App Review Webroot SecureAnywhere testing with spyware (Identity Protection is on)

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
Very interesting...
Any chance to get this demo spyware to do my own test?
 

Av Gurus

Level 29
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 22, 2014
1,767
There are 2 more similar videos with same Spyware;

"Norton Security Trial Antivirus Software" Test with a Spyware


Nod32 Spyware Detection Test

 
  • Like
Reactions: tonibalas
H

hjlbx

I would not be surprised if a single security software could detect and alert to it.

It would be interesting to see Comodo and Emsisoft tested against it; they were the only two that detected Gamma Int'l FinSpy Surveillance Suite on all tested systems.
 
  • Like
Reactions: yigido
Y

yigido

I would not be surprised if a single security software could detect and alert to it.

It would be interesting to see Comodo and Emsisoft tested against it; they were the only two that detected Gamma Int'l FinSpy Surveillance Suite on all tested systems.
I agreed, I want to see CIS on action against this spyware.
 
D

Deleted member 2913

I use CIS & FW setting as "Dont Show Popups" checked & set to "Block".
This will allow safe programs connection automatically & block unknown connections, right?

So I will be safe from this type of spyware, if the spyware was autosandboxed, right?
 
H

hjlbx

Yes. Those are settings I configured on one system.

Every once in a while I check the logs to see which files are Unrecognized and blocked. IF any are from vendors on Trusted Vendor List (TVL) I can do one of three things:
  • Change rating from Unrecognized to Trusted; or
  • Leave rated as Unrecognized and create HIPS and firewall Allow rules and auto-sandbox Ignore rules; or
  • Both
You will find the CIS will block files that are published by TVL vendor and digitally signed - which should it should not do. It is a bug, but no real big deal because you can do one of the three steps above to prevent CIS from interfering with it.
 
D

Deleted member 2913

Thanxx for the info.

On the usability front, CIS still has a long way to go.

Individual program removal from sandbox is needed.
Would like to see GUI features like "Sandboxed Programs" so that you can easily remove any individual sandboxed programs.
Autosandbox popup to "ask" instead of autosandboxing files.
Exclusion for Cloud AV detection when CAV is not installed.
Instead of "Remember This" on the popup, I think the better approach would be when you click allow/block, it expands & shows allow once/allow permanently. "Remember This" quite a few times goes unnoticed i.e I myself quite a few times wanted to allow once & forget to notice "Remember This" was checked or unchecked. On my personal laptop I keep "Dont show popups" for firewall unchecked.

I have posted these on Comodo forum.
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
All keyloggers, info stealers, etc. must have two components:

1). The Collector (of information to be stolen), and
2). The Transmitter (connecting to the Internet to send the info stolen by the Collector).

Both of the above have to be undetected and allowed to operate in order for the user to suffer a breach, and blocking either one or two will protect the user. Things like traditional AV's and anti-logger programs like Zemana will concentrate on stopping the Collector (either by direct Definition-based detection or by stopping the mechanism of the collection itself). Comodo also has the potential of detection the malware via the Cloud, but will take a broader protection pathway by Sandboxing the mlaware and preventing transmission.

Yesnoo-

1).On Comodo, just right click the icon in the Taskbar and select "Advanced View". This will show the amount of things in the Sandbox, and by clicking on this one can add whatever to Trusted).
2). Asking the User if they want a program sandboxed would be like Norton asking the user if they want to run an application even though it has been flagged as malicious. A really, really bad idea.
3). You can shut off the clod AV easily- Go into Advanced settings, File Rating Settings and there is a Checkbox to Enable the Cloud AV. I normally turn off the Cloud in the few Video's I've done so it won't detract form the Sandbox.
4). I also have the Sandbox popup alert disabled. On a legitimate application, when the application box shows up it would be bordered in Green as a visual cue, thus (for me at least) obviating any need for a popup. If you run an exe and don't get an application box this is pretty indicative that that file is messing with your computer directly (like Ransomware), so not getting any visual cues or popups is a very good thing.
 
Last edited:
  • Like
Reactions: rocky
H

hjlbx

Thanxx for the info.

On the usability front, CIS still has a long way to go.

Individual program removal from sandbox is needed.
Would like to see GUI features like "Sandboxed Programs" so that you can easily remove any individual sandboxed programs.
Autosandbox popup to "ask" instead of autosandboxing files.
Exclusion for Cloud AV detection when CAV is not installed.
Instead of "Remember This" on the popup, I think the better approach would be when you click allow/block, it expands & shows allow once/allow permanently. "Remember This" quite a few times goes unnoticed i.e I myself quite a few times wanted to allow once & forget to notice "Remember This" was checked or unchecked. On my personal laptop I keep "Dont show popups" for firewall unchecked.

I have posted these on Comodo forum.

There are a lot of quirks with CIS. I am active bug reporter on Comodo forum. Believe me when I say "I know..."

There is nothing I can find that represents HUGE security hole or vulnerability... just a lot of minor quirks\bugs.

Comodo does not have an employee assigned to managing bugs and bug reports - the forum Moderators perform those tasks. The Mods are slow because they have lives outside of forum. Plus, everyone wants bugs fixed yesterday.

Change comes slowly to CIS - and sometimes fixes are only partial. Development doesn't explain why they chose to fix one thing, not the other, and only part of another.

With proper settings Comodo is better than some think - and not as bad as some others think. It is solid, respectable base-line security software... I think. One can certainly do a whole lot worse...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top