Wikileak documents show Governments couldn't penetrate Comodo Internet Security

[Tony Cole]

Wikileak documents show Governments couldn`t penetrate Comodo Internet Security:

This is what Comodo now claims, is it true.....

Wikileaks has just revealed a government sponsored and used malware calked finFisher. https://wikileaks.org/spyfiles4/

The developers of this malware apparently tested all antivirus products to see if their malware can penetrate these antivirus products or not, and wikileaks published the AV test document. https://wikileaks.org/spyfiles4/documents.html

COMODO Internet Security proved itself against government malware that it has solid protection and no infection!!! This is what the creator of the malware says according to wikileaks.

Now you know how powerful Comodo is when protecting you

Melih

 

[Exterminator]

That tidbit of information makes me not want to use Comodo.If it is really true more power to Comodo. On the flip side is the information what it really appears to be? In this day in age nothing would surprise me.Just my personal take on it of course

 

[Cch123]

Wow I can't believe the CEO of Comodo can say such things. Finfisher and Da Vinci spyware are NOT created by Governments and neither are they sponsored. They are simply just another cyber weapon created for Governments/law enforcement who cannot/do not want to create their own. Also, the test was on simply installing Finfisher the normal way, which is tricking the user into installing Finfisher. It does not test the capability of Finfisher used by richer and more capable governments, who have access to Finsploit (0day exploits purchased from Vupen). Those guys at Vupen are really the cream of the crop when it comes to exploit development, and with a single Kernel mode 0day your PC is owned no matter what security you are using.

FYI, this test only proves that antivirus users that do not use their product's proactive protection are bound to fail at catching 0day/advanced malware. That's why Finfisher was caught by Comodo's HIPS and Emsisoft's behaviour blocker, which are already configured to run on default. All you need to do is to activate other decent antivirus's HIPS to achieve the same effect, such as ESET's HIPS (its not activated at default).

 

[Tony Cole]

I think it's pathetic that Melih now relies on info from sources like wikileaks

 

[viktik]

Comodo false positive is so high that even good applications will have trouble penetrating the system.

 

[Tony Cole]

That's very true, but most of Comodo's software is now old, not updated nor maintained, Melih should just give up his pathetic dream and realize Comodo is NOT the best

I wonder if Melih paid wikileaks

 

[Kate_L]

Any decent HIPS will protect you.

 

[Raul90]

...Now you know how powerful Comodo is when protecting you

Melih

Can't help himself to brag about it....blubber..gibberish..Might be a good thing if he didn't say a thing and just smiled and had coffee.

 

[jamescv7]

CIS is a really good software and this information may became helpful but it blends of little bit advertising therefore may only act same like other companies on claiming who is the no.1 at all.

 

[Tony Cole]

I do not believe all this wikileaks crap, if Julian Assange was so innocent he would not be held up in the Ecuadorian Embassy, London. Comodo, well Melih believes his product is by far the best, and nothing will beat it. Amazing Bitdefender has 500 million customers.

 

[Raul90]

Yeah hype and advertising indeed There are loyal users of Comodo (like me I still believe in it and use it and yikes it's been 7 years!) Who's number 1? The ratings game will be there always but what matters is what we trust to protect us and what we feel comfortable using I still hate that bragging though....

 

[Tony Cole]

I heard from a friend who is a moderator on the Comodo forums that the staff have very little input now on the forum, Melih comes and goes and version 8 has more bugs than an ants nest

If the USA government wanted to hack Comodo the CIA, FBI could do it in minutes, probably even seconds and they would not know anything about it.

 

[vivid]

That's why Finfisher was caught by Comodo's HIPS and Emsisoft's behaviour blocker, which are already configured to run on default.

Where did you find that information? I think you are misunderstanding the mentioned situation.
* 'HIPS' is not enabled by default.
** It was detected by 'buffer overflow protection' which is enabled by default.
*** From my understanding, the presentation videos exemplify shellcode injection.

 

[vivid]

I'm not sure if anyone noticed this video. It's recently posted.

 

[Anupam]

Big deal. it's just another Spyware. And I never believe in such publicity. Who knows whats the real story behind it. Specially when "US" based companies are good in story writing.

 

[Tony Cole]

If the USA can create viruses that can slow down a nuclear reactor in Iran, then I can assure you they can bypass Comodo.

 

[vivid]

Big deal. it's just another Spyware. And I never believe in such publicity. Who knows whats the real story behind it. Specially when "US" based companies are good in story writing.

You could always test it. It's kind of transparent since everything is provided.

 

[Cch123]

Theoretically there are several ways to attack such default deny approach that the government can undertake (easily?) if they want.

1. Steal/Get a bogus certificate. COMODO's trust list contains literally tons of certificates, sometimes I don't even know if they actually check what is on their list. This was what happened to the Bit9 hack incident. COMODO users you can open your trusted certificate list and look at what COMODO has been trusting. I don't think you would know more than 10% of them

2. Find a vulnerability/exploit in COMODO itself. I don't really know how well designed is the COMODO code base, so we won't know how easy is this. But with each release fixing 300+ bugs is not helping my confidence.

3. Use a kernel exploit to own practically any security. Not sure how COMODO's new hypervisor based security layer is going to fare against this though, I haven't had the time to test it. This has to be tested in a real system, not VM because of conflicts.

 

[Nico@FMA]

Theoretically there are several ways to attack such default deny approach that the government can undertake (easily?) if they want.

1. Steal/Get a bogus certificate. COMODO's trust list contains literally tons of certificates, sometimes I don't even know if they actually check what is on their list. This was what happened to the Bit9 hack incident. COMODO users you can open your trusted certificate list and look at what COMODO has been trusting. I don't think you would know more than 10% of them

2. Find a vulnerability/exploit in COMODO itself. I don't really know how well designed is the COMODO code base, so we won't know how easy is this. But with each release fixing 300+ bugs is not helping my confidence.

3. Use a kernel exploit to own practically any security. Not sure how COMODO's new hypervisor based security layer is going to fare against this though, I haven't had the time to test it. This has to be tested in a real system, not VM because of conflicts.

First of all Comodo is the absolute number one certificate provider that allows ANYONE to obtain a certificate.
While this is brilliant their fraud control is so bad that anyone can misuse their services as has been shown day after day after day.
No disrespect to Comodo but their certificates are just junk and the security around it is worse then junk.
I respect Comodo for what they are trying to do, yet they are doing a really bad job at it.
There is a reason verisign and others are as pricey as they are and there is a reason why every self respecting company is willing to pay their huge fees, now while they are not hack safe they certainly offer far more security then Comodo does.
Comodo equals HACKME....

Thats all i got to say about it.

 

[Tony Cole]

I was able to obtain a Comodo certificate, it took me about 10-15 minutes, never used it, but they are very easy with no security checks performed.