Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
TeslaCrypt 2.0 vs Comodo Firewall
Message
<blockquote data-quote="cruelsister" data-source="post: 414449" data-attributes="member: 7463"><p>Hi Tony!- Superb questions. Although Comodo has changed the basic Sandbox setting to Fully Virtualized, there are still degrees of what any sandboxed file can do- At the Untrusted level, it can do very little. See 1:35 of the Video and you'll note that the only perceived intrusion was the malware file itself. However when I changed the setting to the default (which would be Full V/Partially Limited) the malware was able to start things like Notepad, Photo Viewer and Seamonkey (my default browser) as well as at least querying other processes (like vssadmin). See the 3:43 point of the Video for all the other things that the malware attempted to intrude upon.</p><p></p><p>When considering these (attempted) intrusions, there are things that the malware was able to call up and start (Notepad, Photo Viewer and Seamonkey), but even so these things were sandboxed in turn and would be flushed when the sandbox was reset. Other attempts to intrude on system files (like vssadmin) were outright blocked. </p><p></p><p>But although in neither of the first two sandbox settings in the Video did this particular malware make any changes to the actual system, this isn't always the case. The Full V/Partially Limited default setting CAN let malware make some minor modifications; a case in point is the CTB locker class ransomware which attempts to change the Windows wallpaper to the ransom message. Although sandbox reset will get rid of the message, your original wallpaper will be changed to solid Black. A minor system change to be sure, but still totally unacceptable to me. </p><p></p><p>Finally on this topic, note that unlike in the following Video on CryptoMonitor, the malware file was unable to self-delete (suicide).</p><p></p><p>About Sandboxie- it is a really fine application. It does have for some reason the APT call flaw (I actually demonstrated this in one of my first Comodo videos- I will have to look back later to find out exactly where). Personally I have never seen an malware to exploit it to trash a system protected by SB, but on the other hand it was able to make definite system changes which I find troubling. So although I much prefer the Comodo sandbox properly set, I certainly would use Sandboxie over any pure AV/HIPS combo out there. </p><p></p><p>Please forgive me in advance if I confused you further with the above explanation.</p><p></p><p>M</p></blockquote><p></p>
[QUOTE="cruelsister, post: 414449, member: 7463"] Hi Tony!- Superb questions. Although Comodo has changed the basic Sandbox setting to Fully Virtualized, there are still degrees of what any sandboxed file can do- At the Untrusted level, it can do very little. See 1:35 of the Video and you'll note that the only perceived intrusion was the malware file itself. However when I changed the setting to the default (which would be Full V/Partially Limited) the malware was able to start things like Notepad, Photo Viewer and Seamonkey (my default browser) as well as at least querying other processes (like vssadmin). See the 3:43 point of the Video for all the other things that the malware attempted to intrude upon. When considering these (attempted) intrusions, there are things that the malware was able to call up and start (Notepad, Photo Viewer and Seamonkey), but even so these things were sandboxed in turn and would be flushed when the sandbox was reset. Other attempts to intrude on system files (like vssadmin) were outright blocked. But although in neither of the first two sandbox settings in the Video did this particular malware make any changes to the actual system, this isn't always the case. The Full V/Partially Limited default setting CAN let malware make some minor modifications; a case in point is the CTB locker class ransomware which attempts to change the Windows wallpaper to the ransom message. Although sandbox reset will get rid of the message, your original wallpaper will be changed to solid Black. A minor system change to be sure, but still totally unacceptable to me. Finally on this topic, note that unlike in the following Video on CryptoMonitor, the malware file was unable to self-delete (suicide). About Sandboxie- it is a really fine application. It does have for some reason the APT call flaw (I actually demonstrated this in one of my first Comodo videos- I will have to look back later to find out exactly where). Personally I have never seen an malware to exploit it to trash a system protected by SB, but on the other hand it was able to make definite system changes which I find troubling. So although I much prefer the Comodo sandbox properly set, I certainly would use Sandboxie over any pure AV/HIPS combo out there. Please forgive me in advance if I confused you further with the above explanation. M [/QUOTE]
Insert quotes…
Verification
Post reply
Top