COMODO Internet Security 5.x Thread

Hard to tell. I wish they would choose just a few of their current products and integrate them into CIS -- giving the option to only install the ones you need but having them all in one GUI/ package.

edit: and just so everyone knows, updating seems to be broken on my 64bit version of 5.8

 

Well, BOClean was incorporated into the AV, not installable separately. Seems like CCE will be as well.
That's fine with me, as long as I can keep the real-time disabled and the scans doesn't hog the entire system until completion.

 

BOClean was, apparently, torn to shreds and then incorporated.

Yup. I'm not sure I'd even bother installing it but perhaps.

 

Hmmmmm...How does this updated version fair against then Blackday trojan and GpCode trojan? Anyone...?

 

PM me samples and I'll happily test =p

 

That was fast I'll have to ask Aigle about it since he was the one who did the testing way back or constantine76 ( I heard he facilitated a test for Prevx previously). Have to PM both first as I do not have the samples with me. I'll get back here.

 

Alrighty. I've got an XP 32bit VM with the beta.

 

Please check your PM inbox

 

It will be interesting to see the behavior of this new version against what Aigle has tested before. Previously Comodo failed his testing and he(Aigle) has pointed that out here and in the Comodo forums. This made me switch to OA Premium as I remember in the Comodo thread Re: weakness of the gpCode there was not a solution even with the last 5x version prior to this new one.

Let's see.

PS:

calling Aigle .....

 

I don't know the full methods of testing he used other than that (I believe) it was XP and that he had set Comodo's sandbox to Untrusted. I'll try it on Untrusted first to see if it's infected. If not I'll continue to move towards Partially Limited until I'm successfully infected.

EDIT: CIS 5.8 seems to be broken in my 32bit XP VM.
EDIT2: I may just do Win7 with UAC off.

 

Yeah I read that here take note of Reply 130

 

Well ... since the last thing that Melih can come after me for is now out of his reach, yes indeed. I handed him a wonderful method of protecting (and most importantly CLEANING existing malware) in BOClean, I can offer a guaranteed method to test their effectiveness on ANY malware since all they do on their AV side ("detection") is grab an SHA1 hash of the sample they receive.

PAD the file with some extra stuff past the end so that the SHA1 is different. Voila, not detected.

Had they actually done what I gave them with the code instead of turning their design over to the Chinese, then any diddling would be caught BY NAME of the malware. A generic "suspicious" doesn't count since they FP on pretty much anything that isn't in their "whitelist" ... test them for actual detection and see what happens. (grin)

Only reason why their "detection rate" is as high as it is is because they BUY samples from the testing joints and then SHA1 the samples into their "database." Modify those "in the wild" samples and fail ...

 

That's why I don't use an antivirus =p blacklisting is silly when it's something like a virus and heuristics... maybe one day it'll be better but for now it's going to give you a ton of FP's.

Detection rates don't even mean a hell of a lot, it's easy to have 99% out of a sample pool of millions and it's 0days that account for bringing those numbers down and it's also 0days that account for most infections.

I'm only on Windows for a little bit longer. I just need to get my AOL password back and then I'm switching to FreeBSD.

 

COMODO Internet Security 5.8.199581.2037 BETA Released!

What's new in 5.8 BETA?
At a glance, the following new fatures are the noteworthy changes in this release:
NEW! Strengtened HIPS on 64 Bit operating systems: HIPS has been architected in such a way that now many parts of it are as strong as 32 bit operating systems. Previously, it was possible to bypass some of the protections such as COM interface access etc.
NEW! Seamless integration with COMODO Endpoint Security Manager(ESM): Now any CIS endpoint can be instantly turned into a centrally managed endpoint from the clients! Requires ESM 2.0 and later.
NEW! Antivirus scanning progress: In this release, CAV now can show the percantage of the completed scanning.
NEW! CIS 5.8 has a new UI theme
IMPROVED! CAV realtime scanning performance in Stateful mode

On the BETA roadmap, we plan to introduce a new engine which will reduce the antivirus database size to ~80MB(from ~180 MB)
What needs to be tested?
You are more than welcome to report any issues you find. However we would like your help in testing the new HIPS in 64 bit operating systems against compatibility problems and crashes. Because of the new techniques we used in development, your feedback about the stability of the general operating system as well as compatibility with various applications you might be using is greatly appreciated.




https://forums.comodo.com/beta-corn...rity-581995812037-beta-released-t74771.0.html

Bug Reports:
http://forums.comodo.com/beta-corne...y-581995812037-beta-bug-reports-t74768.0.html

BETA NOTICE: This is a BETA software and may have serious bugs which can cause permanent damage to your computer and data. It is intended for qualified beta testers only and must not be used in production systems.

Download Location:

xttp://download.comodo.com/cis/download/installs/1000_beta/installer_data/binaries/cispremium_installer.exe

 

In other words rev up those VMs

 

I have a 64bit Win7 all set up and ready. We'll see how hardened the 64bit HIPS has been made.

 

I think I'll wait a couple more betas before giving it a try .

 

Probably a good idea. It's having trouble installing as it is.

 

As with past CIS betas, one must uninstall the current version (if present) before the beta will install. So don't forget to save your configuration which can be imported by the beta easily. Also it is really essential to change (by right clicking on the icon) to Proactive Security in the Configuration option, as well as changing Firewall to Custom policy (if you don't do this some Trojans will connect to the outside even when running in the sandbox- Custom Mode will squash this from happening).

Currently one of the few Suites that is bulletproof against the Ransomware that has been showing up in the past few days. It still amazes me that with CIS I could care less if the AV has the definitions against new malware. D+ has been more than adequate.

 

Custom Policy seems pretty loud. I'll give it a try.

 

Just at first- You'll have to give an OK for every program accessing the internet on first use, but it is worth it. There was a Trojan yesterday that I allowed to run in the sandbox (this was under Safe Mode); when I checked Network Traffic there was 100+ outgoing connections! The same sandboxed Trojan under Custom Policy had outgoing traffic suppressed.

For me, those 2 tweaks for CIS are absolutely essential.

ps- I just noticed your CIS settings. If you go to Custom Policy, I would uncheck the "Create Rules for Safe App" box. As you will be OKing the access to the Internet for individual programs on a case by case basis (first run), there is only potential downside in assuming anything is safe. And trust me, it's not noisy at all!

 

Not every program I assume, just non-whitelisted programs.

I have my downloads folder at LowIntegrity and I honestly don't feel that I'm in danger either way. Still, if I can live on Custom than I'm fine haha

I'll turn off the "Create rules" that was mostly just to keep noise down.

 

A small review about CIS 5.8 Beta.

http://www.youtube.com/watch?v=C9-yOTOiGRg

CIS seems much more quiet now.

 

Thanks for that smage. Considering this is an incredibly early beta it's nice to see it did well.

Can't wait to see more tests and I can't wait for full virtualization.

 

Yes but I did not see any cloud BB alert in this review, I wonder whether the cloud component is working well in this early Beta. Further tests will tell us more.

Yes the full virtualisation is for v6 I think.