Serious Discussion Comodo Internet Security 2025 was obliterated by an exploit!

[Vitali Ortzi]

Comodo does not market CIS\CFW. Please do not provide a link to a URL because that is not marketing.


Because the software has $0 revenue and therefore nobody in their right mind would ever spend a lot on fixing issues. CIS\CFW is in perpetual maintenance or out-of-date. And that is fine because it generates $0 revenue. There are no dedicated Comodo staff to support, bug fix, or further develop it. Melih gets his programmers to look at it once every three or four years. This is fine.

It is freeware. You accept what Comodo gives you and if you cannot, Melih wants you to go use something else. He is so happy to see you go use something else. He does not want you using his product.

i replayed to to vitao comment about Xcitium EDR Client he bypassed and it is marketed with false claims to enterprises (comodo is the same base but less updated and has less rules etc) and regardless it is important that severe bypasses are fixed in security software free or paid

 

[vitao]

guys, please, dont fight. comodo is not fighting... they released a new 2025 edition fixing the certi issue and it only took 2 months... maybe another 2 years they fix the exploit/poc thing in cis and xcitium... lets have faith

btw, a new video showing every fcking options in cis 2025 is on the way. in fact its already at the channel but the video is long... 1h20min mor ou less... ill try to bring subs for it but maybe its not worth it as many will not watch it anyway...

 

[bazang]

regardless it is important that severe bypasses are fixed in security software free

Nope. Not if there is $0 revenue supporting the product.

All free software - ALL PAID SOFTWARE - is offered "As Is." No developer has any obligation to fix bugs or patch its software. At least not a contractual obligation since every software EULA absolves the developer of any liability. The only instance where a developer is liable is if their software causes physical or bodily damage. Then that is no longer about the EULA, but gets into the realm of product negligence and liability.

Everybody that uses software - whether home user, enterprise, or government - does so at their own risk. If anybody uses security software and ends up infected, it is always 100% on them. That is an established rule of global law for security software as a product.

 

[bazang]

guys, please, dont fight. comodo is not fighting... they released a new 2025 edition fixing the certi issue and it only took 2 months... maybe another 2 years they fix the exploit/poc thing in cis and xcitium... lets have faith

Melih will never fix it. There is no dedicated development staff for the Comodo code base. The developers at Comodo are shuffled around from project to project. That is how it has always been. For CIS\CFW a few developers are given a window of a few months to work on it. Because they are needed elsewhere - on projects that bring in revenue dollars. This makes perfect economic sense.

There for a while Melih hired China-based Haibo Zhang to be the Comodo Product\Project Manager, but he left years back and has never been replaced. Right about the time that CIS\CFW developed stopped 3 or 4 years ago.

For the price that Melih is charging for Xcitium, he will never have enough revenue to make the Comodo code-base any better than it is right now. A software product has to generate at least $1 MM USD for every 3 to 4 full-time personnel that support it (only 1 of those 3 or 4 people are software engineers). Comodo earns $0 and Xcitium might generate $500,000 per year. So you get 1.5 or 2 full-time people to support the product. Of those 1.5 or 2 people, you get 3/8ths to 1/2 of a developer. That translates to 1 developer working 780 to 1020 hours per year on a software code base. At Comodo companies, that developer has to do everything. Fix bugs. Develop new features. Unit test. Fix driver issues. Configure and maintain all of the supporting infrastructure. Create install packages. Perform all QA\QC. They have to do the entire supporting sysadmin of the infrastructure, software engineering, and the entire DevOps. Maybe in 10 years that developer can get around to fixing all the bugs and other problems, assuming that the underlying operating system remains essentially static over that same time period.

¯\_(ツ)_/¯

 

[Andy Ful]

Killing Comodo with disabled LUA:

App Review - Comodo's killer.

I created this video as a supplement to the discussion in another thread: https://malwaretips.com/threads/comodo-firewall-bypassing-a-bypass.133411/ The original bypass and Comodo's killer do not work if Core isolation is properly configured on Windows.

malwaretips.com

 

[vitao]

so...

ps.: a new video will be published showing this in action.

 

[bazang]

Why do people who want Comodo to be a more refined product not establish and promote a GoFundMe for the product?

Or suggest to Melih that he create a GoFundMe?

The fundamental issue with the product is a very simple one to understand: Melih owns the product, it generates virtually no revenue, and since Day 1 he as spent millions of his own money to subsidize the product and give it away. Well, he's not willing to spend any more on the product other than to keep it alive. There is no dedicated development team for the source code, and that means there is nobody to fix bugs and make the product more polished.

Without a revenue stream to support its development, Comodo will never be any better than it is right now. Without bringing in substantial money, it shall always be a 1000-bug, broken feature freeware.

Tip: Melih will never accept GoFundMe funds because he does not want to be obligated to end users to fix stuff. He is perfectly OK with the product as it is now. He has no aspirations to make it as polished as other security software. in fact, Melih's belief is that the product is fine as it is. The entire point of CIS\CFW is that a freeware does as good, if not better than, most other security software even with 1000 bugs and other problems. Melih is not wrong in this regard.

I think a lot of end users do not understand that Comodo is Melih's ideological play-thing. He created it to prove an ideological point within a software publishing industry that he believes to be wrong and which he deeply despises. He did not create Comodo to satisfy users.

When you understand all of this, then you realize why the product is as it is and that it shall never be any better than it is at this very moment.

 

[vitao]

Why do people who want Comodo to be a more refined product not establish and promote a GoFundMe for the product?

Or suggest to Melih that he create a GoFundMe?

The fundamental issue with the product is a very simple one to understand: Melih owns the product, it generates virtually no revenue, and since Day 1 he as spent millions of his own money to subsidize the product and give it away. Well, he's not willing to spend any more on the product other than to keep it alive. There is no dedicated development team for the source code, and that means there is nobody to fix bugs and make the product more polished.

Without a revenue stream to support its development, Comodo will never be any better than it is right now. Without bringing in substantial money, it shall always be a 1000-bug, broken feature freeware.

but who said that?

comodo is lucrative as xcitium as itariam as valkyrie, as any other softwares from melih company.

the problem is really simple. they dont have people who know how to solve the issues and what they have are looking at xcitium. the prove of it is that the same exploit/poc that destroys cis containment do the same with xcitium and there is no response from xcitium nor comodo about it. the flaw exists. its a big problem. xcitium users, who are the paid ones, are not secured and even so, they dont get any update regardless this...

 

[bazang]

but who said that?

comodo is lucrative as xcitium as itariam as valkyrie, as any other softwares from melih company.

the problem is really simple. they dont have people who know how to solve the issues and what they have are looking at xcitium. the prove of it is that the same exploit/poc that destroys cis containment do the same with xcitium and there is no response from xcitium nor comodo about it. the flaw exists. its a big problem. xcitium users, who are the paid ones, are not secured and even so, they dont get any update regardless this...

Comodo products are not lucrative. They are what is called "loss leaders." Melih gives them away for free or charges very low subscription rates. That means he is selling them at a loss.

There are no dedicated Comodo developer teams! There never has been.

Here are the facts about Comodo's security products:

The fundamental issue with the product is a very simple one to understand: Melih owns the product, it generates virtually no revenue, and since Day 1 he has spent millions of his own money to subsidize the product and give it away. Well, he's not willing to spend any more on the product other than to keep it alive. There is no dedicated development team for the source code, and that means there is nobody to fix bugs and make the product more polished. Without a revenue stream to support its development, Comodo will never be any better than it is right now. Without bringing in substantial money, it shall always be a 1000-bug, broken feature freeware.

Melih earns virtually all of his money from digital certificates, venture capital and other services. He earns virtually $0 from Comodo security software.

Comodo companies do not operate like Avast, Bitdefender, Kaspersky and Norton. I don't blame people who do not understand this fact. It takes a lot of research to figure it out.

Melih has no obligation to fix anything. Anybody that installs Comodo software, the EULA says clearly "You accept this software AS IS and you use it at your own risk." This is true of every last software EULA out there. So Comodo is no different.

All Comodo software, including Xcitium, are very unprofitable for Melih. He loses money on them all. So that means he is personally subsidizing all these software out of his own pocket. CIS\CFW were never profitable. They have always been freeware.

 

[Loyisa]

UPDATE: Fixed in Xcitium
This is not a Comodo config issue, but a containment security infrastructure issue, and you will have to wait for a CIS update to fix this.
So adding *\Device\NamedPipe\ntsvcs to protected files or protected com is currently useless until CIS gets a security update.

 

[Loyisa]

UPDATE: CIS quietly released an update and fixed the exploit
12.3.4.8162

 

[Vitali Ortzi]

UPDATE: CIS quietly released an update and fixed the exploit
12.3.4.8162
View attachment 286606

What about andy ful challenge did they contact Andy to work on fixing it ?

 

[Loyisa]

What about andy ful challenge did they contact Andy to work on fixing it ?

I don't know

 

[bazang]

What about andy ful challenge did they contact Andy to work on fixing it ?

Why would anybody contact @Andy Ful ?

Submit bug report on COMODO forum. If it is fixed then great. If not, then ¯\_ (ツ)_/¯ . A person either accepts it or does not.

People/users want stuff fixed, but nobody is willing to pay for the fixes. That means COMODO will never be any better than it is at this moment.

Melih's philosophy is "If you want something for free, then you will have to accept whatever I decide to give you. If not, go use something else. Please because I do not want to be bothered with ungrateful, whiny, complaining users."

 

[Andy Ful]

What about andy ful challenge did they contact Andy to work on fixing it ?

No, they did not.
I use a different method that does not trigger containment. It is not exactly an exploit, but rather taking advantage of AVs ignoring some known (and unknown but signalized) attack methods until they are sufficiently prevalent. Furthermore, some methods are hard to fix, like DLL hijacking. Most AVs try to fight it by improving DLL detection, which is insufficient in targeted attacks.
In the case of Comodo, the attack that exploits vulnerable but trusted EXE can be especially successful due to two weaknesses:

1. Poor detection of weaponized DLLs.
2. Poor detection of some UAC bypasses.

At the same time, Comodo can block most attacks in the wild via Auto-containment and Script Analysis modules. So finally, the attacker must know that the target uses Comodo to have fair chances to pass by the protection.

 

[vitao]

UPDATE: CIS quietly released an update and fixed the exploit
12.3.4.8162
View attachment 286606

sorry but its not fixed. you tested it with poc v2. try it with poc v3. cis continues to be r@ped by the poc, so they didnt solve anything...

 

[Vitali Ortzi]

sorry but its not fixed. you tested it with poc v2. try it with poc v3. cis continues to be r@ped by the poc, so they didnt solve anything...

Please show it with video evidence and post on the fourm or someone else upload it if you're banned

 

[Andy Ful]

sorry but its not fixed.

The containment bypass is fixed, but not DLL hijacking. But, let Loyisa explain this.

 

[Vitali Ortzi]

No, they did not.
I use a different method that does not trigger containment. It is not exactly an exploit, but rather taking advantage of AVs ignoring some known (and unknown but signalized) attack methods until they are sufficiently prevalent. Furthermore, some methods are hard to fix, like DLL hijacking. Most AVs try to fight it by improving DLL detection, which is insufficient in targeted attacks.
In the case of Comodo, the attack that exploits vulnerable but trusted EXE can be especially successful due to two weaknesses:

1. Poor detection of weaponized DLLs.
2. Poor detection of some UAC bypasses.

At the same time, Comodo can block most attacks in the wild via Auto-containment and Script Analysis modules. So finally, the attacker must know that the target uses Comodo to have fair chances to pass by the protection.

No, they did not.
I use a different method that does not trigger containment. It is not exactly an exploit, but rather taking advantage of AVs ignoring some known (and unknown but signalized) attack methods until they are sufficiently prevalent. Furthermore, some methods are hard to fix, like DLL hijacking. Most AVs try to fight it by improving DLL detection, which is insufficient in targeted attacks.
In the case of Comodo, the attack that exploits vulnerable but trusted EXE can be especially successful due to two weaknesses:

1. Poor detection of weaponized DLLs.
2. Poor detection of some UAC bypasses.

At the same time, Comodo can block most attacks in the wild via Auto-containment and Script Analysis modules. So finally, the attacker must know that the target uses Comodo to have fair chances to pass by the protection.

Can comodo under user account with a separate admin stop all of your attacks , known ones and what recommendations you have for comodo users (I have a low end system where even defender and eset are too heavy )

 

[Andy Ful]

Please show it with video evidence and post on the fourm or someone else upload it if you're banned

It is not necessary. The POC mentioned by @vitao does not trigger containment (contrary to the first POC) and the Comodo fix is only related to the containment escape.