- Apr 13, 2013
- 3,224
As a way of comparison of the Trusted Vendors list of AppGuard (from the last RAT video) with Comodo's more extensive one, as well as how to manipulate it.
Comodo and Trusted Vendors List
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
And Comodo's main incomes isn't their security products but the certificates they sell; so of course they have to whitelist the certificates of their customers... and anybody can buy a certificate from Comodo...
to properly edit the TVL on a clean system (umbra style) :
1- put HIPS on Training mode, disable auto-sandbox
2- select all vendors except microsoft, realtek, ATI, NVIDIA, etc.. mostly your hardwares vendors (in case of ^^) by using search box.
3- delete all the others
4- add vendors by selecting them via running processes
5- put back HIPS & Auto-sandbox on safe mode
to properly edit the TVL on a clean system (umbra style) :
1- put HIPS on Training mode, disable auto-sandbox
2- select all vendors except microsoft, realtek, ATI, NVIDIA, etc.. mostly your hardwares vendors (in case of ^^) by using search box.
3- delete all the others
4- add vendors by selecting them via running processes
5- put back HIPS & Auto-sandbox on safe mode
Last edited by a moderator:
I don't think the precise protection model used to keep a system clean is all that important. What is important is that whatever protection model one adopts should be as close to 100 % efficiency, 100 % of the time. And therein lies the rub... the only IT protection model that approaches that level is absolute default-deny (non-execution). Absolute default-deny also includes reduction of attack surface. It also includes modified human behavior. Three simple concepts that are easy for the layperson to grasp - but seemingly - impossible for the typical user to follow - especially the behavior modification part.
LOL... if people would simply use the Standard User Account - all the time - then they would be more than 3/4 of the way to default-deny -- and without any real need for security softs other than what is shipped with Windows. Windows already gives users just about everything they need to stay safe - but it is people's expectations, lack of discipline, ignorance, complete disregard for safe computing habits, etc - that unravels just about every security mechanism built-in to Windows. Same can be said of just about any other security soft. Many typical users think their computer and digital devices are indecipherable boogey-men devices...
I think the average PC user has no inclination whatsoever to learn about any security soft - regardless of its ease-of-use. Their mentality is: "I will buy the best rated, most recommended AV - install it and forget about it - and I will be protected - no matter what I do - because it is the best. Afterall, I paid $100 for it..."
Sad fact is that in 99% of cases like above that security soft causes problems - whether paid or free - and the user quickly uninstalls it.
If it ain't plug-and-play - most people don't want it...
LOL... if people would simply use the Standard User Account - all the time - then they would be more than 3/4 of the way to default-deny -- and without any real need for security softs other than what is shipped with Windows. Windows already gives users just about everything they need to stay safe - but it is people's expectations, lack of discipline, ignorance, complete disregard for safe computing habits, etc - that unravels just about every security mechanism built-in to Windows. Same can be said of just about any other security soft. Many typical users think their computer and digital devices are indecipherable boogey-men devices...
I think the average PC user has no inclination whatsoever to learn about any security soft - regardless of its ease-of-use. Their mentality is: "I will buy the best rated, most recommended AV - install it and forget about it - and I will be protected - no matter what I do - because it is the best. Afterall, I paid $100 for it..."
Sad fact is that in 99% of cases like above that security soft causes problems - whether paid or free - and the user quickly uninstalls it.
If it ain't plug-and-play - most people don't want it...
Last edited by a moderator:
- Mar 15, 2011
- 13,070
No reason why TVL is taken for granted,
Good thing when HIPS concept will monitor everything despite of digital signed certificates, however the problem when convenience take over.
Digital signed certificates provider must enforced strong security measures to avoid that bypass, many programs like Comodo targets automated process so that a user is already satisfied.
Good thing when HIPS concept will monitor everything despite of digital signed certificates, however the problem when convenience take over.
Digital signed certificates provider must enforced strong security measures to avoid that bypass, many programs like Comodo targets automated process so that a user is already satisfied.
- Apr 13, 2013
- 3,224
Umbra- Symantec has the same issues with their Counter Signatures, and it's really not their fault. if someone in a short skirt with a nice (actually perfect) smile gets access to a Private Signing Key how would either Comodo or Symantec be possibly aware of this?
- Sep 28, 2011
- 326
unfortunately, yes... it is why you must export your settings before installing an update.
You mean you manage to grab a key and use it for malicious purposes ?
I guess they can't...
LOL... this is all that it takes ? So much for IT security... complete world-wide certificate bypass via sexual engineering. Sexual engineering has been happening since the dawn of man...
Similar threads
