notabot

Level 8
I just came across an old link (2014)

Introducing Comodo Internet Security 8 with more Features

It says

Hardware virtualization support”
o When Intel VT-x or AMD™ SVM Virtualization extensions are available, Enhanced Protection Mode makes use of these technologies and CIS operates at hypervisor level.”


This means that this product is actually secure even against kernel exploits.

Is anybody running enhanced protection mode ? How big is the performance impact ?

The hypervisor attack surface should be tiny compared to an OS kernel
 

shmu26

Level 82
Verified
Trusted
Content Creator
I just came across an old link (2014)

Introducing Comodo Internet Security 8 with more Features

It says

Hardware virtualization support”
o When Intel VT-x or AMD™ SVM Virtualization extensions are available, Enhanced Protection Mode makes use of these technologies and CIS operates at hypervisor level.”


This means that this product is actually secure even against kernel exploits.

Is anybody running enhanced protection mode ? How big is the performance impact ?

The hypervisor attack surface should be tiny compared to an OS kernel
They had to remove that feature because it conflicted with the recent versions of Windows 10.
 

shmu26

Level 82
Verified
Trusted
Content Creator
I see, have they replaced it with something of similar functionality or this was “too good to be true”
The old-timers on the Comodo forum mourned the demise of this feature. I don't think it was replaced by anything. But it does indicate that the Windows kernel is natively more secure than it used to be.
 
  • Like
Reactions: Weebarra

SHvFl

Level 35
Verified
Trusted
Content Creator
The old-timers on the Comodo forum mourned the demise of this feature. I don't think it was replaced by anything. But it does indicate that the Windows kernel is natively more secure than it used to be.
Nothing to do with that. It was removed because MS would enable memory integrity which doesn't allow anything else to use virtualisation.
 

shmu26

Level 82
Verified
Trusted
Content Creator
Nothing to do with that. It was removed because MS would enable memory integrity which doesn't allow anything else to use virtualisation.
Even without memory integrity, they were having problems with it. But memory integrity makes it impossible.
 

SHvFl

Level 35
Verified
Trusted
Content Creator
Even without memory integrity, they were having problems with it. But memory integrity makes it impossible.
They have problems with everything so not surprised. At least MS made the decision easy and justifiable to the masses (not me but ms fault).
 
  • Like
Reactions: Weebarra and shmu26

shmu26

Level 82
Verified
Trusted
Content Creator
I can't claim to fully understand what this feature was doing, but I am pretty sure it was to assist in advanced HIPS monitoring. So if you don't even use the HIPS module, it doesn't matter. Nowadays, HIPS is pretty much of a lost art.
 
  • Like
Reactions: Weebarra