Comodo Defence Plus Bypassed by Zeroaccess rootkit

Re: Comodo Defence Plus Byapssed by Zeroaccess rootkit

Sorry, but I didn't notice there was an actual question in your last post directed towards me. Would you mind repeating it?

 

Hope it,s clear.

 

The weakness of huge whitelists...

 

I think it,s due to digital signatures.

 

Yeah... Digital signatures trust technology...

 

Your observations are partially correct. We don't blindly trust every digital signature though. There are certain conditions under which a digital certificate is ignored. Those additional checks worked on most but not all systems which is why in my tests the sample wasn't able to bypass OA while in your test it was. As I mentioned before though the problem has been corrected with an online update shortly after we found the underlying issue.