Endpoint Detection and Response By Comodo

[ForgottenSeer 58943]

Full Protection with SEP like Home Depot and Target had prior to their massive breaches (and this with a setup by Symantec themselves)?

Home Depot hired a felon named Ricky Mitchell to handle their IT, someone that really wasn't very good with IT. Home Depot used a 'default' configured SEP in unmanaged mode. (This is IMPORTANT - because we are discussing SEP not SEPC) Anyone that knows SEP knows running it in unmanaged mode is a disaster, you can run it managed or unmanaged, and once broken out from managed it can require a tool to re-link to the management.

Further, if I recall my discussions with guys involved with cleaning this up they found not only unmanaged mode, but Home Depot was using an old, outdated Pre-2007 version of SEP (what was that, version 10?, I forget). Since it was in unmanaged mode they didn't feel the need to upgrade the primary hosting servers and then re-link the product back to managed mode. Everything at Home Depot was reactive, not proactive, there was no log monitoring or proper controls in place in any area.

So in effect, this was a perfect storm... Symantec didn't set this up. A fool did. I'm still confused about what this has to do with SEPC which is an entirely different (and superior) product that would never have become unmanaged? I am also a bit concerned why anyone would think an antivirus software is to blame for totally broken IT, improperly configured software, skimping on IT budgets and reactive IT management. That's like saying Nissan is to blame for you hitting a tree instead of just accepting that your driving is bad or you were being reckless.

And a Comodo product bearing any similarity to ESET either currently or in the past? Please spare me...

Kevin has a stellar reputation. Meliah doesn't. If Kevin says Meliah was bragging about reverse engineering ESET, then Meliah was bragging about reverse engineering ESET. Meliah would have sued Kevin pretty quickly for libel if that wasn't true. I've interacted with Kevin off and on since 1991, he's got integrity in spades. Comodo has basically, net-zero presence in the corporate/enterprise world for a reason. (and never will have a presence)

 

[Deleted Member 3a5v73x]

That's like saying Nissan is to blame for you hitting a tree instead of just accepting that your driving is bad or you were being reckless.

Norton Security - Nissan Micra
SEP unmanaged - Nissan Silvia
SEPC - Nissan SkyLine

If you hit a tree with not tuned Nissan, you better just stay with bicycle <- Windows Defender

 

[illumination]

Full Protection with SEP like Home Depot and Target had prior to their massive breaches (and this with a setup by Symantec themselves)?

I have no detailed knowledge of this, as i was not there. Why i stated what i did though, is pretty simple, for the same amount of money you would pay for monitoring/logging monthly, you could be running a endpoint solution with a management portal.

And a Comodo product bearing any similarity to ESET either currently or in the past? Please spare me...

I did not mention this.

And as to PrivDog- yeah, they totally screwed up the code in two builds running, affecting perhaps less than 10,000 folks Worldwide before it was caught. But the fact this is still fresh in memory after 3 years makes it seem that no one else has EVER screwed up code for a fringe product.

Nor did i mention this... I was referring to them copying other products like their brand of Ublock, Firefox, Chromium, and the rest of their half baked products that did not see the light of day, but had many resemblances to other products that i know of from the last 7 or 8 years of being around Comodo and their forum.

You are free to use any security you chose, just as i am free to have an opinion of a company. I can state, i have been around them long enough, and tested Betas, and even Alfa's before they quite posting them in the open forum, and remember a day when smashing your system from their bugs was considered normal.

 

[cruelsister]

Illumination- None of my posts in any way referred to comments made by you.

ForgottenSeer 58943- The Home Depot Breach occurred solely because Network Threat Protection malfunctioned. To save face they (HD) stated in the Post-Mortem that function was not "turned on"- but this is a lie- the breach was actually found by an intern who during busy-work noticed anomolus pulse transmissions to a point in Central Asia. But nonetheless, SEP at that time (I have neither the knowledge nor interest to know if this has been since fixed) was prone to Scriptor attacks which allowed the prime malware vector to take up residence on the Network. including the POS endpoints. And I won't even mention that HD had their POS systems running on Windows XP Embedded SP3 which opened them up for a Host of malware that my cat could code.

Finally, I don't know who you spoke to (it wasn't me) about the breach, but if any told you that the reason for the brach was that Symantec would have set up a system of THOUSANDS of Unmanged clients (and if you are familiar with managed vs unmanaged, which I see that you are, you know how absurd this would be) they are either Drunks, liars, or just plain ignorant.

But believe what you want.

 

[ForgottenSeer 58943]

It wasn't that it was setup unmanaged. But that particular version had a nasty habit of going unmanaged after a managed install and requiring re-linking via SYLINKREMOTE which was a manual process. I know this because we did breach investigations years ago and almost always found unmanaged clients on breached firms as one of the root causes, in addition to outdated versions of the host server/controller.

This was such a massive problem with SEP around the time of this breach and the versions they were running and often a system that dropped off from managed would never green dot back to managed, and the NTP module would fail to operate properly.

Big problem with Symantec Endpoint *unmanaged computers | Symantec Connect

 

[cruelsister]

Sly- Before I begin, please (please!) understand that I mean absolutely no disrespect to you, as you are a very valued member of MT.

But also understand that I WAS on a number of teams that headed breach analysis on systems protected by SEP (and was the Primary on a few, some public, some not). The main issue with SEP at that time was that it was unable to differentiate between scripts that were valid form scripts that were malicious. This was the primary issue. Also, there was never any indication that a given Endpoint could "drop out" from central management. God Forbid if this was the case as the breach might still be ongoing!

What really made me almost pass out was crap that Symantec let "slip" to the media that the initial vector could have been coded by a 16 year old- as if a multi-multi- million dollar breach would be worse if coded by a 35 year old professional Blackhat!

IF SEP in its current form has risen above the Scriptor issue, or if the installation of SEP on Corporate Networks by Symantec (with staff training) is currently done in an actual professional manner is something I no longer know nor care about as I thankfully am no longer in that field. But if I still was I would certainly make no assumptions...

 

[ForgottenSeer 69673]

ForgottenSeer 58943

I am with you with regards to Kevin and Comodo. My earliest recollection of communication with Kevin was the mid or later 90's My last communications with him were after he left Comodo because of issues with you know who. He had then gone to work for Apple. This is why I would never touch Comodo, just out of respect for Kevin. I suppose I could look back and see if I saved the e-mails dated around the time he first went to work for Comodo, then after he left.

On a side note: You maybe remember why he stopped BoClean. His government contracts would not allow him to touch the kernel and so when it became impossible to protect without touching the kernel, he was done. Funny thing is I can't remember what product the gov went with that didn't touch the kernel.

 

[ichito]

Yes, COMODO offer free security services, however they've already demonstrated in the past that they cannot be trusted and will happily sell out their customers for personal gain.

Yes...cannot be trusted...whoelse remembers the issue from years ago about KillSwitch and ProcessHacker and next between Comodo and Sysinternals connected with tool called Autoruns?

 

[shmu26]

Sly- Before I begin, please (please!) understand that I mean absolutely no disrespect to you, as you are a very valued member of MT.

But also understand that I WAS on a number of teams that headed breach analysis on systems protected by SEP (and was the Primary on a few, some public, some not). The main issue with SEP at that time was that it was unable to differentiate between scripts that were valid form scripts that were malicious. This was the primary issue. Also, there was never any indication that a given Endpoint could "drop out" from central management. God Forbid if this was the case as the breach might still be ongoing!

What really made me almost pass out was crap that Symantec let "slip" to the media that the initial vector could have been coded by a 16 year old- as if a multi-multi- million dollar breach would be worse if coded by a 35 year old professional Blackhat!

IF SEP in its current form has risen above the Scriptor issue, or if the installation of SEP on Corporate Networks by Symantec (with staff training) is currently done in an actual professional manner is something I no longer know nor care about as I thankfully am no longer in that field. But if I still was I would certainly make no assumptions...

@cruelsister: putting politics and history aside for the moment, what's your opinion of Comodo EDR?

 

[cruelsister]

No clue. It's really a part of their Endpoint Protection scheme and as people seem to believe what they want anyway, why bother to test? Also, my testing days are behind me.

And why let the Facts get in the way of Unfounded Preconceived Notions?

 

[shmu26]

And why let the Facts get in the way of Unfounded Preconceived Notions?

In a way, it is Comodo's own fault that no one believes them when they finally come out with a useful new product.

 

[cruelsister]

Absolutely agree, Shmu. But why does no one sites a company like Avast for constant unfulfilled promises?

 

[Deleted member 65228]

In my opinion, Avast turned their customers into the product, they are probably turning AVG into a puppet and they have started to destroy CCleaner. Therefore, I think that the only thing Avast is good for nowadays would be ruining everything they touch and using premium customers for their own self-gain.

Don't get me wrong, they do have good technology and their products are more than sufficient. But the rest? Prevents them from being trustworthy in my eyes and I will never ever be able to trust Avast again.

 

[illumination]

In my opinion, Avast turned their customers into the product, they are probably turning AVG into a puppet and they have started to destroy CCleaner. Therefore, I think that the only thing Avast is good for nowadays would be ruining everything they touch and using premium customers for their own self-gain.

Don't get me wrong, they do have good technology and their products are more than sufficient. But the rest? Prevents them from being trustworthy in my eyes and I will never ever be able to trust Avast again.

I personally have never like Avast either. Just a few years ago, many around my area were running it, and i was disinfecting many of those systems regularly. I have since convinced many of them to move onto something else.

 

[ZeroDay]

In my opinion, Avast turned their customers into the product, they are probably turning AVG into a puppet and they have started to destroy CCleaner. Therefore, I think that the only thing Avast is good for nowadays would be ruining everything they touch and using premium customers for their own self-gain.

Don't get me wrong, they do have good technology and their products are more than sufficient. But the rest? Prevents them from being trustworthy in my eyes and I will never ever be able to trust Avast again.

They've lost any trust and respect I had for them too.

 

[show-Zi]

In Japan there is the word "Toyota car users disliked Toyota". It means that although it excels in excellence of the product, it is dissatisfied with the company.