Which Elements of Comodo do You Use?

Elements of Comodo that You Use

  • Firewall

    Votes: 43 86.0%
  • HIPS

    Votes: 16 32.0%
  • Auto-Contain

    Votes: 37 74.0%
  • Heuristic Command-line Monitoring

    Votes: 24 48.0%
  • Cloud Lookup

    Votes: 27 54.0%
  • Viruscope

    Votes: 29 58.0%
  • Shortened (Edited) Trusted Vendors List

    Votes: 11 22.0%
  • Detect PUP Software (setting in File Rating Settings)

    Votes: 20 40.0%
  • Desktop Widget

    Votes: 10 20.0%
  • Killstart

    Votes: 12 24.0%

  • Total voters
    50
  • Poll closed .
Status
Not open for further replies.
F

ForgottenSeer 58943

Which direction do not you like

094be8c.jpg
 
D

Deleted member 178

Advanced users don't use HIPS. People use HIPS in order to look like advanced users. Once you are advanced enough to understand HIPS properly, you know how you can get infected, which threats apply to you, what you need to do against it, and finally you realize you don't actually need it anymore or never needed it in the first place.
1- my point was for advanced users actually using comodo, not those not using it, i believe they won't even read this thread.
Also, you can't generalize to all HIPS users because you aren't in their shoes and they may have different motivations to use them.
Even if some advanced users don't really need an HIPS or even any security softs, some like to play with them (which is another debate of course), and i'm one of them.

Now im going a bit deeper, how can you stop a metasploit stager using reflective dll just with your eyes..? I bet you can't.
Sure you will say the same as me: "don't go to suspicious sites, don't download and execute unknown files, etc..." in the first place, which is true but just look at the ccleaner drama, without any special security softs you were done...
Can you, just with your eyes, tell that the legit software you are used to use, that you downloaded from the same legit source you used to go, was replaced and weaponized by a 3rd party? for most people no (only few will look at the checksum and only if it is provided by the vendor...)
For that you need a method that pinpoint the unusual installation sequence (analysis sandboxes, software with command line parser, HIPS, BB, etc...)
Like the case when the Linux Mint installer was replaced by one with a rootkit, only coders that saw suspicious connections then looked into the code to found out the truth and minimized the catastrophe and only because Linux code is open source...if it was not who know how many users would install it and get their credentials stolen....

Personally, i know my infection vectors, my OS itself is quite tweaked to prevent it, but an HIPS or SRP or anti-exe give me an easier way to do it, with a simple interface so i can do in seconds what i have to do in minutes (like manually using regedit, or GPO for those having the Pro or Enterprise version) without actually touching my system.

So using an HIPS or whatever has originally nothing to do with people wanting to "look like" advanced users or not (even if i agree i know plenty that do as you said and really have no clues about using one properly).
However, what i disagree with you is not all HIPS/security softs users use them to satisfy their ego.
It is as if you say "i don't need a airbag and anti-collision system on my car, because i'm a formula 1 pilot ! and will never provoke any accident"...Problem is in computing like everything in life, you can't control what is out of your control zone...

Thank you :D
 
Last edited by a moderator:

Soulbound

Moderator
Verified
Staff Member
Well-known
Jan 14, 2015
1,761
Which direction do not you like

The direction where v.6 and subsequently v7 took.
v5.10/5.12 in my opinion were more granular and easier to work with, as well as maintain, compared to post 5.12 versions.

It was never about the AV component detection rate, contrary to some of the users who viewed my testing videos back then. In fact, the testing videos on Comodo that I performed showed that the AV was good enough but its protection under default and tweaked settings of CIS as a whole was what really shined.
 
  • Like
Reactions: AtlBo

FleischmannTV

Level 7
Verified
Honorary Member
Well-known
Jun 12, 2014
314
Now im going a bit deeper, how can you stop a metasploit stager using reflective dll just with your eyes..? I bet you can't.

I don't have to because it is never going to happen. I've used software like HitmanPro.Alert, Sandboxie, AppGuard and like for years and never have I encountered an actual attack during that, nor have I before, nor have I ever since I've stopped using it, and I sincerely doubt I ever will. All I have ever encountered was breakage of harmless activities, because the program wasn't compatible with the policies of said security software. Of course I am not fully protected against these scenarios, but my point is, I don't have to be.

People get infected by shooting themselves in the foot and not by sneak attack of an assassin in the middle of the night.

Take high risk professions as an example, like special forces operators or race car drivers and so on. Do you think these people apply the same operating procedures in their daily lives during mundane tasks as on the job? When a Delta operator does groceries, does he storm the supermarket with his team and clear the building before shopping? Does a race car driver drive to the supermarket in his race car because he doesn't feel safe in a regular car? Do firefighters run around in their own house with a fireproof suit and a breathing mask, in case a fire breaks out while they sit on the crapper? I don't think so.

So why should I? Tell you what, I have to go to the ATM right now, do you think I am safe on my own or should I call for a police escort? Do you think a couple of black and whites will do or do I need to call a SWAT team for protection?

in the first place, which is true but just look at the ccleaner drama, without any special security softs you were done...

And what do you do if your super security software vendor becomes the victim of a well-poisoning attack just like ccleaner? Can Comodo tell you if Comodo's update is not from Comodo when Comodo's servers are compromised and the malware is digitally signed by Comodo? Will Comodo's HIPS warn you when Comodo's HIPS tries to inject a dll into other processes?


It is as if you say "i don't need a airbag and anti-collision system on my car, because i'm a formula 1 pilot ! and will never provoke any accident"...Problem is in computing like everything in life, you can't control what is out of your control zone...

I rather meant: "Does a formula 1 pilot wear a race helmet and a fire-retardant racing suit and force his children to put that on, when he drives them to school? Did I forget the safety cars in front of and behind him and a firetruck accompanying him?

Do you really think the people at kernelmode.info, who are GODs who laugh about us, use HIPS software with "paranoid settings"? I sincerely doubt that.
 
5

509322

People get infected by shooting themselves in the foot and not by sneak attack of an assassin in the middle of the night.

The security soft industry cannot protect users from themselves despite what some might argue. No way, no how.

Security softs are insurance policies against:

1. user mistakes
2. user poor judgement
3. user neglect
4. user ignorance
5. user naiveté
6. user stupidity
7. some highly unlikely advanced attacks (if you are a targeted user = not the typical home user)

Nothing more, nothing less.

Some are better insurance policies than others.

The internet is as about as dangerous as stepping outside the front door of your house. You can die if you venture into really bad neighborhoods. Go down the wrong street, enter the wrong doorway, make the wrong turn, etc. Simple as that. More or less the same sort of analogy can be made to the world wide web.

I use AppGuard (advanced policy that blocks a lot of Windows stuff) and Adguard and do not have any usability problems. Then again, I do not do much beyond everyday stuff with my personal system. I am not a typical "user that wants to use stuff."

Less is more.

Security softs are not meant nor capable of creating "impenetrable digital fortresses," but people erroneously expect them to be able to accomplish this objective - and without causing any issues.

That is just my personal observation and opinion.
 
Last edited by a moderator:
  • Like
Reactions: bribon77 and shmu26
5

509322

@FleischmannTV, how do you think those advanced users became advanced?
By using HIPS and other advanced tools, right?

You learn like he did, by using different softs and learning as you go. Not just HIPS, but HIPS is a great learning tool.

You think Tavis Ormandy uses security softs ?

I use AppGuard because it is the universe's most effective security soft.

I use Adguard because I despise online advertisements.

So there is a purpose for the security softs that I use, but I don't pile security softs on top of each other.

For testing, I pile them on top of each other to ensure compatibility because a lot of you guys do it.
 
Last edited by a moderator:

klaken

Level 3
Verified
Well-known
Oct 11, 2014
112
wonder if the president of the United States does not expel people when they go to the mall or separate from the guards.

Each one needs a protection depending on their actions, knowledge and risks ..
Ex: I only use comodo cloud I do not need more.

It was mentioned to the gods that if a bug does not inform them correct them .. You can not compare us with them .. We are mere mortals.
 
  • Like
Reactions: AtlBo

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
I tried HIPS paranoid in Firewall config, but I was disappointed. It ruins the execution control. Once you allow a process to execute one thing, it will be allowed to execute all things.

I've had my best luck with Proactive and HIPS in Safe Mode. Not sure if this is true, but as far as the registry goes, Safe Mode seems to protect some keys and ignore the rest, while Paranoid alerts them all. I guess Paranoid is much better registry protection (although a nightmare to configure), assuming I am correct. Seem to be seeing fewer registry alerts with Safe Mode than Paranoid, but again I could be wrong.

I'm fairly certain you could come up with a way to get the alerts you want, but I think you'd have to be willing to take a brick in the head over at the Comodo Forum LOL...
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
I've had my best luck with Proactive and HIPS in Safe Mode. Not sure if this is true, but as far as the registry goes, Safe Mode seems to protect some keys and ignore the rest, while Paranoid alerts them all. I guess Paranoid is much better registry protection (although a nightmare to configure), assuming I am correct. Seem to be seeing fewer registry alerts with Safe Mode than Paranoid, but again I could be wrong.

I'm fairly certain you could come up with a way to get the alerts you want, but I think you'd have to be willing to take a brick in the head over at the Comodo Forum LOL...
I asked for suggestions on the Comodo forum about configuring registry rules. They told me that the problem with registry alerts is that you get alerted not just for changes, but also for access to registry keys. Their recommendation in order to cut down on registry alerts was to add more processes to the windows system category.
 
  • Like
Reactions: AtlBo
D

Deleted member 178

@FleischmannTV to be honest i only care what i can do to secure my system, i'm not so interested if Mr Super-researcher from Uber-Company.com is using Process Explorer and Autorun as main solution.... i did it was boring since i'm never infected...
I use Appguard, HMPA, Comodo FW, sandboxie, Emsisoft AM because i like to play and do tests with them, then advise my customers to use them properly.
I could just go with Win10 built-in security, i will be just fine with it, i did for a while but get bored too after a while...
Security softs are fun, HIPS are funnier, Comodo is best to have fun with; i can spend hours configuring it while having a huge smile on my face, then hate it 2 days later because it doesn't do what it is supposed to do or a bug just ruined all my works on it... :p

Now it doesn't mean Comodo or whatever are the best solutions but they help.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
@FleischmannTV to be honest i only care what i can do to secure my system, i'm not so interested if Mr Super-researcher from Uber-Company.com is using Process Explorer and Autorun as main solution.... i did it was boring since i'm never infected...
I use Appguard, HMPA, Comodo FW, sandboxie, Emsisoft AM because i like to play and do tests with them, then advise my customers to use them properly.
I could just go with Win10 built-in security, i will be just fine with it, i did for a while but get bored too after a while...
Security softs are fun, HIPS are funnier, Comodo is best to have fun with; i can spend hours configuring it while having a huge smile on my face, then hate it 2 days later because it doesn't do what it is supposed to do or a bug just ruined all my works on it... :p

Now it doesn't mean Comodo or whatever are the best solutions but they help.
Please post a selfie of you smiling over Comodo...
 

JHomes

Level 7
Verified
Well-known
Jul 7, 2016
339

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
After enabling advanced protection in HIPS settings, the option where it tells you to do a reboot, I had a couple BSODs, but not right away. Comodo says something about this feature relying on hardware virtualization. I think I would have to update my firmware to solve the issue. Just a guess.
 

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
@FleischmannTV to be honest i only care what i can do to secure my system, i'm not so interested if Mr Super-researcher from Uber-Company.com is using Process Explorer and Autorun as main solution.... i did it was boring since i'm never infected...
I use Appguard, HMPA, Comodo FW, sandboxie, Emsisoft AM because i like to play and do tests with them, then advise my customers to use them properly.
I could just go with Win10 built-in security, i will be just fine with it, i did for a while but get bored too after a while...
Security softs are fun, HIPS are funnier, Comodo is best to have fun with; i can spend hours configuring it while having a huge smile on my face, then hate it 2 days later because it doesn't do what it is supposed to do or a bug just ruined all my works on it... :p

Now it doesn't mean Comodo or whatever are the best solutions but they help.
Umbra I think you have a love hate for Comodo, or am I wrong?
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top