CIS V5 public beta

Last time I dug through the Comodo bug reports forum I spitted my coffee over my keyboard from laughing, I don't want to do that again sorry, it's a brand new Logitech G9000.

 

Someone obviously has nothing intelligent to add to the conversation. Either that or they don't understand that beta's are supposed to have bugs.

 

Which is why i will wait a while before installing version 5.

 

Yeah I might wait for one more version or update. Even though some are saying that the AV issue has been resolved and its working a lot better.

 

Beta is not meant to be used on your regular use computer. Only on a test machine or virtual machine. No matter how stable its running.

I have tried it on both and so far its working rather well just some minor bugs but the final version should be good. I personally can't wait I really do like this GUI over the v4 GUI. I have tried like 30 malware links on it and none have gone passed it. It's not like I web browse just malicious site so it should protect me very well. This suite along with my common sense should keep me malware free. Might even start recommending it to people who don't know much about computers. If the whitelist is as big as they say it's going to be.

 

Had to uninstall the Antivirus again due to more bugs

I did some testing on my VM today, downloaded 30 .exe's fresh from MDL and tried to run them. They were all sandboxed, detected by the Defense+ cloud as a virus (included an analysis report for each one), and were deleted. All this before it even got to the main Defense+ or Firewall module. A huge improvement if you ask me.

 

What kind of bugs did you find? Was looking forward to testing this after work tonight.

 

Quite a few so far, the main one that made me uninstall the AV is when the Antivirus tosses an error which in-turn freezes the system, a good 'ol yank from the wall is the only way to reboot. The D+ and Firewall are running good though, a few bugs still but I'm liking the new cloud function.

 

In my opinion AV module is now not needed at all with D+ and sandbox (D+ now has cloud scanning which is very nice). This latest beta really works perfect I must say. As for AV I have it installed but I didn't find any bugs with it so I'll keep it.

 

I would guess right now that v5's worst weakness is the whole Trusted/Safe application deal. I've seen a trojan and a rogue pass by everything D+ related since it was verified as safe and trusted.. Hopefully this can be improved

 

Well, yes, but that's why I love Comodo, everything is customizable to the smallest details.
So, you can turn that option off, or delete all Trusted Vendors.
Anyhow, it's still beta and of course, results in VM are somewhat different than in real enviroment.

 

I guess that is what is frustrating for me, I like the convenience of having D+ auto-create rules for true safe applications, but if it is going to completely open up my system to a virus one out of every such and such times I can't see how that would be acceptable as-is. I posted in their forums though so hopefully they can take a look at it.

 

OK, but then again, that's exactly why AV module exists
Even if malware tricks somehow trusted vendors list, it will get cought by AV.

 

For those of you that have experience with CIS V5, I have a few questions about it.

Does CIS V5 have:

1) User configurable HIPS - File and Folder Protection ?

2) User configurable HIPS - Registry AutoRun entries to prtotect, where you can add to the default list ?

3) Is there an option *not* to install the AV component ?

 

3) Yes, there is.

 

In that respect I think that Comodo needs to adopt an approach similar to Symantec and TrendMicro, and that approach is file reputation analysis. Moreover, the fact that an application is signed does not mean it is a legitimate or clean application. And that is where the effectiveness of reputation analysis comes in to play. Overall CIS v5 latest beta is a great improvement and if Comdo keeps improving; therefore, CIS would be a tough suite to overlook.

Please refer to:
http://www.f-secure.com/weblog/archives/Jarno_Niemela_its_signed.pdf

Thanks.

 

Symantec especially seem to have got a handle on the 'trusted file' issue.Reputation based analysis seems to work to great effect from what I've seen.Prevx's age/popularity analysis seems to implement it to good effect also.

 

Why are things like the sandbox off, no treatment "enabled" for Image Execution Control and Computer and Keyboard not monitored by D+ by default?

This is when installing with default settings, FW only ("optimum protection").



Thanks for any answers. It does seem very odd to me unless it's ONLY cause there are known bugs right now for these features.

 

Hi Joseph,

1) Yes, also, you can protect any file/folder you want. And with files, you may protect them with the following if you wish:

Interprocess Memory Access
Windows/WinEvent Hooks
Process Termination (Useful for Panda Cloud)
Window Messages

2) Yes, you may protect either the start-up folder, or registry start-up keys. You can add your own as well.

3) Yes. You may install only the Firewall and Defense+ if you wish. You can customize the setup so that you only use the Firewall without HIPS, or HIPS without firewall...etc.

Cheers!

 

I believe "optimum protection" is the answer, I use maximum protection and everything is ticked by default. Not sure why those would not be monitored or ticked, perhaps that is more suited for the average user, just my guess.

 

That's odd,everything was enabled by default in the last Beta,if I remember right (never a reliable measure).There must be a reason although running pro-active here I can't see any issues.

 

Most of all I thought about the things related to sandboxing. It's like those features only get enabled by default when you install the whole package, which is kinda ironic since without AV functionality you need these proactive features even more.

Anyway, that and I bet D+ monitoring keyboard would be the primary defense against keylogging - all of it just seems like too weak out-of-box settings, and then I don't even know how much "Partially Limited" protects against.


Very odd to me indeed - doesn't make me feel confident at all.

 

The cloud AV that is built into D+ might

 

just wondering how stable CIS5 is? i mean i know there are bugs but are there really any serious bugs or is it stable beta for production machine?

 

Very stable for me. No major issues.