- May 31, 2017
- 1,719
CyberLock does not rely on digital signatures, rather it uses digital signatures for file insight to provide to the end-user. CyberLock would easily block this attack.
Comodo Firewall vs a new Data Stealer
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
rashmi
Level 12
- Jan 15, 2024
- 551
The malware has invalid digital signatures.
rashmi
Level 12
- Jan 15, 2024
- 551
This comment has... a love letter and a breakup note rolled into one!
- Aug 22, 2013
- 885
If you are willing to sacrifice some time and effort and if you want a reasonable secure system this thing would be the best bet out there for a non corporate user to have in their disposal.
I see a lot of tension and love here. Am I still on MalwareTips?
That's because they stammer for truth, but when you hand them truth, they state, no not that truth, please don't shatter my illusions of grandeur. Please don't disrupt my version of reality where I gain fake popularity by misleading users. It's not like they can be harmed by malware or misinformation.
Absolute truth there, most can not handle that type software and leaving security in the hands of uninformed users that have no idea how the operating system works let alone how software should interact with it legitimately is actually idiotic.
- Apr 16, 2017
- 2,603
yes I "tested" this file (see other thread) with Harmony in win10_vm also running CL, and CL stopped the attack (or that's what it looked like to me)
Last edited:
- Apr 13, 2013
- 3,224
Yes it was stopped. Initially the VirusScope Cloud would have immediately deleted it (but in the video I ignored that warning, which as noted is unwise). But the other important thing is that a Firewall alert popped up which, especially in the case of Data Stealers, should never ever be ignored (which I did anyway).
This latter point is essential to note as any Stealer cannot succeed if it is unable to transmit the stolen data out to Malware Command. This is also why one should never, ever just rely on Windows Defender Firewall (no matter how tricked out) as it is barely an inconvenience to shut it down prior to transmission.
Finally if CF was put into Silent Mode (like in the 2nd part of my last Comodo video) there would have been no popups at all- the file would have just been deleted prior to activation.
Last edited:
New_Style_xd
Level 1
- Sep 10, 2022
- 16
I always watch your videos, they are very well made. It would be perfect if you were talking in the video as if it were a tutorial.
You could create videos showing how to configure everything, but you could talk in the video.
Hugs.
Antig
Level 2
- Mar 23, 2021
- 57
How boring...:not being hit by a real virus for a couple of decades! I dont remember what it was,but it happened more than 20 years ago, then I discovered the great Kevin McAliveley BOCLEAN and i was glad to pay for it,as it assured a complete protection,especially if you added Melihs new firewall; a pity the two divorced,something really good might have ensued from their collaboration,but ,anyway,nowadays we could take advantage from what cruelsister suggested regarding firewalls and other progs, so everything-in spite of continous attempts to enlive the scene- keeps being as boring as ever....
- Jun 22, 2014
- 864
Nah, with notepad I think it`s easier to pick up points by pausing it. Also that heavy Bronx accent would make the use of an interpreter a must.
Regards Eck
rashmi
Level 12
- Jan 15, 2024
- 551
According to your configuration, "restricted" mode blocks network connections from unrecognized programs, as mentioned in your videos and some user posts. I would like to confirm if this is the case, as the help files mention nothing about network connection prevention.
Viruscope clearly stopped the sample with the option to clean by the user presented in which you ignored once to demonstrate further. There is no doubt the product is capable. As noted I was not mentioning anything about the product, only the method and the unnecessary commentary.
Only have a couple questions that clear things up for me.
1. Is the product at default settings out of the box?
2. Is it possible to make demonstrations without product bashing other products, since true real world testing does not take place in this forum?
These two things make what you are doing more credible all the way around.
Comodo is not a Security System; it's merely a security layer.
The issue arises when irresponsible fanatics attempt to market pangasius (security layer) as salmon (Security System).
Comodo is not a virus or malware detector. It functions solely as a binary blocker, and its ability to automate blocking does not transform it into an antivirus or antimalware solution (painting a pangasius with orange color, does not turn it into salmon). The binary function is always the same: either block (unknown) files or allow (known) files (where the criteria of "known" and "unknown" is dependent on a obscure subjective database). Consequently, Comodo effectiveness is entirely dependent on the user.
There is nothing inherently wrong with this approach. As a security layer, blocking or not blocking may be useful for some users, and they are free to use and advocate for this software as a security layer. However, this approach is ineffective for 99% of users (this is one of the reasons why the market largely buried Comodo years ago).
By the way, by hardening Windows security settings, users can achieve same Comodo blocking capabilities. Windows itself doesn't do that, precisely because it knows that "blocking" is not suitable for 99% of users.
Being a software user-dependent creates two main problems: 1) 99% of users lack the expertise to decide what to block or allow; and 2) A blocker does not identify virus or malware, which leads to tons of false positives and, worse, can lead to allow the execution of threats it mistakenly identifies as "known" (it already happened in the past).
The malware shown in the video posted in this thread had already been detected by most other security software on the market. It's a strain of an older, well-known malware, originally developed by teenagers. There is nothing particularly unique about this malware. Additionally, Viruscope is notorious for its inconsistency; its threat detection capabilities are erratic and unreliable. Using Comodo Antivirus or Comodo Viruscope modules carries a high 100% risk of infection.
Furthermore, the video in this thread illustrates that containerization becomes ineffective when the user authorizes the executable through Viruscope. It's also important to note that Comodo has been abandoned since 2018. In 2024, it was rebranded as "2025" just with a new facelift, without any upgrades, nor new features, nor fixes for the old bugs.
In summary, although Comodo is free, it's not recommended for 99% of users. And most users do not need a blocker like Comodo when many of the leading security systems on the market are genuine virus and malware detectors (not mere user-dependent blockers) and are available for free.
The issue arises when irresponsible fanatics attempt to market pangasius (security layer) as salmon (Security System).
Comodo is not a virus or malware detector. It functions solely as a binary blocker, and its ability to automate blocking does not transform it into an antivirus or antimalware solution (painting a pangasius with orange color, does not turn it into salmon). The binary function is always the same: either block (unknown) files or allow (known) files (where the criteria of "known" and "unknown" is dependent on a obscure subjective database). Consequently, Comodo effectiveness is entirely dependent on the user.
There is nothing inherently wrong with this approach. As a security layer, blocking or not blocking may be useful for some users, and they are free to use and advocate for this software as a security layer. However, this approach is ineffective for 99% of users (this is one of the reasons why the market largely buried Comodo years ago).
By the way, by hardening Windows security settings, users can achieve same Comodo blocking capabilities. Windows itself doesn't do that, precisely because it knows that "blocking" is not suitable for 99% of users.
Being a software user-dependent creates two main problems: 1) 99% of users lack the expertise to decide what to block or allow; and 2) A blocker does not identify virus or malware, which leads to tons of false positives and, worse, can lead to allow the execution of threats it mistakenly identifies as "known" (it already happened in the past).
The malware shown in the video posted in this thread had already been detected by most other security software on the market. It's a strain of an older, well-known malware, originally developed by teenagers. There is nothing particularly unique about this malware. Additionally, Viruscope is notorious for its inconsistency; its threat detection capabilities are erratic and unreliable. Using Comodo Antivirus or Comodo Viruscope modules carries a high 100% risk of infection.
Furthermore, the video in this thread illustrates that containerization becomes ineffective when the user authorizes the executable through Viruscope. It's also important to note that Comodo has been abandoned since 2018. In 2024, it was rebranded as "2025" just with a new facelift, without any upgrades, nor new features, nor fixes for the old bugs.
In summary, although Comodo is free, it's not recommended for 99% of users. And most users do not need a blocker like Comodo when many of the leading security systems on the market are genuine virus and malware detectors (not mere user-dependent blockers) and are available for free.
Last edited:
- Feb 7, 2023
- 2,349
I just tried 2 different samples of the same malware, and a solution "oblivious to malware".
Before the file could even be saved:
Before the file could even be saved:
- Jan 6, 2022
- 520
From Second ZERO it was contained. Unless they actually stole a CERT from MS HEHEHE. Nothing is truly bullet proof. It's just amazing to see how many different security technologies can either detect it or not. Its like eye candyThe file would still be contained for those using Xcitium
The signature on the file is also invalid
All in all... Nice find.
View attachment 284459View attachment 284460
- Feb 7, 2023
- 2,349
A lot of the stealers invoke the browser. This means that your browser is put into the container and unless access to the network is restricted, passwords, and more crucially session cookies, also enter the container. They are then ready for exfiltration, just like the stealer would do without containment.
So the containment is not the magical pill that will solve all your malware problems.
- Jan 6, 2022
- 520
I have it set to restricted modes and disallow reads and writes to chrome profiles and other directories. Just like you... I make the tool better. I miss Harmony to be honest.
tofargone
Level 4
- Jun 24, 2024
- 174
So you are saying CF's strength is in the fact that it will deny unknown vs known, and that the success is based upon the quality of the known database, and user response, kind of like PCMatic
It's not me... it's reality that confirms the facts:
If an user only activates Comodo's antivirus module... that user will have 100% chance of getting infected. We can confirm that fact by googling the web, but we can also confirm that fact with videos showing Comodo's antivirus failing, and even worse, the total lack of videos proving that the antivirus works also confirms its failure. By the way, that's the reason why the video posted in this thread is not using Comodo's antivirus... useless! Therefore, Comodo cannot be used to detect virus/malware.
Without the antivirus, all the other Comodo's modules are nothing more than mere blockers. And every blocker, with or without database, with or without automation, is always dependent on the user.
Therefore, in real world, Comodo is not an antivirus/antimalware, it's a blocker.
Strengths or weaknesses are relative, depend on user profile. Blockers like Comodo are useful for 1% of the users (and they might talk about subjective strengths). In the other hand, blockers like Comodo are useless for 99% of the users (and they might see only weaknesses). The vast majority of users are unable to say what to block or allow. Also, there is no logic in using a blocker, when 99% of the users can use excellent real antivirus/antimalware, and for free!
That fact was proven in real life, where Comodo was buried by the market. The concept never took off. 99% of users never heard about Comodo.
Comodo is not successful. Comodo 2025 is a zombie, an abandon-ware from 2018, which was resuscitated, facelift, and renamed to "2025". It's a dangerous software, full of unfixed bugs.
For 1% of users who prefer to use blockers, Comodo can be useful. But that doesn't mean Comodo is a success.
Comodo's database is absolutely poor, and it has already failed in the past. But even if it were a 100% perfect database, the real problem is that Comodo as a blocker only works when the user works.
It's very important to always repeat that Comodo as a blocker can be useful for few users. But it's irresponsible to generalize presenting Comodo as an unbeatable complete security system, when Comodo is nothing more than an old layer of security, full of unfixed bugs.
- Aug 19, 2019
- 1,168
I'm pretty sure running Restricted will just block the connection rather than showing a firewall alert.
Similar threads
