2 tests that even Comodo fails...

Discussion in 'other firewalls' started by CoolWebSearch, Apr 9, 2008.

Thread Status:
Not open for further replies.
  1. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,211
  2. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    "Even Comodo" ? LOL

    OA easily stopped the first test. Asked about "restart system wants to shutdown your system". Once blocked does nothing.

    Cannot check the second test -- my rapidshare free limit exceeded. Can anyone provide another link to download it ?

    Edit: the same story with second test. Stopped with the same alert.
     
  3. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    Outpost Security Suite Pro stopped both of those. First blocked as Executable unknown, second blocked as malware "RiskTool.Shutdown.I" (trojan)
     
  4. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    Taking in account results we have the subject should be rephrased, I think. The word "even" has to be replaced by "only" ? :)
     
  5. xandros

    xandros Registered Member

    Joined:
    Oct 30, 2006
    Posts:
    411
    thanx
     
  6. BuzzStone

    BuzzStone Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    163
    I'm not fully understanding this, but I take it that RapidShare is a site that will load malware on your computer if you choose to download and use the program. It is not a trustworthy site and should be avoided even if you are a paying customer. I don't use RapidShare, but what exactly is the "test".
     
  7. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    AV scan showed nothing suspiciouse. Then I logged to my test VM, started "test", OA asked about either it is allowed to run, then it alerted the "test" wants to shutdown my system. At this point I clicked "block" and nothing else happened. This is all I can say about the "test". Or to be correct about the both tests. Then I restored VM image (just in case) :)
     
  8. Teknokrat

    Teknokrat Registered Member

    Joined:
    Apr 20, 2007
    Posts:
    95
    Location:
    First Life? (Sweden)
    Rapidshare is a site where you can upload files for others to download. Someone (the OP?) has uploaded two files that can be used to test firewalls. Rapidshare has nothing to do with the actual test, they just provide a service to store files online.

    regards,
    T
     
  9. BuzzStone

    BuzzStone Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    163
    Thank you, now it makes sense!
     
  10. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Sandoxie did not pass "restart.exe" but is it supposed to?
    I tried it on Vista. I started restart.exe in Sandboxie. UAC detected that it was trying to do something administrative, as it should, but I allowed it and it did shut down windows.
    These are not actual malware as I understand it? I guess thats why for example Avast didnt react...
     
  11. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    Actually, this is not a malware and nothing wrong can be done with shutdown. This is just a question of consistency. For example, in OA advanced program settings there is an option "system shutdown" Ask/Allow/Block and so I expect that OA can detect and prevent shutdown attempts. Sandboxie seems to be not supposed to, but this is really not a problem in case sandboxie doesn't have such option.
     
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
  13. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
  14. Technic

    Technic Registered Member

    Joined:
    Aug 31, 2005
    Posts:
    428
    And Avira WebGuard blocked access to both files...
     
  15. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    Ailef says nooooooo.
     

    Attached Files:

  16. alex_s

    alex_s Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    1,251
    Ailef does not see a difference between priviledge elevation and shutdown API call. This is a picture of Comodo intercepting priviledge elevation attempt. But almost any account under NT system can have this priviledge without elevation, so elevation block will not help. And there, in the very first link of this thread Comodo developer explains it clearly. Yes, they intercept priviledge elevation, but they fail to stop shutdown.

    I trust developer much more than Alief, who does not understand the very basic things about NT platform.
     
  17. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Interesting. I missed ur earlier post.
     
  18. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    Agreed 100%
     
Loading...
Thread Status:
Not open for further replies.