Comodo KillSwitch

Discussion in 'other anti-malware software' started by CogitoTesting, Dec 24, 2010.

Thread Status:
Not open for further replies.
  1. CogitoTesting

    CogitoTesting Registered Member

    Joined:
    Jul 4, 2009
    Posts:
    901
    Location:
    Sea of Tranquility, Luna
    DACS' ethics aside I'm going to go on a limb to say that KillSwitch is a fantastic tool, of course NOT in the hands of a beginner.

    Pros (as far as I can see for now):

    • Portable, no installation necessary.
    • Ability to analyse a process all the way to infinity. :D.
    • Ability to upload processes directly to virustotal or virusscan.jotti for a second opinion, beside Comodo's own, obviously. :p.
    • You can "terminator" a process at a time.
    • A user can terminate all unsafe processes at once. Quite invaluable for online banking. Somehow, similar to DefenseWall's own online banking mode.
    • Rate all processes and gives them a rating of safe, unsafe, or unknown.

    Con(s) Thus far:
    • Unable to display hidden processes on a 64bit computer. :thumbd:. At least for now.

    I think this is a great product to the quality and effecient level of ESET Sysinspector.

    What do you think guys?

    Thanks.
     
    Last edited: Dec 24, 2010
  2. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    Speaking of ethics, does Comodo give credit to Process Hacker where they got the basic program (Source Forge-Open Source) with most of the capabilities and added some AV related stuff (items 3 & 6)?
     
  3. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,081
    Bla bla bla, ethics

    credits.png

    Is this another thread to cry about Comodo without any proof? :gack:
    Are they doing something ilegal? have you paid for KillSwitch?
    Have you spend 1 minute to finding those important credits or you just wanted you say something bad about Comodo without having any idea what you are talking about?
    And as Melih says if Process Hacker devs want to add DACS or any other security company they only need to ask for it, and they will get it.



    Coming back to the topic, IMO KillSwitch is a basic tool when you want to clean an infected computer, very easy and powerful at the same time with results for the unknown files from 40 av's, a very fast way to check any pc. Also very useful to check if there is any active infection in your computer.

    For now seems that KillSwitch is the only app able to use DACS, CCE for now just uses Comodo AV and Comodo Cloud+CIMA
     
    Last edited: Dec 24, 2010
  4. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    Actually I don't have a copy of Killswitch, just read about it here, and didn't know the answer. I am also a Process Hacker user. Comodo often licenses and treats products (including CTM, for example) like they invented them. Good on them, and I hope they gave a generous donation to the guys at Source Forge. OP brought up ethics as an issue, btw, and gave all credit to Comodo. And trying to find any real story on the Comodo forum is a waste of energy with all the misinformation floating around. Thanks for the additional information. And Merry Christmas; take the rest of the day off.
     
    Last edited: Dec 24, 2010
  5. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    KillSwitch is killed if an exe killing rogue is active. A simple rename to firefox get's KillSwitch up and running and does seem to do OK.

    Kill.JPG
     
  6. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    A few unknowns but most security apps struggle against this malware sample which drops just about everything.

    KS.JPG
     
  7. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,081

    Did you wait to the unknown files to be uploaded to see the results of the av's in the propierties?
    How much it takes?

    You should see something like this:
    https://www.wilderssecurity.com/attachment.php?attachmentid=224105&stc=1&d=1293211352


    They bought "CTM" (I dont remember the company but it's in Comodo Forum) technology an offered a paid application for free, they are ogre xD You can ask in the forums where they bought the technology behind CTM and they will tell you is not a secret.
    Actually all the information is there in Comodo forum, if you dont find something, probably the same CEO of the company or a developer will help you.
     
    Last edited: Dec 25, 2010
  8. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,570
    :cautious: :rolleyes:
    http://forums.comodo.com/comodo-cle...ta-released-t66867.0.html;msg470907#msg470907
    Melih's words and actions do not go hand by hand.
    He is accusing the other companies that do not want to share their work (virus database) but takes an open source program and what he does? Keeps the code for his company only.:thumbd: :thumbd: :thumbd: :thumbd: :thumbd:

    And we, the end users, have to trust such a company and it's trusted volunteers? ROLFMAO

    Happy Christmas everybody,
    Panagiotis
     
  9. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,081
    I'm expecting an answer too, they know what they are doing probably you just have to request the source code to get it.
    But is easiest criticize without waiting to the others to give an answer.
     
  10. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,570
    *
    http://www.gnu.org/licenses/gpl-faq.html

    Panagiotis
     
    Last edited by a moderator: Dec 25, 2010
  11. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,081
    I know that, I have already request an answer about this issue in Comodo forums, if they dont release the source code as soon as they come back to work I will be the first one to criticize them.
    I'm sure that they know what they are doing.
     
  12. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,570
    Lord,

    they already know about the gpl license. This is why, they used wj32's exemption from the gpl license about dynamic link libraries...


    Panagiotis
     
  13. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Shows "Analysing" before final report.

    Have you actually ran it against any malware?

    Ana.JPG
     
  14. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,081
    Yes but I haven't been able to get any report from DACS, maybe the servers are down or I'm doing something wrong.

    If they used the exemption for the dll thing to add DACS, then is legal, they just need to release the source code of the rest of the program. At least this is what I understood, maybe I'm wrong and you can clarify this to me.
    I guess that Comodo need to protects the source code of DACS somehow, although they are willing to share it with other security companies.
     
  15. Solidify

    Solidify Registered Member

    Joined:
    Jun 26, 2010
    Posts:
    10
    you are wrong, they wont release any sourcecode.
    What about killswitch ? just dl processhacker.
     
  16. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,570
    You understood correctly. I did not question it's legality...
    Panagiotis
     
  17. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,884
    I haven't bothered with the scans...just had a look at Killswitch. Nothing untoward revealed. :)
     

    Attached Files:

  18. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,081
    Have you gotten any veredit from DACS for the unknown files? (I know they are safe)
     
  19. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,884
    Where do I look for that? Not sure what you mean...do I have to do a scan?
     
  20. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,081
    Right click on the unknown process, propierties, and then go to "verdict" tab, but I'm not sure if the DACS is completely up right now, they must be working on it, still beta.




    And about the GPL thing this is what Melih says:
    http://forums.comodo.com/comodo-cle...ta-released-t66867.0.html;msg471019#msg471019
    http://forums.comodo.com/comodo-cle...ta-released-t66867.0.html;msg471020#msg471020
    I suspect that soon or later Process Hacker will include Comodo DACS.
     
    Last edited: Dec 25, 2010
  21. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,884

    Thanks for pointing me the right direction....;)

    It is past my bed time...I will look more into it further, after I get some sleep...thanks. :)
     
    Last edited: Dec 25, 2010
  22. cocopara

    cocopara Registered Member

    Joined:
    Oct 17, 2010
    Posts:
    5
    So melih responded and clearly stated that this product is in BETA hence no source code will be distributed. However once in FINAL release he will distribute the code to where it is appropriate (Such as Open Source Communities).

    ~ snipped comment ~
     
    Last edited by a moderator: Dec 25, 2010
  23. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    LOL though. Melih got caught! The references from lordraiden make pretty funny reading. I can't tell if Melih even made a donation to the Process Hacker Source Forge guys, and thanked him for Comodo using it. At least there was one pissed off author angry because of Melih taking all the credit and not mentioning the source, with Melih then apologizing profusely. Or maybe lordraiden can tell us that Melih followed the usual protocol of donating money and thanking the authors for the use in advance, and that not including them in the announcement was an oversight causing excessive praise by the fanboys for Comodo only. And I wonder what is in Killswitch DACS that Melih doesn't want to release in accordance with GPL, but keeps using different phrases instead. More self inflicted intrigue. :rolleyes:
     
  24. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA

    very very good point
     
  25. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    yes indeed
     
Loading...
Thread Status:
Not open for further replies.