|
|
|
发表于 2007-10-21 16:01
|
世界著名防火墙最新测评报告的详细解读Comodo篇(原版翻译)
来自:MACD论坛(bbs.macd.cn)
作者:govyvy
浏览:2372
回复:2
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有帐号?立即注册
x
感谢大家有兴趣浏览这篇翻译的文字,我想先说明一下:该篇文章取自www.matousec.com,由于该公司是专业的安全性产品评估测试公司,因此其发表的结论性报告有一定的参考价值,同时该公司还是一家测试并出售Bug产品的商业公司,其对送测安全类产品的标准相当的严格,评论近乎严苛,所以不管您是哪款防火墙产品的拥护者,阅读本文请以平和的心态面对,说到底,防火墙的实际应用和实验室测试还是有比较大的区别,一款产品是否好用,只有使用者心里最清楚,世界上没有完美的防火墙,只有最适合自己的防火请,发表这些文字只是希望对大家在选择该类产品时提供必要的参考资料。原文地址http://www.matousec.com/projects/windows-personal-firewall-analysis/results.php,感兴趣的朋友可以浏览。
该测评项目的所有防火墙测试报告译文已经汇总发布,请到http://bbs.hypost.cn/read.php?tid=116235查阅
Comodo Firewall not much better than others (2006/12/19 17:49)
We have finished the analysis and published a review of Comodo Personal Firewall 2.3.6.81. Except its great ability to fight leak-tests, Comodo does not have a good security design and the implementation is also quite poor and buggy. Nevertheless, its final score, also because of its excellent anti-leak protection, is better than the score of ZoneAlarm and thus it took the first place in our ranking.
Comodo防火墙并非出类拔萃
我们已经完成并发布了关于Comodo个人防火墙2.3.6.81版的分析和报告。尽管凭借优异的漏洞防护功能获得最终优于诸如ZoneAlarm等著名防火墙的高分并由此夺魁,但是除了在Leak-test的测试指标中表现良好外,Comodo缺乏具有良好的安全性的设计,同时在软件运作方面也显得差强人意。
Comodo Personal Firewall 2.3.6.81 - Review
Comodo Personal Firewall is a free Windows personal firewall that offers an extraordinary user interface but its security design is far from perfection and so is its implementation. There are many security holes that have to be fixed before this product is able to fight the modern malware techniques and skilled attackers.
Comodo个人防火墙概览
Comodo个人防火墙是一款具有出色的用户操作界面的免费防火墙产品,然而它的安全性设计以及运作能力还远称不上完美,要想有力的对抗现在流行的恶意软件以及技术娴熟的黑客攻击者,Comodo还有许多的安全漏洞需要完善和加强。
Tested version
We have tested the latest stable version of Comodo Personal Firewall available, which was 2.3.6.81. This version was recommended to us by its vendor Comodo Group. This firewall is more and more popular according to our poll. Comodo Personal Firewall is a free product with lifetime licence and this can be a strong argument for many desktop users.
测试版本描述
我们测试的是comodo的最新的稳定版本(2.3.6.81),这个版本由comodo公司推荐,同时根据我们的投票统计看,更多的人选择使用这个版本。Comodo防火墙是一款终身免费授权使用的产品,也许正是这样的做法才使得这款产品拥有如此众多的使用者吧。
Installation and initialization
The installation package, which is about 8 MB in size, can be downloaded directly from the vendor's website. The Installation Wizard asks you only about the installation directory before it copies all its files. Then, the Firewall Configuration Wizard is run to help you configure the firewall. At first, you can choose whether you want this wizard to configure your settings automatically, which is recommended for common users, or manually, which is an option for power users. If you choose the automatic configuration, the installation is finished and all you have to do, is to restart your computer.
We chose the manual configuration. This allowed us to select whether the firewall should approve Internet connections to known applications automatically or to scan the computer for applications that would be allowed to establish Internet connections. If you select the scan option, you will have to approve system applications manually after the reboot, because the internal database of programs that are allowed to connect to the Internet will contain only a few applications like the Internet browser or the email client. Then, we could configure detected network interfaces, and set some advanced settings like Alert Frequency.
After the reboot, Comodo Firewall Licence Activation dialog appeared. As mentioned above, Comodo Personal Firewall is a free product and the licence can be get from the vendor for free. So, the product activation is just a formality, but you have to provide a valid email address to the vendor to be able to receive the activation code.
The installation process was very fast, easy and completely trouble-free. The default settings are ideal for common use and need only a little tweaking if you want to run with the highest security that Comodo Firewall offers. Comodo received no penalty for the installation process.
安装和初始化
Comodo的安装包体积为8M,可以直接从官方网站上下载,在复制安装文件前,会询问安装文件解压的目录路径,然后设置程式将帮助你进行防火墙的一般性设置:首先你可以选择自动还是手动设置防火墙,当然,选择自动设置对普通用户来说是普遍的做法,如果使用者选择了自动设置,那么程序将自己完成安装,而用户只需要重新启动电脑就可以了。
我们选择了手动设置,这样方便我们选择是否允许互联网自动连接已知的应用程序或者对于那些被允许连接互联网的应用程序进行扫描。如果你选择了扫描选项,那你需要在机器重启后手动设置对系统应用程序的许可,因为核心数据库所允许的与互联网连接的程序仅仅包含浏览器或邮件客户端。然后,我们可以设置已经侦测到的网络连接端口并进行一些诸如警告频次的高级设置。
重新启动电脑后,Comodo的授权激活对话框将跳出,如上所述,Comodo是一款免费的防火墙,它的使用授权可以从官方网站上免费获得。所以,激活只是个形式而已,但是你必须向Comodo官方提供有效的邮件地址以便获得激活码。
整个安装的过程非常迅速便捷,没有丝毫的困难,默认设置为普通用户的通用设置,如果需要更高级别的安全等级,只需要进行少许的调整。Comodo不对安装过程的任何意外负责。
Hardware requirements
Comodo Personal Firewall occupies about 17 MB on the hard disk, which is a reasonable size of this kind of software. On the other hand, its memory usage of more than 26 MB RAM is a little too much but today's computers will handle it without problems. The performance of common working with system resources is reduced to about 70%. Such a performance reduction is also quite big for a personal firewall software. As for hardware requirements, Comodo Personal Firewall belongs among more demanding products.
硬件要求
Comodo个人防火墙需要17M的硬盘空间,对于软件来说,这个需求是合理的,另外,大于26M的内存占用稍显偏高但按照现在的计算机配置,运行没有任何问题。防火墙的正常运作将占据大约30%的系统资源,这样的占用比率对于一款防火墙软件来说同样是偏高的。总体来说,Comodo防火墙能够适用于现今大多数计算机硬件的需求。
Common behaviour and control
The main impression of Comodo Personal Firewall is its simplicity. The main control panel window contains three sheets. Summary gives you a brief information about a current state of your firewall and settings. Security allows you to view and change the settings. Activity sheet offers online monitoring of Internet connections as well as going over logs of your personal firewall. All controls contains only the necessary information.The simplicity may not be comfortable for advanced users who might want to play with detailed protection settings a little more, but most users would be very satisfied.
Comodo also implements a simple tray icon that can be used to open the user's interface or to quickly adjust the Security Level. Only three levels are available. Allow All allows all incoming and outgoing network connections, whilst Block All denies all connections regardless of your configuration settings. Custom level allows you to define the behaviour of four security components, these are Application Monitor, Component Monitor, Network Monitor and Application Behaviour Analysis. We highly recommend you to have all these components enabled.
Application Monitor cares about processes that attempt to establish network connections. If this component is enabled, you are alerted when a process, for which there is no rule in the database, tries to access the Internet. If it is off, any application, including those that were banned before, can access the Internet.
Component Control manages the database of known components. Every application that wants to be allowed to access the Internet can contain only allowed components. This protection fights against well known DLL injection attacks. Component Control can be enabled, disabled or work in the learning mode, in which it asks you to make a decision if the unknown component is detected.
Network Monitor is a standard packet filter, for which the user can define custom rules to allow or block connections from or to single hosts or computers in defined IP ranges or networks. If this component is off, all network connections are allowed unless another component stops them.
Application Behaviour Analysis monitors various actions of running processes. Using this component Comodo Firewall is able to recognize malware applications, when they attempt to control trusted applications to perform privileged actions.
A small problem we have found in Comodo Personal Firewall is that its Security Alerts, that ask for the decision about potentially dangerous activity, sometimes display wrong or insufficient information. This problem can result in a decision that users would never do if they receive correct informations. For example, if a malicious application replaces the executable of your Internet browser (i.e. iexplore.exe) with its own program, and you try to run your browser, then the only information you get from Comodo is that 'iexplore.exe is trying to connect to the Internet'. However, if it is not your default browser but some other trusted application that is changed, Comodo correctly reports that its cryptographic signature has changed. Fortunately, in most of the situations Comodo behaves correctly and displays valid informations that are sometimes supported with Security Considerations.
Another imperfection is that firewall logs are not saved when your computer is rebooted. Comodo saves firewall logs from time to time under unknown circumstances, usually when the user works with logs. Logs that were not saved before the restart will disappear. The whole interface for log viewing is not developed very well.
Our verdict is 90% for the Easy of use of Comodo Personal Firewall.
习惯性应用和操作
Comodo的使用便利性给人留下了深刻的印象。软件的主控窗口包含三个列表,概览表显示了防火墙现状和设置的简要信息;安全性列表允许你察看并修改设置;活动列表提供对互联网连接的在线监控并同时生成防火墙的相关日志记录,所有的操作都将只保留必要的信息。也许这样的便利对于一些希望能够进一步实现细节设置的高级用户来说很不适应,但是对于大多数用户来说,应该说这样的设置是能够让人满意的。
该防火墙同样也提供了系统托盘图标,以便于使用者切入用户界面进行相应快捷的安全设置。整个系统提供3个级别的防护等级。[允许全部],允许所有的进出的网络连接;[阻止全部],不管你是否进行了设置,禁止所有的连接;[自定义],允许你自己定义习惯的安全模块,比如应用程序监控,组件监控,网络监控以及应用程序使用习惯分析。我们强烈建议您打开所有的模块。
应用程序监控模块主要着眼于试图与互联网建立连接的进程,如果启用这个组件,那当一个在数据库中没有规则记录的进程试图进入互联网时,您将得到警告提示。如果关闭这个组件,那么任何应用程序,包括之前已经被禁用的,都可以与互联网进行连接。
组件控制模块主要是对已知组件的数据库进行管理。所有希望获得允许接驳互联网的应用程序只能含有被该模块所允许的组件。这种保护措施主要是针对常见的Dll文件导入攻击。组件控制模块可以被设置启用、禁用或者在学习模式下使用---当未知组件被侦测到,防火墙将询问您的决定。
网络监控模块是一个标准的数据包过滤器,可以使用户自定义规则,以允许或阻止往来于一个设定的局域网或IP范围内的单台主机或多台计算机的连接要求。如果这个模块被关闭,那么所有的网络连接要求都将被放行直到同网络内另台机器上的该模块被启用。
应用程序使用习惯分析模块根据运行的进程的变化而变化。通过这个模块,Comodo防火墙将能够在恶意软件试图通过控制已获得信任的应用程序,从而取得运行许可的时候被识别。
在使用过程中,我们发现comodo防火墙的安全警告存在问题,简单说就是在询问对潜在危险活动的是否放行的警告中,有时候会给将错误或者缺失的参考信息提供给使用者。这样的问题将直接导致用户对于类似问题辨别和判断的模糊,即使防火墙的警告信息是正确的,用户也可能不会采取任何行动。比如一个恶意程序用自己的代码替代了系统中合法的IE可执行程序(如iexplore.exe),而用户正好运行这个已经被替换的浏览器,那么Comodo所提供的警告信息仅仅是“iexplore.exe正在试图与互联网连接”。当然,如果被替换的不是你的默认浏览器而是其他的执行程序,并且该程序已经被使用者列为“可信任”,Comodo还是能正确的提醒你该程序的密码或类似编码性质的签名已经更改。幸运的是Comodo防火墙在大多数情况下都能够正确反映并提供有效的信息,这些信息中常包含合理的安全性建议。
另一个缺陷就是当你的机器重新启动后,Comodo的日志不能保存。通常当使用者调用日志配合进行操作的时候,Comodo都将在未知的状况下对日志进行多次保存,然而这些未设置为保存的日志在机器重新启动前就会不翼而飞。总体看它的日志查看界面需要进一步的改进和完善。
我们给Comodo防火墙在易用性方面的表现打90%分。
Security
The simplicity of the whole product is also visible on its security design. Unfortunately, this simplicity also means that some important security features were not implemented at all. Apart from various security design features, we have also missed the possibility to protect the configuration settings of Comodo Firewall using password, which is very common in competitive products. This can be a problem on computers that are used by more users at once.
The positive on the security of Comodo Firewall is its excellent ability to fight against leak-tests. It probably was a priority of its vendor to pass all leak-tests. Only the Coat test was able to bypass its protection but we have been informed that the next version of Comodo Firewall will handle this one too.
The implementation of the security design is very superficial. Today's malware creators would not have problems to bypass the protection of Comodo. The development of this firewall probably missed independent betatesting of its security features because the number and the nature of bugs we have found in it is alarming. This is why we can not recommend Comodo Personal Firewall as a personal firewall solution to anyone who require the real protection against today's malware. You can see the public information about bugs we found in Comodo Personal Firewall in the following sections below.
安全性
Comodo的便捷性在它的安全设计上同样能够体现,遗憾的是,这样的便捷也意味着一些重要的安全性指标不能完全的被体现和执行。除了各种安全性设置指标,我们试图通过设置密码来保存对防火墙的配置,然而这一在其竞争对手中普遍具有的功能在Comodo上却无法实现。这对那些被多次使用的计算机来说是个问题。
Comodo在安全性方面的优势体现在它对于漏洞测试中的杰出表现,这可能和它的开发者在开发过程中将通过漏洞测试置于优先地位有关。只有Coat Test能够突破Comodo防火墙的保护,但是我们已经获悉下一个版本的Comodo防火墙将解决这个问题。
Comodo的安全性设计还是显得非常肤浅。如今的恶意软件的设计者将可以轻易的攻破Comodo的防线。这款防火墙的开发缺乏针对其安全性指标的独立性测试,我们进一步测试所发现的Bug的数量和性质本身就是一种警示。因此我们不推荐Comodo作为个人防火墙解决方案,尤其是对那些希望自己使用的防火墙能够真正抵御恶意软件的用户。在下一部分你将看到我们在Comodo个人防火墙上发现的公开的Bug。
Open public bugs
The following list contains open bugs that are public. This means that a full name, description, testing method and testing program is available for every bug in the list. The list is sorted by the bug penalty, the higher penalty means the more dangerous the bug is.
开放性公共信息Bug
下面的列表列出的是具有公共信息的Bug,也就是说全名、描述、测试方式以及测试项目通用于表上的每一个Bug,列表按照Bug的危害性进行了归类分级,级别越高意味着这个Bug的危害性越高。(略掉细节,仅仅罗列Bug名称和危害等级,下同)
(Bug名称)Bypassing process identification 迂回通过过程识别
Risk(危害性):Serious bugs (严重性Bug)
Open private bugs
The following list contains open bugs that are private. This means that their names, descriptions, testing methods and testing programs are not available for free. The following list is sorted by the bug penalty, the higher penalty means the more dangerous bug.
开放性隐私信息Bug
下面的列表列出的是具有隐私性质的Bug,也就是说表上的每一个Bug的名称、描述、测试方式、测试项目都不尽相同,列表按照Bug的危害性进行了归类分级,级别越高意味着这个Bug的危害性越高。(略掉细节,仅仅罗列Bug名称和危害等级)
BUG00008P005CF BUG00002P005CF
Risk:Minor bugs (小Bug) Risk:Critical bugs (关键性Bug)
BUG00024P005CF BUG00015P005CF
Risk:Critical bugs (关键性Bug) Risk:Critical bugs (关键性Bug)
BUG00019P005CF BUG00020P005CF
Risk:Critical bugs (关键性Bug) Risk:Critical bugs (关键性Bug)
BUG00022P005CF BUG00001P005CF
Risk:Critical bugs (关键性Bug) Risk:Critical bugs (关键性Bug)
BUG00010P005CF BUG00011P005CF
Risk:Critical bugs (关键性Bug) Risk:Critical bugs (关键性Bug)
BUG00013P005CF BUG00003P005CF
Risk:Critical bugs (关键性Bug) Risk:Critical bugs (关键性Bug)
BUG00014P005CF BUG00012P005CF
Risk:Critical bugs (关键性Bug) Risk:Critical bugs (关键性Bug)
BUG00005P005CF BUG00000P005CF
Risk:Serious bugs (严重性Bug) Risk:Serious bugs (严重性Bug)
BUG00004P005CF BUG00016P005CF
Risk:Serious bugs (严重性Bug) Risk:Serious bugs (严重性Bug)
BUG00006P005CF BUG00017P005CF
Risk:Serious bugs (严重性Bug) Risk:Serious bugs (严重性Bug)
BUG00009P005CF BUG00007P005CF
Risk:Minor bugs (小Bug) Risk:Minor bugs (小Bug)
BUG00018P005CF BUG00023P005CF
Risk:Minor bugs (小Bug) Risk:Minor bugs (小Bug)
原帖转自绅博论坛
[ 本帖最后由 govyvy 于 2007-10-21 16:14 编辑 ] |
|
|
楼主|
发表于 2007-10-21 16:12
|
发表于 2007-10-22 07:53
|
陕ICP19026207号—2 陕ICP备20004035号
