Prevx vs. COMODO IS - Keylogging

Ok, I am going to open windows media player because it makes me feel better and safe

 

The title of the CIS forum is "AV False Positive/Negative Detection Reporting". Unsurprisingly, there are "negative-detection" cases discussed there where CIS protection has failed.

Although it's not relevant to SafeOnline protection, I can't say that I've had many FPs from PrevX.

That is your opinion stated as fact. My understanding of English is generally quite good, even when the English is poorly written.

Actually, it's the protection of the OP that is the issue here. I have tried to provide a balanced view based on my own experience with SafeOnline and other security apps. I understand that many security professionals (including PrevX themselves) advocate a layered approach to security. SafeOnline provides a security layer to protect online banking in case malware (especially a rootkit) manages to bypass other security layers. So, it provides a sort of fail-safe protection for a user's banking credentials - like keeping your valuables in a safe inside your house even though all the doors and windows are locked.

Of course, your own choice of security is entirely a matter for you. If you think that CIS provides 100% protection with no "negative detections", then you obviously don't need to install SafeOnline or anything else.

My own personal view is that CIS and other security suites don't in fact provide 100% protection. For that reason, I would not advise someone against using an application such as SafeOnline that might prevent them from becoming a victim of online banking fraud, which is an increasingly serious problem.

 

Anyone care to test Prevx with Comodo Leak Test ?
I would run it myself but facebook version is not full version , and full version is not available for trial , so ...
But my wild guess is it would score below 100.

 

I am sure that you are able to understand english better than me but still you dont get the point of what we are talking here this is why I'm not going to spend my time on you repeating the same until you get the idea while other people was able to get it, if you dont is not my problem.

An FP can not infect your computer and steal your data.

You are admiting that SafeOnline is 100% safe ok good for you.
Ok safe online is offers a protection bla bla bla bla... nothing different that comodo, a toolbar, a broswer and a firefox extension can offer. You want to add also safeonline? ok nobody is telling you the oposite. you want to add 3 AV's and 4 Firewalls just is case? ok go ahead.

 

With respect, you seem either to have misunderstood my reference to the CIS forum on "AV False Positive/Negative Detection Reporting" or you are wilfully misinterpreting my remarks. I have not suggested that FPs can infect a PC. Do you understand the meaning of the "negative" in the title? That's when CIS fails to identify malware that has infected a user's PC. That's where the danger lies.

No, I have not said that using SafeOnline or any other security product can make anyone's PC 100% safe. I have only suggested that it provides an extra security layer to protect online banking sessions in case a PC user's other security (whether it is CIS or any other product) has not prevented the installation of malware like the ZEUS rootkit.

Immunity Labs tested Prevx's browser protection (then known as PrevX 3.5) on systems infected with ZEUS and other threats to online banking. Their report is available at info.prevx.com/download.asp?GRAB=IMMUNITY . Any PC user whose existing security apps provide the same level of protection does not need SafeOnline. However, many others (possibly including those who have CIS) would benefit from the extra browser protection afforded by SafeOnline.

 

Do you understand that the AV is not the only layer of protection of Comodo? So if the av fail is normal I dont care, I never said the oposite.
Actually comodo offers 500$ is your computer is infected and 15000$ if your data is stolen while you are using Comodo, if you are so sure why dont you try to make some money?

Are you still with the same? did you understand the topic of the threat?
I just gave my opinion if you think that is better add more software doing the same thing, is your choice.

 

I'm not a security professional, but I do know the difference between an AV and a suite. So, I deliberately referred to suites in my posts above. One of the first posts in the Comodo CIS forum is entilted 'Rogue software is in the "Trusted Software venders" list', which perhaps illustrates just one of the possible weaknesses in a security suite (not in any way unique to CIS).

Neil Rubenking of PC Magazine has tested many of the leading vendors' security suites at http://www.pcmag.com/products/0,,tq...&gridtitle=Recent Product Reviews&stpdinglp=1 . None of them provides 100% protection, so it does not seem to be unreasonable to point out the possible benefit of SafeOnline for the OP and, indeed, for others who may read this thread. It's entirely their choice whether or not they want the extra security that SafeOnline provides. However, advising someone not to use it would do them a great disservice if, despite the best efforts of their security suite, they became infected with a rootkit that stole their online banking credentials.

 

to summarize the thread...

+ Prevx fanboy want to complement any other softwares including Comodo

- Comodo fanboy says his security suite doesnt need Prevx and is better of as standalone....
aside from that one certain fanboy is sure putting down SafeOnline's features.

 

Is quite evident that you are not a security professional and please dont keep going off topic, I still belive that you dont understand what we were talking here.

 

Unfortunately you have the same problem, you didnt understand the topic that we are discussing here, but feel free to post whatever you want.

 

A fair assessment vis a vis guest and me, except that I don't regard myself as a PrevX fanboi - it's not in my signature.

I'm more of a "layered-security fanboi", although that doesn't trip off the tongue quite so easily. From that point of view, SafeOnline adds a security layer to CIS (and any other suite) that protects banking credentials in the event that malware somehow bypasses the suite.

 

Reading your post everybody can see that you dont even understand what is a layer of protection. Also they can see that you havent read the whole post.

Also is obvious that you dont understand what protection is offering SafeOnline, yes banking security... and what is this, what is behind this banking security, do you know that?

 

anti-kelogging protection

 

Thanks for pointing that out. It's a rare privilege to be tutored in PC security by someone with your depth of knowledge and insight. You've explained PC security in a way that I would never have thought possible.

I'm really gutted, though, to find out that SafeOnline is not actually providing a security layer that protects my (or the OP's) banking details from horrible nasties. But your post has shown me the error of my ways. Today, I was stupidly confused by the ongoing MRG test into believing that SafeOnline provided the type of protection that might prevent malware from stealing the OP's banking credentials. It's outrageous that a security program that doesn't even provide a layer of security should be allowed to pass such a test. What is the world coming to? These things should not happen!

Silly me, but I'm a mere tyro who is all too easily seduced by the weight of factual evidence rather than relying on the much deeper insight of a master. I hope that, as a person who displays such wisdom and magnanimity, you can try to understand, and perhaps even find a way to forgive, the shortcomings of my feeble mind, which has been so befuddled by facts.

Perhaps you could advise us: should the OP protect his online banking sessions by using a program like SafeOnline that passes the MRG browser-security test? Or should he play safe and opt for one that doesn't?

 

Again you didnt understand the aim of the topic.
We are not discussing if safeonline offers or not an aditional layer of security using the app alone. But you can continue writing and speding your time.

Good Luck

 

Stupid me again, eh? I did try to apologise for being such an idiot. But at least you've put me straight on what the topic is. Or, more precisely, on what the aim of the topic is. That is unfortunately almost too metaphysical a concept for my small brain to grasp.

Is it not germane, though, to the OP's question to ask if he should continue to use SafeOnline, which (so far, at least) has passed the MRG browser-security test that specifically addresses his fear about online banking? Or should he just rely on CIS, which may (or possibly may not) protect him? Is that not the crux of the argument?

As a scientist, I tend to have a high regard for facts that are based on experimental evidence, whilst considerable caution has to be exercised where there is no such evidence. So, it might be fair to say that there's some evidence (for example, from Immunity Labs and from MRG) to show that SafeOnline provides some degree of protection for online-banking sessions. CIS, however, seems to be untested in this regard. I cannot therefore see a rational basis for someone to uninstall SafeOnline and rely on CIS alone. At present, it would seem to be no more than an act of faith to rely solely on CIS unless and until it is shown to afford the protection that the OP requires.

Let's take it as read that I don't understand what I'm talking about, so that you don't have to repeat that part every time you take the trouble to respond to my possibly inane posts.

 

Wow reading your first paragraph is enough for me xD I never said that safeonline is useless alone.
Instead spend your time writting crap you should read the whole thread and dont take my words out of context.

But please continue is so funny see you mad.

 

Thanks for your reply. I'm so glad that you enjoyed my post. I would caution you, though, that the word 'crap' is coarse slang that many native English speakers regard as offensive.

More to the point of this thread, you haven't answered the question: should the OP continue to use SafeOnline, which (so far, at least) has passed the MRG browser-security test that specifically addresses his fear about online banking, or should he rely on CIS alone, which may (or possibly may not) protect him?

Please just try to give a reasoned answer to this question. If you cannot answer it sensibly, then people will presumably draw their own conclusions.

 

What means OP for you?

I already said like 10 times that CIS will protect you from the same things than SafeOnline so if you want to have SafeOnline or not is your choice.

 

Thanks for that. I actually asked for a reasoned response, rather than a repetition of an unsubstantiated claim, whether it is for the tenth time or not.

It's for the OP, and indeed anyone else who is concerned about the security of their onlne banking, to decide whether they rely upon an untested security solution that may or may not protect them or upon one that has been shown to afford some degree of protection.

I don't personally find this a difficult choice or a controversial one.

 

Every time is more clear that you have not read the thread, is no a repetition and if you want the long and detailed version is already written in the threat.

Untested security solution?? jaja

Could you please demostrate how CIS can be bypass by a malware? Comodo will pay you 500$ if you are able to do it.

Please do that and then come back, any discussion without this proof is pointless. I dont have time to lose with you becase you are not able to read the whole threat.

 

Well, I'm glad that things are getting clearer for at least one of us. This is what constructive debate is all about.

If I follow your drift, Comodo's protection of online banking is not untested (as I take your "jaja" to be an ironical repetition of the German affirmative rather than an oblique reference to a Brazilian footballer). But unfortunately you haven't followed that up, in a reasoned way, by pointing to a test that demonstrates their online-banking protection, which, lest we forget, is the essential concern here.

I'm not personally in a position to create or install rootkits or whatever might be required to test Comodo's online-banking protection. Moreover, I could end up losing more than $500 from my bank account if Comodo's protection failed me after I ditched my other security (which I know does protect me). So, I hope that you won't mind if I forego that seemingly generous offer.

It would, however, be a bit a bit of a wheeze if Comodo's good friends at MRG were to use their latest gizmo to pocket the $500 reward. Or, alternatively, their test might support your claim that Comodo does indeed protect online-banking sessions. We could all rejoice then. But, unfortunately, it seems that, owing to a spat between the two firms, that's not going to happen. Since my experience of Comodo folk is limited to the exchanges here with you, I can't begin to imagine how they could possibly fall out with the chaps at MRG, but there you are.

So, we are left bereft of facts that might support your oft-repeated assertion, which one might paraphrase as "all you need is Comodo". Mind you, if you repeat this phrase enough times, then someone, somewhere is bound to believe it eventually, even if it's not true. Hmmm, where did I pick up that silly idea?

 

http://forums.comodo.com/news-announcements-feedback-cis/how-to-kill-cis-easily-t56353.30.html
^Last page I demonstrate successful key logging


The issue I've been pressing (running untrusted code through a trusted process) seems to result no positive outcome even when cold hard proof is provided.. .. I'm really disappointed.
http://forums.comodo.com/news-annou...its-unknown-t56938.0.html;msg400888#msg400888

 

Unfortunately this is not the case for today's malware whose sole purpose is to work covertly. I'll go through each point here to clear up the apparent confusion on SafeOnline:

The point of a DNS level hijack is that you would not see givemeyourbankaccount.com if going to google.com. Whether it is a hosts file redirection, something in the LSP chain, something at the TDI/NDIS level, a firewall hook used maliciously, or any myriad of other techniques, these attacks make the user completely unaware that the destination website is indeed not their destination website. Rogue DNS servers are quite frequent but not in the context that users have been saying here - malware frequently replaces DNS settings with malicious ones that the hackers have set up to redirect users. It is possible that the actual legitimate DNS server could be compromised, but that would be much rarer.

Unfortunately no, it isn't covered by CIS or KeyScrambler. We've had independent tests verify as well but both CIS and KeyScrambler do not cover many types of keyloggers which SafeOnline covers. I won't go into full details here because of the "a vs b" type nature, but SafeOnline covers about two dozen types of keyloggers where other products cover the basic 5-6. In total, SafeOnline covers nearly 60 different vectors of attack (I'll outline a few more below).

Yes, there are many antiphishing products but none of them work how SafeOnline works. We do use a blacklist and heuristic monitoring of URL structure (i.e. Facebook shouldn't be served in China) but we also have the antiphishing tied directly to our credential protection monitoring. If a user has protected their credentials, any website trying to access the credentials or trick the user into thinking they're visiting another website will be immediately blocked. This provides perfect antiphishing protection and has already stopped millions of phishing attacks since the inception of SafeOnline, all of which would have logically gotten past the browser's protection already because of where SafeOnline sits in protecting the browser.

No it isn't. Browser process manipulation is quite complex because the user has to be able to use their addons which already have to sit within the browser. To protect this, SafeOnline has anti-hooking technology and internal process protection (protecting the process from modifications coming from within the process) and a boatload of underlying protection behind this. While some HIPS products may show a warning that something is trying to modify the memory of another process, today's information stealing trojans get past this directly because they're either running from the MBR/kernel mode/or already within the browser because they've replaced a core browser component or have registered themselves to load legitimately - no memory manipulation needed.

No, not at all - if you open the Cookies folder within the operating system or copy the program databases from IE/FF/etc. you will see that you can fully view every cookie from outside. Private browsing prevents new cookies from being written, but it does not protect existing cookies from being stolen/read by malware.

In addition to this, every time you store your password in a browser, it logically must be actually stored on the system. Because of this, it becomes extremely easy for malware to siphon passwords directly from the stored browser areas (whether that is Protected Storage in IE or the signons*.txt file in Firefox, etc.) No other security product protects this and browsers themselves logically cannot protect it as they are the culprits and have to access the data

The other side of that is protecting the passwords in memory - unfortunately browsers aren't high security applications and they store your passwords in memory for all eyes to see if they look properly. SafeOnline also protects browser memory and interfaces into the browser to prevent leakage of data.

True, to some degree. Most information stealing malware and keyloggers can run without a problem from a limited user account or even from within a sandbox. Because a sandbox is meant to keep the system safe from the browser, it unfortunately doesn't keep the browser safe from the other threats that tried to come from the browser. Additionally, while the infection vector coming from the browser into the operating system may be secured, what happens when an infected PC on your network infects you via an exploit or a USB stick gets inserted? Sandboxes are only helpful when they cover everything... and if you actually use your PC they end up defeating themselves because samples can still run within the sandbox and affect other sandboxed programs.

There are many, many more features of SafeOnline, between screen grabber protection, proxy evasion, session isolation, clipboard protection, addon isolation, and generic defense against all state-of-the-art information stealers, SafeOnline covers a massive amount of infection vectors and potentially exploitable areas.

I hope that helps clarify a small portion of what SafeOnline does. Please let me know if you have any questions on this

 

Prevx intentionally does not block CLT. There is no benefit in blocking tests like that except to mislead people into thinking that blocking a series of leaktests means you have full protection. If a threat uses any of the techniques in CLT in a malicious manner, Prevx will block it directly but we have a policy of not blocking leaktests.