Matousec防火墙最新测试 Comodo重回榜首

化雾迷茫

支持支持！！等待中文版。。。

kangdell

等待中文版

rasis

哈哈 。。。等了很久了  终于重回老大位置。。。。恭喜一下

可喜可贺。。。。

Firewall2

出了中文版COMODO用的人就更多嘿嘿路过支持一下。

[ 本帖最后由 Firewall2 于 2009-5-3 10:57 编辑 ]

Magis

CIS 未通过的项目：

Level 3
Kill3f
Test type: Termination test
Scoring: At least one of the target processes or threads was terminated – 0%; Success – 100%.
Description: Kill3f attempts to terminate your firewall's processes by sending them all possible types of windows messages.

不知是否message flood?一会儿看看官方如何针对此问题应答；（想起了石头大大的作品）

Level 4
SSS
Test type: General bypassing test
Scoring: Failure – 0%; An unwanted user logout or a system shutdown were not prevented – 50%; Success – 100%.
Description: SSS finds out whether your firewall can be terminated by initiating a user logout.

如果我没记错的话，官方不认为这个测试模拟的环境会带来危害；

Level 8
SockSnif
Test type: Spying test
Scoring: Failure – 0%; Success – 100%.
Description: SockSnif binds to a local network interface and enables promiscuous mode on it. This allows SockSnif to spy on all the network traffic that goes through the given interface.

同上；

Level 9
Crash7
Test type: Termination test
Scoring: At least one of the target processes or threads was crashed – 0%; Success – 100%.
Description: Crash7 checks whether malicious software can crash your firewall by allocating all the available memory in the system.

[ 本帖最后由 magiscoldeye 于 2009-4-8 11:02 编辑 ]

星之梦

Kill3f这个测试在相关说明里早说过了，是因为cssurf.exe那个工具栏。

Magis

我自己之前还翻译过那个解释...太长时间了，忘了....

crash7.exe: This test tries to allocate all the memory of the computer to crash applications including the security software
It might be possible for an application to crash if there is no more computer memory available. This is usually a random case. We do not plan to make any changes to pass this test because

* The crash can be random, intermittent and ubiquitous
* Assuming CFP/CIS processes also crashed, there is no real threat to the system because by terminating CFP/CIS, malware will not gain any advantage for byapssing Defense+.

Kill3f的确是因为SS工具栏的缘故，整合了CMF，可以去掉；
Socksniff如果添加了\Device\Afd\EndPoint为保护项目，可以轻易过，比如全盘“*"保护；

SSS.exe i.e. System Shutdown Simulation tests.
--------------
It has been scored 50% because CFP/CIS does not intercept system shutdown requests. This is the testing methodology of the tester.

System shutdown poses no real threat. The malware waits for system shutdown to perform its harmful actions. So whether you intercept or not, it can attack the user when the user manually logs out. Original System Shutdown Simulation tests do care about this fact.
So we do not plan to add this redundant protection to pass any tests.

所以说CIS官方认为自身最好的结果就是crash7.exe, SSS.exe, and socksnif.exe 3项不通过。

[ 本帖最后由 magiscoldeye 于 2009-4-8 11:00 编辑 ]

星之梦

SSS那个Comodo在控制用户登出系统方面是有些不足，但危害性不大。
顶多被玩笑程序欺负一下。

Crash7是恶意程序占用所有系统资源后使软件崩溃。
系统资源被占尽机器肯定会很慢很慢直至死机，安全软件要想解决这个问题不容易，
我看还是让微软等开发操作系统的来解决比较好。

gengshizhou

貌似带hips的墙都在前面