App Review Comodo Firewall vs a new Data Stealer

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
cruelsister

Chuck57

Level 12
Verified
Top Poster
Well-known
Oct 22, 2018
590
We, or I, have a cat now. She's 19 yrs old. Had her since she was 5 or 6 weeks. I have to take care of her. When my wife passed away last year, that little cat was beside me or in my lap every moment for 2 or 3 months, I guess looking after me. She got me through a tough time, so now it's my turn to help her. Fortunately, still healthy but slowing down.
 
Last edited:

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Some members commenting took issue with the statement "oblivious to malware" made in the video, an unnecessary statement. Also a incorrect statement because simultaneously there was another thread with products stopping the sample, which ironically enough was not even being tested with real world testing to test the scope of the products abilities.
Although I’d rather not intrude too much on his thread, your point does need clarification. When the video was made, the malware was D+1 with detections made by only a few products. As I was very surprised that VirusScope detected it, I also ran it against ESET which I still had on a VM from previous test. I didn't feel that a second video about it was either needed or appropriate.

ESET at that time (although it detects it now) neither stopped the packaging of the Data nor the transmission of this package out. With this fresh in my mind, that was what prompted the comment made in the video. No implication was intended that no other product would detect it (obvious from the VT results), and no inference should be drawn that other products wouldn’t add future detections.

m
 
F

ForgottenSeer 114834

Although I’d rather not intrude too much on his thread, your point does need clarification. When the video was made, the malware was D+1 with detections made by only a few products. As I was very surprised that VirusScope detected it, I also ran it against ESET which I still had on a VM from previous test. I didn't feel that a second video about it was either needed or appropriate.

ESET at that time (although it detects it now) neither stopped the packaging of the Data nor the transmission of this package out. With this fresh in my mind, that was what prompted the comment made in the video. No implication was intended that no other product would detect it (obvious from the VT results), and no inference should be drawn that other products wouldn’t add future detections.

m
VT engines are not kept up to date and refreshed soon enough as should be so how would you know?

Eset was not tested as far as I know with real world testing passing the sample through these modules, so again, how would you know.

So simply avoid making comments about other products and carry yourself in a better way to avoid these issues as stated. I'm not new to testing and you know this. I seen clearly what has taken place and have voiced this directly without being disrespectful.
 
  • Applause
  • Like
Reactions: Decopi and Trident

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Eset was not tested as far as I know with real world testing passing the sample through these modules, so again, how would you know.
ESET at that time (although it detects it now) neither stopped the packaging of the Data nor the transmission of this package out.
 
F

ForgottenSeer 114834

That is from the desktop can it stop it up on entry from the web, can it detect it with this method, did you try this, or did the person you watch attempt to run the sample through those modules?

Eset not only used signatures to check downloads but also heuristic analysis/file structure analysis to examine the internal file structure looking for anomalies, common packing techniques and obfuscation methods. Without running this gauntlet how can anyone claim to have thoroughly tested the product?
 
Last edited by a moderator:
  • +Reputation
Reactions: Decopi and Trident

monkeylove

Level 13
Verified
Top Poster
Well-known
Mar 9, 2014
609
This is the actual reality for most users. Understanding the operating system is just the beginning, then you need to know how the software you are using also interacts with the operating system. It takes extensive knowledge to properly use these type of securities, they are not designed for novice to average users.

I don't see the logic behind designing security programs for experienced users, as the market for the latter can be very small. Maybe they're like beta testers.
 

Behold Eck

Level 18
Verified
Top Poster
Well-known
Jun 22, 2014
870
So simply avoid making comments about other products and carry yourself in a better way to avoid these issues as stated. I'm not new to testing and you know this. I seen clearly what has taken place and have voiced this directly without being disrespectful.
Well you were a tad OTT in your reaction to one flippant remark imo.

Regards Eck:)
 
  • Like
Reactions: simmerskool

EASTER

Level 4
Verified
Well-known
May 9, 2017
159
Dang! I remember that SONG before. Been a long time. Stop The Steal With Comodo- and i would add MUCH MORE in between.

I assume the test was on a Windows 10/11 or one of those. My Win 10 sits accumulating cobwebs for Halloween. Strictly Windows 8.1 for me all the way unless 12 shows me some long vacant GRIT and no forced updates. My Windows 8.1 i consider has been upgraded personally by me which i call conveniently Windows 9.

Back on topic, this video has offered me the temptation to reinstall Comodo FW again as i still have the one for my antiquated system and is never failed one single time in numerous salvos of ransomware, stealers or cleverest file infectors as well as MBR dumpers. Just ain't happening with Comodo's superior Containment granite wall.

@cruelsister is fearless. Some malwares used in testing are vicious and sneaky.
 

Behold Eck

Level 18
Verified
Top Poster
Well-known
Jun 22, 2014
870
Dang! I remember that SONG before. Been a long time. Stop The Steal With Comodo- and i would add MUCH MORE in between.

I assume the test was on a Windows 10/11 or one of those. My Win 10 sits accumulating cobwebs for Halloween. Strictly Windows 8.1 for me all the way unless 12 shows me some long vacant GRIT and no forced updates. My Windows 8.1 i consider has been upgraded personally by me which i call conveniently Windows 9.

Back on topic, this video has offered me the temptation to reinstall Comodo FW again as i still have the one for my antiquated system and is never failed one single time in numerous salvos of ransomware, stealers or cleverest file infectors as well as MBR dumpers. Just ain't happening with Comodo's superior Containment granite wall.

@cruelsister is fearless. Some malwares used in testing are vicious and sneaky.
Well said.

Give it a go Easter, CS settings of course.

Regards Eck:)
 

TuxTalk

Level 13
Verified
Top Poster
Well-known
Nov 9, 2022
644
hope this doesn't offend anyone or get me booted, but just trying to be a person and not just a photo
As you can see your post is gone. Pls keep this kind of things personally, we and me are not waiting for your life story. Get some professional help if you want to let people hear you.
 

Divine_Barakah

Level 33
Verified
Top Poster
Well-known
May 10, 2019
2,289
The Desktop is nothing more than a folder on the System. If you use a browser to download file it will be seen either in the Download or Temp folder. Malware on a USB or DVD will also appear in their respective folders on the drive.

Quite simply, Malware, in order to run, mist be initiated from somewhere (anywhere) with no magic or teleportation needed.
Can the same be said about fileless malware?
 
F

ForgottenSeer 114834

Can the same be said about fileless malware?
Thorough evaluation of all security suite components is crucial for verifying its effectiveness. Restricting testing to post-execution behavior could leave critical security gaps unaddressed.

Fileless malware presented in a generalized manner.

Initial Access:

Exploiting Vulnerabilities: Malware can infiltrate a system by exploiting vulnerabilities in software applications, operating systems, or web browsers.

Phishing Attacks: Users are tricked into clicking malicious links or downloading attachments that contain malicious code.

Leveraging Legitimate Tools: Malware can use legitimate tools and scripts like PowerShell, WMI, or VBA to execute malicious commands.

Payload Delivery:

Downloaded Directly into Memory: The malicious code is downloaded and executed directly in the computer's memory, bypassing the file system altogether.

Leveraging Legitimate Applications: Malware can be embedded within legitimate applications or documents, executed when the file is opened.
 

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Can the same be said about fileless malware?
Yeah- the term fileless is too often though of as being magic. Far from it as such malware operate in traditional ways. In order to infect a system such malware need to get access to the environment in some way (such as downloading and running a Dropper, opening a Document containing a macro, clicking an Email link with Powershell code embedded into it. Even Registry resident malware must be initiated before anything can drop into the registry and persist. A LoLBin (yes, considered Fileless as it needs no additional added code to work) must also be first executed.

So Fileless malware must always be initiated in some way by the user; doing so from the Download folder, from an email link, from Roaming, or from the desktop is of no consequence, and certainly not Magic.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top