Prevx vs. COMODO IS - Keylogging

You dont need to create anything, a lot of malware can be found in MDL pe, you can use VM so you will not risk your personal data, but you are a security expert so you already knew that.

Because you are an expert you already know that the test that MRG are doing basically consists in a tool that hijack services.exe and capture the information when is being sent.

So if you run the MGR tool with Comodo:
Inside the sandbox nothing happens the app is blocked silently.
Outside the sandbox the app will be blocked by D+
Anyway The MGR app still will need to connect to internet to send the information so the firewall will block it also.
All this taking into account that the behaviour isnt detected by the AV.

The banking protection is not nothing special. Is not a new science.
In order to steal you bank account details your computer have to be infected by a malware that will hijack your broswer, it will steal the information and it will send it to internet.

 

In other to change the DNS settins in the computer you need to be infected.
D+ will alert you if any app tries to change the DNS

Can you proof that you can steal loging details in a computer with comodo without any prompt?

You dont need to storage your passwords in the broswer there are a lot of free tools to save the passwords encrypted.

All this kinds of protections that SO offers are usefull if you are already infected.

Can you show me how to infect a computer with Comodo please?

SO is a great tool if you computer is infected but will not prevent the infection

 

No security solution is perfect and Comodo is a security solution and thanks to Socrates and classical syllogisms that would lead to the conclusion that Comodo is not perfect. I'm not about to go on a vendetta against Comodo as that would be inappropriate but please don't be misinformed by any vendor that they are a silver bullet. Prevx certainly isn't, Symantec isn't, McAfee isn't, and Comodo isn't.

 

Ok, you couldn't, you said before that you can bypass Comodo using your keylogguer and now you can't.

I'm sure that Comodo is not 100% bullet proof, and I never said that SO was a bad product.
But, in my opinion, and this is what the people dont want to understand that it's just my opinion, no the total truth, SO will not help that much, and as we can see in the MRG test you can get other solutions for free with better results than SO.

 

No, I said I wasn't about to go back and forth - we have tested Comodo against keyloggers which can bypass its protection, as have other third party testers.

Ehm? SafeOnline has passed all MRG tests... Could you please direct me to where these supposed products that perform better than SafeOnline?

 

guest, heres your keylogger lol.

 

I said with better results, SO has a yellow dot.
I didnt say that SO has not passed

 

I can only see a text file and seems to be the panacea...

 

OT: for classical syllogisms thanks to Aristotle.

 

I've asked MRG what the reason for this was and it is because Prevx 3.0 is now blocking the threat heuristically before it installs and showing the warning to the user on installation. However, even if the threat was to get past this layer, SafeOnline is still protecting against it.

I believe SafeOnline is the only product which now covers both sides of this, they didn't anticipate the behavior and will now be changing the report to possibly have a fourth level which says that it both detected the file pre-installation and even if the threat was to get past the malware detection, it is still fully circumvented.

Thanks - I apparently need to re-read my philosophy textbooks

 

My wife regards me as an 'expert' if I can fix a problem on her PC, but that's as far as it goes. I have no experience of (or desire to engage in) malware testing, and my security knowledge is limited to tweaking XP and installing some useful security apps.

This is your opinion, but my understanding is that MRG are not giving away any details of how their tool actually works.

On the contrary, I think that PrevxHelp's patient and detailed reply to your post above eloquently illustrates some of the special features that the Prevx team have introduced to make SafeOnline work as it does. It's a product that specifically addresses the critical issue of online-banking security, which is of concern to the OP in the first post of this thread.

It's up to Commodo to address the kind of security issue raised by Kylie1420 and to provide their users with the level of browser protection that Prevx currently achieves. They may well be able to achieve this, but there doesn't seem to be any hard evidence that the necessary protection is there at the moment for the OP's online banking from Comodo alone.

 

If you would pay more attention to the report you will see some useful screenshots.

He have not proof anything yet, is a source code.

 

After I read through this thread I feel much better and not to worry about keyloggers or losing my online banking credentials through some unknown malwares. All I need to do is just use Windows SRP, any 3rd party HIPS, anti-executable programs or a security application that either silently blocks any untrusted programs or prompts me when such programs try to run. The (unnamed) perfect security suite I can use will have no problems tackling leak tests and will pass 100% as I always choose to disallow unknown programs from running in the first place. End of all leak tests with 1 layer of protection. Unfortunately a lot of users out there whose machines get infected with rogue programs don't make the right choice before running them.

 

lu chin agree with you man

 

What do you mean i don't have any proof? source code is the best form of proof

 

I’ve tried to stay away from this thread, but you have made it impossible for me.

First of all where do you get the idea that MRG Simulator can’t bypass Comodo? What, Comodo told you and you believed them? Sorry mate, but that is not how it is.

I would advise you to stop passing “expert” opinions on subjects you are not familiar with; it can cause damage to others who may follow your advice.

Without having a clue how our simulator works, you said that Comodo can’t be bypassed:

Is this really true?

MRG Financial Malware Simulator VS Comodo

Take a look

Regards,
Sveta

 

LMAO! I'm done watching
yay to MRG ^^
boo to guest...

See ya!

 

I never said that I was an expert, and I wonder why you have hide this fact instead give the proofs months ago.
Only works in paypal? only works with IE?

I think that you are not using the proactive configuration, you didnt show the half of the important settings.
You didnt show the network security policy, and you are manually allowing your tool to have access to internet if you are using the Proactive configuration that can be choose during the installation.

 

Any security software can be. I saw "user" bypassing Comodo by allowing it (clicked several times to allow various prompts). Can you make it not react to your simulator? Not to detract from the fact that sandbox is leaking. Hopefully it will be fixed in further builds

 

Can you run the test again and block rather than allow on the red D+ window? The text was blurry and hard to read, but it appeared you allowed something that probably should have been blocked.

 

yes i saw it too in the first alert but the first alert it's the installer isnt it?

 

The first alert was sandboxed, but a little later a D+ alert comes up, which the user allowed.

 

no wonder it fails he suppose to hit denny

 

Program tries to run with elevated privileges and is an Unknown Publisher to Comodo, that is not enough for us to have a reason to click on Block.

We have tried to install many safe and known applications with Comodo Internet Security running in the background, in 150+ cases we got identical warnings from CIS as we get with the simulator. So why should we hit Block?

It is obvious that CIS can't distinguish Safe from the Unsafe applications in many cases, it only detects the behavior which ,unfortunately, is not enough.

Regards,
Sveta

 

That depends on the user. In the hands of a smart user, CIS provides awesome protection. I do not recommend it (or any HIPS program) to someone that won't be able to tell known programs from unknown.