Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Comodo Internet Security 11 Review | Test vs Malware
Message
<blockquote data-quote="cruelsister" data-source="post: 760955" data-attributes="member: 7463"><p>Hi Guys! I'm sure the majority of you folks know this already, but for those that may not: A Signed Malware file does not mean that it came from a Trusted vendor. This is a really important distinction!</p><p></p><p>For instance, any talented Chimp with a bit of cash and coding experience can develop and get signed an application. However such signed stuff will be treated as unrecognized. To make the TVL list there has to be some track record of legitimacy.</p><p></p><p>But even here there can be an issue, and not for just Comodo. As an example which I'm sure everyone has heard of, look at the CCleaner fiasco from last year. Blackhats both stole the certificate signing credentials as well as the FTP credentials (in order to upload the malware). Everyone and their Mommy let this one pass (except for something like AppGuard, with a highly restricted TVL list). The good thing is, once detected, all of the AV vendors react to bogus signed app like their babies were kidnapped and that malware is marked as bad as well as the Cert being pulled.</p><p></p><p>So can such stuff happen? Absolutely!. I actually had a highly signed liberated certificate (sadly it has timed out) that would have gotten by EVERYTHING (did a few videos on it a couple of years back). But the cost of such things really mandates that the malware be targeted. No one cares for peasants like us...</p><p></p><p>But personally I would be a great deal more concerned about those God Damned browser extensions. Far too many feel that an extension is all Rainbows and Unicorns when they can be anything but! A typical scenario:</p><p></p><p>1). Blackhat sees a popular extension</p><p>2). Blackhat Inc. buys the extension with the code and credentials</p><p>3). Blackhat Inc. puts out a couple of valid upgrades (for the purpose of Gravitas)</p><p>4). Blackhat Inc. puts out another upgrade that is a credential stealer</p><p>5). Mozilla or Google's vetting process is asleep at the wheel and lets it through</p><p>6). You are screwed.</p><p></p><p>Ask Professor google about malicious browser extensions. Enough to darken your day.</p><p></p><p>You are not paranoid if everyone actually is out to get you...</p></blockquote><p></p>
[QUOTE="cruelsister, post: 760955, member: 7463"] Hi Guys! I'm sure the majority of you folks know this already, but for those that may not: A Signed Malware file does not mean that it came from a Trusted vendor. This is a really important distinction! For instance, any talented Chimp with a bit of cash and coding experience can develop and get signed an application. However such signed stuff will be treated as unrecognized. To make the TVL list there has to be some track record of legitimacy. But even here there can be an issue, and not for just Comodo. As an example which I'm sure everyone has heard of, look at the CCleaner fiasco from last year. Blackhats both stole the certificate signing credentials as well as the FTP credentials (in order to upload the malware). Everyone and their Mommy let this one pass (except for something like AppGuard, with a highly restricted TVL list). The good thing is, once detected, all of the AV vendors react to bogus signed app like their babies were kidnapped and that malware is marked as bad as well as the Cert being pulled. So can such stuff happen? Absolutely!. I actually had a highly signed liberated certificate (sadly it has timed out) that would have gotten by EVERYTHING (did a few videos on it a couple of years back). But the cost of such things really mandates that the malware be targeted. No one cares for peasants like us... But personally I would be a great deal more concerned about those God Damned browser extensions. Far too many feel that an extension is all Rainbows and Unicorns when they can be anything but! A typical scenario: 1). Blackhat sees a popular extension 2). Blackhat Inc. buys the extension with the code and credentials 3). Blackhat Inc. puts out a couple of valid upgrades (for the purpose of Gravitas) 4). Blackhat Inc. puts out another upgrade that is a credential stealer 5). Mozilla or Google's vetting process is asleep at the wheel and lets it through 6). You are screwed. Ask Professor google about malicious browser extensions. Enough to darken your day. You are not paranoid if everyone actually is out to get you... [/QUOTE]
Insert quotes…
Verification
Post reply
Top
