App Review Comodo Firewall vs A CryptoCurrency Miner

[cruelsister]

You may note a couple of things:

1). The video title is rather vague as I want to decrease any ransom Google hits.
2). Adylkuzz was/is delivered by the EternalBlue/DoublePulsar combo. I did not even hint at how the malware got on our desktop. I must be magic, especially for those already employing virtualization and Outbound Firewall control. I will say that the malware for many of the initial attacks had coded into them a sleep time of like a day; this was done in the hope that some fool would take it out of virtualization and run it. In other words the efficacy of protection via virtualization was noted by the Blackhats as something to be avoided.
3). And God forbid I even mention metasploit! There has been more than enough discussion on that already.
4). At 1:43 of the video it may seem like I am trying to point out something with svchost. I wasn't- my cat jumped on my lap and the mouse moved accordingly. Sorry about that!

I guess this video may be not what one may have expected, but I hope you guys enjoy it anyway.

 

[darko999]

Can't see the video =/

 

[cruelsister]

I forgot to make it public!!!!

All is fine now.

 

[darko999]

Thanks for the video! Comodo v10 it's like the best version IMO since I used a lot of Comodo in the past I'm stick to this one. I'm glad that I use your settings plus paranoid HIPS and custom ruleset for FW I think my computer will stay clean for a long long time.

 

[EASTER]

Thanks for the new demo and boy is that foulware ever another doozy.

And how about that Comodo FW with those special settings. Get's a job done in fine Comodo fashion (as usual) against the mysterious.

Courtesy your continued and I have to add very generous descriptions with these I was eager enough to dedicate a pair of systems with this very program serving as a main catalyst in those set ups. And have NOT been disappointed in the least.

Question: What version of TC is that and are there other "old school" file explores that can uncover the hiders like that? One of them I found very useful for these is been XYplorer

 

[ravi prakash saini]

once again very good video
@cruelsister may I ask you to check ,what you hate most,comodo anti virus cause in my testing the antivirus component in CIS 10 is quite mature but without proper authorization from cruelsister we can not proceed

 

[lab34]

As always, very interesting.
The UAC is not yelling when dropping something in the windows directory ?

 

[mekelek]

sadly when you want to mine yourself, your AV goes ape nuts

 

[AtlBo]

This is my favorite anti-malware video on the internet to date.

Super helpful information on what to look for from the firewall with malware for those who rely on it for tighter control. For anyone who hasn't had the chance to read about the EB/DP payloads like this, they are the worst possbile malware. Comodo nuked Adylkuzz, not that I didn't expect it, but it was great to see it happen.

The more we see of these malwares being nuked, the more we know how to be careful and when to stay out of Comodo's way so not to make a mistake with choices we have. It is after all, occasionally a requirement w/FPs. Thanks from the heart cs...

Only one thing left to test. EB/DP v. Comodo's heuristic command-line analysis. I'm not ready for this kind of testing...just something I would like to see if anyone has an opportunity.

 

[done]

Shocking video WOW, I''d never think about it

Just 1 question. Windows has built in firewall how come it didn't block it? Is it a fake firewall? Whats the point of having it ruining in the system if its not blocking out band?

Thx for sharing

 

[lab34]

Shocking video WOW, I''d never think about it

Just 1 question. Windows has built in firewall how come it didn't block it? Is it a fake firewall? Whats the point of having it ruining in the system if its not blocking out band?

Thx for sharing

Hello,
the problem with WF is that it does not offer the outbound alert and user decision. I think it's the best for inbound control.
Some programs exists to add this layer (outbound alert) on top of WF. Windows Firewall Control by binisoft, Windows 10 firewall control by sphinx...

I was using the sphinx one and was happy. But on its free version, it lacks the zone control (I wanted to allow only for lan).
WFC by binisoft seems nice, but when I tried CFW, I saw CruelSister's vids, and was amazed by the auto containment. So for my using, CFW is the way.

 

[ravi prakash saini]

if all antivirus except comodo go out of the business I am sure they will sue cruelsister

 

[212eta]

The UAC is not yelling when dropping something in the windows directory?

I was wondering about the same issue.
Especially when UAC is set to 'Always notify'.

 

[AtlBo]

Must be something about the fonts folder. Everyone wants their fonts at the office so MS doesn't cover it with UAC lol. It's been a target location for malware for a long time.

 

[BugCode]

Very impressive video again with you sister cruel, thank you!

 

[EASTER]

Must be something about the fonts folder. Everyone wants their fonts at the office so MS doesn't cover it with UAC lol. It's been a target location for malware for a long time.

Glad that you make mention of this fact AtlBo. I was on XP for an extended period since I never went to Win 7 but eventually migrated straight to Win 8/8.1.

As far back and maybe starting with Windows 98 I remember (just as you point out) how malwares seem to favor the f0nts folder and this seemed to crop up again later when Rootkits made their way to the stage. The latter was even worse IMO in that Ring0 drivers would hide their connecting components and you often needed an SDDT tool to find and unhook the hooks.

 

[minegroasprilla]

All is fine now.

Hey, can you test "360 Document Protector" against ransomware?.

It's a new tool created by Qihoo 360.

 

[cruelsister]

Mine- I tried it privately last month and it protected the Documents fine. But as it's been updated since then I'll give it another try.

Also, I just realized (actually I always knew) that I never ever mention the Comodo HIPS. This being the case I will be doing a Part 2 to this video that highlights the HIPS, both alone and in conjunction to CF at my settings. I hope that it will serve.

 

[EASTER]

Mine- I tried it privately last month and it protected the Documents fine. But as it's been updated since then I'll give it another try.

Also, I just realized (actually I always knew) that I never ever mention the Comodo HIPS. This being the case I will be doing a Part 2 to this video that highlights the HIPS, both alone and in conjunction to CF at my settings. I hope that it will serve.

Oh am so looking forward to that one.

No one is been a bigger HIPS proponent than yours truly (EQSysecure was my fav!) and then when the introduction of 64 bit computing entered it pretty well knocked all the good ones out of contention like Malware Defender etc.

Kinda pleased that Comodo seen fit to keep their full fledged HIPS as another chief component although am pretty content to run CFW 10 with Cruel Comodo settings. They w0rk!

 

[AtlBo]

Oh am so looking forward to that one.

The HIPs is tricky using cs' non-debatable auto-contain settings. Looking forward to seeing if cs has any tactics for making use of HIPs that help eliminate digging through the settings to remove allow rules after running unrecognized app/file that auto-starts in the container. Maybe Paranoid, but I don't have the nerve to get into creating the all the rules until I know more about what to expect. Thanks for the tests cs. They help alot.