Comodo KillSwitch

DACS' ethics aside I'm going to go on a limb to say that KillSwitch is a fantastic tool, of course NOT in the hands of a beginner.

Pros (as far as I can see for now):

• Portable, no installation necessary.
• Ability to analyse a process all the way to infinity. .
• Ability to upload processes directly to virustotal or virusscan.jotti for a second opinion, beside Comodo's own, obviously. .
• You can "terminator" a process at a time.
• A user can terminate all unsafe processes at once. Quite invaluable for online banking. Somehow, similar to DefenseWall's own online banking mode.
• Rate all processes and gives them a rating of safe, unsafe, or unknown.

Con(s) Thus far:

• Unable to display hidden processes on a 64bit computer. . At least for now.

I think this is a great product to the quality and effecient level of ESET Sysinspector.

What do you think guys?

Thanks.

 

Speaking of ethics, does Comodo give credit to Process Hacker where they got the basic program (Source Forge-Open Source) with most of the capabilities and added some AV related stuff (items 3 & 6)?

 

Bla bla bla, ethics



Is this another thread to cry about Comodo without any proof?
Are they doing something ilegal? have you paid for KillSwitch?
Have you spend 1 minute to finding those important credits or you just wanted you say something bad about Comodo without having any idea what you are talking about?
And as Melih says if Process Hacker devs want to add DACS or any other security company they only need to ask for it, and they will get it.



Coming back to the topic, IMO KillSwitch is a basic tool when you want to clean an infected computer, very easy and powerful at the same time with results for the unknown files from 40 av's, a very fast way to check any pc. Also very useful to check if there is any active infection in your computer.

For now seems that KillSwitch is the only app able to use DACS, CCE for now just uses Comodo AV and Comodo Cloud+CIMA

 

Actually I don't have a copy of Killswitch, just read about it here, and didn't know the answer. I am also a Process Hacker user. Comodo often licenses and treats products (including CTM, for example) like they invented them. Good on them, and I hope they gave a generous donation to the guys at Source Forge. OP brought up ethics as an issue, btw, and gave all credit to Comodo. And trying to find any real story on the Comodo forum is a waste of energy with all the misinformation floating around. Thanks for the additional information. And Merry Christmas; take the rest of the day off.

 

KillSwitch is killed if an exe killing rogue is active. A simple rename to firefox get's KillSwitch up and running and does seem to do OK.

 

A few unknowns but most security apps struggle against this malware sample which drops just about everything.

 

Did you wait to the unknown files to be uploaded to see the results of the av's in the propierties?
How much it takes?

You should see something like this:
https://www.wilderssecurity.com/attachment.php?attachmentid=224105&stc=1&d=1293211352

They bought "CTM" (I dont remember the company but it's in Comodo Forum) technology an offered a paid application for free, they are ogre xD You can ask in the forums where they bought the technology behind CTM and they will tell you is not a secret.
Actually all the information is there in Comodo forum, if you dont find something, probably the same CEO of the company or a developer will help you.

 

http://forums.comodo.com/comodo-cle...ta-released-t66867.0.html;msg470907#msg470907

Melih's words and actions do not go hand by hand.
He is accusing the other companies that do not want to share their work (virus database) but takes an open source program and what he does? Keeps the code for his company only.

And we, the end users, have to trust such a company and it's trusted volunteers? ROLFMAO

Happy Christmas everybody,
Panagiotis

 

I'm expecting an answer too, they know what they are doing probably you just have to request the source code to get it.
But is easiest criticize without waiting to the others to give an answer.

 

*

http://www.gnu.org/licenses/gpl-faq.html

Panagiotis

 

I know that, I have already request an answer about this issue in Comodo forums, if they dont release the source code as soon as they come back to work I will be the first one to criticize them.
I'm sure that they know what they are doing.

 

Lord,

they already know about the gpl license. This is why, they used wj32's exemption from the gpl license about dynamic link libraries...


Panagiotis

 

Shows "Analysing" before final report.

Have you actually ran it against any malware?

 

Yes but I haven't been able to get any report from DACS, maybe the servers are down or I'm doing something wrong.

If they used the exemption for the dll thing to add DACS, then is legal, they just need to release the source code of the rest of the program. At least this is what I understood, maybe I'm wrong and you can clarify this to me.
I guess that Comodo need to protects the source code of DACS somehow, although they are willing to share it with other security companies.

 

you are wrong, they wont release any sourcecode.
What about killswitch ? just dl processhacker.

 

You understood correctly. I did not question it's legality...

Panagiotis

 

I haven't bothered with the scans...just had a look at Killswitch. Nothing untoward revealed.

 

Have you gotten any veredit from DACS for the unknown files? (I know they are safe)

 

Where do I look for that? Not sure what you mean...do I have to do a scan?

 

Right click on the unknown process, propierties, and then go to "verdict" tab, but I'm not sure if the DACS is completely up right now, they must be working on it, still beta.




And about the GPL thing this is what Melih says:
http://forums.comodo.com/comodo-cle...ta-released-t66867.0.html;msg471019#msg471019
http://forums.comodo.com/comodo-cle...ta-released-t66867.0.html;msg471020#msg471020

I suspect that soon or later Process Hacker will include Comodo DACS.

 

Thanks for pointing me the right direction....

It is past my bed time...I will look more into it further, after I get some sleep...thanks.

 

So melih responded and clearly stated that this product is in BETA hence no source code will be distributed. However once in FINAL release he will distribute the code to where it is appropriate (Such as Open Source Communities).

~ snipped comment ~

 

LOL though. Melih got caught! The references from guest make pretty funny reading. I can't tell if Melih even made a donation to the Process Hacker Source Forge guys, and thanked him for Comodo using it. At least there was one pissed off author angry because of Melih taking all the credit and not mentioning the source, with Melih then apologizing profusely. Or maybe guest can tell us that Melih followed the usual protocol of donating money and thanking the authors for the use in advance, and that not including them in the announcement was an oversight causing excessive praise by the fanboys for Comodo only. And I wonder what is in Killswitch DACS that Melih doesn't want to release in accordance with GPL, but keeps using different phrases instead. More self inflicted intrigue.

 

very very good point

 

yes indeed