Hi Dave
But how does one know what to allow and what not to? Some things are
obvious, but for instance, I keep being told by comodo that
iexplore.exe is trying to connect to the internet using svchost.exe.
iexplore.exe is Internet Explorer! If Internet Explorer always uses
svchost.exe in order to connect to the internet, why on earth doesn't
comodo know that? Why does it have to ask me? Or if IE *isn't*
supposed to use svchost.exe to connect to the internet, should I
select "Disable" - and does that mean I have some spyware despite
Spybot not finding any and despite having got rid of the hijacker's
remote control agent files?
Dave
Good questions, with no easy answers. In general, when you first start your
computer, Internet Explorer should be doing nothing at all, using
svchost.exe, or not. About the best way to figure out most 'permission'
pop-up boxes is to pay close attention to timing. Examples:
You log in, walk away to grab a cup of coffee, come back to the computer and
(according to multiple messages from Comodo) Internet Explorer is trying to
connect through svhost something or other (or something else), that's a
problem. You haven't asked for any application to connect to anything, but
something is still trying to connect. So who is -really- running your
computer?
But let's say you get your cup of coffee, return to the computer to find a
nice clean desktop with no messages begging for your attention. You launch
IE to browse the web and immediately get multiple requests for permission
for svchost.exe, launching app. iexplore.exe. It's probably safe to OK all
those. It boils down to, you launched a program, which referenced a helper
program, and now these programs are trying to make a connection, because you
asked them to.
As for why Comodo doesn't know this? Well it's more a problem with windows
than any particular windows app. like Comodo. For example: YOU know that
iexplore.exe is Internet Explorer. Comodo programmers know this also. The
problem is, a firewall is not effective unless it senses changes in
executable files. So the Comodo firewall application cannot just assume
that "iexplore.exe" is a safe application to run. Otherwise, every virus
writer would be targetting their malware at that specific file, and the
firewall (any firewall) would allow the virus-modified iexplore.exe to do
anything it wants to. That's why you have to re-program your firewall
periodically (it will prompt you). You know all those updates that
Microsoft is always prompting you to install? About every other one
modifies iexplore.exe to something that your firewall recognizes as (this
file has changed!!!). And that's a good thing. Because when your file
changes when you have NOT updated software (to your knowledge), then your
firewall needs to let you know that.
So it might seem like Comodo should be programmed better, to recognize
common programs. But it's actually better that it "not" recognize common
programs. This would be like ordering your security officer guarding the
front door to let in anybody wearing a red tie, without questioning them at
all. It makes no sense. Eventually, someone who wants to sneak in to your
building (for whatever reason) would get wise and wear a red tie to get past
the security officer.
On the other hand, certain other firewall products do make it a -bit- easier
to program them after you first install them. So comodo could do a better
job of making the user interface more user friendly. -Dave