Comodo CIS)Dead?????? Who knows more ???

https://forums.comodo.com/news-anno...rity-2020-v12228012-released-t126945.510.html

DeathCat
Re: Comodo Internet Security 2020 v12.2.2.8012 Released
« Reply #516 on: Yesterday at 06:09:22 PM »
Comodo Group will release a new CIS ? http://forums.comodo.com/Smileys/default/wink.gif
Project CIS is dead. There will be no more CIS releases.
Yesterday at 06:49:33
This is the truth of life.
Yesterday at 07:30:15
Remember how all of Comodo's other personal products died. At first it was quiet, and then they stopped updating. The theme of the CIS in the coffin for 2 years. Here's proof, or are you waiting for Melih and will officially announce)))

 

It's not dead. Melih confirmed development will continue:

Melih:

 

Topic: Questions regarding development of CIS (Read 757 times)
September 07, 2021, 11:50:08 PM
https://forums.comodo.com/news-anno...s-regarding-development-of-cis-t127440.0.html

 

@cruelsister in shambles

 

I don't think CIS is dead. There are bugs that date back many versions that can be fixed, and they can call it a new release ( for those who think new releases are necessary 2 or 3 times a year). They can change the UI (for those who think they need the latest, super dooper classy UI) and issue it as a new release.

Fixing the persistent, long term 'bugs' is the most important. The UI is just window dressing.

 

Hey guys! I decided to play with comodo again.

I don't know when it came out, but a program update for CIS free came out sometime this year.

The build version is still the same, but upon purging invalid entries from the locally stored whitelist, several of the files that are part of the installation were replaced.

Also, there's not much you can do to improve a whitelisting application, all you really need to do to maintain it is to make sure it's still compatible with the platforms you release it on. And with a sandboxing application, same thing

 

IMO, Comodo was foolish in coming out with an AV. There are plenty of good AVs. Not so for Firewalls. Comodo's Firewall+sandbox is superb, and stands alone in that respect.

 

One complaint I've always had about comodo is that they're very slow to add new entries into your blacklist and they're very slow to add new entries into their whitelist. And very slow to remove mistakenly whitelisted malware from their whitelist. They're also very slow to fix bugs that many people are reporting.

Of course there's things you can configure in comodo to not have to worry about those issues with their databases, but my point is, there's a lot they could do to make their products, the communication with their customers and free-users and their company better and they just won't do it.

SecureAge and Dan of Voodooshield on the other hand were both very good about listening when I told them about problems with their products and they were very fast to fix those problems once they tested it themselves and figured out what was wrong.

That's why I was such a loud advocate for SecureAge and VoodooShield.

Comodo is great and even government-made malware is stopped by it....but only if you know how to configure it...and if comodo causes a bluescreen because of any piece of your hardware, you're out of luck because comodo will never connect you with anyone who can actually help you.

You can usually get issues with mistakenly whitelisted malware fixed within a day or less through their forums, but their support in my experience is completely useless.

And speaking of good antivirus companies. Bitdefender and Kaspersky are always on top of the newest categories of malware and bitdefender at least is quick to get to the bottom of any issues you're having over a live chat.

Getting in touch with someone at Kaspersky usually takes 24 hours or more.

And getting in touch with someone at comodo who can help with any bluescreens or anything that comodo does to make your system unbootable like it did on two of my machines over the years...is like pulling teeth.

I'll still try the new version of comodo when it comes out,

So I would personally recommend something that gets a super high detection rate, something that consistently does very well at protecting the system in antivirus tests to go along with VoodooShield and SecureAge catchpulse

But catchpulse needs to be installed without the scanners for best compatibility with that other thing you're using.

 

Can you still download the free version of Comodo AV? I mean with both the firewall and sandbox? I recently saw a video made by Cruelsister, so I got interested again. She showcased how ransomware was easily neutralized by the sandbox, but this can also be done by Sandboxie of course. And I read that Comodo has now changed its name?

 

A good place to get it easily would be at the Major's:

https://www.majorgeeks.com/files/details/comodo_personal_firewall.html

And as you noted, SBIE would do a marvelous job containing the malware; however the difference is Sandboxie is manual containment of malicious files, whereas CF is automatic.

 

Yes correct, I have asked for an auto-containing feature in Sandboxie. I never really liked Comodo, but this feature is kinda cool. BTW, it doesn't seem to be the full installer on MajorGeeks and I see that it's ad supported, what's up with that? Also, I see that Comodo Cybersecurity is now named Xcitium. But I assume this won't affect the consumer versions.

https://en.wikipedia.org/wiki/Comodo_Cybersecurity

 

Like Rasheed said, he suggested an automatic feature. And this was the reply of David (sandboxie plus dev)
https://www.wilderssecurity.com/threads/sandboxie-plus-1-7-1.450204/#post-3130898

 

I've pretty much stopped malware testing for Imaging research but i must say i found nothing more formidable than CFW for trapping everything & anything in it's virtual cage upon launch and beyond. Plus i undergird Comodo FW capability while in Shadow Mode with Shadow Defender.

Nothing not even the most cagey of the big shots ever lodged or hid anything once trapped.

 

It's no surprise since both Comodo and Sandboxie run apps with low privileges and also make use of file system and registry virtualization, so most malware doesn't stand a chance, it's quite powerful technology. Unless malware manages to find a hole in them of course.

 

I didn't quite understand the response from SB. First off, the majority of current malware are unsigned, so that doesn't apply. Also even those that have a certificate are not blindly allowed.

 

This is not quite right, at least the last time I checked (2021) Comodo was using a mini-filter driver, registry callbacks and obCallabacks, but was running the process under its regular token, including processes started as admin with an administrative token. Which means that a malicious application can unhook the user-mode hooks (as discussed here https://www.wilderssecurity.com/threads/cybergenic-shade-sandbox-tool.380371/page-10#post-3018623) and issue RPC requests to administrative windows components without oversight.
There is no documented mechanism in the windows kernel to prevent this, granted, mostly this can only be abused by processes which are run elevated, but Comodo allows for this putting the user into a false sense of security.

 

Well there are a couple reasons why blind trusting in CA's is a bad thing.

For once it depends on what you define as malware, to me google chrome's signed software_reporter_tool.exe is malware, plain and simple 100% properly signed google spyware.
(https://support.google.com/chrome/a...ontrol-back-over-this-unwanted-software?hl=en)

Second, the approach of associating trust with signatures is harmful for open source and can lead in the long run to systems where users will be unable to run unsigned software at all.

So from my point of view you can't trust signed stuff if you value your privacy anyways, and at the same time unsigned things are not automatically untrustworthy.

Hence my suggestion to thread everything as un trusted and let the user pick which developer's (even self signed) certificates to trust and which not.

Or let me phrase it like this:
signing stuff, fine
trusting a signature authority, hope the only authority on my system is me and me alone.

 

This is certainly not the place for a sandbox battleground, but where does the blind trust by C for (seemly) valid certs come from? I did a few Magniber videos a while back that at the time had certificates that were, at the time, deemed legitimate and were not revoked by the signer for a few weeks. Microsoft was oblivious to this while CF blocked the actions as the file was not previously vetted.

And please understand that I have no issue at all with SB! It is a fine application and if used properly will protect well.

 

Well that's how the feature was requested:

 

Yes I know, we discussed this a while back. You're not exactly impressed with Comodo's implementation and consider Sandboxie to be more secure, I'm sure you're right about this. I haven't got a clue if processes that are running inside Comodo's container run with limited privileges, perhaps Cruelsister can answer this. I do know that Comodo is probably good at virtualizing file system, registry and IPC, same goes for Sandboxie.

To clarify, I don't know how Comodo decides which file should be run in the sandbox/container, I figured it looked at digital signatures and some other stuff, but Cruelsister can probably tell more about it.

BTW, I saw your latest video about RAT's being contained by Comodo. I assume a tool like TinyWall would also block outgoing connections, right? Or did these RAT's try to bypass firewalls with code injection? Also, what is the name of the original song from this video? I love music from the 80's and 90's.

 

The song "Don't Dream It's Over" was originally by Crowded House from 1986. This cover (which I actually prefer as there is beauty in minimalism) was from last year.

 

Hey now!
youtube.com/watch?v=J9gKyRmic20

comss.ru/page.php?id=15

So many choices, Comodo Firewall, Sandboxie,
and Shadow Defender. Egual, Pluses and Minuses.

Xcitium AEP and Kaspersky AEP together.

 

you can also download comodo IS, FW and AV on comodo forums, but you may need to do a program update to have those new files I talked about above.

 

Well...There were some leaks, communication between hackers at one of the alphabet organizations that were talking about which antivirus is the easiest to bypass. Not so sure what the rule about cursing is on here, so I'll just say that these guys communicating with internal emails were very upset that they could NOT get malware onto a windows PC protected by comodo no matter what they tried.

I would imagine that voodooshield set to always on and with the auto-deactivation turned off is the same way.

There was one version of comodo that would allow all processes launched with "system" integrity, but that version of CIS/CFW/CAV is long gone. Those boogeymen called it "a gaping security hole of doom"

 

Actually, comodo...or Xcitium as they're known now has a history of mistakenly whitelisting malware and even adding digital signatures of scam software to the whitelist.

That guide you posted on how to remove the majority of the entries from the local vendor list is awesome at preventing that kind of software from being installed.

Oh and...there's a lot of malware out there that has a signature now. And several years ago, verisign got hacked and there was a lot of malware going around with valid and verified digital signatures from verisign.

A digital signature isn't enough to go on in a lot of cases. I refer to a digital signature as a "glorified name tag"