Comodo Internet Security 10.x Thread

Discussion in 'other anti-virus software' started by Mops21, Dec 22, 2016.

  1. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,344
    Location:
    Europe, UE citizen
    In fact I never used the Sandbox, and I use CIS only as FW and HIPS, and it works fine. What other freeware choice do we have ?
     
  2. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,344
    Location:
    Europe, UE citizen
    I go on to don't understand the mean of Viruscope now that there is Secure Shopping.
     
  3. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    LR- You bring up a number of good points as usual.

    1). The AV- I have always said that the Comodo AV is at best mediocre. But sadly this must be included as the typical user knows what an AV is but is clueless to anything more advanced. One must then look at the AV inclusion as nothing more than pandering to the masses in order to give quality protecton; I would think that Geeks like us would realize this.

    2). Sandboxed applications- version 10 has actually made great strides to minimize these, but as you mentioned an unsigned game will be sandboxed. This should come as no surprise as the application is unknown and could easily be malicious. What is surprising is that a person would assume it is safe and run it anyway.
     
  4. guest

    guest Guest

    The botton line is, you don't need a HIPS, if is not good, don't execute it, you don't need a popup to say yes, is false sense of security
     
  5. guest

    guest Guest

    I'm quite aware of the layered protection, default deny, and the situation of the AV industry. I started to use comodo when it was just a firewall.

    So a game/software with a valid cert shouldn't run on my computer just because comodo doesn't have it in its whitelist? ...
    On the other hand there are many files not signed that comes with famous valid software that are virtualize or not recognized by comodo.

    Is a pity that you are assuming that the comodo whitelisting is quite complete and perfect which tells me that you haven't' use it a lot or just in VM with few sofware or Cis alone.


    My point is if at the end I have to take the important decisions for comodo I don't need comodo. And if comodo ability to whitelist is basically based on certs, I don't need it either.

    On the other hand I prefer the most advanced and realistic approach of Voodoo Shield.
     
  6. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,344
    Location:
    Europe, UE citizen
    You know that an exe can hide malicious code, and that malwares have many different forms, times and way to activate..... HIPS needs for this.
     
  7. Mops21

    Mops21 Registered Member

    Joined:
    Oct 5, 2010
    Posts:
    2,731
    Location:
    Germany
    Hi all

    Brand New Comodo Internet Security 10 Hotfix Version is Released !

    https://forums.comodo.com/news-anno...-10-hotfix-version-is-released-t117645.0.html

    With best Regards
    Mops21
     
    Last edited: Dec 29, 2016
  8. guest

    guest Guest

    All the malware have hidden malicious code on it...
    If you think that the optimum way to detect malware in a executable is a HIPS and 10++ popups per file (I guess you are using paranoid mode in CIS, if not your statement doesn't make any sense) is up to you.
     
  9. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,344
    Location:
    Europe, UE citizen
    Naturally. Paranoid Mode. Deny for default and Allow for exception. What's else ? ;)
     
  10. janocheats

    janocheats Registered Member

    Joined:
    Nov 8, 2015
    Posts:
    7
    Location:
    Czech republik (Jirkov)
    It is necessary for CF sandboxed browser or system protection is at the same level ?? And as to retain only some credible supplier in CF? It's not like I'm gradually version 8th.Thanks for the reply.
     
  11. Iangh

    Iangh Registered Member

    Joined:
    Jul 13, 2005
    Posts:
    849
    Location:
    Melbourne, Australia
    After running the scan and setting programmes as trusted I still get some installed programmes running sand-boxed. I know it's easy to then go on to give them a trusted rating, but I don't remember this happening with the previous version. Is there a way to set all installed programmes as trusted?
     
  12. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,134
    A new video from CS.

    Code:
    https://www.youtube.com/watch?v=FoIu3Z2ImO8
     
  13. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    944
    Location:
    india
    CIS is not the program that it was back in v5.There are a lot of unfixed bypasses.Why would you trust a company that gave its digital certificates to malware?
     
  14. NWOAbschaum

    NWOAbschaum Registered Member

    Joined:
    Feb 9, 2014
    Posts:
    222
    Location:
    Germany
    Can u show me one bypass? If u use proactive config i am pretty sure u will almost find 0 malware bypassing comodo.
     
  15. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,134
    I agree. I don't see anything really bypassing Comodo.
     
  16. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    Regarding the criticisms one may see about Comodo: these come in 2 flavors- one, like the esteemed True Indian brought up is about bypasses; the second would be about "bugs". Actually both of these arguments are indeed valid- but only for those that either underthink or overthink the product.

    1). Underthinking- Never Ever (Ever) use CF at default. The default setting has Firewall security on (my video shows why this isn't optimal) and the Sandbox Disabled. With the Sandbox disabled (which is the best part of Comodo), I could breach it easily and often. As can the Pro Testing places that haven't a clue...

    2). Overthinking- Geeks Like Us have never seen a box we feel should not be ticked, nor a Rule that should not be written. Really bad idea! It actually will add nothing to the overall protection that can be achieved and will just increase product dissatisfaction.

    But we can easily forget about the above two points by employing the KISS method (Keep it Simple, Stupid) and use the setting I suggest. And remember that Comodo is NOT a primary AV.
     
  17. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    944
    Location:
    india
    Here it is:
    https://forums.comodo.com/leak-testingattacksvulnerability-research-b55.0/

    The every solution to all this is given to reconfigure CIS.Sorry to burst the bubble but the most of the users won't bother to reconfigure CIS.

    This program needs alot of work and is under-rated because of its scores in AV-tests and mainly because of their failed promises.By the way,AV isn't useless.Everything is as statistically effective.

    And of course comodo has never been that good in this portion.Antivirus isn't no more the thing that you find a malware file and check if you have signature catch it.It has become far more advanced in the past years.Detection technologies,Malware Similarity Search,Detection algorithms and different cloud modules combined with sandbox and BB makes AV relevant again.

    Having been at Avast HQ I can say definately AV is still the main portion of the fight.I do not endorse user dependent decisions anymore,my decisions have changed in the past week after seeing how many times a user keeps clicking the same file even after their AV blocks it.It's not perfect but so is nothing in this industry but atleast things are being evolved.What has evolved in CIS? Nothing!! Just a useless BB and marketing hype that avast did some versions before.

    Not saying that CIS is not relevant.Its a great product for the geeks and people like us but useless for the majority of average users like my dad who will click allow on everything without bothering what it does and users like these don't care if its sandboxed or not majority get so despo to get the file they will go extent of disabling it not understanding what it is exactly saying unless antivirus warning comes in.

    We can try and defend comodo all we want but the truth is there is nothing in CIS that is god.If you are using comodo and want them to improve pressure their devs to change things and work in the correct direction as CIS isnt for the normal users,defending it here won't change the bitter fact that it is just for geeks.Of course!! their fanbase will end up just banning you.

    What happens when a file demands unlimited access and the user is average one and has no idea of anything and allows it.It goes right through.

    I know alot of you here think AV industry is failing but it is not there is far more work being put in rather than just having a "default deny" which again was just a marketing hype CIS isn't default deny since they ask questions for some files and they do NOT deny them completely anyway they run it in the sandbox and again we don't detect it because majority of the malware detects the sandbox and does not launch in it.So its just sitting on your hard drive.

    This is a closed book.CIS was great back in v5 and they have declined since then and their development towards innovation has been stopped and Mellih has insulted too many of us.I was shocked to hear such arrogance from a CEO when someone told me about their experience.
     
    Last edited: Jan 29, 2017
  18. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    TI- Did you go to the Avast Dog and Pony show this week? How was it? I was invited but other commitments precluded my attendance; pity as I love Prague.

    But to some of your points-

    1). I also would never use CF at default. That's why I made an easy setup video. Not hard for a Geek to understand, and that's the audience it is catered to.
    2). Unlimited access and bad decisions- Good point and one I covered at the end of the video. Such elevations can be blocked silently.
    3). As to the relevance of the traditional AV- Google did a study a year or so back that polled Security Experts as to the usefulness of the AV in the current landscape. About 90% admitted that the AV had little value in protecting the system, especially with the advent of virtualization . This finding was confirmed by Symantec itself shorty after. It is a shame Comodo thinks they need an AV (they don't) but that's just catering to the masses.
    4). Yes, some things may indeed remain the the sandbox until flushed or the system is rebooted. But these may often be true zero day malware which the traditional AV is blind to. Would you rather be infected?
    5). Who cares about the Forums or the CEO as neither has any bearing on the quality of the product? Personally I almost never use the Forums, nor do I intend to date Melih (he should be so lucky).
     
  19. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,787
    I think Comodo needs to improve their backend to provide results faster. For a long time they say they are working on it, but I have yet to see any improvements. Comodo classifies a lot of files as unknowns, and they will stay with the status for months until you finally classify them yourself.
     
  20. guest

    guest Guest

    Sorry CS , but Melhi has a huge repercussion on how CIS is developed.

    first, CIS didn't even exist; it was the top-notch Comodo FW (v3 was the version i fell in love with) it was rivaled only by Online Armor Premium; then instead of fixing major bugs rapidly , Melhi wanted to compete (and in same time satisfy his fanboys) and started stockpiling unnecessary features and component (AV, Full Virtualization, virtual desktop, etc...) or renaming/modifying already efficient features like the auto-sandbox becoming a behavior blocker, and even adding useless ones (shopping crap, etc...) , we know the rest...
     
  21. Appaloosa

    Appaloosa Registered Member

    Joined:
    May 13, 2016
    Posts:
    29
    No need for the average user to ever visit the forum . Set as cruelsister recommends and forget. If my 10 and 12 year olds can function without problems it might be foolproof. Going on 2 years by the way with no need for comodo forum if they are bugging you ,you are way to involved!
     
  22. guest

    guest Guest

    And don't forget the dozens of useless security apps, utilities and browsers that has been developed over time and now are half done or abandoned
    You just need to look at the forum sections to notice some of the products, while other are not in the forum because they have disappear.
    https://forums.comodo.com/
     
  23. avman1995

    avman1995 Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    944
    Location:
    india
    Shucks!! Would have been great for us to have you there.We could have discussed alot more detail and we could have done some hardcore suggestions on detection and prevention.Unfortunately I was among the "few" who spoke about it.

    We could have really made a impact together.I would still love to meet the person behind these tests and posts.Anyway,I still continue to raise my concerns on their program and they haven't bought me yet until i am convinced IDP is working. :p

    By the way,the normal user wouldn't know about your videos and they won't bother anyway.Just my Experience.

    You still have it wrong my friend antivirus is necessary as not everyone is a geek like you guys.AV is just as statistically efffective.Not just the antivirus engine but the whole product with all its additional technologies and cloud is effective.

    I am not sure how google researched this but if they just ran it against a set of AV engines they are wrong and again no specification of the test bed itself.

    Have you read:
    https://threatpost.com/broken-2013-java-patch-leads-to-sandbox-bypass/116757/
    https://www.trustedsec.com/may-2015/bypassing-virtualization-and-sandbox-technologies/
    https://blog.kaspersky.com/tag/sandbox-bypass/

    About 15 years ago, when the antivirus industry was quite young, there were far fewer competitors in the anti-malware space. Most antivirus firms at the time had a couple of guys in the lab whose job it was to dissect, poke and prod at the new crimeware specimens. After that, they’d typically write reports about the new threats, and then ship “detection signatures” that would ostensibly protect customers that hadn’t already been compromised by the new nasties.

    This seemed to work for while, until the smart guys in the industry started noticing that the volume of malicious software being released on the Internet each year was growing at fairly steady clip. Many of the industry’s leaders decided that if they didn’t invest heavily in technologies and approaches that could help automate the detection and classification of new malware threats, that they were going to lose this digital arms race.

    So that’s exactly what these firms did: They went on a buying spree and purchased companies and technologies left and right, all in a bid to build this quasi-artificial intelligence they called “heuristic detection.” And for a while after that, the threat from the daily glut of malware seemed to be coming under control.

    But the bad guys didn’t exactly take this innovation laying down; rather, they responded with their own innovations. What they came up with is known as the “crypting” service, a service that has spawned an entire industry that I would argue is one of the most bustling and lucrative in the cybercrime underground today.

    Put simply, a crypting service takes a bad guy’s piece of malware and scans it against all of the available antivirus tools on the market today — to see how many of them detect the code as malicious. The service then runs some custom encryption routines to obfuscate the malware so that it hardly resembles the piece of code that was detected as bad by most of the tools out there. And it repeats this scanning and crypting process in an iterative fashion until the malware is found to be completely undetectable by all of the antivirus tools on the market.

    Incidentally, the bad guys call this state “fully un-detectable,” or “FUD” for short, an acronym that I’ve always found ironic and amusing given the rampant FUD (more commonly known in the security industry as “fear, uncertainty and doubt”) churned out by so many security firms about the sophistication of the threats today.

    In some of the most sophisticated operations, this crypting process happens an entirely automated fashion. The bad guy has a malware distribution server or servers, and he signs up with a crypting service. The crypting service has an automated bot that at some interval determined by the customer grabs the code from the customer’s malware distribution server and then does its thing on it. After the malware is declared FUD by the crypting service, the bot deposits the fully crypted malware back on the bad guy’s distribution server, and then sends an instant message to the customer stating that the malware is ready for prime time.

    Crypting services are the primary reason that if you or someone within your organization is unfortunate enough to have opened a malware-laced attachment in an email in the first 12-24 hours after the bad guys blast it out in a spam run, there is an excellent chance that whatever antivirus tool you or your company relies upon will not detect this specimen as malicious.

    In short, as I’ve noted time and again, if you are counting on your antivirus to save you or your co-workers from the latest threats, you may be in for a rude awakening down the road.

    Does this mean antivirus software is completely useless? Not at all. Very often, your antivirus product will detect a new variant as something akin to a threat it has seen in the past. Perhaps the bad guys targeting you or your organization in this case didn’t use a crypting service, or maybe that service wasn’t any good to begin with.

    In either case, antivirus remains a useful — if somewhat antiquated and ineffective — approach to security. Security is all about layers, and not depending on any one technology or approach to detect or save you from the latest threats. The most important layer in that security defense? You! Most threats succeed because they take advantage of human weaknesses (laziness, apathy, ignorance, etc.), and less because of their sophistication.

    Antivirus has to evolve. It has been evolving and it will be evolving forever. To evolve you need to invest in it, and no company invests in something they consider dead. To be involved in the creation and development of new technologies and revolutionary approaches to combat malware and fighting cybercriminals is one of those secret ingredients.

    http://www.networkworld.com/article...s-dead-long-live-the-new-and-improved-av.html

    This is a cat and mouse game.So I beg to differ.

    Thanks,
    True Indian
     
    Last edited: Jan 30, 2017
  24. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    @cruelsister I watched the CF setup video. Maybe I missed something, but do you disable Web Filtering and Viruscope?

    Edit: OK I saw you already answered that: 'But the system impact is virtually non-existent so why even bother to shut them off.'
     
    Last edited: Jan 31, 2017
  25. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    1,649
    Location:
    Paris
    Paul- Yeah, although I see no real value in the Comodo AV, there is also no real need to disable it; the same is true for the website protection. There reason I say this is that for the first 3-4 weeks I installed CF10 on a VM which I set up to mimic the biggest POS computer system that can be imagined (single CPU, less than 2MB RAM). Even on this system I saw no impact at all with these components on or off. So as the great Greek Philosopher Esophagus states: Even a Blind Squirrel finds a Nut Sometimes (OK, maybe I have that quote and philosopher wrong, but you catch my drift...). I also so no incompatibilities with any concurrent added AV's- but the only extensive runs I did were wih Qihoo and Avast.

    TI- I'm glad that you enjoyed the show. It would have been fun to hook up with you- we could have discussed malware while you came with me shopping! I still am surprised that Ondrej wanted to pay my way out there as I've done nothing but bash their product in the past. I really speaks highly of them.

    Anyway, about the traditional AV. You are 100% correct- calling it useless is going way over the top (and not true); for in the absence of anything better a good AV will be of much importance. Normal justification for their continued use are banalities like "We've been using it for a long time and never got infected" and/or "What's the chance of coming across a true Zero-Day". I want to scream ever time I see/hear these comments, as all should always consider worst case scenarios and set up a security system that will cover for these eventualities.

    As an example, in my former position were employed past Blackhats who crossed over into the light. As they already had some cachet on the darkWeb, their goal was to monitor new malware in development and acquire it before release. When we go one, it was a game for us to bet on the time of first detection. Although this T2D (Time to Detection) was directly proportional to how widespread the initial malware distribution was to be, the record was from Kaspersky and Qihoo at about 7.5 hours (some moron somewhere sent it to VT), but the majority was in the 24-36 hour range. I'm sure you can agree that for an Enterprise going 24 hours essentially naked is sub-optimal.

    Even worse are State Sponsored targeted spyware (like Mirage and Glass), which were undetected for long periods of time (years), all the while sending pilfered data back to Mama.

    So to conclude, AV's are not pointless. But for proper security other answers must be sought.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.