Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Comodo Internet Security 11 Review | Test vs Malware
Message
<blockquote data-quote="cruelsister" data-source="post: 760240" data-attributes="member: 7463"><p>OK- I tested this malware. But before I begin I would like to thank both Morphius and BoraMurder for assistance. Such gloomy handles for sweet people!!!</p><p></p><p>I must admit that I obsessed over this one- not because I wanted to be an apologist for Comodo, but instead as a user of CF myself all such "breaches" must be investigated to determine validity. That being said:</p><p></p><p>For testing I did like I was trained- set up a logic tree procedure before doing anything. And as such:</p><p></p><p>1). As the malware was from 2010, I felt the most appropriate OS to use was Win7.</p><p>2). Win7 was installed on a VM. both HitManPro and Norton Power Eraser were downloaded, installed and run. This was to ensure a pristine baseline for the system.</p><p>3). The malware was run on this clean and unprotected system. Once run the file will spawn an Identical twin into Roaming as well as asking for Privilege Elevation; the system then Blue Screens. On system restart it was found that the initial file (on the desktop) had changed itself to a hidden file, and the Twin was not hidden but still existed in Roaming. When the twin was run from Roaming, it first checks if there is one already in Roaming and if so will shut itself down. Scans with NPE and HMP showed that NPE only found the Roaming twin, but HMP found both the hidden desktop file as well as the twin.</p><p>4). I installed Comodo Internet security and left everything at Default (Fun Fact- CIS at default will have the Sandbox enabled and the HIPS disabled, but CF will have the HIPS enabled and the sandbox disabled at default. Isn't that curious?).</p><p>Anyway, running the file with the sandbox enabled at the default setting of PL will both prevent the Desktop file from hiding itself, will block the Privilege elevation, and will only allow the twin to be dropped into VT Root.</p><p>5). For fun, I then disabled the sandbox and enabled HIPS at Safe Mode. The HIPS altered to the dropping of the twin and the request for elevation. When I allowed the latter the System Blue Screened.</p><p>6). CF at my settings will allow the drop into VT Root but the malware dies a quick death.</p><p></p><p>So to sum up, I have absolutely no idea how Leo got the results that he did. Perhaps it was the stupid shotgun-run of malware Python Script that was used (hardly real world, but certainly a time saver for a video), or some other screw up. Personally I don't know nor do I care. I DO know that Comodo protects against this malware.</p><p></p><p>I also wish that some YouTube testers would know both the product tested, the malware used, and would verify results prior to publication. But perhaps that is asking too much...</p><p></p><p>Finally, thanks again to both Morphius for the heads-up that the malware was indeed available and to Bora for providing it to me. You guys are why MT rocks.</p></blockquote><p></p>
[QUOTE="cruelsister, post: 760240, member: 7463"] OK- I tested this malware. But before I begin I would like to thank both Morphius and BoraMurder for assistance. Such gloomy handles for sweet people!!! I must admit that I obsessed over this one- not because I wanted to be an apologist for Comodo, but instead as a user of CF myself all such "breaches" must be investigated to determine validity. That being said: For testing I did like I was trained- set up a logic tree procedure before doing anything. And as such: 1). As the malware was from 2010, I felt the most appropriate OS to use was Win7. 2). Win7 was installed on a VM. both HitManPro and Norton Power Eraser were downloaded, installed and run. This was to ensure a pristine baseline for the system. 3). The malware was run on this clean and unprotected system. Once run the file will spawn an Identical twin into Roaming as well as asking for Privilege Elevation; the system then Blue Screens. On system restart it was found that the initial file (on the desktop) had changed itself to a hidden file, and the Twin was not hidden but still existed in Roaming. When the twin was run from Roaming, it first checks if there is one already in Roaming and if so will shut itself down. Scans with NPE and HMP showed that NPE only found the Roaming twin, but HMP found both the hidden desktop file as well as the twin. 4). I installed Comodo Internet security and left everything at Default (Fun Fact- CIS at default will have the Sandbox enabled and the HIPS disabled, but CF will have the HIPS enabled and the sandbox disabled at default. Isn't that curious?). Anyway, running the file with the sandbox enabled at the default setting of PL will both prevent the Desktop file from hiding itself, will block the Privilege elevation, and will only allow the twin to be dropped into VT Root. 5). For fun, I then disabled the sandbox and enabled HIPS at Safe Mode. The HIPS altered to the dropping of the twin and the request for elevation. When I allowed the latter the System Blue Screened. 6). CF at my settings will allow the drop into VT Root but the malware dies a quick death. So to sum up, I have absolutely no idea how Leo got the results that he did. Perhaps it was the stupid shotgun-run of malware Python Script that was used (hardly real world, but certainly a time saver for a video), or some other screw up. Personally I don't know nor do I care. I DO know that Comodo protects against this malware. I also wish that some YouTube testers would know both the product tested, the malware used, and would verify results prior to publication. But perhaps that is asking too much... Finally, thanks again to both Morphius for the heads-up that the malware was indeed available and to Bora for providing it to me. You guys are why MT rocks. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
