Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Comodo: A Number of Security Flaws and Potential Security Flaws

14 Aug 2018   #1
Staragox

Windows 7 Ultimate x64
 
 
Comodo: A Number of Security Flaws and Potential Security Flaws

I am Autistic, and I have either a savant or a non-savant talent to find errors in almost anything. The only reason I am listing these errors on this particular firewall, and not others, since I haven't gotten around to testing if any errors exist in other firewalls. It usually just takes me a few seconds at most to figure out an error in programming. It actually takes me much longer to type an explanation that a normal person can understand, then for my brain to figure it out in the first place. Disclaimer, despite not liking to admit it, nobody is perfect who claims to be able to do what I can do, so it is possible I make mistakes. Please verify for yourself everything I report, and I am not responsible for mistakes.

Here are the errors I found in Comodo Internet Security Firewall (Note: I have my Comodo Internet Security setup to ask whether to allow any application [including System Applications] access to your computer or internet):

1) Potential Security Flaw: You can actually have "blank lines" listed as applications in this firewall. All you have to do is use the correct registry repair tool, and it will occur. I think anyone with any computer knowledge at all, could see, how having a "blank line" listed as an application that has full access to your computer or internet, can be a slight problem (I'm being sarcastic with the word slight). The registry repair tool, that I was using where this occurred, was Registry Repair Wizard 2012 (on Windows 7). This specific bug occurs when you turn on the "File/Path Reference" option in this registry repair tool and manually select all links found, when checking and repairing the registry. Since this error occurs in this tool, there is no reason it can't occur in other registry repair tools. The reason this potential security flaw occurs in Comodo Internet Security in the first place is because this particular firewall leaves links to applications as having access to your computer or internet, even after that application is no longer on your computer. The programmers who wrote Comodo Internet Security did not write code for the application to check for and remove invalid links, on a regular basis.

2) Potential Security Flaw: As stated above, any links to applications that no longer exist on your computer, are kept permanently in Comodo Internet Security. So you will have links in all sections of the software that were previously given access to your computer or internet, but the application is no longer on your computer. This is not the same as #1 above, since this refers to applications being listed in the software that no longer exist (but are still listed as having full security rights to your computer or internet). So this is not the same thing as having a "blank line" listed as an application, which is what I described as occuring in #1 above.

3) Security Flaw: The two I listed above are just "potential" security flaws. The one I am listing now is a definite security flaw. My own computer was infected because of this flaw in Comodo Interent Security. I have Comodo Internet Security setup in such a way that it even asks me whether to allow system applications, the first time that application runs. However, how my own computer was hacked, and how even someone at my intelligence level can be fooled, is because Comodo Internet Security only specifies the application's name and not location when asking you to give full access to that application to your computer and internet. So you may see something in Comodo Internet Security about whether you want to allow explorer.exe to run on your system and have access to your computer and internet. Since explorer.exe is a system application, without thinking, you will click "yes". Anyone figure out the flaw yet? You have a lot more information, then I had, when I figured it out. Comodo Internet Security is NOT listing the directory of the application. So there can, and in many cases are, multiple copies of an application, installed in multiple directories. And if you answer "yes" that you want explorer.exe to run, it may be a trojan or virus, that is NOT installed in the correct system directory. Furthermore, you may of previously allowed Comodo Internet Security to run "explorer.exe" on your computer, and this may of been the correct explorer.exe, that is installed in the correct directory and is the correct Microsoft product. But then you are asked a second time to allow it, and when that happens, Comodo Internet Security doesn't list the directory or even specify that this is the second time, you are allowing an application with that name.

4) Security Flaw: As stated above, Comodo Internet Security, doesn't state if this is the second time you are running an application of the same name when asking if you want it to have access to your computer or internet. This is a different security flaw, then #3 listed above, since #3 refers to the location, while this one refers to the number of times an application of that name has run.

5) Security Flaw: As discussed in #3, Comodo Internet Security, doesn't recognize that there are multiple versions of system applications installed in different directories and let the user know about it (even if you run a complete virus scan by Comodo Internet Security, it doesn't let you know about multiple copies of system applications, even if those multiple copies are different sizes and different files.)

6) Security Flaw: When my computer was infected, Comodo Internet Security would not even update the virus definitions, and did not even protect itself from being compromised so that it could not update itself any longer. Furthermore, there was no message sent to me, that it is not updating any longer. I didn't discover that it wasn't updating, until I noticed that it said it hasn't updated for 24 hours. There is no message to a user, when Comodo Internet Security, can not update itself at the time it is suppose to do it or even if multiple days (I tested it, and even after days of not updating, no message was sent, and it still was listing itself as "Secure".) The user has to read that tiny little spot, that says the last time it was updated, to know it hasn't been updating. Everything else looks and appears, exactly the same as usual, when it is not updating any longer (atleast for a certain number of days).


I am Autistic and can figure out mistakes due to this savant or non-savant gift in almost anything (not just computer software). I decided that it is about time to demonstrate what I can do, and maybe one of these companies will actually hire me. I would think it could be pretty useful to have someone who can do, what I can do. I'm also trying to write books on various subjects, to get my life together finally. Having this gift, should also help as an author.


Sincerely Yours,
Robert Twardowski


My System SpecsSystem Spec
.
15 Aug 2018   #2
axe0

Windows 10 Pro
 
 

Hi Robert,

First of all, welcome to 7forums

If you believe you found a security issue, it would be better to contact the vendor (Comodo in this case) directly instead of posting about it in a public forum before it has been confirmed as an issue. This way, you prevent black hat people abusing the potential security issues.

I don't think 6 is a flaw, it seems to be rather a lack of a protection mechanism which would be a request for a new feature instead of a flaw.

I'm not sure if the potential issues are actually security issues, regarding the firewall where the path to the file isn't showing, or just bad design. I can't test it though, since I have Bitdefender which does include the full path everywhere it's needed.

If you could include a step-by-step guide how everything can be reproduced and report it to Comodo, they'll be able to confirm your thoughts.
My System SpecsSystem Spec
15 Aug 2018   #3
F22 Simpilot

Windows 7 Ultimate x64
 
 

Earlier version of Comodo Firewall allowed you to purge entries. Is that not the case for the new version?

You might be interested in Shadow Defender, or Faronics Anti-Executable
My System SpecsSystem Spec
.

Reply

 Comodo: A Number of Security Flaws and Potential Security Flaws




Thread Tools



Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 15:40.
Twitter Facebook Google+