- Apr 13, 2013
- 3,224
Comodo Firewall vs a new Data Stealer
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Bot
AI-powered Bot
- Apr 21, 2016
- 4,364
Thanks for sharing this video! It provides a great visual explanation of the Comodo Firewall vs a new data stealer. Let's discuss the key points and insights.
- Mar 17, 2023
- 500
Cool! Honestly if I could just run the sandbox portion without anything else then I would try it. But I am already running eset so I don't want any internal conflicts and performance issues.
Honestly, if you've been around the forum for awhile and haven't figured out how they teleport malware to the desktop for testing, you've just not been paying attention and deserve to get infected.Haha! Where did all the noise go, my friends? Remember those days when Comodo threads were bursting with romance, drama, tragedy, comedy, and trolledy? Oh, my darling, kindly bring me my bottle
- Apr 13, 2013
- 3,224
The Desktop is nothing more than a folder on the System. If you use a browser to download file it will be seen either in the Download or Temp folder. Malware on a USB or DVD will also appear in their respective folders on the drive.
Quite simply, Malware, in order to run, mist be initiated from somewhere (anywhere) with no magic or teleportation needed.
Quite simply, Malware, in order to run, mist be initiated from somewhere (anywhere) with no magic or teleportation needed.
Malware needs to run through the gauntlet of forward facing defenses of a security product and fail to be declared unfit to stop it. If one only executes it from the desktop it is not truly testing the other products now is it? To claim CIS is the only one to stop this type of attack without doing so is also misleading.
Oh goody, another video, should I go grab my popcorn?
An excellent question you posted. When can we expect a video of a true route of infection test on all other security solutions to be performed by the user claiming this software is the only way to stop this sample
- Mar 17, 2023
- 500
I love seeing banned members coming back as fresh new users. It warms the cackles of my heart.
One thing is certain from the video. Comodo did contain it. Wether others can or can not well that is yet to be tested since from what I recall the tests done were only file scans and not executions. So I do agree that there is no consensus regarding which software might or might not contain it when the payload is executed. However, based on the evidence presented in this thread; comodo did do its job.
And I am not a comodo follower, in fact I am quite the opposite, but I can't argue with data.
One thing is certain from the video. Comodo did contain it. Wether others can or can not well that is yet to be tested since from what I recall the tests done were only file scans and not executions. So I do agree that there is no consensus regarding which software might or might not contain it when the payload is executed. However, based on the evidence presented in this thread; comodo did do its job.
And I am not a comodo follower, in fact I am quite the opposite, but I can't argue with data.
Some of us were never banned but left on our own accord after being trolled then reprimanded for standing up for ourselves.
As for arguing with data, just a test of the product without all the extra commentary stating other products are not capable would go a long way towards giving the poster credit, although again testing real world scenarios opposed to these half way attempts would as well.
Take note I'm not product bashing but speaking truth and fact. Nothing misleading about what I have stated.
Last edited by a moderator:
- Mar 29, 2018
- 7,606
- Aug 19, 2019
- 1,168
Great test as always. It's interesting people mentioning different attack vectors and true testing. Probably the most real of these tests are the web link / download tests with protection enabled but your never really going to replicate an exact real world scenario. Somehow some way people sometimes get a bad unknown file on your computer.
I was going to wade in here about sandboxing unknowns recalling a story where I got ransomware from a PDF but use what works for you. I have a couple of default deny parts of my configuration and they aren't much of a headache at all an don't usually get alerts unless I'm playing with new software.
I was going to wade in here about sandboxing unknowns recalling a story where I got ransomware from a PDF but use what works for you. I have a couple of default deny parts of my configuration and they aren't much of a headache at all an don't usually get alerts unless I'm playing with new software.
- Jun 22, 2014
- 864
I think SeaKelp mean`t your video as in a Lynx video not a Cruel Sister one.Oh goody, another video, should I go grab my popcorn?
An excellent question you posted. When can we expect a video of a true route of infection test on all other security solutions to be performed by the user claiming this software is the only way to stop this sample
I`ve got my popcorn ready.
Regards Eck
rashmi
Level 12
- Jan 15, 2024
- 551
The infection worked like a charm, luring my security enthusiast friends backHonestly, if you've been around the forum for awhile and haven't figured out how they teleport malware to the desktop for testing, you've just not been paying attention and deserve to get infected.
... comments, laughs, and love pouring in! Oh, my love, it's time to make some noise and pop that bottle in style! Oh I'm sure that's what he meant. Although it was not my claim of cis being the only product capable nor did I run a test from the desktop, I don't recall volunteering a video as if I was a tester either, but this seems to have triggered those same defense responses from the crowd.I think SeaKelp mean`t your video as in a Lynx video not a Cruel Sister one.
I`ve got my popcorn ready.
Regards Eck
Personally I was only fulfilling a request by @rashmi who seemed to be bored with the lack of entertainment here now days. Of course pointing out that these videos half baked prove nothing just happened to be an after effect of doing so.
You have been around the forum since 2014, I don't recall you testing or proving anything here, just the usual banter where jump in and try to look as if you know what you are speaking.
You would have known me as illumination back then, the old malware hub moderator. I have done my share of testing and understand how products work well. I have probably forgotten more about this than you have ever learned.
No sense in pretending most of you don't know who I am. I never really hide it anyway now do I.
Bottem line, if it's not real world testing you are proving nothing, so making claims is misleading.
Melih you know me from back in the day your welcome to reply as well.
- Feb 7, 2023
- 2,349
Actually quite a lot of products reacted and removed the malware. The infection details and products have been discussed on another thread.When can we expect a video of a true route of infection test on all other security solutions to be performed by the user claiming this software is the only way to stop this sample
A interesting fully undetectable malware (until now)
Microsoft Defender : detected. Congrats Microsoft ! With default settings? 🤔
malwaretips.com
So I am not sure which products are “oblivious to malware”.
The malware is distributed as a fake game, it does not automatically infect flash drives or possess any spreading mechanisms. Products with download defences will handle the malware. In fact, certain versions have strings that suspend execution when products like Eset and Norton are installed.
- Jun 22, 2014
- 864
- Sep 2, 2021
- 2,586
An excellent question you posted. When can we expect a video of a true route of infection test on all other security solutions to be performed by the user claiming this software is the only way to stop this sample
I've shared other screenshots showing Avast, Norton, Microsoft Defender (with Machine Learning detection) and Bitdefender also blocking this malware
Comodo sandboxes anything unknown, that much we know. VirusScope's detection was, for me, logical, given that the malware launches various Powershell commands at runtime.
But I agree with you on one point: Comodo isn't the only one capable of blocking this type of malware
- Feb 7, 2023
- 2,349
What triggers the detection here for most software is the abuse of the name svchost.exe. No useful software has any genuine reason to doppelgäng a native Windows executable.
Yes, the launch of high number of LOLBins is also highly suspicious. In Harmony, we saw that not only that the malware was blocked, but it was also correctly identified as Nova Stealer.
Many other products that we didn’t test would have also blocked the malware.
Similar threads
