Comodo might come back from the grave

[ForgottenSeer 97327]

LOL

01 February 2023:

How to be secure when Detection fails - Comodo Internet Security - CIS

Literally every endpoint security product out there can only provide protection and keep you secure only and “ONLY” if they can detect a threat. W

forums.comodo.com

His Melihness does not respond to the questions of his loyal users about the updates which are necesary to patch these 3 security holes in Comodo. Note that the two Sandbox bypasses in the Comodo bug list seem to have proof of concepts added to the bug-report! CVE's are always checked. so there are at least 3 very serious holes in current Comodo version (does not matter whether you use Cruel Sister config, because they are sandbox bypasses).

----------- ignored security holes also affecting Cruel Sister config

To be fair there is only 1 critical vulnability reported in two years (in 2022 which is still not fixed): CVE-2022-34008 : Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privil On the other hand on Comodo's forum two rather serious Sandbox bypasses are mentioned List of current bugs - News / Announcements / Feedback - CIS , which might also indicate that Comodo is not put to test anymore (since it has not received updates for two years, there won't be a bug bounty program either).

______

 

[Trident]

His Melihness does not respond to the questions of his loyal users about the updates which are necesary to patch these 3 security holes in Comodo. Note that the two Sandbox bypasses in the Comodo bug list seem to have proof of concepts added to the bug-report! CVE's are always checked. so there are at least 3 very serious holes in current Comodo version (does not matter whether you use Cruel Sister config, because they are sandbox bypasses).

----------- ignored security holes also affecting Cruel Sister config

To be fair there is only 1 critical vulnability reported in two years (in 2022 which is still not fixed): CVE-2022-34008 : Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privil On the other hand on Comodo's forum two rather serious Sandbox bypasses are mentioned List of current bugs - News / Announcements / Feedback - CIS , which might also indicate that Comodo is not put to test anymore (since it has not received updates for two years, there won't be a bug bounty program either).

______

You fail to understand and comprehend. His loyal Melihness stressed few times that “someone is working hard all the time, 24/7”. You just have to wait… like… forever. The updates and results of this nowhere to be seen hard work will be delivered.

 

[ForgottenSeer 98186]

so there are at least 3 very serious holes in current Comodo version (does not matter whether you use Cruel Sister config, because they are sandbox bypasses).

You are calling them "very serious holes." That is an exaggeration, but I will give you an opportunity to explain to us all how those bugs can compromise a system.

Please explain how "able to overwrite file contents with NULL bytes using FSCTL_SET_ZERO_DATA I/O control code" can be incorporated into a malware to breach a system. Do you even know what "overwrite file contents with NULL bytes" means? Can it be used to create a persistent infection?

Please explain how " SetVolumeMountPoint and DeleteVolumeMountPoint" can be used to compromise a system. Is it even a real threat?

It is one thing if you understand fully what bugs 3 and 4 actually mean in terms of real system compromise, but you obviously don't understand and just automatically calling them "very serious holes."

That’s why it’s wrong saying “it’s ahead of its time, it doesn’t need updates”.

Who said "Comodo does not need updates"? Nobody on this forum nor at Comodo ever said that.

 

[ForgottenSeer 97327]

You are calling them "very serious holes." That is an exaggeration, but I will give you an opportunity to explain to us all how those bugs can compromise a system.

Please explain how "able to overwrite file contents with NULL bytes using FSCTL_SET_ZERO_DATA I/O control code" can be incorporated into a malware to breach a system. Do you even know what "overwrite file contents with NULL bytes" means? Can it be used to create a persistent infection?

Please explain how " SetVolumeMountPoint and DeleteVolumeMountPoint" can be used to compromise a system. Is it even a real threat?

It is one thing if you understand fully what bugs 3 and 4 actually mean in terms of real system compromise, but you obviously don't understand and just automatically calling them "very serious holes."

The CVE is a standard weighted vulnability and exposure assessment, above 7 is a serious problem. Overwrite file contents with NULL bytes means that they are overwritten with low values (hex 00). With Set and Delete Volume Mount points you can set and delete the links and references of a folder structure. This means you can mess around with data (for instance to escape the sandbox).

You are great in challenging others, but so far always failed to answers hard questions by ignoring them. I will give an easy one: do you know why the CVE rating is accepted across the IT-industry?

 

[ForgottenSeer 98186]

You fail to understand and comprehend. His loyal Melihness stressed few times that “someone is working hard all the time, 24/7”. You just have to wait… like… forever. The updates and results of this nowhere to be seen hard work will be delivered.

It is a freeware product. Melih and Comodo do not owe anybody anything. If people do not like how Comodo does things, then they can use another vendor's product.

It is a very simple concept that even a 5 year old can understand.

 

[Trident]

You are calling them "very serious holes." That is an exaggeration, but I will give you an opportunity to explain to us all how those bugs can compromise a system.

Please explain how "able to overwrite file contents with NULL bytes using FSCTL_SET_ZERO_DATA I/O control code" can be incorporated into a malware to breach a system. Do you even know what "overwrite file contents with NULL bytes" means? Can it be used to create a persistent infection?

Please explain how " SetVolumeMountPoint and DeleteVolumeMountPoint" can be used to compromise a system. Is it even a real threat?

It is one thing if you understand fully what bugs 3 and 4 actually mean in terms of real system compromise, but you obviously don't understand and just automatically calling them "very serious holes."

You are just diminishing what everyone says and attempting to make people look incompetent to support a product of your choice. In psychology, this is called choice-supportive bias and it quickly makes one lose credibility. So far, I didn’t see you answer any of my questions, neither I see you providing any evidence that the 6 key issues I enumerated in a post above are not true.

Whilst other people support everything they say with evidence. At that point it becomes clear who to trust really. We have unsupported fanboyism vs evidence… I mean… you get it.

Btw a user of this forum or a user of Comodo product, or any other user in fact, is not obliged to understand Microsoft’s low-level hardware management, APIs or any other part of the Windows operating system.

If the business standing behind the oh-so-amazing product you so violently and wholeheartedly support is a real business interested in securing innocent, connected users, EVERY vulnerability, even the most minor one should be treated as urgent and fixed.

Full stop.

 

[ForgottenSeer 98186]

The CVE is a standard weighted vulnability and exposure assessment, above 7 is a serious problem.

CVEs are created all the time and vendors refuse to fix them. It is up to the vendor to decide if they think it is a legitimate problem. Microsoft, for example, has refused to fix literally hundreds of CVEs over the years. It takes a lot more than just a CVE. Just because the CVE is created, that does not mean something is a real threat. Obviously you did not know this fact.

Overwrite file contents with NULL bytes means that they are overwritten with low values (all zeroes).

You just provided a basic definition. The bug does not state that the overwrite can be made everywhere on the system (which, by the way it cannot because of Windows' own built-in permissions structure).

So again, please give a specific example of how that bug can be used to compromise a system?

With Set and Delete Volume Mount points you can set and delete the links and references of a folder structure.

lol, why are you just stating the definition? Where is the proof that it is a real problem?

This means you can mess around with data (for instance to escape the sandbox).

Really? Please explain - you have to give examples, not generalizations - of how the mount point function can be used to mess with data. Can it be used to definitely unmount the operating system drive? Explain how a created mount point can be used to manipulate data whenever there is no other process that has escaped the sandbox?

 

[Trident]

It is a freeware product. Melih and Comodo do not owe anybody anything. If people do not like how Comodo does things, then they can use another vendor's product.

It is a very simple concept that even a 5 year old can understand.

The very same free product comes in a not-so-free flavour as well. So it’s a real business with real products and real people are paying real money for it. Also, it is not great to leave people with a false sense of security “because this is a free product”. Comodo, (not he as he is not the whole organisation), owes users a stable and secure product. The applicable laws where Comodo is registered and actively trading require every product to be fit for its purpose.

Who said "Comodo does not need updates"? Nobody on this forum nor at Comodo ever said that.

Wasn’t it you and Melih who claimed “it works ok without any updates”?

 

[ForgottenSeer 98186]

You are just diminishing what everyone says and attempting to make people look incompetent to support a product of your choice.

Nobody here is trying to make anyone look incompetent. If someone states reported bugs are "very serious holes" in protection, then it is on them to prove what they are claiming with demonstrable methods. They cannot just state there are "very serious holes" based upon assumptions and generalizations.

I do not use Comodo. Never have.

Did do some tests inside VirtualBox.

So far, I didn’t see you answer any of my questions, neither I see you providing any evidence that the 6 key issues I enumerated in a post above are not true.

What 6 key issues? That Comodo has bugs and it takes the company a long time to make updates? That is how Comodo has operated since the company began.

Everybody knows this. Nobody disputes it.

 

[Bumblebee Uncle]

View attachment 272722

"I too have a 2 year old CIS on my computers and they it just works! "

-- Melih

LOL

View attachment 272723
View attachment 272724

Obviously nobody here bothers to read what Melih says... lol

There is no dedicated CF\CIS developer team at Comodo. Melih has them working on other projects all the time but it seems people cannot figure this out. For the past two years Melih had his development team working on his other company projects (Melih owns multiple companies) and then the Xcitium project.

View attachment 272725
View attachment 272726

are you some kind of apologist for Melih? what is wrong with you? Such huge levels of worship and adoration - for what? just to prove your point?

 

[Pico]

It is a freeware product. Melih and Comodo do not owe anybody anything. If people do not like how Comodo does things, then they can use another vendor's product.

It is a very simple concept that even a 5 year old can understand.

Melih and Comodo don't owe anything to anybody not even to their paying home users.
Not surprising that people move away from using Comodo products...

 

[Bumblebee Uncle]

This is absolute heights of ignorance I have ever seen @Oerlink

Keep worshipping Melih and Comodo. No one has said these are bad products but well - I cannot keep repeating the same things I did yesterday and others such as @Trident @Decopi @goodjohnjr all have put!

You really are diminishing what everyone says and attempting to make people look incompetent to support a product of your choice as @Trident so eloquently put! Let this go!

 

[ForgottenSeer 98186]

are you some kind of apologist for Melih?

No. Melih needs to make no apologies. He provides a freeware protection and does not owe anybody anything. If anybody does not like how he does things, then they can use another vendor's product.

So why would Melih ever need to make an apology?

what is wrong with you?

Nothing is wrong with me.

Such huge levels of worship and adoration - for what?

Where am I worshipping and adoring Melih?

I merely copy-pasta'd Melih's posts he made on the Comodo forum. Melih speaks for himself.

just to prove your point?

Merely proving that people here are making statements that are not factual. That is all.

 

[Trident]

Nobody here is trying to make anyone look incompetent. If someone states reported bugs are "very serious holes" in protection, then it is on them to prove what they are claiming with demonstrable methods. They cannot just state there are "very serious holes" based upon assumptions and generalizations.

I do not use Comodo. Never have.

Did do some tests inside VirtualBox.


What 6 key issues? That Comodo has bugs and it takes the company a long time to make updates? That is how Comodo has operated since the company began.

Everybody knows this. Nobody disputes it.

The 6 key issues are there in my original post, I can’t repost everything few times but you can go back and check.
If this statement that Comodo has always taken long time to fix bug is true, as you say (I am extremely disinterested in hobby projects and don’t monitor Comodo closely so you know better… I like professional and premium products from businesses that know what they are doing)… so, if this statement is true then why are you preaching this is a great product and why do you argue with people?

You’ve went out of your way round and round and round in circles, and you’ve just repeated what everyone else has said - that Comodo takes long time to fix bugs
Are you bored at home?

Download Comodo or call Melih Abdulayoglu for a little chat and stop attacking users on this forum.

 

[Azure]

The very same free product comes in a not-so-free flavour as well. So it’s a real business with real products and real people are paying real money for it. Also, it is not great to leave people with a false sense of security “because this is a free product”. Comodo, (not he as he is not the whole organisation), owes users a stable and secure product. The applicable laws where Comodo is registered and actively trading require every product to be fit for its purpose.

Wasn’t it you and Melih who claimed “it works ok without any updates”?

I thought it was that despite the lack of updates Comodo still provided good security and worked. Not necessary that it didn’t need updates.

Also this sounds like they do indeed have updates towards their technology just not with CIS

How to be secure when Detection fails - Comodo Internet Security - CIS | Page 2

Literally every endpoint security product out there can only provide protection and keep you secure only and “ONLY” if they can detect a threat. W

forums.comodo.com

 

[ForgottenSeer 98186]

Melih and Comodo don't owe anything to anybody not even to their paying home users.

Who said that Comodo does not owe anything to their paying home users? Those who pay for Comodo products get technical support. That is why they pay. They are NOT paying for the software itself.

Not surprising that people move away from using Comodo products...

Comodo has never made popular products among home users except for security geeks.

Melih's companies are not reliant upon revenue from the software products he makes available for free.

 

[Trident]

Also this sounds like they do indeed have updates towards their technology just not with CIS

Updates towards any technology that is not cloud-based require to be put in a nice little package
Which later on gets pushed as an update and the version number increments in a certain way… just a quick thought.

 

[ForgottenSeer 98186]

Btw a user of this forum or a user of Comodo product, or any other user in fact, is not obliged to understand Microsoft’s low-level hardware management, APIs or any other part of the Windows operating system.

A person that claims "there is a very serious security hole in Windows" certainly does need to know what they are talking about before they say it. That is a basic standard that is widely accepted. They cannot just say "there is a very serious security hole because I see there is a bug report posted on a forum."

 

[Trident]

Just complementing:
"Ignorance"... or "paid money"?
Nowadays people are well paid to said the most ridiculous arguments in the web, specially in forums, specially in security forums.
How can someone be almost full time days and days defending the undefendable, if not by being paid?
How can someone systematically be bullying every single each argument against Comodo, and also at the same time (full job) opening new post promoting Comodo... if not by being paid?
It's not an accusation. It's a simple question.

Btw now that you are saying that, I remember years ago I commented on a ridiculous Comodo post on Favebook. I believe it was about 6-7 years ago. A highly-passionate and unprofessional employee copied my comment, reposted it on their wall and claimed I was “quick to poo poo Comodo”.
They then proceeded to block me on the page and called me a “Bitdefender employee”… as a child I had the Bitdefender dragon wolf as a cover picture on Facebook. Other than that, I am in no way associated with Bitdefender.

 

[ForgottenSeer 97327]

I do not use Comodo. Never have.

You just like to read the Comodo forum in stead of a newspaper, follow Melih on social media and memorize all Melih's post and quotes by heart, perfectly normal behavior