
    >>> processes running from the limited account so you can switch to
    >>> another admin-level account. Fast User Switching leaves all the
    >>> processes running. Plus is isn't just software installs for why
    >>> users may need to be logged under an admin-level account. Fast User
    >>> Switching (FUS) will add 10MB of memory consumption to each context
    >>> (each active account), and then there's the memory consumed by each
    >>> application you run in the other concurrent active account.

    >>
    >> In a day and age where RAM is measured in GB rather than MB, and for
    >> a system with only a single user like the OP seems to have, that's
    >> hardly a problem.

    >
    > Which also means the OS and apps will fill up more as there is more
    > available. Users still have to limit what they can concurrently have
    > running if they also want their host to remain responsive.


    If you want that you're not using Vista in the first place. Did you ever
    take a look at the ridiculous hardware requirements?

    >>> There are also some applications that won't run under Fast User
    >>> Switching (because they won't run concurrently under multiple active
    >>> Windows accounts). Some clipboard manager utilities come to mind.
    >>> They weren't designed to have multiples of themself running as the
    >>> same time, especially under different accounts with different
    >>> privileges (policies). The were designed to run under an NT
    >>> environment but not under a multi-user environment.

    >>
    >> Don't use b0rken software. Problem solved.

    >
    > Not your choice.


    Of course everyone is free to ignore the solution to their problem. They
    just shouldn't come complaining afterwards.

    > Sometimes no other choice is available to the user, either.


    And most of the time (virtually all of the time actually) it's just a
    lame excuse because the user/sysadmin is too lazy to find or switch to a
    replacement that doesn't have the disadvantages.

    [...]
    >>> Note that you should NEVER use the Administrator account even to do
    >>> admin tasks.

    >>
    >> That's plain and utter nonsense. I'd like to see a single valid
    >> reason for this ridiculous claim.

    >
    > The part you chose to deliberately snip out gave the reason. The
    > solution you provide below regarding the cause that you snipped out
    > may not be an option at the time the problem occurs.


    Actually I didn't snip out anything. It was *you* who snipped the
    still-in-place quote the lines below refer to.

    >> Boot the recovery console, rename the administrator profile, reboot,
    >> log in as administrator. A new profile will be created. Not that it
    >> were a bad thing to have a backup admin account, it's just not
    >> necessary.

    >
    > The vast number of users do NOT install the Recovery Console (.dat
    > image file) to have it easily available as a boot-time selection.


    So? The recovery console can be booted from the Windows CD/DVD.

    > They have to go hunting for their install CD -


    So? They'll have to do the very same thing everytime they want to
    install some of the bundled software. Or have to reinstall their system
    because it's FUBAR. Which'll probably happen a *lot* more frequent than
    the admin profile getting damaged to a point where the admin cannot log
    in anymore. Or at least that's my experience over the past 10 years.

    > if they have one since many pre-builts only include a recovery CD with
    > an image or no CD at all and the recovery image is in a hidden hard
    > disk partition, and for both are not usable for booting to the
    > Recovery Console.


    For those who are stuck with dysfunctional boot media the approach with
    redundant admin accounts may be the only reasonable option, I'll agree
    with you on that. However, I don't feel sorry for anyone who allowed the
    industry to screw them that much. Do not buy systems without proper
    install media. Period.

    > Also, if the user has SATA drives, they then have to go hunting for a
    > floppy on which they have previously stored the SATA drivers and then
    > remember to hit F6 at the start of the load of the Recovery Console.


    If the system was installed on a SATA drive with the controller in
    native mode, they should either have a floppy with the driver, or they
    should have the driver slipstreamed into a custom install CD/DVD. BTDT.
    And yes, that's the reasonable thing to do, because you'll need it
    anyway in case you have to re-install the system.

    If the system was installed on a SATA drive with the controller in
    legacy mode, you don't have this problem at all.

    > Most users don't even do backups whether logical file backups or image
    > backups.


    And that's a good thing how?

    > And you think they're going to have the Recovery Console setup?


    If they have a Windows CD/DVD, they do have the Recovery Console.
    Period. Besides, installing the recovery console is just as easy as
    creating an additional admin account. If you can do one, you can do the
    other. So why not just do it properly in the first place?

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  2. #22
    VanguardLH
    Guest

    Re: How good is Comodo Internet Security?

    nik gr wrote:

    > "VanguardLH" <V@nguard.LH>
    > news:giut1p$7ra$1@news.motzarella.org...
    >
    >> 1) Limited account + web browser
    >> 2) Admin account + web browser + LUA token

    >
    > Very nice and straightforward comparisation.
    >
    >> Same reduced privileges for both 1 and 2.

    >
    > But PLUS extra functionality in case (2) where all admin tasks such
    > (install, update, remove.debug) can be performed with ease and without the
    > hassle of switchign back and forth to deifferent-level accounts.


    Just to be sure, I'm just presenting an alternate to having to bounce
    back and forth between admin and non-admin accounts. For the majority
    of users, the blanket statement to do your work under a non-admin
    account is still good advice. It's just not advice that is usable by
    all users but for them they need to add more security than what they get
    just with Windows.

    > a) At that point can you please explain to me the GREATEST REASONS of
    > running under a windows limited account or running under LUA token under
    > admin account opposed of running as iam now, which is JUST PURE admin level?


    While LUA gives added security, it not a panacea. However, it may
    eliminate the need to be installing and running more security software
    that can cause conflicts between themselves, consumes more memory and
    CPU cycles, and overly restrict wanted behavior in applications than
    what would occur under a LUA. There is a lot of security software out
    there using different protection techniques and a lot of it doesn't work
    with each other. Trying to find a entire security suite that is all
    compatibile is something akin to alchemy, and what works today might not
    work tomorrow due to version changes that alters compatibility.

    > I would be understanding this better if you can tell me in case of an
    > ypothetical infection of a malware (i.e.trojan horse) what this can do to an
    > admin level account that wouldnt be able to do in a limited account.
    >
    > Lets say the infection came place from firefox visiting an infected webpage.
    >
    > b) One last thing folks I would like to ask is for example lest say I keep
    > using my admin account running my internet-facsing apps apps full
    > privileged.
    >
    > Why do all the security stuff you mentioned when I have CPF installed on my
    > admin account which is eligible to notify me on EVERY malicious possible
    > action a malware thats found its way into my system trying to perform?


    The HIPS (Defense+) portion of CFP might prompt when it sees the small
    payload delivered by a buffer overrun (assuming the app was allowed to
    continue running upon the detected buffer overrun which SafeSurf is
    supposed to catch). You would have to allow that code to load and run
    by answering OK to the prompt. However, since the payload is running
    within the same process or as a child of it, and since you permitted the
    parent app to load (it's something you do want to run) then you might
    not get a prompt. Back in version 2 of CFP, you could have it alert
    when a parent wanted to start a child process. I don't recall if they
    carried that forward to version 3. It isn't available in Online Armor.
    I do know that when you okay a process, and if you have it in Paranoia
    mode, that any additional behaviors detected later for the same app will
    get prompted and it'll be up to you to figure out at that time if you
    want to allow the additional behaviors. The problem here is that an app
    may not exercise all its behaviors during your initial use of it, so as
    you continue using the app then CFP will alert when you later trigger
    the additional behaviors in that app. That's why HIPS, especially at an
    extreme alert level, can be daunting to the typical user to figure out
    how to properly configure for a good app. Both Comodo and OA provide
    whitelists for many known good apps to reduce this prompting but CFP
    doesn't use them in its paranoia mode (because that mode is what you
    selected to have it prompt you about every behavior).

    > If ti tried to put itself on winxp startup it will tell me about it and I
    > block it, same way if it tries to inject data to another proccess I will be
    > notified and block it, or if it tries to use windows services to abuse them
    > and hide it self I will also be notified to blcom it.
    >
    > So ig I have such good protection with CPF why bother installing software
    > like DropMyRigths or 'psexec'? CPF is a tough cop and spy as to what happens
    > on my system and NOTHING WILL EVER BE INSTALLED OR DO SOEMTHIGN HARMUFULL
    > WITHOUT ME KNOWING ABOUT IT AND ALLOW IT?


    Answering all the prompts in paranoia mode can waste more time than you
    want to spend. After all, the point of your computing platform is to
    get your tasks done, not to tweak the OS and security programs trying to
    harden that OS. I've gone that route where I had trialed many security
    products trying to achieve the most secure Windows that I could have but
    the performance and resource impact was too great, responsiveness of the
    host was reduced, and I got tired of doing what seemed more work
    securing the OS and apps than of actually using them. Too much security
    is itself an interference - and, to some degree, also achieves what the
    malware author intended: you spend inordinate resources trying to
    protect yourself. Like terrorists, even if they don't attack, they
    still get some satisfaction from your fear and all your efforts to
    protect yourself.

    There's ultimate protection. And then there's good-enough protection.
    Do you everyday wear a Kevlar vest, pants, and bullet-resistant helmet
    based on the premise that maybe one day someone shoots at you? Not even
    SWAT does that. Trying to come up with a "flavor" for a security suite
    for everyone just ain't gonna happen. Some are more paranoid than
    others. Some users are more thoughtful or educated regarding their use
    of their host. Some want someone else to come up with hardcoded
    expertise instead of them figuring it out. Even what I like today might
    not be what I like tomorrow for my security suite.

    Based just on your original question, is CFP good, yes, it is. It is
    all that you will need? No, especially in regards to its antivirus
    component. How much more do you need? Depends on how badly you want to
    choke your system. Over time, I end up with security products that I
    eventually decide are beyond my comfort level. Besides, I'm willing to
    flatten my host and do a fresh install of the OS and apps if need be,
    plus I do incremental image backups that let me snapshot back to before
    the infection. I don't spend more than a couple evenings trying to
    disinfect my host since that's how long it would take me to rebuild it
    (and even shorter for restores).

    Security is nice but don't get too carried away with it.

  3. #23
    Ansgar -59cobalt- Wiechers
    Guest

    Re: How good is Comodo Internet Security?

    nik gr <nikos1337@gmail.com> wrote:
    > a) At that point can you please explain to me the GREATEST REASONS of
    > running under a windows limited account or running under LUA token
    > under admin account opposed of running as iam now, which is JUST PURE
    > admin level?


    Compromising one account won't compromise the entire system. Also
    malware running with limited privileges won't be able to install a
    rootkit to hide its presence. What more reason do you need?

    [...]
    > Why do all the security stuff you mentioned when I have CPF installed
    > on my admin account which is eligible to notify me on EVERY malicious
    > possible action a malware that's found its way into my system trying
    > to perform?


    Despite any claims the manufacturer may or may not have made in this
    respect, that's simply not possible.

    Ask yourself:

    a) How would a program manage to detect every possible kind of malware?
    b) How would a program manage to reliably distinguish between user
    actions and actions carried out by some software in place of the
    user?

    The answer to both questions is, of course, very simple: it can't.

    > If ti tried to put itself on winxp startup it will tell me about it
    > and I block it, same way if it tries to inject data to another
    > proccess I will be notified and block it, or if it tries to use
    > windows services to abuse them and hide it self I will also be
    > notified to blcom it.


    If the program were to intercept every possible kind of communication a
    malware might abuse, you'd be flooded with notifications, because other
    (legitimate) programs use the very same mechanisms. That's simply not
    feasible.

    > So ig I have such good protection with CPF why bother installing
    > software like DropMyRigths or 'psexec'? CPF is a tough cop and spy as
    > to what happens on my system and NOTHING WILL EVER BE INSTALLED OR DO
    > SOEMTHIGN HARMUFULL WITHOUT ME KNOWING ABOUT IT AND ALLOW IT?


    Your delusions notwithstanding no software is capable to guarantee that.
    And you simply won't notice if some malware slips by undetectedly. In
    which case your entire system will be compromised.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  4. #24
    Ansgar -59cobalt- Wiechers
    Guest

    Re: How good is Comodo Internet Security?

    nik gr <nikos1337@gmail.com> wrote:
    > "Ansgar -59cobalt- Wiechers" <usenet-2008@planetcobalt.net> wrote:
    >> VanguardLH <V@nguard.lh> wrote:
    >>> A process can be made to run under a LUA (limited user account)
    >>> token. That is, the process will have the same privileges as that
    >>> token. Since the token has the limitation of a standard user
    >>> account, that process is also limited. But that only applies when
    >>> you run that process under the limited environment. When using
    >>> DropMyRights, SysInternals' psexec, or other such utilities that run
    >>> the child process under limited privileges, only the process they
    >>> start is limited. So if you use them to start the web browser, that
    >>> instance of the web browser is limited and you get more protection.

    >>
    >> Since Microsoft has documented that the *desktop* not the process is
    >> the security boundary with Windows, that's most definitely *not* what
    >> you want to do.

    >
    > I didn't understand these sentense. Can you please put it simpler?


    No.

    >> Instead you want to create an LUA, do your everyday work with that
    >> account, and only switch to an admin account to do administrative
    >> work.

    >
    > But as an aswer to me in a previous post in this thread you said that
    > administrative tasks can be done with ease by selecting "Run as..."
    > within a LUA. Correct?
    > So, why switching back and forth from LUA to admin-level when he can
    > do out admin task within our LUA enviroment?


    My wording was probably misleading here. Sorry. I meant "switching" in a
    broader context here. Not only logging off and back on with an admin
    account, but also by using FUS or executing a program via "Run As..."
    under an admin account.

    However, RunAs is only a workaround, because programs will share the
    same desktop, meaning they may be susceptible to something like shatter
    attacks carried out by malware running with reduced privileges. The
    advantage is, that you limit the time programs with elevated privileges
    are exposed. The better (more secure) way is to log off, log on as an
    admin to do your admin tasks, then log off and back on with your normal
    user account. Yes, that's not necessarily convinient.

    With Vista Microsoft seems to have introduced some additional kind of
    access control, so that shatter attacks may not be an actual problem
    in this scenario anymore. However, I don't know enough about this new
    system to make any statement about its reliability. Conservative
    approaches like logging off and back on are virtually always the safest
    bet when it comes to security.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

Similar Threads

  1. #@*!!! Anonymous anger rampant on Internet
    By Roody in forum General Discussion Board
    Replies: 1
    Last Post: 11-03-08, 11:01 AM
  2. Internet Sharing Not Working
    By khuramyz in forum Networking Forum
    Replies: 3
    Last Post: 02-07-08, 06:58 AM
  3. Can't connect to internet, abandoned by ISP
    By cmoseman in forum General Broadband Forum
    Replies: 8
    Last Post: 11-07-07, 01:14 PM
  4. 'Homeland Security wants master key for the Internet'
    By Brk in forum General Discussion Board
    Replies: 13
    Last Post: 04-03-07, 12:54 AM
  5. U.S.-Mexico Agreement Provides Social Security Funds to Illegal Aliens
    By knightmare in forum General Discussion Board
    Replies: 12
    Last Post: 02-18-07, 01:52 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •