I believe in sending people out into the hinter and wastelands and giving them nothing but two sticks to rub together to get a spark.
Self-reliance. It does wonders for the typical person.
Comodo Internet Security 11 Review | Test vs Malware
- Thread starter Nestor
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
I believe in sending people out into the hinter and wastelands and giving them nothing but two sticks to rub together to get a spark.
Self-reliance. It does wonders for the typical person.
That's a very valid point! It's very evident that there is more of reliance put on the software/extensions to do the thinking for us that I feel like its a dumbing down of basic security habits. If we are putting all our faith in the software, assuming that it was always be perfect, your right, you are setting yourself up for failure at some point. There needs to be some thought/safe practices that still need to be practiced, regardless of your security setup. Otherwise its like, well x product didn't flag it, therefore it MUST be safe, meanwhile it can be malicious, or x product did flag it, therefore it MUST be malware, but it could actually be a false positive.
It is like the one thing I can guarantee will annoy @cruelsister to no-end... and that is when someone scans a file with both Malwarebytes and HitmanPro, then does a VT lookup, and the file verdict is "clean." 5 stars and all green bars. Yeeeaaaahhhhuuuupppp ! And the person who just ran the file scan proclaims "It's clean ! It must be clean because Malwarebytes, HitmanPro and VirusTotal all said so."
Meanwhile I am trash binning the file m9r6o3w.js or alphabetatootyfrooty6516464.ps1.exe without doing anything more than merely looking at the file name.
Like I said, its so easy that children and grandmas do it, but very few people on the forums can.
I don't subscribe to blindly enslaving people to security softs, but unfortunately, that is what the vast majority of users do to themselves. The argument is that those users have no inclination nor want to do anything other than that. So what can you do ? Just shrug and spectate the nonsense.
If that really is reality, then mankind is doomed... the Terminators will surely kill us all.
Last edited by a moderator:
- Jul 3, 2015
- 8,153
Meg, I think you should read Jeff's post again. You should have said, "Pooh!" rather than "Excellent!" because it was not lauding Comodo with your settings even by a long shot.
- Jul 3, 2015
- 8,153
Could you maybe point us to one or two articles to get us started in the basics of automated and manual analysis?
i saw that no one use PEstudio or a soft to unpack all resources and scan the command et files , for me hybrid analyses is better than vrisutotal or all other online scan services , it can detect heavy evasion and vm byapssing
@shmu26 you need to know how OS work , how the resources are used and the link between hardware and software ,then how an app can manage to use OS to perform different task , and finaly the basic restriction of the OS , then you need at minimum to have a basic knowledge of devloping apps ,know the blacklist area of the OS , level of autohirity ,most of malware analyses are performed using stats from known malwares with ML and AI ,and i think with thise technics it will be more difficult to detect malwares in the futures
- Aug 17, 2013
- 1,905
I agree with the above. To be honest I thought most regular MT users were already at this level. I'm shocked that some people who say they're advanced users or medium users don't know the very basic stuff above. Well put Security.paranoid.
- Aug 22, 2013
- 886
With so many trusted vendors in Trust list I lost my trust in trusted vendors list many years ago. The one thing I do after installing comodo firewall is to delete all that S**t and add signatures from running programmes and executable files that i Know very well. My TVL is about 45 in numbers and I always disable online lookup.
- Dec 29, 2014
- 1,716
But how many systems are infected running with the TVL in place? Don't think it's very many. On the unreadable Chinese entries and weird obscure devs, OK, yes, the list could be stronger (shorter) or even much stronger. But, Comodo is after all in competition issuing digital signatures, so they want devs on their side. I can see how this turns someone against the list just by itself. Then I consider that some of those devs could be super important in Asia and also some of the obscure ones writing for some company or whatever.
Not to defend it, because I did exactly as you for two years. However, I decided to trust Comodo's judgement and the list starting several months ago. I like it better now. The power of the TVL for me is that any dev on the list who betrays the "trust" placed in him would really be making a mistake. I started feeling like that would be the case. Also, Comodo does have the PUP detection option and I disable "Trust files from trusted installers". Maybe this second setting is key for working with the current TVL.
It will be a sad day for computing if devs are caught abusing the trust system. That said, it's probably only a matter of time. Also, hopefully stolen signatures can be eliminated entirely. This one is very important too...
- Jul 3, 2015
- 8,153
That makes a lot of sense. But @Lockdown seems to think it's easier than that, and I would like to hear more about it from him, if possible.
@ZeroDay: The majority of MT members are not IT professionals, they are home users, and don't know how to code (but maybe their kids can
). However, many have learned how to read and modify a command line string, which is a skill necessary for the proper configuration of a lot of the advanced security solutions. But once you start talking about stuff like APIs and COM interfaces, it goes over the head of most forum members. And that is too bad, as you said.If someone would put up a few posts such as "API for dummies", or "COM for dummies", etc, that would be a great service to the community, IMHO. People want to understand but don't know where or how to break the ice.
- Aug 22, 2013
- 886
Ya you are right, there may be a few instance but not many. But i have a specific reason in deleting all those TVl entries. The main reason is My wife uses the system and the other reason is so many important documents is on the system, you see my wife and computers doesn't gel well.So if anything goes wrong i can just fix it by clearing auto sandbox, makes my life easier..
Last edited:
- Jul 3, 2015
- 8,153
I think my wife would get along well with your wife.
- Apr 13, 2013
- 3,224
Hi Guys! I'm sure the majority of you folks know this already, but for those that may not: A Signed Malware file does not mean that it came from a Trusted vendor. This is a really important distinction!
For instance, any talented Chimp with a bit of cash and coding experience can develop and get signed an application. However such signed stuff will be treated as unrecognized. To make the TVL list there has to be some track record of legitimacy.
But even here there can be an issue, and not for just Comodo. As an example which I'm sure everyone has heard of, look at the CCleaner fiasco from last year. Blackhats both stole the certificate signing credentials as well as the FTP credentials (in order to upload the malware). Everyone and their Mommy let this one pass (except for something like AppGuard, with a highly restricted TVL list). The good thing is, once detected, all of the AV vendors react to bogus signed app like their babies were kidnapped and that malware is marked as bad as well as the Cert being pulled.
So can such stuff happen? Absolutely!. I actually had a highly signed liberated certificate (sadly it has timed out) that would have gotten by EVERYTHING (did a few videos on it a couple of years back). But the cost of such things really mandates that the malware be targeted. No one cares for peasants like us...
But personally I would be a great deal more concerned about those God Damned browser extensions. Far too many feel that an extension is all Rainbows and Unicorns when they can be anything but! A typical scenario:
1). Blackhat sees a popular extension
2). Blackhat Inc. buys the extension with the code and credentials
3). Blackhat Inc. puts out a couple of valid upgrades (for the purpose of Gravitas)
4). Blackhat Inc. puts out another upgrade that is a credential stealer
5). Mozilla or Google's vetting process is asleep at the wheel and lets it through
6). You are screwed.
Ask Professor google about malicious browser extensions. Enough to darken your day.
You are not paranoid if everyone actually is out to get you...
For instance, any talented Chimp with a bit of cash and coding experience can develop and get signed an application. However such signed stuff will be treated as unrecognized. To make the TVL list there has to be some track record of legitimacy.
But even here there can be an issue, and not for just Comodo. As an example which I'm sure everyone has heard of, look at the CCleaner fiasco from last year. Blackhats both stole the certificate signing credentials as well as the FTP credentials (in order to upload the malware). Everyone and their Mommy let this one pass (except for something like AppGuard, with a highly restricted TVL list). The good thing is, once detected, all of the AV vendors react to bogus signed app like their babies were kidnapped and that malware is marked as bad as well as the Cert being pulled.
So can such stuff happen? Absolutely!. I actually had a highly signed liberated certificate (sadly it has timed out) that would have gotten by EVERYTHING (did a few videos on it a couple of years back). But the cost of such things really mandates that the malware be targeted. No one cares for peasants like us...
But personally I would be a great deal more concerned about those God Damned browser extensions. Far too many feel that an extension is all Rainbows and Unicorns when they can be anything but! A typical scenario:
1). Blackhat sees a popular extension
2). Blackhat Inc. buys the extension with the code and credentials
3). Blackhat Inc. puts out a couple of valid upgrades (for the purpose of Gravitas)
4). Blackhat Inc. puts out another upgrade that is a credential stealer
5). Mozilla or Google's vetting process is asleep at the wheel and lets it through
6). You are screwed.
Ask Professor google about malicious browser extensions. Enough to darken your day.
You are not paranoid if everyone actually is out to get you...
Last edited:
- Mar 29, 2018
- 7,613
I think that axiom is properly stated as: You may be paranoid and people are still out to get you!
But who's quibbling?
- Jul 3, 2015
- 8,153
Spot on. People are way too loose when it comes to browser extensions. The less you have, the better off you are.
- Jun 21, 2014
- 107
I need to know if with CFW I can block unauthorized access of applications to the webcam and how.
- Apr 13, 2013
- 3,224
As to Access? Really impossible to say without having a specific sample (but my feeling- which you can totally discount- would be no, it would not be able to do so. If you have the HIPS on you will no doubt be notified of the attempt, and with just the sandbox on the malware will be contained). However note that ANY logger, whether a Keylogger, webcam logger, or a whatever logger, MUST also be able to transmit out the stolen information to be successful. The firewall component of Comodo WILL block this step.
In short, malware can accumulate as much information as it wants but if it never leaves your system there is no breach.
In short, malware can accumulate as much information as it wants but if it never leaves your system there is no breach.
- Dec 29, 2014
- 1,716
This is a good point. A signature is basically meaningless unless it is registered with one of the large signature providers. That costs money and puts malcoders at risk. If they abuse the system directly, the system will look for its vengeance any way possible. Anyone who writes a program can sign it. That signature or any other there is worthless. As @cruelsister says, the digital signature end of security is in good hands. I agree with this, in spite of the stolen credentials fiasco. Makes one wonder sometimes about what could get inside of software company and pass on information like this...not that anyone did with CCleaner. I think irregardless it would show up at some point.
The extension things is sending chills up my spine. I hadn't thought about it from that angle. I know some of the extension devs don't really earn so much money, so a fair price for their extension might be irresistable. And I guess there isn't anyone to notice even that the exchange has occurred. I wonder if maybe Google could go to registering versions and allow updates only on a timed basis...or something like this...
That makes a lot of sense. But @Lockdown seems to think it's easier than that, and I would like to hear more about it from him, if possible.
@ZeroDay: The majority of MT members are not IT professionals, they are home users, and don't know how to code (but maybe their kids can
If someone would put up a few posts such as "API for dummies", or "COM for dummies", etc, that would be a great service to the community, IMHO. People want to understand but don't know where or how to break the ice.
It's common sense. And learn by doing.
Take a bunch of malware samples and just look at the file names and inspect the file Properties. That alone gives suspicious indicators.
Malc0ders are not all that creative. Just look at the file names of common run-of-the-mill malware.
- 8.xls.exe that is supposed to be a sales report. It's a weaponized Excel document.
- NightShades.exe that is supposed to be a Flash update. It's signed with a valid cert by, you guessed it, "Night Shades, Inc" and is PUA.
- 92374.js that is supposed to be an .mp4 download. It is a worm.
I mean, come on... this is childs'-play. It takes the barest minimum of a user paying attention to what they just did, what they got, and a quick look. And all of it is common sense requiring the least bit of effort.
And the vast majority of the malc0ders are not even going to spend the $1500 to get a certificate and sign their malware properly. Some argue that they don't have the funds to pay the fees, but the real reason is to not leave any trails or links that can lead back to them. The signed PUA\PUP pushers, however, do pay for certs because it nets them mad revenue for their measly effort - and the certificate authorities won't revoke their certs except in obvious cases.
I don't care what anyone says. You don't have to be a malware analyst or an Win Internals expert to figure any of this stuff out. I know 70+ year-old grandmas doing this basic level stuff. If they can figure it out, then so can everyone else.
And that this very low-level stuff isn't being actively taught is just plain pathetic and shameful. It's society's responsibility to teach it - and most definitely should not be made the exclusive responsibility of all the security soft vendors nor the industry itself.
Last edited by a moderator:
Similar threads
