• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Not very good security results from Comodo Leak Tests

I run a firewall leak test provided by Comodo and I found out that my system was vulnerable to the "impersonation: coat" test.

The description for that test is:

What does it do ? Tries use rename itself as the default browser in memory and connect to the Internet.
What is the risk ? Firewalls may think the actual process behind the Internet connection request is the trusted browser.

All other leak tests were unable to run because Norton was removing the required .dll files. I guess that is a good thing. I still though tried to run them: I temporarily disabled auto-protect, extracted the compressed folder containing the tests, re-enabled auto-protect and then run the test. The results are displayed bellow. More vulnerabilities appeared although program control and auto-protect were enabled.

Is there anything I should worry about? Are there any settings I can change to increase security, specially for the 'impersonation' test that failed completely?

Thanks,

John

Replies

Kudos0

Re: Not very good security results from Comodo Leak Tests

First thing I see in this report is it shows SP0 for your Vista. Be sure you have SP2 installed.

Also if you circumvent Norton's protections, you will find fails in any test.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Not very good security results from Comodo Leak Tests

Actually my system is Windows 8.1 Pro with all latest updates and Norton Security 22.1.0.9. Apparently these security tests are old. I still though don't care if it's old or new malware able to invade my system.

To be fair, I made the distinction in my first message: all tests were not able to run the first time when NS was on, except 'impersonation: coat' that bypassed Norton. This test claims that malware (probably trojans) can rename themselves as a legit program and communicate with the internet. That would give a score of 330/340

The second time, I disabled auto-protect to extract the test files, re-enable it, and then executed the test, which gave the results you see above (220/340).

My overall experience with Norton is very good. That doesn't mean I won't mark any weak spots. Even if one out of 34 tests fails, I'd like to know why and how important that is.

PS. This is where I found the tests https://personalfirewall.comodo.com/cltinfo.html

Kudos1 Stats

Re: Not very good security results from Comodo Leak Tests

Hello

I would say that this test has no validity at all if it is showing your o/s as vista with no service packs and you have win 8.1. If the test can't tell what your o/s is, then none of the tests run has any validity. Also considering you couldn't run the test when Norton was configured the way it should be, I wouldn't worry about the 1 thing it couldn't do.

By disabling auto-protect, you put your system into danger, more danger than that test showed Norton wasn't protected in one area.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Not very good security results from Comodo Leak Tests

Hi,

I hope you are correct, but I'm not sure about that. There is a chance the test tool doesn't "know" about 8.1, because it is old, but still disguises successfully itself as Firefox and leaks info to the internet.

Thanks,

John

Kudos0

Re: Not very good security results from Comodo Leak Tests

Have you questioned Comodo if their test is even still valid - especially for the current version of Windows and Norton that you are testing?

Accepted Solution
Kudos0

Re: Not very good security results from Comodo Leak Tests

Hugh
Kudos2 Stats

Re: Not very good security results from Comodo Leak Tests

Norton Firewall Automatic Program Control needs to be disabled before running a leak test.  As has been pointed out before, most of the popular leak tests are known good programs, so Norton does not block them.  Norton uses a hash of each program to identify it as a legitimate program rather than an imposter.  It should not be possible for a malicious program to gain internet access simply by identifying itself as a different program.

Kudos0

Re: Not very good security results from Comodo Leak Tests

Ok, so apparently these tests don't seem to be reliable at all, other users get scores of 380 out of 340 ... Even Comodo products fail them.

Thanks guys for your time!

John

This thread is closed from further comment. Please visit the forum to start a new thread.