1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hacked?! a.k.a. My First Tiff with Vista... a.k.a. Be careful using Comodo

Discussion in 'The Lounge - Off Topic' started by The Zig, Aug 11, 2008.

  1. The Zig

    The Zig Kilobyte Poster

    Just a heads-up/warning in case anyone makes/has made the same error.

    Last Friday I built a new computer. It was my first full build, and all went unexpectedly smoothly. I went for Vista and a 64bit operating system, just to see what it was all about. Anyway, it was fully built and running within about 3 hours, thanks - in part - to Windows Vista (64bit) which was fully installed and running inside about 45 minutes. A few driver updates later, I was away.

    So, computer built, all running nicely, starting to understand the new root systems, etc... but I was having trouble finding a good firewall. As a rule of thumb, I don't trust Windows firewall to do the job all by itself. But my old rock ZoneAlarm doesn't work on 64 bit operating systems, and their 64 bit beta is XP Pro only. So I tried the "100% Vista compatible" PCGuard, recommended by Virgin, but that couldn't handle 64 bit either. All those bits. Must be a bit much. So anyway, I was on the hunt for a 64bit firewall. The one that finally caught my attention, with repeated recommendations was Comodo.

    I installed it, it went in nicely, and all looked sweet. Looked pro, and ran nicely, for long enough for me to stop thinking about it, until it annoyed me by popping up ENDLESSLY while I was running a CD backup. "file X want to do Y", etc. Click - "OK... OK... OK... OK... OK..."

    Next thing, I can't do ANYTHING. I try to run the new cd - message box: "Cannot complete. You may lack sufficient privileges to do this."* :blink ... Try again. "No, you can't. It's the privileges thing. See the admin."* I am the admin! :rolleyes: Hmm... I navigate into the CD, find the .exe. Click. Same message. So I force it with a right-click, "Run as Admin". It works.
    This is odd. I think... let's google this. I click Firefox: "NO!" Vista screams. "You don't have the privileges, damn you!"* :blink... Right.

    Okay... I think. Vista's clearly confused about something. Time for a shutdown. Give it a chance to get its head straight.
    Now this was all getting a bit too 2001. It let me log out and then I shut down from accounts menu.

    When I logged back in, all hell broke loose. I couldn't do a damn thing. Run stuff? Denied. Admin tools? Denied. Select 'run as admin'? No option. Open the Control Panel to find out what's going on. Denied. Right-click "Computer" click 'Manage'. Denied. My account was buggered. Truly. Hell, I couldn't even run 'Run'!:cry:

    At this point I decided I must have been hacked and had my permissions zapped. Damn. I pulled the ethernet, and tried logging in as my wife (also an admin account), but the sneaky bugger had gotten to her too! I mulled around for a while trying to find something I could do to fix things. With a tear in my eye, I drifted to my room and found, on my table, the still clean and unburied Vista install disk. About then I noticed Ctrl-Alt-Del still let me get to the task manager. From there I was able to access SOME admin tools. Weirdly all my user permissions, and my admin status was still set. Everything looked normal, even though I couldn't access anything. From there I spent the best part of an hour poring through security logs of automatic services logging in to update my system clock ("Who is this 'The Zig$' user?! How does he keep logging in and getting the special right to 'impersonate'?!") before concluding that they probably weren't suspicious. Maybe. :dry
    Then I found that, for some reason, the task manager - and only the task manager - WOULD let me do a 'run as admin'. From the task manager, I was able to launch the Control Panel - and with a sigh of relief I was able to start a roll-back. My first ever rescue rollback. Restored to the morning settings, before the firewall. All fixed.

    Now everything's back to normal. Vista is talking to me again, and recognising my "authoritay".
    In the evening's post-mortem, I figured out that what happened is, I mistakenly clicked something in a firewall dialogue box, that resulted in the firewall locking out the system process "explorer.exe". In doing so, I blocked the process' ability to do things for me - it couldn't retrieve the things I asked for - resulting in confused messages from Vista that assumed permissions must be to blame. It's discussed in this thread.

    I might try installing Comodo again as I want a solid firewall. Unless anyone has better recommendations? But I'm gonna be damn careful with it.

    Just thought I'd share that experience, and how I fixed it, for general amusement, and in case anyone else winds up there.

    * I may be paraphrasing Vista somewhat.
    Certifications: A+; Network+; Security+, CTT+; MCDST; 4 x MTA (Networking, OS, Security & Server); MCITP - Enterprise Desktop Support; MCITP - Enterprise Desktop Administrator; MCITP - Server Administrator; MCSA - Server 2008; MCT; IOSH; CCENT
    WIP: CCNA; Server 2012; LPIC; JNCIA?
  2. wizard

    wizard Petabyte Poster

    I very much doubt that Comodo will have caused any of this. Have you checked microsoft's knowledgebase to see if anyone else has encountered similar problems?
    Certifications: SIA DS Licence
    WIP: A+ 2009
  3. UKDarkstar
    Honorary Member

    UKDarkstar Terabyte Poster

    If you don't mind paying, ESET (NOD32) do a 64 bit version of their security suite which includes AV and Firewall as well as some other bits.

    You can get a 30-day free trial too.

    http://www.eset.co.uk/download/registered_software.php (you'll need to register for the trial first but you can see the options for 64 bit here)
    Certifications: BA (Hons), MBCS, CITP, MInstLM, ITIL v3 Fdn, PTLLS, CELTA
    WIP: CMALT (about to submit), DTLLS (on hold until 2012)
  4. The Zig

    The Zig Kilobyte Poster

    But, as I linked above, it was mentioned on Comodo's help forum as something that had happened to other Comodo users who'd inadvertantly blocked explorer.exe - a few people on there seemed familiar with it. Symptoms sound identical. I assumed they knew what they were talking about.

    I'll have a look at Knowledge Base though.
    Certifications: A+; Network+; Security+, CTT+; MCDST; 4 x MTA (Networking, OS, Security & Server); MCITP - Enterprise Desktop Support; MCITP - Enterprise Desktop Administrator; MCITP - Server Administrator; MCSA - Server 2008; MCT; IOSH; CCENT
    WIP: CCNA; Server 2012; LPIC; JNCIA?
  5. Gingerdave

    Gingerdave Megabyte Poster

    I have never had any problems with comodo, however you do have t be careful, as if you tell it to block something, that is exactly what it will do. You dont have to install that part of the firewall, if I remember rightly it something like process monitor. In time however the number of questions it asks drops down as it learns what you have and how you want it.

    give it another go, you might like it.
    Certifications: A+,MCP, MCDST, VCP5 /VCP-DV 5, MCTS AD+ Net Inf 2008, MCSA 2008
    WIP: MCSA 2012
  6. Theprof

    Theprof Petabyte Poster Premium Member

    It took me sometime to get used to Kaspersky (the firewall\antivirus) that I currently use. I remember sitting down and looking at settings and trying to configure them a certain way, then out of the blue everything stops woring properly, then I tried to undo and redo, basically I spent a lot of time on it. Now that I pretty much know how to set it up, configure it, etc. I don't have any more issues.

    Take some time to learn it if is going to be the firewall of your choice.
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
  7. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    Id stick with the MS firewall, works fine and is also x64 compatible
    i doubt any of your problems are a result in hacking though
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  8. Mitzs
    Honorary Member

    Mitzs Ducktape Goddess

    Wow you actually use MS firewall? I've always been told to stay the hell away from it. Hmmmm, now you have me wondering!
    Certifications: Microcomputers and network specialist.
    WIP: Adobe DW, PS
  9. Mitzs
    Honorary Member

    Mitzs Ducktape Goddess

    Glad you got it fixed Zig, and had to give you reps for living though that on your first build and surving it. :biggrin Good job!
    Certifications: Microcomputers and network specialist.
    WIP: Adobe DW, PS
  10. wizard

    wizard Petabyte Poster

    I've used Windows Firewall for a long time now without a problem.
    Certifications: SIA DS Licence
    WIP: A+ 2009
  11. rax

    rax Megabyte Poster

    I've spent a long time without using any firewall and I'm fine. I have a router and firewall at the minute though.

    Just wait until the next format, it'll be another few months before I bother installing or enabling any firewall, heck, I barely even use anti-virus. :p
    Certifications: ITIL v3 Foundation, CompTIA Network+
  12. SuPaStA

    SuPaStA Nibble Poster

    99% of your routers have a firewall already built-in.
    Certifications: CCNA,MCSE,ITIL,Server+,Security+,N+...
  13. NightWalker

    NightWalker Gigabyte Poster

    All your firewalls are belong to us :p
    Certifications: A+, Network+, MCP, MCSA:M 2003, ITIL v3 Foundation
  14. The Zig

    The Zig Kilobyte Poster

    Cheers! :beers2

    Yeah, following Gingerdave's advice, I've reinstalled Comodo. I'm being a lot more careful this time, and actually concentrating on what I'm doing!

    There are two key components: Comodo firewall, and Defense+. Each pops-up if it needs a user decision; they look pretty similar, but Comodo is a firewall, and Defense+ works internally - keeping an eye on processes and the registry; this is the bit I got in trouble with. With this, it is quite possible to block critical system processes if you're not watching what you're allowing/denying.

    Now I'm using it properly, it's working beautifully. It seems pretty thorough, and it's quite nice to use (as long as you aren't distracted). It's got some really useful options that let you tell it if a process is a trusted application, a system process, an installer package, etc. so it can handle it appropriately, which can really save you getting spammed with decision requests.
    Yeah, I like it. No complaints.

    The moral, of course: when you install powerful new software... watch what you're doing!
    ... Although clearing up after your own dumb mistakes can be about the most powerful learning experiences! (One time, trying to install an NVidia driver into Mandriva Linux, I managed to kill X-Windows, and with it the entire graphical interface. Had to fix everything from just the text-based Command Shell... learned a LOT that weekend!)

    So people use Windows Firewall? I was always warned away from it in XP. Is the Vista Windows firewall significantly better?
    Certifications: A+; Network+; Security+, CTT+; MCDST; 4 x MTA (Networking, OS, Security & Server); MCITP - Enterprise Desktop Support; MCITP - Enterprise Desktop Administrator; MCITP - Server Administrator; MCSA - Server 2008; MCT; IOSH; CCENT
    WIP: CCNA; Server 2012; LPIC; JNCIA?
  15. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    I don't use it; I always install something else and disable Windows Firewall.
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  16. Qs

    Qs Semi-Honorary Member Gold Member

    Agreed! I've had numerous problems with ZoneAlarm (as a comparison) in the past. You just need to be very careful and particular with these types of installations. My main advice would be to go through as many custom settings as possible. This will not only provide a better learning experience for when things go wrong, but it means that you can tweak it to your specifications. Who wants additional resource hogging for the sake of it eh?

    Personally... I don't and wouldn't want to use either. I hate Windows Zero Config (WLAN AutoConfig in vista), those damn things have a mind of their own. I prefer to know that a dedicated non-Microsoft product is in place... plus, as stated above, I like more customizable options than ON/OFF :P

    My two cents...
    Certifications: MCT, MCSE: Private Cloud, MCSA (2008), MCITP: EA, MCITP: SA, MCSE: 2003, MCSA: 2003, MCITP: EDA7, MCITP: EDST7, MCITP: EST Vista, MCTS: Exh 2010, MCTS:ServerVirt, MCTS: SCCM07 & SCCM2012, MCTS: SCOM07, MCTS: Win7Conf, MCTS: VistaConf, MCDST, MCP, MBCS, HND: Applied IT, ITIL v3: Foundation, CCA
  17. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    using a hardware firewall and a software one is a good Idea. I still testing some out I have Kasperskys at the minute.
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?

Share This Page