Comodo Firewall : Ghost
Will my security software prevent my confidential data from being transmitted to a hacker?
Will my security software stop a virus from corrupting or destroying my important documents?
TEST YOUR SECURITY SOFTWARE & find an answer to these questions right here. Learn more.
Firewall Test Description
Generally, when an application accesses the Internet, a firewall will use the Windows API to retrieve the parent PID and name of the executable that launched the trusted application. After the firewall has obtained this information it 'freezes' it, temporarily blocking the connection. It then asks you what to do (allow/deny).
Ghost then provides the information to the default browser. To avoid detection, Ghost shuts itself down and restarts itself. This allows it to change the PID and continue to send data.
Ghost tries to open a single web page and send a string to it, dummy data in this case. However, if this was a genuine malware program, then this string could be critical personal data such as your credit card number.
If the test is a success, this means that your firewall "parent/child network access monitoring" is checking too late that one executable is launching another to access the Internet.
|Type of Test||HIPS and Firewall|
|Techniques used||Parent Substitution|
|Operating System(s)||Windows 9x/ Windows Millenium/ Windows NT4/ Windows 2000/ Windows XP|
|Number of Tests||1|