Serious Discussion Comodo Internet Security 2025 was obliterated by an exploit!

Status
Not open for further replies.
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
Vitali Ortzi said:
So how many solutions are actually zero trust
Click to expand...

There are some leaders:

1734203523905.png
 
  • Like
  • Wow
  • Applause
Reactions: Sorrento, simmerskool, Brownie2019 and 3 others
vitao

vitao

Level 3
Thread author
Mar 12, 2024
108
Andy Ful said:
Understand. I mentioned this script because it is most probably not a false positive. Kaspersky correctly detected it as malicious. This script may also be an artifact after running the EXE (detected by Kaspersky). So, those two files can be related to one malware that was mitigated by Comodo Script Analysis.
You can check this possibility by deleting the content of "C:\ProgramData\Comodo\Cis\tempscript folder" and running only that EXE sample. If Comodo does not create the PS1 script, those files are unrelated.

Edit.
It seems that the EXE sample was a downloader, but the domain with the final payload did not respond (dead sample). The payload (exe.exe) would be most probably contained by Comodo.
any.run

Malware analysis SoftwareInstaller.exe Malicious activity | ANY.RUN - Malware Sandbox Online

Online sandbox report for SoftwareInstaller.exe, verdict: Malicious activity
any.run any.run
app.any.run

Analysis SoftwareInstaller.exe (MD5: 9CF40A8B46C9552148565D43C3D92465) Malicious activity - Interactive analysis ANY.RUN

Interactive malware hunting service. Live testing of most type of threats in any environments. No installation and no waiting necessary.
app.any.run app.any.run
Click to expand...
i understand. so this is a half malware :p well, cis didnt contain it.
 
  • Like
Reactions: Andy Ful
vitao

vitao

Level 3
Thread author
Mar 12, 2024
108
Andy Ful said:
This is not good news for Enterprise users.:confused:
Click to expand...
yep. i see comodo mods and some users saying that "now that the problem is solved there is only the malware to be sent to camas/valkyrie", etc., but they seem to have the need of ignoring that latest cis solved "nothing". the same poc still runs and the same ransomware still runs.

edit.: videos recorded. ill try to edit and public one tomorrow and the second the day after. if all goes well...
 
bazang

bazang

Level 8
Jul 3, 2024
359
Vitali Ortzi said:
It's a paid product sold to enterprise and the consumer comodo is based on the same client they sell to enterprises
Click to expand...
Xcitium product earns very little revenue. Not enough to justify dedicating a development team to it.

The basic formula in software development is that a software must generate 750,000 Euros in revenue to support 3 employees with a salary of less than 60,000 Euros on the payroll.

Xcitium very likely generates less than 300,000 Euros per year in revenue. That is not nearly enough to even support 1 dedicated development employee. Unless Melih hires developers from poor 2nd and 3rd world nations. He can hire an army of programmers in Zimbabwe or Vietnam for only 100,000 Euros.


Vitali Ortzi said:
The main product is an enterprise one sold with claims that zerodwell(container ) can stop 100% etc
Click to expand...
The marketing can say whatever it wants.

The EULA however states that the buyer/end user assumes all risk and the product is sold "AS IS" with no warranty of fitness of purpose. The product is not guaranteed to provide any protection and upon installation the end user agrees to these terms.

What that means is this: "You use this product and if it is bypassed then it is on you, and not on Xcitium or Comodo."


Andy Ful said:
Nowadays, the recommended solution is the Zero Trust Model, where AV/EDR is only a part of the solution.
Click to expand...
A true Zero Trust protection begins at the physical layer and goes all the way to the application layer in the network stack. Then on the operating system it is from the physical layer to the application layer. Then in the non-digital security realm, Zero Trust includes physical and personnel security. Next, Zero Trust includes very robust Governance, Risk Management and Compliance (GRC). All of these are combined.

I don't know how many times an enterprise has stated to me "We purchased Product XYZ marketed as Zero Trust and thereby implemented a Zero Trust Protection Model throughout our organization." They are extremely disappointed when I tell them they don't understand Zero Trust and that they need to spend another 5,000,000 Euros to get there.

Very, very few service providers know how to properly implement true Zero Trust and even fewer enterprises and governments can do it themselves. I don't know how many times a government has said to me "We air gap these high sensitivity machines. They are Zero Trust."

It takes a lot of time, resources, patience, knowledge, experience, and money to do Zero Trust the right way. It can be done - and done very well - using 100% Microsoft security. Why is this? Because Microsoft does adhere fully to the first principle of security: "Security is not software. It is a process." Plus it works so closely with the U.S. Government that it integrates many of the capabilities developed by NIST Special Publications that inform & guide virtually 100% of global enterprise security practices.

Lots of people and organizations think "Zero Trust implementation is purchase Zero Trust software and deploy it."

Meanwhile, for a small company, a correct Zero Trust security implementation is a 2 to 3 year process requiring an army of SMEs and implementers. And that usually only happens in very highly regulated industries where serious negative consequences can happen. It is not at all unusual for a financial transaction processor to take a couple of years fully implementing PCI DSS. And that is just the beginning of the security requirements and regulations that are applicable to their operations.

Most every Zero Trust product out there just exploits the words "Zero Trust." Why? Because people have no idea what Zero Trust really is.

Many organizations fail Zero Trust assessments and audits.
 
  • Hundred Points
  • Like
  • Applause
Reactions: Sorrento, simmerskool and Vitali Ortzi
Digmor Crusher

Digmor Crusher

Level 25
Verified
Top Poster
Well-known
Jan 27, 2018
1,431
bazang said:
Xcitium product earns very little revenue. Not enough to justify dedicating a development team to it.

The basic formula in software development is that a software must generate 750,000 Euros in revenue to support 3 employees with a salary of less than 60,000 Euros on the payroll.

Xcitium very likely generates less than 300,000 Euros per year in revenue. That is not nearly enough to even support 1 dedicated development employee. Unless Melih hires developers from poor 2nd and 3rd world nations. He can hire an army of programmers in Zimbabwe or Vietnam for only 100,000 Euros.



The marketing can say whatever it wants.

The EULA however states that the buyer/end user assumes all risk and the product is sold "AS IS" with no warranty of fitness of purpose. The product is not guaranteed to provide any protection and upon installation the end user agrees to these terms.

What that means is this: "You use this product and if it is bypassed then it is on you, and not on Xcitium or Comodo."



A true Zero Trust protection begins at the physical layer and goes all the way to the application layer in the network stack. Then on the operating system it is from the physical layer to the application layer. Then in the non-digital security realm, Zero Trust includes physical and personnel security. Next, Zero Trust includes very robust Governance, Risk Management and Compliance (GRC). All of these are combined.

I don't know how many times an enterprise has stated to me "We purchased Product XYZ marketed as Zero Trust and thereby implemented a Zero Trust Protection Model throughout our organization." They are extremely disappointed when I tell them they don't understand Zero Trust and that they need to spend another 5,000,000 Euros to get there.

Very, very few service providers know how to properly implement true Zero Trust and even fewer enterprises and governments can do it themselves. I don't know how many times a government has said to me "We air gap these high sensitivity machines. They are Zero Trust."

It takes a lot of time, resources, patience, knowledge, experience, and money to do Zero Trust the right way. It can be done - and done very well - using 100% Microsoft security. Why is this? Because Microsoft does adhere fully to the first principle of security: "Security is not software. It is a process." Plus it works so closely with the U.S. Government that it integrates many of the capabilities developed by NIST Special Publications that inform & guide virtually 100% of global enterprise security practices.

Lots of people and organizations think "Zero Trust implementation is purchase Zero Trust software and deploy it."

Meanwhile, for a small company, a correct Zero Trust security implementation is a 2 to 3 year process requiring an army of SMEs and implementers. And that usually only happens in very highly regulated industries where serious negative consequences can happen. It is not at all unusual for a financial transaction processor to take a couple of years fully implementing PCI DSS. And that is just the beginning of the security requirements and regulations that are applicable to their operations.

Most every Zero Trust product out there just exploits the words "Zero Trust." Why? Because people have no idea what Zero Trust really is.

Many organizations fail Zero Trust assessments and audits.
Click to expand...
Please stop. Every time some posts something about Comodo you go off on a rant saying the same things over and over. We know, you hate Comodo, but we don't have to be reminded of it every 5 minutes.
 
  • Applause
  • Like
Reactions: Nikola Milanovic, vaccineboy, ErzCrz and 1 other person
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,592
bazang said:
It takes a lot of time, resources, patience, knowledge, experience, and money to do Zero Trust the right way....

Meanwhile, for a small company, a correct Zero Trust security implementation is a 2 to 3 year process requiring an army of SMEs and implementers....

Many organizations fail Zero Trust assessments and audits.
Click to expand...
(y)
 
simmerskool

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,783
Vitali Ortzi said:
Sorry for making reading very inconvenient.
As I'm not really the most intelligent guy , and unsure when to use commas and periods , and haven't really forced myself ever to try and improve my grammar.
(Hopefully this is correct usage ,but uncertain if what I'm currently writing is even correct usage of comma and period.)


(if anyone has some good site to practice , and learn you can send me a private message, and or anything to improve grammar , writing skills.)
Click to expand...
you do fine imho
 
  • Thanks
Reactions: Vitali Ortzi
simmerskool

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,783
vaccineboy

vaccineboy

Level 3
Verified
Well-known
Sep 5, 2018
141
vitao said:
ow... sorry dude. not my intend o_O dont get me wrong. english is not my primary language. some expressions this word have more sense of power and meaning in my language. this word can describes better some thing i want to say. as i dont have any problems with this word, i dont see any problem using it. if you have any problem with it, im sorry, ok? but some language costumes are hard to change. a better solution would be you marking my profile to be ignored, or hyde me, something like that. atleast until i can become able to pay more attention to your feelings.
Click to expand...
Uhm you say English is not your native language as an excuse, yet you clearly know the unpleasant meaning of it, hence the masking. You say you don't have any problem with the word, yet you went out of your way to mask it in different manners. Be a man. If you want to say it, then say it.

The way I see it, you personify a software as a helpless woman and derive pleasure from perpetrating sexual assault unto that woman. That's highly obsessed and a bit sick in the head.

Let me remind you, Comodo is named after a lizard, unless that's in fact what you want to seek sexual pleasure from.
 
vitao

vitao

Level 3
Thread author
Mar 12, 2024
108
vaccineboy said:
Uhm you say English is not your native language as an excuse, yet you clearly know the unpleasant meaning of it, hence the masking. You say you don't have any problem with the word, yet you went out of your way to mask it in different manners. Be a man. If you want to say it, then say it.

The way I see it, you personify a software as a helpless woman and derive pleasure from perpetrating sexual assault unto that woman. That's highly obsessed and a bit sick in the head.

Let me remind you, Comodo is named after a lizard, unless that's in fact what you want to seek sexual pleasure from.
Click to expand...
it seems you have serious issues regardless the word r@pe. do you need any help bro? just say and we can try to figure a way to help you... o_O
 
vitao

vitao

Level 3
Thread author
Mar 12, 2024
108
Behold Eck said:
I don`t mean to be mean(if you know what I mean?) but it`s just that some people don`t have the time to waste.

Regards Eck :)
Click to expand...
so instead of saying things like that, nonsense, show whats wrong and what can be donne to make it right! :D
 
vitao

vitao

Level 3
Thread author
Mar 12, 2024
108
@vitao Please stop using that word and re-read through the Forum Policy rules. That language pretty much everyone here would deem it inappropriate: Forum Rules - Language

I was reading it. I understand and agree. From now on when i use this word ill change it to something not inappropriate. the meaning of it will not change as its part of the way of expressing myself on some cases. if that is not allowed, free expression, than its a problem. i dont think its by the forum rules to censure its users.
 
vitao

vitao

Level 3
Thread author
Mar 12, 2024
108
outlawxtorn said:
I'm with @ErzCrz on this one. You should not be using that word in any facet of your life and not here.
Click to expand...
sorry man but people have no word on what i use or not for talkings and things on this matter. sure, we are in a forum and as some asked polited, and there are rules, ill comply to these rules and not use the word one dude had bad feelings about. ill respect this not for what that user said but for the rules of the forum, but i can not agree with this thing some are trying to force. and its funny how one topic about some security software somene came crying and offtopic about personal feelings.... anyway... right? lets get back to the topic?
 
vitao

vitao

Level 3
Thread author
Mar 12, 2024
108
If anyone is interested. Here is the new topic about the new cis release against the loyisa exploit/poc.
 
Status
Not open for further replies.

Similar threads

vitao
    • Like
COMODO Internet Security 2025 v12.3.4.8162 against ONE Malware = Not Contained
Replies
36
Views
1,091
Comodo
outlawxtorn
O
vitao
    • Like
    • Applause
    • +Reputation
Comodo Internet Security Exploit has been updated and is now even more complicated + Explanations by the dev
Replies
13
Views
661
Comodo
Andy Ful
Andy Ful
vitao
    • Like
    • Wow
Kaspersky Antivirus PROTECTED Comodo from an EXPLOIT!
Replies
9
Views
705
Comodo
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top