Comodo Internet Security 2025 does not contain RANSOMWARE (bypass, infection and lost of files)

bazang

bazang

Level 10
Jul 3, 2024
482
vitao said:
well, about comodo, for that i really sit to watch the end of it... :) the others, i dont think theyre related to my case, but who knows...
Click to expand...
Comodo is always associated with drama, mostly drama caused by users who pay $0/0 Euros for it.

Nobody wants to hear about it having essentially zero revenue. They believe that is not a legitimate explanation as to why the product is as it is.

Well, then. They need to explain where the money is going to come from to pay developers to fix the problems?

Lots of people criticize Comodo for its completely free, unsubsidized security software (which is the primary reason for all the problems), but none of the critics offer any financial solutions needed to fix the problems.

It is astonishing that people think "All I should need to do is report the bugs and problems to Comodo, and Comodo is obligated to fix them all." With what money is Comodo supposed to fix the reported issues?

Comodo runs a security software charity. Charities need donations to operate. And even with donations charities do not offer top quality services. Charities provide basic services.

But nobody sends donations to Comodo. All they do is complain about a completely free, zero cost product that is given away without requests or obligation of payment or donations.

The best thing that Comodo can do is to stop offering any of its software products. But Melih, he is stubborn and insists on not expecting people to pay. What does he get for his generosity and charity? Ad hominem attacks and complaints that Comodo is immoral and harming users.

Comodo does not owe a single user a thing.

As far as Comodo ever getting any better than it is at this moment, that will never happen.

"Abandon all hope all Ye who install Comodo."
 
  • Hundred Points
Reactions: Sorrento and rashmi
vitao

vitao

Level 4
Thread author
Mar 12, 2024
176
bazang said:
Comodo is always associated with drama, mostly drama caused by users who pay $0/0 Euros for it.

Nobody wants to hear about it having essentially zero revenue. They believe that is not a legitimate explanation as to why the product is as it is.

Well, then. They need to explain where the money is going to come from to pay developers to fix the problems?

Lots of people criticize Comodo for its completely free, unsubsidized security software (which is the primary reason for all the problems), but none of the critics offer any financial solutions needed to fix the problems.

It is astonishing that people think "All I should need to do is report the bugs and problems to Comodo, and Comodo is obligated to fix them all." With what money is Comodo supposed to fix the reported issues?

Comodo runs a security software charity. Charities need donations to operate. And even with donations charities do not offer top quality services. Charities provide basic services.

But nobody sends donations to Comodo. All they do is complain about a completely free, zero cost product that is given away without requests or obligation of payment or donations.

The best thing that Comodo can do is to stop offering any of its software products. But Melih, he is stubborn and insists on not expecting people to pay. What does he get for his generosity and charity? Ad hominem attacks and complaints that Comodo is immoral and harming users.

Comodo does not owe a single user a thing.

As far as Comodo ever getting any better than it is at this moment, that will never happen.

"Abandon all hope all Ye who install Comodo."
Click to expand...
o_O but from where did that come? why the need to explain the obvious that no one care? think about it...
 
R

rashmi

Level 15
Jan 15, 2024
730
rashmi said:
Can you retest this with the following setup? Test the setup with both HIPS enabled and disabled.

File Rating - File Groups - Add "New Group" and name it "Personal Data". Select "Personal Data" in the list and add Documents and Pictures folders to it. Click OK.
HIPS - Protected Objects - under "Protected Files" - Add "File Groups" and select "Personal Data" from the list. Click OK.
Click to expand...
@Andy Ful, Would adding this rule improve things at all?

HIPS - HIPS Rules - Add - Browse "File Groups" and select "Personal Data" from the list. Select "Use a Custom Ruleset" - under "Protection Settings", set "State" to Active for "Interprocess memory accesses" and "Windows/WinEvent hooks". Click OK. Click OK.
 
  • Like
Reactions: simmerskool and Andy Ful
bazang

bazang

Level 10
Jul 3, 2024
482
vitao said:
why the need to explain the obvious that no one care?
Click to expand...
That's right. People expect Comodo to be zero cost and demand that all the problems be fixed - because they are ungrateful for all the benefits they receive from the Comodo security software charity.

People complaining and demanding bugs be fixed by Comodo is like going to a brick-and-mortar bank and demanding the bank give them money without ever having opened an account and depositing any money.

If Comodo is important to people then they need to pay for it or find ways to crowdfund it. Otherwise there is no money to support it and it will exist perpetually as a security software with a lot of warts.

The ridiculous nature of people is so evident when it comes to the Comodo product line - people will gladly accept free but then complain about "unacceptable" quality.

Your videos are legitimate. The issues you demonstrate therein are legitimate. However, once you post this sort of stuff publicly then you are blacklisted by Comodo. You got banned by the Comodo forum moderators (who are volunteers, and not Comodo employees). Now there are Comodo fanbois brigading your Youtube videos with complaints.

When dealing with Comodo, there is a certain expected etiquette and decorum required. The mistake you have made is to make your reports publicly.

I am not attacking you. I am not saying you are wrong, so with utmost respect, please do not think that I am attacking you. You are working within a messed-up system. The long history of user attacks on the product owner and the product itself has made the product owner ignore those people criticizing him and his product. In his mind he thinks "You do not pay for the software, therefore you cannot have any expectations or demands of me or it." He is not wrong.

Not once. Not ever. Have I seen anyone state to Melih "Hey Melih, I am grateful for the free software and all of your personal money that you spend supporting it." Maybe, just maybe, if people were grateful from the beginning then the product would be much different. Instead, people just demanded and expected without paying a cent. Melih tolerated the abuse for over a decade until one day he just decided to give only what he is willing to give. If people don't like or are not grateful for his generosity, then he figures they can use a different product.

People making demands of Comodo just because the owner makes something available for free on the market are the real problem, and not Comodo.

Then using the tactic of "Here are all these videos which show bypasses" does not convince Melih to approve or even want to fix the product.

I know people do not want to read or hear about this stuff, but unless this stuff is solved - which means a revenue or donations stream for Comodo - it will never be any better. In fact, with no money to support the product, it will probably be another 5 years before another major update with "400 bugs fixed."

People with their demands and unwillingness to pay for it destroyed any future that Comodo had within months of its first release.

You put a lot of time and effort into your videos. You are doing nothing wrong, but in the eyes of people who make the decisions about the Comodo product, in their eyes you are wrong because you do this stuff publicly.
 
  • Love
  • Wow
  • Like
Reactions: Sorrento, vitao and New_Style_xd
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,774
rashmi said:
@Andy Ful, Would adding this rule improve things at all?

HIPS - HIPS Rules - Add - Browse "File Groups" and select "Personal Data" from the list. Select "Use a Custom Ruleset" - under "Protection Settings", set "State" to Active for "Interprocess memory accesses" and "Windows/WinEvent hooks". Click OK. Click OK.
Click to expand...

Currently, I cannot test those settings. I am busy with other tests.
 
  • Hundred Points
  • Like
Reactions: simmerskool and rashmi
vitao

vitao

Level 4
Thread author
Mar 12, 2024
176
bazang said:
That's right. People expect Comodo to be zero cost and demand that all the problems be fixed - because they are ungrateful for all the benefits they receive from the Comodo security software charity.

People complaining and demanding bugs be fixed by Comodo is like going to a brick-and-mortar bank and demanding the bank give them money without ever having opened an account and depositing any money.

If Comodo is important to people then they need to pay for it or find ways to crowdfund it. Otherwise there is no money to support it and it will exist perpetually as a security software with a lot of warts.

The ridiculous nature of people is so evident when it comes to the Comodo product line - people will gladly accept free but then complain about "unacceptable" quality.

Your videos are legitimate. The issues you demonstrate therein are legitimate. However, once you post this sort of stuff publicly then you are blacklisted by Comodo. You got banned by the Comodo forum moderators (who are volunteers, and not Comodo employees). Now there are Comodo fanbois brigading your Youtube videos with complaints.

When dealing with Comodo, there is a certain expected etiquette and decorum required. The mistake you have made is to make your reports publicly.

I am not attacking you. I am not saying you are wrong, so with utmost respect, please do not think that I am attacking you. You are working within a messed-up system. The long history of user attacks on the product owner and the product itself has made the product owner ignore those people criticizing him and his product. In his mind he thinks "You do not pay for the software, therefore you cannot have any expectations or demands of me or it." He is not wrong.

Not once. Not ever. Have I seen anyone state to Melih "Hey Melih, I am grateful for the free software and all of your personal money that you spend supporting it." Maybe, just maybe, if people were grateful from the beginning then the product would be much different. Instead, people just demanded and expected without paying a cent. Melih tolerated the abuse for over a decade until one day he just decided to give only what he is willing to give. If people don't like or are not grateful for his generosity, then he figures they can use a different product.

People making demands of Comodo just because the owner makes something available for free on the market are the real problem, and not Comodo.

Then using the tactic of "Here are all these videos which show bypasses" does not convince Melih to approve or even want to fix the product.

I know people do not want to read or hear about this stuff, but unless this stuff is solved - which means a revenue or donations stream for Comodo - it will never be any better. In fact, with no money to support the product, it will probably be another 5 years before another major update with "400 bugs fixed."

People with their demands and unwillingness to pay for it destroyed any future that Comodo had within months of its first release.

You put a lot of time and effort into your videos. You are doing nothing wrong, but in the eyes of people who make the decisions about the Comodo product, in their eyes you are wrong because you do this stuff publicly.
Click to expand...
relax. i know youre not attacking me. maybe the barrier of languages here :) im fine with all that. i dont care that much for some fanboys going crazy about the videos, etc. thats just normal in any area and in any sense of "community". where there are humans, there are these kind of problems too. :) lets focus on what matters here: shows the problems, testings and findings... next video is schedule to go online feb 14th at 2pm. this is the one with rashimi suggestion and, spoiler, cis fails, as expected... :D
 
  • Like
Reactions: New_Style_xd
Chuck57

Chuck57

Level 13
Verified
Top Poster
Well-known
Oct 22, 2018
603
bazang said:
That's right. People expect Comodo to be zero cost and demand that all the problems be fixed - because they are ungrateful for all the benefits they receive from the Comodo security software charity.

People complaining and demanding bugs be fixed by Comodo is like going to a brick-and-mortar bank and demanding the bank give them money without ever having opened an account and depositing any money.

If Comodo is important to people then they need to pay for it or find ways to crowdfund it. Otherwise there is no money to support it and it will exist perpetually as a security software with a lot of warts.

The ridiculous nature of people is so evident when it comes to the Comodo product line - people will gladly accept free but then complain about "unacceptable" quality.

Your videos are legitimate. The issues you demonstrate therein are legitimate. However, once you post this sort of stuff publicly then you are blacklisted by Comodo. You got banned by the Comodo forum moderators (who are volunteers, and not Comodo employees). Now there are Comodo fanbois brigading your Youtube videos with complaints.

When dealing with Comodo, there is a certain expected etiquette and decorum required. The mistake you have made is to make your reports publicly.

I am not attacking you. I am not saying you are wrong, so with utmost respect, please do not think that I am attacking you. You are working within a messed-up system. The long history of user attacks on the product owner and the product itself has made the product owner ignore those people criticizing him and his product. In his mind he thinks "You do not pay for the software, therefore you cannot have any expectations or demands of me or it." He is not wrong.

Not once. Not ever. Have I seen anyone state to Melih "Hey Melih, I am grateful for the free software and all of your personal money that you spend supporting it." Maybe, just maybe, if people were grateful from the beginning then the product would be much different. Instead, people just demanded and expected without paying a cent. Melih tolerated the abuse for over a decade until one day he just decided to give only what he is willing to give. If people don't like or are not grateful for his generosity, then he figures they can use a different product.

People making demands of Comodo just because the owner makes something available for free on the market are the real problem, and not Comodo.

Then using the tactic of "Here are all these videos which show bypasses" does not convince Melih to approve or even want to fix the product.

I know people do not want to read or hear about this stuff, but unless this stuff is solved - which means a revenue or donations stream for Comodo - it will never be any better. In fact, with no money to support the product, it will probably be another 5 years before another major update with "400 bugs fixed."

People with their demands and unwillingness to pay for it destroyed any future that Comodo had within months of its first release.

You put a lot of time and effort into your videos. You are doing nothing wrong, but in the eyes of people who make the decisions about the Comodo product, in their eyes you are wrong because you do this stuff publicly.
Click to expand...
The nice thing about wastes of effort like these is, I can skim right past them. They offer nothing relative to this thread.
 
  • Like
Reactions: vitao and simmerskool
bazang

bazang

Level 10
Jul 3, 2024
482
Chuck57 said:
The nice thing about wastes of effort like these is, I can skim right past them. They offer nothing relative to this thread.
Click to expand...
Wasted effort of what? I just stated the facts. OP is going to keep getting dinged by YouTube because there are brigaders that keep complaining about the videos to Youtube moderators and reviewers.

As far as Comodo failing, it is expected. It is not a software that receives a lot of pentesting and reports. If anything does get discovered, then the only half-way sure way to get it fixed is to report it directly to Comodo - and not publicly. Report it publicly and there is a virtual absolute certainty that Melih will not allow it to be fixed.

Read the Comodo EULA and Terms of Service.
 
  • Like
Reactions: Sorrento and New_Style_xd
R

rashmi

Level 15
Jan 15, 2024
730
vitao said:
@rashmi @Andy Ful

Testing Comodo Internet Security against the famous Ransomware using the settings recommended by Rashmi + Another test with new settings:

This video has subtitles in English and Spanish. If you need more subtitles, just let me know.
Click to expand...
I appreciate your effort and time, @vitao. Let's test one last time, if possible for you.

If the setup works, then test with HIPS disabled. The following configuration with HIPS enabled:
* File Rating - File Groups - Add "New Group" and name it "Personal Data". Select "Personal Data" in the list and add Documents and Pictures folders to it. Click OK.
* HIPS - Protected Objects - under "Protected Files" - Add "File Groups" and select "Personal Data" from the list. Click OK.
* HIPS - HIPS Rules - Add - Browse "File Groups" and select "Personal Data" from the list. Select "Use a Custom Ruleset" - under "Protection Settings", set "State" to Active for "Interprocess memory accesses" and "Windows/WinEvent hooks". Click OK. Click OK.

For this test:
Install Comodo Firewall only. Activate Proactive Configuration; don't enable Restricted Level.
Have the malware samples in a folder, not zipped, on a USB or download the folder, not zipped, from a cloud storage.
Introduce the malware samples to the system after configuring Comodo and restarting the system.
 
Last edited:
  • Like
  • Wow
Reactions: New_Style_xd and simmerskool
bazang

bazang

Level 10
Jul 3, 2024
482
rashmi said:
I appreciate your effort and time, @vitao. Let's test one last time, if possible for you.

The following configuration with HIPS enabled:
* File Rating - File Groups - Add "New Group" and name it "Personal Data". Select "Personal Data" in the list and add Documents and Pictures folders to it. Click OK.
* HIPS - Protected Objects - under "Protected Files" - Add "File Groups" and select "Personal Data" from the list. Click OK.
* HIPS - HIPS Rules - Add - Browse "File Groups" and select "Personal Data" from the list. Select "Use a Custom Ruleset" - under "Protection Settings", set "State" to Active for "Interprocess memory accesses" and "Windows/WinEvent hooks". Click OK. Click OK.

For this test:
Install Comodo Firewall only. Activate Proactive Configuration, not @cruelsister's config.
Have the malware samples in a folder, not zipped, on a USB or download the folder, not zipped, from a cloud storage.
Introduce the malware samples to the system after configuring Comodo and restarting the system.
Click to expand...
The only way to stop the bypass is using Comodo HIPS in Paranoid Mode. But then again that requires a person who actually 1) understands what is in the alert infos and 2) can mentally and emotionally handle the alerts.
 
  • Like
Reactions: Sorrento, New_Style_xd and simmerskool
New_Style_xd

New_Style_xd

Level 1
Sep 10, 2022
24
bazang said:
The only way to stop the bypass is using Comodo HIPS in Paranoid Mode. But then again that requires a person who actually 1) understands what is in the alert infos and 2) can mentally and emotionally handle the alerts.
Click to expand...
Thinking about what you said, it's true, only in paranoid mode, that's where the problem lies, everything will be blocked.
Unfortunately, COMODO has to fix this POC problem, because it hasn't been solved yet.
It was said that it was fixed, but based on the tests that have been done so far, the CIS was bypassed, proving that there is a serious flaw in the containment.
 
vitao

vitao

Level 4
Thread author
Mar 12, 2024
176
New_Style_xd said:
Thinking about what you said, it's true, only in paranoid mode, that's where the problem lies, everything will be blocked.
Unfortunately, COMODO has to fix this POC problem, because it hasn't been solved yet.
It was said that it was fixed, but based on the tests that have been done so far, the CIS was bypassed, proving that there is a serious flaw in the containment.
Click to expand...
no my friend. there are 2 problems. the so called poc and this exploitation of some flaw in cis itself. the poc was solved after almost 3 months. this exploit was not solved and will never be as comodo doesnt have the full source code of cis and the guy who developed it does not work for comodo for a long time and he has the source code of it all... let me shut up...

and there is no point in testing anything more related to this exploitation. there are 2 things that can prevent the ransomware of being executed:

1) disable web lookup;
2) hips in paranoid

the both has the same 2 problems:

1) on cis alerts in these 2 situations there are no indication that the files are dangerous. the execution will be stopped and the user prompted to allow it or not, but as there is no indication of the danger on it, the user will probaly run the file (imagine these files with different names and obtained by the user from other sources, like games, e-mails, etc);

2) cis or xcitium or itaruim or valkyrie can not recognize these files as dangerous as these products share the same structure and code, and the flaw is inside it.

so, if we take out these 2 options (that are not options by no means for anyone) cis will always be obliterated by this ransomware.

understand that the problem is not the ransomware itself. its inside it. so, any malware could produce the same results against cis if one make the proper changes into these malwares, like loyisa did on this one.

she/he is a freak :D im tryind to figure it out but so far... well, im focusing on anything else... :p
 
  • Applause
Reactions: New_Style_xd
bazang

bazang

Level 10
Jul 3, 2024
482
vitao said:
no my friend. there are 2 problems. the so called poc and this exploitation of some flaw in cis itself. the poc was solved after almost 3 months. this exploit was not solved and will never be as comodo doesnt have the full source code of cis and the guy who developed it does not work for comodo for a long time and he has the source code of it all... let me shut up...

and there is no point in testing anything more related to this exploitation. there are 2 things that can prevent the ransomware of being executed:

1) disable web lookup;
2) hips in paranoid



she/he is a freak :D im tryind to figure it out but so far... well, im focusing on anything else... :p
Click to expand...
User > Right-click on file > "Run in Sandbox (Containment)" does not contain the ransomware? Maybe it was discussed and already proven not to work against the sample, but I just missed it.

vitao said:
no my friend. there are 2 problems. the so called poc and this exploitation of some flaw in cis itself. the poc was solved after almost 3 months. this exploit was not solved and will never be as comodo doesnt have the full source code of cis and the guy who developed it does not work for comodo for a long time and he has the source code of it all...
Click to expand...
Comodo source code is ancient. There are no developers dedicated to maintaining it.


New_Style_xd said:
Unfortunately, COMODO has to fix this POC problem, because it hasn't been solved yet.
Click to expand...
Comodo does not have to fix it. Just like Microsoft and Cisco do very frequently, Comodo can simply state "Not seen as a real threat," accept the risk, and not fix it.
 
  • Wow
  • Like
Reactions: vitao and New_Style_xd
vitao

vitao

Level 4
Thread author
Mar 12, 2024
176
bazang said:
User > Right-click on file > "Run in Sandbox (Containment)" does not contain the ransomware? Maybe it was discussed and already proven not to work against the sample, but I just missed it.


Comodo source code is ancient. There are no developers dedicated to maintaining it.



Comodo does not have to fix it. Just like Microsoft and Cisco do very frequently, Comodo can simply state "Not seen as a real threat," accept the risk, and not fix it.
Click to expand...
wait.. now im too confused. ill try the right click, run in sandbox just to be sure but if i recall correcly if it does not block. lets see...
 
vitao

vitao

Level 4
Thread author
Mar 12, 2024
176
in a few days ill do some more testings, but for now. take a new video testing cis (latest) with its default configuration against 200 zero-day malwares.

this one has no official subs. if needed, just ask and ill produce.

the video:



this video is part of a marathon of tests with the main free antiviruses. if you want, in this playlist you will find a video with the final results and comments. and, again, if needed official subs, just ask.
 
  • Like
Reactions: New_Style_xd

Similar threads

Bot
    • Like
  • Locked
Find out what’s new in Windows and Office in October
Replies
1
Views
2,271
OS Archive
Vasudev
V
R
    • Like
  • Locked
Norton Security Review 2017
Replies
0
Views
4,148
Norton
ras74
R
Logethica
    • Like
A Guide to IoT (the Internet of Things)
Replies
2
Views
3,181
Malware Analysis Archive
DardiM
DardiM

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top