Hacked?! a.k.a. My First Tiff with Vista... a.k.a. Be careful using Comodo

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Just a heads-up/warning in case anyone makes/has made the same error.

Last Friday I built a new computer. It was my first full build, and all went unexpectedly smoothly. I went for Vista and a 64bit operating system, just to see what it was all about. Anyway, it was fully built and running within about 3 hours, thanks - in part - to Windows Vista (64bit) which was fully installed and running inside about 45 minutes. A few driver updates later, I was away.

So, computer built, all running nicely, starting to understand the new root systems, etc... but I was having trouble finding a good firewall. As a rule of thumb, I don't trust Windows firewall to do the job all by itself. But my old rock ZoneAlarm doesn't work on 64 bit operating systems, and their 64 bit beta is XP Pro only. So I tried the "100% Vista compatible" PCGuard, recommended by Virgin, but that couldn't handle 64 bit either. All those bits. Must be a bit much. So anyway, I was on the hunt for a 64bit firewall. The one that finally caught my attention, with repeated recommendations was Comodo.

I installed it, it went in nicely, and all looked sweet. Looked pro, and ran nicely, for long enough for me to stop thinking about it, until it annoyed me by popping up ENDLESSLY while I was running a CD backup. "file X want to do Y", etc. Click - "OK... OK... OK... OK... OK..."

Next thing, I can't do ANYTHING. I try to run the new cd - message box: "Cannot complete. You may lack sufficient privileges to do this."* ... Try again. "No, you can't. It's the privileges thing. See the admin."* I am the admin! Hmm... I navigate into the CD, find the .exe. Click. Same message. So I force it with a right-click, "Run as Admin". It works.
This is odd. I think... let's google this. I click Firefox: "NO!" Vista screams. "You don't have the privileges, damn you!"* ... Right.

Okay... I think. Vista's clearly confused about something. Time for a shutdown. Give it a chance to get its head straight.
"YOU DO NOT HAVE THE PRIVILEGES TO SHUT DOWN!"*
Now this was all getting a bit too 2001. It let me log out and then I shut down from accounts menu.

When I logged back in, all hell broke loose. I couldn't do a damn thing. Run stuff? Denied. Admin tools? Denied. Select 'run as admin'? No option. Open the Control Panel to find out what's going on. Denied. Right-click "Computer" click 'Manage'. Denied. My account was buggered. Truly. Hell, I couldn't even run 'Run'!

At this point I decided I must have been hacked and had my permissions zapped. Damn. I pulled the ethernet, and tried logging in as my wife (also an admin account), but the sneaky bugger had gotten to her too! I mulled around for a while trying to find something I could do to fix things. With a tear in my eye, I drifted to my room and found, on my table, the still clean and unburied Vista install disk. About then I noticed Ctrl-Alt-Del still let me get to the task manager. From there I was able to access SOME admin tools. Weirdly all my user permissions, and my admin status was still set. Everything looked normal, even though I couldn't access anything. From there I spent the best part of an hour poring through security logs of automatic services logging in to update my system clock ("Who is this 'The Zig$' user?! How does he keep logging in and getting the special right to 'impersonate'?!") before concluding that they probably weren't suspicious. Maybe.
Then I found that, for some reason, the task manager - and only the task manager - WOULD let me do a 'run as admin'. From the task manager, I was able to launch the Control Panel - and with a sigh of relief I was able to start a roll-back. My first ever rescue rollback. Restored to the morning settings, before the firewall. All fixed.

Now everything's back to normal. Vista is talking to me again, and recognising my "authoritay".
In the evening's post-mortem, I figured out that what happened is, I mistakenly clicked something in a firewall dialogue box, that resulted in the firewall locking out the system process "explorer.exe". In doing so, I blocked the process' ability to do things for me - it couldn't retrieve the things I asked for - resulting in confused messages from Vista that assumed permissions must be to blame. It's discussed in this thread.

I might try installing Comodo again as I want a solid firewall. Unless anyone has better recommendations? But I'm gonna be damn careful with it.

Just thought I'd share that experience, and how I fixed it, for general amusement, and in case anyone else winds up there.



* I may be paraphrasing Vista somewhat.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I very much doubt that Comodo will have caused any of this. Have you checked microsoft's knowledgebase to see if anyone else has encountered similar problems?

 

If you don't mind paying, ESET (NOD32) do a 64 bit version of their security suite which includes AV and Firewall as well as some other bits.

You can get a 30-day free trial too.

http://www.eset.co.uk/download/registered_software.php (you'll need to register for the trial first but you can see the options for 64 bit here)

 

But, as I linked above, it was mentioned on Comodo's help forum as something that had happened to other Comodo users who'd inadvertantly blocked explorer.exe - a few people on there seemed familiar with it. Symptoms sound identical. I assumed they knew what they were talking about.

I'll have a look at Knowledge Base though.

 

I have never had any problems with comodo, however you do have t be careful, as if you tell it to block something, that is exactly what it will do. You dont have to install that part of the firewall, if I remember rightly it something like process monitor. In time however the number of questions it asks drops down as it learns what you have and how you want it.

give it another go, you might like it.

 

It took me sometime to get used to Kaspersky (the firewall\antivirus) that I currently use. I remember sitting down and looking at settings and trying to configure them a certain way, then out of the blue everything stops woring properly, then I tried to undo and redo, basically I spent a lot of time on it. Now that I pretty much know how to set it up, configure it, etc. I don't have any more issues.

Take some time to learn it if is going to be the firewall of your choice.

 

Id stick with the MS firewall, works fine and is also x64 compatible
i doubt any of your problems are a result in hacking though

 

Wow you actually use MS firewall? I've always been told to stay the hell away from it. Hmmmm, now you have me wondering!

 

Glad you got it fixed Zig, and had to give you reps for living though that on your first build and surving it. Good job!

 

I've used Windows Firewall for a long time now without a problem.

 

I've spent a long time without using any firewall and I'm fine. I have a router and firewall at the minute though.

Just wait until the next format, it'll be another few months before I bother installing or enabling any firewall, heck, I barely even use anti-virus.

 

99% of your routers have a firewall already built-in.

 

All your firewalls are belong to us

 

Cheers!

Yeah, following Gingerdave's advice, I've reinstalled Comodo. I'm being a lot more careful this time, and actually concentrating on what I'm doing!

There are two key components: Comodo firewall, and Defense+. Each pops-up if it needs a user decision; they look pretty similar, but Comodo is a firewall, and Defense+ works internally - keeping an eye on processes and the registry; this is the bit I got in trouble with. With this, it is quite possible to block critical system processes if you're not watching what you're allowing/denying.

Now I'm using it properly, it's working beautifully. It seems pretty thorough, and it's quite nice to use (as long as you aren't distracted). It's got some really useful options that let you tell it if a process is a trusted application, a system process, an installer package, etc. so it can handle it appropriately, which can really save you getting spammed with decision requests.
Yeah, I like it. No complaints.

The moral, of course: when you install powerful new software... watch what you're doing!
... Although clearing up after your own dumb mistakes can be about the most powerful learning experiences! (One time, trying to install an NVidia driver into Mandriva Linux, I managed to kill X-Windows, and with it the entire graphical interface. Had to fix everything from just the text-based Command Shell... learned a LOT that weekend!)


So people use Windows Firewall? I was always warned away from it in XP. Is the Vista Windows firewall significantly better?

 

I don't use it; I always install something else and disable Windows Firewall.

 

Agreed! I've had numerous problems with ZoneAlarm (as a comparison) in the past. You just need to be very careful and particular with these types of installations. My main advice would be to go through as many custom settings as possible. This will not only provide a better learning experience for when things go wrong, but it means that you can tweak it to your specifications. Who wants additional resource hogging for the sake of it eh?

Personally... I don't and wouldn't want to use either. I hate Windows Zero Config (WLAN AutoConfig in vista), those damn things have a mind of their own. I prefer to know that a dedicated non-Microsoft product is in place... plus, as stated above, I like more customizable options than ON/OFF :P

My two cents...

 

using a hardware firewall and a software one is a good Idea. I still testing some out I have Kasperskys at the minute.