Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
NotPetya vs Comodo Firewall
Message
<blockquote data-quote="cruelsister" data-source="post: 647620" data-attributes="member: 7463"><p>Andy- I can't speak for Comodo, but this video is MY response to a malware dll being dropped. I know that the Metasploit console videos are impressive to watch, but understand that they never look at what is actually occurring on the potentially infected endpoint. For a malware dll to activate, something HAS to act on it for the dll to be activated (like by rundll32) otherwise it will just sit on the machine looking stupid. You really have to differentiate between the exploit and the malware payload. If the payload cannot run nor can it connect out, what harm (and this is on the assumption that the exploit can magically be established)?</p><p></p><p>Also, for this video I did tweak Comodo- but in the opposite way of what might be expected. I made it weaker. I shut the Cloud AV off (this would have detected and deleted the dll on run), and as usual disabled the HIPS. Furthermore (as is stated in the video) I set the Sandbox to the default Partially Limited setting (as if I would EVER do that on my system!). With Cruel Comodo the exe would have just been outright stopped (and that would have been a bore) without the ability to call up either schtasks or rundll32. The only thing really of interest with NotPetya is something one one is mentioning (but I will).</p><p></p><p>Finally, I know that the EternalWhatever exploits are currently in vogue for discussion. But really, how do these exploits differ from a simple Worm which will propagate on the Network and have (and are) causing massive data breaches and untold billions of dollars of harm? For me, as long as you have the proper security protection in place these exploits are, in the words of the immortal Bard, "full of Sound and fury, Signifying Nothing."</p></blockquote><p></p>
[QUOTE="cruelsister, post: 647620, member: 7463"] Andy- I can't speak for Comodo, but this video is MY response to a malware dll being dropped. I know that the Metasploit console videos are impressive to watch, but understand that they never look at what is actually occurring on the potentially infected endpoint. For a malware dll to activate, something HAS to act on it for the dll to be activated (like by rundll32) otherwise it will just sit on the machine looking stupid. You really have to differentiate between the exploit and the malware payload. If the payload cannot run nor can it connect out, what harm (and this is on the assumption that the exploit can magically be established)? Also, for this video I did tweak Comodo- but in the opposite way of what might be expected. I made it weaker. I shut the Cloud AV off (this would have detected and deleted the dll on run), and as usual disabled the HIPS. Furthermore (as is stated in the video) I set the Sandbox to the default Partially Limited setting (as if I would EVER do that on my system!). With Cruel Comodo the exe would have just been outright stopped (and that would have been a bore) without the ability to call up either schtasks or rundll32. The only thing really of interest with NotPetya is something one one is mentioning (but I will). Finally, I know that the EternalWhatever exploits are currently in vogue for discussion. But really, how do these exploits differ from a simple Worm which will propagate on the Network and have (and are) causing massive data breaches and untold billions of dollars of harm? For me, as long as you have the proper security protection in place these exploits are, in the words of the immortal Bard, "full of Sound and fury, Signifying Nothing." [/QUOTE]
Insert quotes…
Verification
Post reply
Top