App Review Comodo Firewall vs a new Data Stealer

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
cruelsister

Bot

AI-powered Bot
Apr 21, 2016
4,459
Thanks for sharing this video! It provides a great visual explanation of the Comodo Firewall vs a new data stealer. Let's discuss the key points and insights.
 
  • Love
Reactions: Behold Eck

rashmi

Level 12
Jan 15, 2024
562
Haha! Where did all the noise go, my friends? Remember those days when Comodo threads were bursting with romance, drama, tragedy, comedy, and trolledy? Oh, my darling, kindly bring me my bottle 😊
 
  • Sad
Reactions: kylprq
F

ForgottenSeer 114834

Haha! Where did all the noise go, my friends? Remember those days when Comodo threads were bursting with romance, drama, tragedy, comedy, and trolledy? Oh, my darling, kindly bring me my bottle 😊
Honestly, if you've been around the forum for awhile and haven't figured out how they teleport malware to the desktop for testing, you've just not been paying attention and deserve to get infected. 🤪
 

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
The Desktop is nothing more than a folder on the System. If you use a browser to download file it will be seen either in the Download or Temp folder. Malware on a USB or DVD will also appear in their respective folders on the drive.

Quite simply, Malware, in order to run, mist be initiated from somewhere (anywhere) with no magic or teleportation needed.
 
F

ForgottenSeer 114834

The Desktop is nothing more than a folder on the System. If you use a browser to download file it will be seen either in the Download or Temp folder. Malware on a USB or DVD will also appear in their respective folders on the drive.

Quite simply, Malware, in order to run, mist be initiated from somewhere (anywhere) with no magic or teleportation needed.
Malware needs to run through the gauntlet of forward facing defenses of a security product and fail to be declared unfit to stop it. If one only executes it from the desktop it is not truly testing the other products now is it? To claim CIS is the only one to stop this type of attack without doing so is also misleading.
 
F

ForgottenSeer 114834

Looking forward to your video. When may we expect it?
Oh goody, another video, should I go grab my popcorn?

An excellent question you posted. When can we expect a video of a true route of infection test on all other security solutions to be performed by the user claiming this software is the only way to stop this sample 🤔
 
  • Love
  • HaHa
Reactions: Decopi and Trident

cartaphilus

Level 11
Verified
Top Poster
Well-known
Mar 17, 2023
528
I love seeing banned members coming back as fresh new users. It warms the cackles of my heart.

One thing is certain from the video. Comodo did contain it. Wether others can or can not well that is yet to be tested since from what I recall the tests done were only file scans and not executions. So I do agree that there is no consensus regarding which software might or might not contain it when the payload is executed. However, based on the evidence presented in this thread; comodo did do its job.

And I am not a comodo follower, in fact I am quite the opposite, but I can't argue with data.
 
F

ForgottenSeer 114834

I love seeing banned members coming back as fresh new users. It warms the cackles of my heart.

One thing is certain from the video. Comodo did contain it. Wether others can or can not well that is yet to be tested since from what I recall the tests done were only file scans and not executions. So I do agree that there is no consensus regarding which software might or might not contain it when the payload is executed. However, based on the evidence presented in this thread; comodo did do its job.

And I am not a comodo follower, in fact I am quite the opposite, but I can't argue with data.
Some of us were never banned but left on our own accord after being trolled then reprimanded for standing up for ourselves.

As for arguing with data, just a test of the product without all the extra commentary stating other products are not capable would go a long way towards giving the poster credit, although again testing real world scenarios opposed to these half way attempts would as well.

Take note I'm not product bashing but speaking truth and fact. Nothing misleading about what I have stated.
 
Last edited by a moderator:

ErzCrz

Level 23
Verified
Top Poster
Well-known
Aug 19, 2019
1,214
Great test as always. It's interesting people mentioning different attack vectors and true testing. Probably the most real of these tests are the web link / download tests with protection enabled but your never really going to replicate an exact real world scenario. Somehow some way people sometimes get a bad unknown file on your computer.

I was going to wade in here about sandboxing unknowns recalling a story where I got ransomware from a PDF but use what works for you. I have a couple of default deny parts of my configuration and they aren't much of a headache at all an don't usually get alerts unless I'm playing with new software.
 

Behold Eck

Level 18
Verified
Top Poster
Well-known
Jun 22, 2014
870
Oh goody, another video, should I go grab my popcorn?

An excellent question you posted. When can we expect a video of a true route of infection test on all other security solutions to be performed by the user claiming this software is the only way to stop this sample 🤔
I think SeaKelp mean`t your video as in a Lynx video not a Cruel Sister one.

I`ve got my popcorn ready.

Regards Eck:)
 

rashmi

Level 12
Jan 15, 2024
562
Honestly, if you've been around the forum for awhile and haven't figured out how they teleport malware to the desktop for testing, you've just not been paying attention and deserve to get infected. 🤪
The infection worked like a charm, luring my security enthusiast friends back 😉... comments, laughs, and love pouring in! Oh, my love, it's time to make some noise and pop that bottle in style! 😊
 
F

ForgottenSeer 114834

I think SeaKelp mean`t your video as in a Lynx video not a Cruel Sister one.

I`ve got my popcorn ready.

Regards Eck:)
Oh I'm sure that's what he meant. Although it was not my claim of cis being the only product capable nor did I run a test from the desktop, I don't recall volunteering a video as if I was a tester either, but this seems to have triggered those same defense responses from the crowd.

Personally I was only fulfilling a request by @rashmi who seemed to be bored with the lack of entertainment here now days. Of course pointing out that these videos half baked prove nothing just happened to be an after effect of doing so.

You have been around the forum since 2014, I don't recall you testing or proving anything here, just the usual banter where jump in and try to look as if you know what you are speaking.

You would have known me as illumination back then, the old malware hub moderator. I have done my share of testing and understand how products work well. I have probably forgotten more about this than you have ever learned.

No sense in pretending most of you don't know who I am. I never really hide it anyway now do I.
Bottem line, if it's not real world testing you are proving nothing, so making claims is misleading.

Melih you know me from back in the day your welcome to reply as well.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
When can we expect a video of a true route of infection test on all other security solutions to be performed by the user claiming this software is the only way to stop this sample 🤔
Actually quite a lot of products reacted and removed the malware. The infection details and products have been discussed on another thread.

So I am not sure which products are “oblivious to malware”.

The malware is distributed as a fake game, it does not automatically infect flash drives or possess any spreading mechanisms. Products with download defences will handle the malware. In fact, certain versions have strings that suspend execution when products like Eset and Norton are installed.
 

Behold Eck

Level 18
Verified
Top Poster
Well-known
Jun 22, 2014
870
Oh I'm sure that's what he meant. Although it was not my claim of cis being the only product capable nor did I run a test from the desktop, I don't recall volunteering a video as if I was a tester either, but this seems to have triggered those same defense responses from the crowd.

Personally I was only fulfilling a request by @rashmi who seemed to be bored with the lack of entertainment here now days. Of course pointing out that these videos half baked prove nothing just happened to be an after effect of doing so.

You have been around the forum since 2014, I don't recall you testing or proving anything here, just the usual banter where jump in and try to look as if you know what you are speaking.

You would have known me as illumination back then, the old malware hub moderator. I have done my share of testing and understand how products work well. I have probably forgotten more about this than you have ever learned.

No sense in pretending most of you don't know who I am. I never really hide it anyway now do I.
Bottem line, if it's not real world testing you are proving nothing, so making claims is misleading.

Melih you know me from back in the day your welcome to reply as well.
That`ll be a no then ?

Regards Eck :)
 

Shadowra

Level 37
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,619
An excellent question you posted. When can we expect a video of a true route of infection test on all other security solutions to be performed by the user claiming this software is the only way to stop this sample 🤔

I've shared other screenshots showing Avast, Norton, Microsoft Defender (with Machine Learning detection) and Bitdefender also blocking this malware :)

Comodo sandboxes anything unknown, that much we know. VirusScope's detection was, for me, logical, given that the malware launches various Powershell commands at runtime.

But I agree with you on one point: Comodo isn't the only one capable of blocking this type of malware :)
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Comodo sandboxes anything unknown, that much we know. VirusScope's detection was, for me, logical, given that the malware launches various Powershell commands at runtime.
What triggers the detection here for most software is the abuse of the name svchost.exe. No useful software has any genuine reason to doppelgäng a native Windows executable.

Yes, the launch of high number of LOLBins is also highly suspicious. In Harmony, we saw that not only that the malware was blocked, but it was also correctly identified as Nova Stealer.

Many other products that we didn’t test would have also blocked the malware.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top