Comodo Cloud Antivirus Beta Releases

The latest Comodo Antivirus bits from Tavis Ormandy:


Link: https://twitter.com/taviso/status/703339716779704320

Link: https://twitter.com/taviso/status/702625527501189120

I have a feeling that we have a whopper of a vuln-report on Comodo coming soon (again).

 

COMODO is under a lot of pressure right now - on their forum, on the net.

Melih stated on the forum that DEP\ASLR would be enforced for next version - CIS 9.

I'm sure there is a whole lot of other vulnerabilities to be discovered.

I really like COMODO, but I won't use it. It has a serious "disappearing" rules bug.

 

Well, if we talking about the beta's then I see no ground to complain, just report. We all waiting for a CIS 9 beta to report and test ourselves.

There is also not always a benefit of using DEP/ASLR but people don't know how such things working and want to troll just because other products may use this.

The mentioned twitter guy also re-post just stuff without mention that some or most of them are already fixed. Like the VNC problem or simply not mention that you can uncheck it with the setup - because not everyone need GeekBuddy.

 

Are you referring to the hips rule bug?

 

Yes. Not just HIPS rules, but Firewall and other user-created rules in CIS.

 

I checked the hips rule hours ago and noticed they were gone. Closed the interface and opened it again,this time the rules appeared. The rules in auto-sandbox don't seem to have any issue, they still appear even when hips rule don't.

Do you know whether rules are still active even when they don't show? If they aren't, then that's incredibly major bug

 

Comodo?

 

Yes. They are still active - until they disappear and do not reappear. Everytime I have seen this happen, Training Mode starts creating rules all over again.

In my testing file objects, firewall rules, sandbox rules, etc, etc - have all had the same problem at one point or another.

I tested CIS very thoroughly...

 

Comodo has always been full of bugs and false positives, if you report a bug they get angry. I don't trust them anymore ...

 

I need to correct myself, this feature is not turned on by default, it gives you an option to select trusted signers.

 

Exactly!!!

 

Fully agree with that, Comodo has done enough to be considered "shady", their products and the company itself cant be trusted.

http://www.pcworld.com/article/2887...-tool-privdog-compromises-https-security.html
http://www.geek.com/apps/google-calls-out-comodos-secure-web-browser-as-anything-but-1646373/
http://www.infosecisland.com/blogview/15106-The-Demise-of-the-Antivirus-Industry.html
http://arstechnica.com/security/201...rtificate-fraud-calls-ca-trust-into-question/
http://www.fark.com/comments/8610301/Comodo-goes-SuperFishing

I think no security vendor has ****** *** Tavis Ormandy from Google Project Zero more than Comodo, just look at his Twitter and laugh.

Example:

 

Can we stop saying Comodo sucks, if you not like it simply not use it or provide own stuff and not re-spell the same things other people wrote (especially all of these is outdated and already fixed). On beta products it's normally that there are some bugs, I bet they working on it. It's not helpful to count on this, code yourself stuff and link over here I bet I will find something in the first 60 minutes.

I tested Cloud Antivirus myself and it works well, there is only one bug and of course a little bit false positive but tell me a program which not suffers from that you can't - it's depending on samples and reputation.

 

Yeah I wont use, but ofcourse you are free to install and run in your machine.
Good to see that the Cloud antivirus is working well for you, but I am entitled to have a opinion about security software without needing to be a developer or a security researcher myself.

I dont have the necessary expertise that someone like Mr Tavis Ormandy has, but I can clearly see and judge when something is bad , the Comodo records speaks to itself. The links that I have posted is all about reputation and trust, if you think that it doesnt matter, I can conclude that we simple have different values and anymore discussion would be irrelevant.


Ps: I have a good memory, I cant simple ignore Comodo history, some Wilders members may have this same feeling. (remember Comodo DACS? Kevin McAleavey insights?)

 

That security risk you always talking about is closed, how often you mention it again and again? Should I give you exploits and examples about Kaspersky, Eset fails and over and over say that there are also security related issue in the past which lowers your PC security? Please wake up, nothing is fail-safe, it's a question how fast this gets fixed and the mentioned hole isn't that critical at all because inbound traffic is by default blocked in Comodo, which means even there is this one port open it not means an attacker could sent stuff over this without that you notice it, I guess that was not mentioned in the issue ticket.

Of course it's always about trust, if you not trust then not install it, that's why I not need and use any of such pseudo products, I only test and all I can say it's how good or bad it's working.

So please come the hell down with this, there was critical leaks in all products not only Comodo. 10 second google and you will find critical things in each product, but seems some are more hyped than other because people constantly trolling with this without even knowing that what they talking may need additional things to really get 'risky'.

You malwarebytes product you have in your signature also had recently that leak so what? We could be thankful that Project Zero exist and that some people really test the products and inform that there are possible things that needs to be fixed.

Back to topic now.

 

Very interesting links, thank you.

 

Malwarebytes Anti Exploit (MBAE) isnt Malwarebytes Anti Malware.

I get your point and you are partially right, but things arent so simple, anyway lets go back to the topic

 

Even though CCA looks OK, I have to agree with this, we can't just forget about the PrivDog disaster. I would never advise anyone to install Comodo products. Especially if they are less knowledgeable.

 

So you are saying that this Comodo product final release actually is a final? That means that they have got grip on their quality issues.

Everyone can change. Even Windows Defender slowly turns into a solid AV, so why could not Comodo turn into a solid software development company? So they disabled cross site scripting protection in their Browser, Everyone makes mistakes, big deal

 

Thought about giving CCAV a test drive as a replacement for PCAV, but installer says it is incompatible with existing comodo internet security installation. Kind of figured there would be an issue between the HIPS and sandbox visualization components. But I sort of expect things to be a bit more modular, in the sense that CCAV would use the same HIPS and Sandbox. If they can resolve the incompatibility and fix some of the other larger issues including bandwidth consumption and problems with the exclusion list then I'll consider revisiting this at a later point.

 

Any news on the Ormandy front ?

 

You don't want to hear this. lol

Source: https://twitter.com/taviso/status/708053228001300480?lang=en
https://pbs.twimg.com/media/CdOCqLaVIAAEZAR.jpg:large

EDIT: Also, some interesting conversation has stemmed from one of Tavis' recent tweets, conversation between him and one of the Avast guys.
Link: https://twitter.com/taviso/status/708719788302831616?lang=en

 

@WildByDesign
Thanks mate. What baffles me most is there is not any answer (not even a doubtful one) from comodo to these findings.

About the discussion with the Avast employee, I think Ormandy is exaggerating that part. Really how many people are infected via targeted attacks ? I don't think the number is even comparable to the nontargeted attacks. (Feel free to give any contradictory numbers) This is like bashing seat belts cause they can break people's necks on some extreme cases; it doesn't change the fact they help save lives most of the time.

 

You're welcome.

I agree with you, some of it does seem exaggerating. Although I have a feeling that much of what he was talking about was theoretical for the most part, speculating on the possibilities and whatever might be possible in the near future. But either way, it's good to see patches coming out of this and stronger security software in general.

 

Security soft vendors do it all the time. If, in their estimation, a vulnerability has a very low probability of being exploited, then they will not fix it. M$ even follows this practice.