Comodo KillSwitch

[CogitoTesting]

DACS' ethics aside I'm going to go on a limb to say that KillSwitch is a fantastic tool, of course NOT in the hands of a beginner.

Pros (as far as I can see for now):

• Portable, no installation necessary.
• Ability to analyse a process all the way to infinity. .
• Ability to upload processes directly to virustotal or virusscan.jotti for a second opinion, beside Comodo's own, obviously. .
• You can "terminator" a process at a time.
• A user can terminate all unsafe processes at once. Quite invaluable for online banking. Somehow, similar to DefenseWall's own online banking mode.
• Rate all processes and gives them a rating of safe, unsafe, or unknown.

Con(s) Thus far:

• Unable to display hidden processes on a 64bit computer. . At least for now.

I think this is a great product to the quality and effecient level of ESET Sysinspector.

What do you think guys?

Thanks.

[sded]

Speaking of ethics, does Comodo give credit to Process Hacker where they got the basic program (Source Forge-Open Source) with most of the capabilities and added some AV related stuff (items 3 & 6)?

[lordraiden]

Quote:

Originally Posted by sded

Speaking of ethics, does Comodo give credit to Process Hacker where they got the basic program (Source Forge-Open Source) with most of the capabilities and added some AV related stuff (items 3 & 6)?

Bla bla bla, ethics



Is this another thread to cry about Comodo without any proof?
Are they doing something ilegal? have you paid for KillSwitch?
Have you spend 1 minute to finding those important credits or you just wanted you say something bad about Comodo without having any idea what you are talking about?
And as Melih says if Process Hacker devs want to add DACS or any other security company they only need to ask for it, and they will get it.



Coming back to the topic, IMO KillSwitch is a basic tool when you want to clean an infected computer, very easy and powerful at the same time with results for the unknown files from 40 av's, a very fast way to check any pc. Also very useful to check if there is any active infection in your computer.

For now seems that KillSwitch is the only app able to use DACS, CCE for now just uses Comodo AV and Comodo Cloud+CIMA

[sded]

Actually I don't have a copy of Killswitch, just read about it here, and didn't know the answer. I am also a Process Hacker user. Comodo often licenses and treats products (including CTM, for example) like they invented them. Good on them, and I hope they gave a generous donation to the guys at Source Forge. OP brought up ethics as an issue, btw, and gave all credit to Comodo. And trying to find any real story on the Comodo forum is a waste of energy with all the misinformation floating around. Thanks for the additional information. And Merry Christmas; take the rest of the day off.

[Franklin]

KillSwitch is killed if an exe killing rogue is active. A simple rename to firefox get's KillSwitch up and running and does seem to do OK.

[Franklin]

A few unknowns but most security apps struggle against this malware sample which drops just about everything.

[lordraiden]

Quote:

Originally Posted by Franklin

A few unknowns but most security apps struggle against this malware sample which drops just about everything.

Attachment 224118

Did you wait to the unknown files to be uploaded to see the results of the av's in the propierties?
How much it takes?

You should see something like this:
http://www.wilderssecurity.com/attac...1&d=1293211352

Quote:

Originally Posted by sded

Actually I don't have a copy of Killswitch, just read about it here, and didn't know the answer. I am also a Process Hacker user. Comodo often licenses and treats products (including CTM, for example) like they invented them. Good on them, and I hope they gave a generous donation to the guys at Source Forge. OP brought up ethics as an issue, btw, and gave all credit to Comodo. And trying to find any real story on the Comodo forum is a waste of energy with all the misinformation floating around. Thanks for the additional information. And Merry Christmas; take the rest of the day off.

They bought "CTM" (I dont remember the company but it's in Comodo Forum) technology an offered a paid application for free, they are ogre xD You can ask in the forums where they bought the technology behind CTM and they will tell you is not a secret.
Actually all the information is there in Comodo forum, if you dont find something, probably the same CEO of the company or a developer will help you.

[pandlouk]

Quote:

Originally Posted by lordraiden

Bla bla bla, ethics

Is this another thread to cry about Comodo without any proof?
Are they doing something ilegal? have you paid for KillSwitch?
Have you spend 1 minute to finding those important credits or you just wanted you say something bad about Comodo without having any idea what you are talking about?

http://forums.comodo.com/comodo-clea...0907#msg470907

Quote:

Originally Posted by wj32

I appreciate the fact that you took my program and integrated it with your technologies. But the usage of my code is simply unacceptable. Do you guys know what the GNU GPL actually says? You must release source code for each binary release. You have not done so.

I see you've also taken advantage of the exception I put in the license allowing for dynamic linking regardless of license. This was intended for plugins, not the way you're using it (putting most of your code in another DLL to get around the GPL). You almost make me regret putting that exception in.

BTW: Thanks for taking almost complete credit for the tool. My two years of work on Process Hacker have obviously been well accounted for.

EDIT: "Patent pending"? I hope the clauses added in GPLv3 will make whatever patents you are granted completely worthless.

Melih's words and actions do not go hand by hand.
He is accusing the other companies that do not want to share their work (virus database) but takes an open source program and what he does? Keeps the code for his company only.

And we, the end users, have to trust such a company and it's trusted volunteers? ROLFMAO

Happy Christmas everybody,
Panagiotis

[lordraiden]

Quote:

Originally Posted by pandlouk

http://forums.comodo.com/comodo-clea...0907#msg470907

Melih's words and actions do not go hand by hand.
He is accusing the other companies that do not want to share their work (virus database) but takes an open source program and what he does? Keeps the code for his company only.

And we, the end users, have to trust such a company and it's trusted volunteers? ROLFMAO

Happy Christmas everybody,
Panagiotis

I'm expecting an answer too, they know what they are doing probably you just have to request the source code to get it.
But is easiest criticize without waiting to the others to give an answer.

[pandlouk]

Quote:

Originally Posted by lordraiden

I'm expecting an answer too, they know what they are doing probably you just have to request the source code to get it.
But is easiest criticize without waiting to the others to give an answer.

*

Quote:

Does the GPL require that source code of modified versions be posted to the public?

The GPL does not require you to release your modified version, or any part of it. You are free to make modifications and use them privately, without ever releasing them. This applies to organizations (including companies), too; an organization can make a modified version and use it internally without ever releasing it outside the organization.

But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the program's users, under the GPL.

Thus, the GPL gives permission to release the modified program in certain ways, and not in other ways; but the decision of whether to release it is up to you.

http://www.gnu.org/licenses/gpl-faq.html

Panagiotis

[lordraiden]

Quote:

Originally Posted by pandlouk

*

http://www.gnu.org/licenses/gpl-faq.html

Panagiotis

I know that, I have already request an answer about this issue in Comodo forums, if they dont release the source code as soon as they come back to work I will be the first one to criticize them.
I'm sure that they know what they are doing.

[pandlouk]

Quote:

Originally Posted by lordraiden

I know that, I have already request an answer about this issue in Comodo forums, if they dont release the source code as soon as they come back to work I will be the first one to criticize them.
I'm sure that they know what they are doing.

Lord,

they already know about the gpl license. This is why, they used wj32's exemption from the gpl license about dynamic link libraries...


Panagiotis

[Franklin]

Quote:

Originally Posted by lordraiden

Did you wait to the unknown files to be uploaded to see the results of the av's in the propierties?
How much it takes?

Shows "Analysing" before final report.

Have you actually ran it against any malware?

[lordraiden]

Quote:

Originally Posted by Franklin

Shows "Analysing" before final report.

Have you actually ran it against any malware?

Attachment 224120

Yes but I haven't been able to get any report from DACS, maybe the servers are down or I'm doing something wrong.

Quote:

Originally Posted by pandlouk

Lord,

they already know about the gpl license. This is why, they used wj32's exemption from the gpl license about dynamic link libraries...

Panagiotis

If they used the exemption for the dll thing to add DACS, then is legal, they just need to release the source code of the rest of the program. At least this is what I understood, maybe I'm wrong and you can clarify this to me.
I guess that Comodo need to protects the source code of DACS somehow, although they are willing to share it with other security companies.

[Solidify]

Quote:

If they used the exemption for the dll thing to add DACS, then is legal, they just need to release the source code of the rest of the program. At least this is what I understood, maybe I'm wrong and you can clarify this to me.
I guess that Comodo need to protects the source code of DACS somehow, although they are willing to share it with other security companies.

you are wrong, they wont release any sourcecode.
What about killswitch ? just dl processhacker.

[pandlouk]

Quote:

Originally Posted by lordraiden

If they used the exemption for the dll thing to add DACS, then is legal, they just need to release the source code of the rest of the program. At least this is what I understood, maybe I'm wrong and you can clarify this to me.

You understood correctly. I did not question it's legality...

Quote:

Originally Posted by pandlouk

Melih's words and actions do not go hand by hand.
He is accusing the other companies that do not want to share their work (virus database) but takes an open source program and what he does? Keeps the code for his company only...

Panagiotis

[Tarnak]

I haven't bothered with the scans...just had a look at Killswitch. Nothing untoward revealed.

[lordraiden]

Quote:

Originally Posted by Tarnak

I haven't bothered with the scans...just had a look at Killswitch. Nothing untoward revealed.

Have you gotten any veredit from DACS for the unknown files? (I know they are safe)

[Tarnak]

Quote:

Originally Posted by lordraiden

Have you gotten any veredit from DACS for the unknown files? (I know they are safe)

Where do I look for that? Not sure what you mean...do I have to do a scan?

[lordraiden]

Quote:

Originally Posted by Tarnak

Where do I look for that? Not sure what you mean...do I have to do a scan?

Right click on the unknown process, propierties, and then go to "verdict" tab, but I'm not sure if the DACS is completely up right now, they must be working on it, still beta.




And about the GPL thing this is what Melih says:
http://forums.comodo.com/comodo-clea...1019#msg471019
http://forums.comodo.com/comodo-clea...1020#msg471020

Quote:

Hi

I am sorry you are unhappy. This was the last thing we wanted to do. You have done an excellent job with Process Hacker and its a testament to your work that we built KS on top of PH. We have been and continue to contribute to open source initiatives. It is our intention and policy to fully comply with all agreements we enter into. KS is only a beta and only available in this forum to forum members only. So its not a public release yet and its not been "propagated" yet. I can assure you that as soon as the "propagation" starts, we will make sure to put all relevant code in relevant places for public consumption.

Like I said, you have done excellent work and our confidence to use your code is a testament to that.

PS:I also sent you a PM.

Melih

I suspect that soon or later Process Hacker will include Comodo DACS.

[Tarnak]

Quote:

Originally Posted by lordraiden

Right click on the unknown process, propierties, and then go to "verdict" tab, but I'm not sure if the DACS is completely up right now, they must be working on it, still beta.

.......

I suspect that soon or later Process Hacker will include Comodo DACS.

Thanks for pointing me the right direction....

It is past my bed time...I will look more into it further, after I get some sleep...thanks.

[cocopara]

So melih responded and clearly stated that this product is in BETA hence no source code will be distributed. However once in FINAL release he will distribute the code to where it is appropriate (Such as Open Source Communities).

~ snipped comment ~

[sded]

LOL though. Melih got caught! The references from lordraiden make pretty funny reading. I can't tell if Melih even made a donation to the Process Hacker Source Forge guys, and thanked him for Comodo using it. At least there was one pissed off author angry because of Melih taking all the credit and not mentioning the source, with Melih then apologizing profusely. Or maybe lordraiden can tell us that Melih followed the usual protocol of donating money and thanking the authors for the use in advance, and that not including them in the announcement was an oversight causing excessive praise by the fanboys for Comodo only. And I wonder what is in Killswitch DACS that Melih doesn't want to release in accordance with GPL, but keeps using different phrases instead. More self inflicted intrigue.

[Brocke]

Quote:

Originally Posted by sded

LOL though. Melih got caught! The references from lordraiden make pretty funny reading. I can't tell if Melih even made a donation to the Process Hacker Source Forge guys, and thanked him for Comodo using it. At least there was one pissed off author angry because of Melih taking all the credit and not mentioning the source, with Melih then apologizing profusely. Or maybe lordraiden can tell us that Melih followed the usual protocol of donating money and thanking the authors for the use in advance, and that not including them in the announcement was an oversight causing excessive praise by the fanboys for Comodo only. And I wonder what is in Killswitch DACS that Melih doesn't want to release in accordance with GPL, but keeps using different phrases instead. More self inflicted intrigue.

very very good point

[jmonge]

yes indeed