2 tests that even Comodo fails...

http://forums.comodo.com/leak_testi...ce_against_shut_down_protection-t19452.0.html


http://rapidshare.com/files/90767913/restart_system.exe.html
http://rapidshare.com/files/90768029/force.exe.html

 

"Even Comodo" ? LOL

OA easily stopped the first test. Asked about "restart system wants to shutdown your system". Once blocked does nothing.

Cannot check the second test -- my rapidshare free limit exceeded. Can anyone provide another link to download it ?

Edit: the same story with second test. Stopped with the same alert.

 

Outpost Security Suite Pro stopped both of those. First blocked as Executable unknown, second blocked as malware "RiskTool.Shutdown.I" (trojan)

 

Taking in account results we have the subject should be rephrased, I think. The word "even" has to be replaced by "only" ?

 

thanx

 

I'm not fully understanding this, but I take it that RapidShare is a site that will load malware on your computer if you choose to download and use the program. It is not a trustworthy site and should be avoided even if you are a paying customer. I don't use RapidShare, but what exactly is the "test".

 

AV scan showed nothing suspiciouse. Then I logged to my test VM, started "test", OA asked about either it is allowed to run, then it alerted the "test" wants to shutdown my system. At this point I clicked "block" and nothing else happened. This is all I can say about the "test". Or to be correct about the both tests. Then I restored VM image (just in case)

 

Rapidshare is a site where you can upload files for others to download. Someone (the OP?) has uploaded two files that can be used to test firewalls. Rapidshare has nothing to do with the actual test, they just provide a service to store files online.

regards,
T

 

Thank you, now it makes sense!

 

Sandoxie did not pass "restart.exe" but is it supposed to?
I tried it on Vista. I started restart.exe in Sandboxie. UAC detected that it was trying to do something administrative, as it should, but I allowed it and it did shut down windows.
These are not actual malware as I understand it? I guess thats why for example Avast didnt react...

 

Actually, this is not a malware and nothing wrong can be done with shutdown. This is just a question of consistency. For example, in OA advanced program settings there is an option "system shutdown" Ask/Allow/Block and so I expect that OA can detect and prevent shutdown attempts. Sandboxie seems to be not supposed to, but this is really not a problem in case sandboxie doesn't have such option.

 

In the past OA was not able to stop these, don,t know now. See my thread:

https://www.wilderssecurity.com/showthread.php?t=187831&highlight=HIPS

 

In the past there were different times. But this is history now.

 

And Avira WebGuard blocked access to both files...

 

Ailef says nooooooo.

 

Ailef does not see a difference between priviledge elevation and shutdown API call. This is a picture of Comodo intercepting priviledge elevation attempt. But almost any account under NT system can have this priviledge without elevation, so elevation block will not help. And there, in the very first link of this thread Comodo developer explains it clearly. Yes, they intercept priviledge elevation, but they fail to stop shutdown.

I trust developer much more than Alief, who does not understand the very basic things about NT platform.

 

Interesting. I missed ur earlier post.

 

Agreed 100%