App Review Comodo Internet Security 11 Review | Test vs Malware

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
cruelsister

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,147
AtlBo said:
Makes one wonder sometimes about what could get inside of software company and pass on information like this
Click to expand...

There have always been (and still are) targeted malware that attempts to steal FTP credentials in order to upload stuff to a Vendor site. And you would be amazed at the information that can be acquired (ie Credentials) with a Low-Cut blouse and a 10K bribe. And the Piriform fiasco may still be valid if the Blackhat would have the sense to pulse the connection (once a week) instead of always on.
 
  • Like
Reactions: harlan4096, Bushman, simmerskool and 7 others
Dave Russo

Dave Russo

Level 21
Verified
Top Poster
Well-known
May 26, 2014
1,056
cruelsister said:
There have always been (and still are) targeted malware that attempts to steal FTP credentials in order to upload stuff to a Vendor site. And you would be amazed at the information that can be acquired (ie Credentials) with a Low-Cut blouse and a 10K bribe. And the Piriform fiasco may still be valid if the Blackhat would have the sense to pulse the connection (once a week) instead of always on.
Click to expand...
 
RoboMan

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,400
I wonder... With CS settings, why does HIPS become redundant? Imagine a whitelisted vendor gets their servers compromised, wouldn't HIPS module help you showing you that a very basic software like e.g CCleaner wants to access specific weird sectors of the OS? I believe auto-containment does not apply for trusted vendors software...
 
  • Like
Reactions: AtlBo, simmerskool, Nestor and 2 others
D

Deleted member 178

RoboMan said:
I wonder... With CS settings, why does HIPS become redundant? Imagine a whitelisted vendor gets their servers compromised, wouldn't HIPS module help you showing you that a very basic software like e.g CCleaner wants to access specific weird sectors of the OS? I believe auto-containment does not apply for trusted vendors software...
Click to expand...
CS settings is without HIPS not because the HIPS is useless or not, but just because CS hates HIPS and anti-exe thingies.
Remember CS settings are her personal settings that fit her needs and her taste, it is not a setting that was recommended by Comodo or any of their staff.
 
Last edited by a moderator:
  • Like
Reactions: mellowtones242, abdou17, russ0408 and 4 others
RoboMan

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,400
Thank you! I've realised the only way to make HIPS not redundant with CS Settings is to set it at paranoid mode. Else it will just show HIPS alerts for unknown software, which is already contained automatically by sandbox... And Paranoid mode is really great but holy moly is that an alert for explorer.exe trying to communicate with explorer.exe LOL that gets me nervous
 
  • Like
Reactions: AtlBo, simmerskool, cruelsister and 5 others
5

509322

COMODO HIPS is good learning tool. SpyShelter HIPS is even better. Kaspersky, ESET, other HIPS... too many problems. However, almost no one bothers to learn using a HIPS. Shame. It is one of the best learning tools\methods.
 
Last edited by a moderator:
  • Like
Reactions: 128BPM, simmerskool, RoboMan and 5 others
cruelsister

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,147
Robo- With an elevated sandbox settings the HIPS is essentially unneeded. At one time the HIPS did indeed add something to system security (this was for a particular RAT, which I did a video on a few years ago); however this hole in Containment was plugged, and now having the HIPS on with my settings adds nothing but popups.

For those (not mentioning any names) that say Paranoid Mode should be used, please dazzle us with some malware file that would be prevented by Paranoid Mode + Cruel Comodo that would NOT be prevented by the Cruel settings alone.

(Hear the Crickets....).
 
  • Like
  • Applause
Reactions: kylprq, AtlBo, Nightwalker and 7 others
D

Deleted member 178

cruelsister said:
For those (not mentioning any names) that say Paranoid Mode should be used, please dazzle us with some malware file that would be prevented by Paranoid Mode + Cruel Comodo that would NOT be prevented by the Cruel settings alone.
Click to expand...
ummmmm.....ummmmmm..... ah i have it at the tip of my tongue.....aaaaaaaaaaahh so hard to remember......

AH YES ! the stupidly (2 times) whitelisted malware.

thanks bye.
 
Last edited by a moderator:
  • Like
Reactions: security.paranoid, vtqhtr413, Nightwalker and 4 others
simmerskool

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094
Umbra said:
CS settings is without HIPS not because the HIPS is useless or not, but just because CS hates HIPS and anti-exe thingies.
Remember CS settings are her personal settings that fit her needs and her taste, it is not a setting that was recommended by Comodo or any of their staff.
Click to expand...

so your saying that comodo default settings are sufficient to protect your pc :unsure:
 
  • Like
Reactions: stefanos and vtqhtr413
RoboMan

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,400
cruelsister said:
For those (not mentioning any names) that say Paranoid Mode should be used, please dazzle us with some malware file that would be prevented by Paranoid Mode + Cruel Comodo that would NOT be prevented by the Cruel settings alone.

(Hear the Crickets....).
Click to expand...
What about a signed malware from a trusted vendor? (infected installer from the vendor's original legit server). If the vendor's app auto-updates or offers an update that is accepted by the user, and requires no extra payload download, since the downloaded installer is modified with the needed intructions and commands, would Comodo catch it with CS settings?
 
  • Like
Reactions: harlan4096, simmerskool, Mahesh Sudula and 4 others
5

509322

RoboMan said:
What about a signed malware from a trusted vendor? (infected installer from the vendor's original legit server). If the vendor's app auto-updates or offers an update that is accepted by the user, and requires no extra payload download, since the downloaded installer is modified with the needed intructions and commands, would Comodo catch it with CS settings?
Click to expand...

No... not likely at all... it's not gong to be blocked by any security soft. Malicious code embedded inside a trusted digitally signed file. Nope.
 
  • Like
Reactions: ZeroDay, harlan4096, simmerskool and 4 others
Nightwalker

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
RoboMan said:
What about a signed malware from a trusted vendor? (infected installer from the vendor's original legit server). If the vendor's app auto-updates or offers an update that is accepted by the user, and requires no extra payload download, since the downloaded installer is modified with the needed intructions and commands, would Comodo catch it with CS settings?
Click to expand...

I guess it depends on the kind of certificate that was used, most certificates used to sign malware are very quickly revogated or are the kind that are "ignored" by most security solutions.

But if someone ever cross with a malware signed by something like a Adobe certificate I am almost sure that the all hell breaks loose.
 
  • Like
Reactions: ZeroDay, harlan4096, simmerskool and 3 others
cruelsister

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,147
RoboMan said:
What about a signed malware from a trusted vendor?
Click to expand...

R- These (a Trusted File from a Trusted Vendor) are rare as Hen's teeth and are not wasted on peasants like us (but instead will be targeted)- they are VERY difficult and EXPENSIVE to acquire. However note that a High Quality stolen certificate (like from Adobe) will get by EVERYTHING (I did a couple of videos on this a few years ago).

Note that the bulk of signed malware will be from some inconsequential publisher that will be from some fly-by-night Mook and would NEVER (never ever) make it to any TVL list.
 
  • Like
  • Applause
Reactions: kylprq, Moonhorse, stefanos and 6 others
RoboMan

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,400
cruelsister said:
R- These (a Trusted File from a Trusted Vendor) are rare as Hen's teeth and are not wasted on peasants like us (but instead will be targeted)- they are VERY difficult and EXPENSIVE to acquire. However note that a High Quality stolen certificate (like from Adobe) will get by EVERYTHING (I did a couple of videos on this a few years ago).

Note that the bulk of signed malware will be from some inconsequential publisher that will be from some fly-by-night Mook and would NEVER (never ever) make it to any TVL list.
Click to expand...
Thank you and thanks everybody for your kind answers :)
 
  • Like
Reactions: Moonhorse, vtqhtr413, Tiny and 3 others
Mahesh Sudula

Mahesh Sudula

Level 17
Verified
Top Poster
Well-known
Sep 3, 2017
818
RoboMan said:
Thank you and thanks everybody for your kind answers :)
Click to expand...
However i agree most of the vendors give it a clean sheet bindly by seeing at its Signature..
But pro active modules like EXpolit and Behaviour blockers will kick in after execution if any nasty work is going on under ground
Statically -YES , but no dynamically
Since modules work on behaviour interception not on Hash, or signature verification..HIPS and BB are 2 two different topics
I have seen a dozen times AV's like F secure, Avast, Bit defender, G data, Kaspersky , Eset (Modified) intercepting the attack after execution
Vendors like Comodo, and others who work on hashes scanning however lose the battle
AVIRA (Cloud) works in similar way (triggers only for unknown hash and signature)..witha naked trusted signature you can bypass it
 
  • Like
Reactions: RoboMan and oldschool
5

509322

Mahesh Sudula said:
But pro active modules like EXpolit and Behaviour blockers will kick in after execution if any nasty work is going on under ground
Click to expand...

Nope. It doesn't work that way. Once it is white listed, it is white listed.

The exception to this is when the user has configured settings to alert to or block "All" or everything = the user isn't trusting anything.

NOTE: I am not talking about child processes, the abuse of Windows processes, etc.
 
Last edited by a moderator:
  • Like
Reactions: oldschool, RoboMan, ZeroDay and 3 others

Similar threads

NB InfoTech
    • Like
App Review Huorong Internet Security Antivirus Review
Replies
5
Views
751
Video Reviews - Security and Privacy
Dave Russo
Dave Russo
NB InfoTech
    • Like
App Review Bitdefender vs Ransomware | Bitdefender Total Security Antivirus Review | 2023 [TESTED]
Replies
0
Views
555
Video Reviews - Security and Privacy
NB InfoTech
NB InfoTech
NB InfoTech
    • Like
App Review Kaspersky Standard Antivirus Review | Kaspersky Standard Antivirus vs 100 + 10 Malware Sample | 2023
Replies
0
Views
809
Video Reviews - Security and Privacy
NB InfoTech
NB InfoTech

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top