Prevx vs. COMODO IS - Keylogging

Discussion in 'other anti-malware software' started by raven211, Jun 22, 2010.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    Ok, I am going to open windows media player because it makes me feel better and safe :D
     
  2. MaxEntropy

    MaxEntropy Registered Member

    Joined:
    May 21, 2009
    Posts:
    101
    Location:
    UK
    The title of the CIS forum is "AV False Positive/Negative Detection Reporting". Unsurprisingly, there are "negative-detection" cases discussed there where CIS protection has failed.

    Although it's not relevant to SafeOnline protection, I can't say that I've had many FPs from PrevX.

    That is your opinion stated as fact. My understanding of English is generally quite good, even when the English is poorly written.

    Actually, it's the protection of the OP that is the issue here. I have tried to provide a balanced view based on my own experience with SafeOnline and other security apps. I understand that many security professionals (including PrevX themselves) advocate a layered approach to security. SafeOnline provides a security layer to protect online banking in case malware (especially a rootkit) manages to bypass other security layers. So, it provides a sort of fail-safe protection for a user's banking credentials - like keeping your valuables in a safe inside your house even though all the doors and windows are locked.

    Of course, your own choice of security is entirely a matter for you. If you think that CIS provides 100% protection with no "negative detections", then you obviously don't need to install SafeOnline or anything else.

    My own personal view is that CIS and other security suites don't in fact provide 100% protection. For that reason, I would not advise someone against using an application such as SafeOnline that might prevent them from becoming a victim of online banking fraud, which is an increasingly serious problem.
     
  3. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    Anyone care to test Prevx with Comodo Leak Test ?
    I would run it myself but facebook version is not full version , and full version is not available for trial , so ...
    But my wild guess is it would score below 100.
     
  4. guest

    guest Guest

    I am sure that you are able to understand english better than me but still you dont get the point of what we are talking here this is why I'm not going to spend my time on you repeating the same until you get the idea while other people was able to get it, if you dont is not my problem.

    An FP can not infect your computer and steal your data.

    You are admiting that SafeOnline is 100% safe ok good for you.
    Ok safe online is offers a protection bla bla bla bla... nothing different that comodo, a toolbar, a broswer and a firefox extension can offer. You want to add also safeonline? ok nobody is telling you the oposite. you want to add 3 AV's and 4 Firewalls just is case? ok go ahead.
     
  5. MaxEntropy

    MaxEntropy Registered Member

    Joined:
    May 21, 2009
    Posts:
    101
    Location:
    UK
    With respect, you seem either to have misunderstood my reference to the CIS forum on "AV False Positive/Negative Detection Reporting" or you are wilfully misinterpreting my remarks. I have not suggested that FPs can infect a PC. Do you understand the meaning of the "negative" in the title? That's when CIS fails to identify malware that has infected a user's PC. That's where the danger lies.

    No, I have not said that using SafeOnline or any other security product can make anyone's PC 100% safe. I have only suggested that it provides an extra security layer to protect online banking sessions in case a PC user's other security (whether it is CIS or any other product) has not prevented the installation of malware like the ZEUS rootkit.

    Immunity Labs tested Prevx's browser protection (then known as PrevX 3.5) on systems infected with ZEUS and other threats to online banking. Their report is available at info.prevx.com/download.asp?GRAB=IMMUNITY . Any PC user whose existing security apps provide the same level of protection does not need SafeOnline. However, many others (possibly including those who have CIS) would benefit from the extra browser protection afforded by SafeOnline.
     
  6. guest

    guest Guest

    Do you understand that the AV is not the only layer of protection of Comodo? So if the av fail is normal I dont care, I never said the oposite.
    Actually comodo offers 500$ is your computer is infected and 15000$ if your data is stolen while you are using Comodo, if you are so sure why dont you try to make some money?

    Are you still with the same? did you understand the topic of the threat?
    I just gave my opinion if you think that is better add more software doing the same thing, is your choice.
     
  7. MaxEntropy

    MaxEntropy Registered Member

    Joined:
    May 21, 2009
    Posts:
    101
    Location:
    UK
    I'm not a security professional, but I do know the difference between an AV and a suite. So, I deliberately referred to suites in my posts above. One of the first posts in the Comodo CIS forum is entilted 'Rogue software is in the "Trusted Software venders" list', which perhaps illustrates just one of the possible weaknesses in a security suite (not in any way unique to CIS).

    Neil Rubenking of PC Magazine has tested many of the leading vendors' security suites at http://www.pcmag.com/products/0,,tq...&gridtitle=Recent Product Reviews&stpdinglp=1 . None of them provides 100% protection, so it does not seem to be unreasonable to point out the possible benefit of SafeOnline for the OP and, indeed, for others who may read this thread. It's entirely their choice whether or not they want the extra security that SafeOnline provides. However, advising someone not to use it would do them a great disservice if, despite the best efforts of their security suite, they became infected with a rootkit that stole their online banking credentials.
     
  8. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,545
    to summarize the thread...

    + Prevx fanboy want to complement any other softwares including Comodo

    - Comodo fanboy says his security suite doesnt need Prevx and is better of as standalone....
    aside from that one certain fanboy is sure putting down SafeOnline's features. :thumbd:
     
  9. guest

    guest Guest

    Is quite evident that you are not a security professional and please dont keep going off topic, I still belive that you dont understand what we were talking here.
     
  10. guest

    guest Guest

    Unfortunately you have the same problem, you didnt understand the topic that we are discussing here, but feel free to post whatever you want.
     
  11. MaxEntropy

    MaxEntropy Registered Member

    Joined:
    May 21, 2009
    Posts:
    101
    Location:
    UK
    A fair assessment vis a vis guest and me, except that I don't regard myself as a PrevX fanboi - it's not in my signature.

    I'm more of a "layered-security fanboi", although that doesn't trip off the tongue quite so easily. From that point of view, SafeOnline adds a security layer to CIS (and any other suite) that protects banking credentials in the event that malware somehow bypasses the suite.
     
  12. guest

    guest Guest

    Reading your post everybody can see that you dont even understand what is a layer of protection. Also they can see that you havent read the whole post.

    Also is obvious that you dont understand what protection is offering SafeOnline, yes banking security... and what is this, what is behind this banking security, do you know that?
     
  13. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    anti-kelogging protection:D
     
  14. MaxEntropy

    MaxEntropy Registered Member

    Joined:
    May 21, 2009
    Posts:
    101
    Location:
    UK
    Thanks for pointing that out. It's a rare privilege to be tutored in PC security by someone with your depth of knowledge and insight. You've explained PC security in a way that I would never have thought possible.

    I'm really gutted, though, to find out that SafeOnline is not actually providing a security layer that protects my (or the OP's) banking details from horrible nasties. But your post has shown me the error of my ways. Today, I was stupidly confused by the ongoing MRG test into believing that SafeOnline provided the type of protection that might prevent malware from stealing the OP's banking credentials. It's outrageous that a security program that doesn't even provide a layer of security should be allowed to pass such a test. What is the world coming to? These things should not happen!

    Silly me, but I'm a mere tyro who is all too easily seduced by the weight of factual evidence rather than relying on the much deeper insight of a master. I hope that, as a person who displays such wisdom and magnanimity, you can try to understand, and perhaps even find a way to forgive, the shortcomings of my feeble mind, which has been so befuddled by facts.

    Perhaps you could advise us: should the OP protect his online banking sessions by using a program like SafeOnline that passes the MRG browser-security test? Or should he play safe and opt for one that doesn't?
     
  15. guest

    guest Guest

    Again you didnt understand the aim of the topic.
    We are not discussing if safeonline offers or not an aditional layer of security using the app alone. But you can continue writing and speding your time.

    Good Luck
     
  16. MaxEntropy

    MaxEntropy Registered Member

    Joined:
    May 21, 2009
    Posts:
    101
    Location:
    UK
    Stupid me again, eh? I did try to apologise for being such an idiot. But at least you've put me straight on what the topic is. Or, more precisely, on what the aim of the topic is. That is unfortunately almost too metaphysical a concept for my small brain to grasp.

    Is it not germane, though, to the OP's question to ask if he should continue to use SafeOnline, which (so far, at least) has passed the MRG browser-security test that specifically addresses his fear about online banking? Or should he just rely on CIS, which may (or possibly may not) protect him? Is that not the crux of the argument?

    As a scientist, I tend to have a high regard for facts that are based on experimental evidence, whilst considerable caution has to be exercised where there is no such evidence. So, it might be fair to say that there's some evidence (for example, from Immunity Labs and from MRG) to show that SafeOnline provides some degree of protection for online-banking sessions. CIS, however, seems to be untested in this regard. I cannot therefore see a rational basis for someone to uninstall SafeOnline and rely on CIS alone. At present, it would seem to be no more than an act of faith to rely solely on CIS unless and until it is shown to afford the protection that the OP requires.

    Let's take it as read that I don't understand what I'm talking about, so that you don't have to repeat that part every time you take the trouble to respond to my possibly inane posts.
     
  17. guest

    guest Guest

    Wow reading your first paragraph is enough for me xD I never said that safeonline is useless alone.
    Instead spend your time writting crap you should read the whole thread and dont take my words out of context.

    But please continue is so funny see you mad.
     
  18. MaxEntropy

    MaxEntropy Registered Member

    Joined:
    May 21, 2009
    Posts:
    101
    Location:
    UK
    Thanks for your reply. I'm so glad that you enjoyed my post. I would caution you, though, that the word 'crap' is coarse slang that many native English speakers regard as offensive.

    More to the point of this thread, you haven't answered the question: should the OP continue to use SafeOnline, which (so far, at least) has passed the MRG browser-security test that specifically addresses his fear about online banking, or should he rely on CIS alone, which may (or possibly may not) protect him?

    Please just try to give a reasoned answer to this question. If you cannot answer it sensibly, then people will presumably draw their own conclusions.
     
  19. guest

    guest Guest

    What means OP for you?

    I already said like 10 times that CIS will protect you from the same things than SafeOnline so if you want to have SafeOnline or not is your choice.
     
  20. MaxEntropy

    MaxEntropy Registered Member

    Joined:
    May 21, 2009
    Posts:
    101
    Location:
    UK
    Thanks for that. I actually asked for a reasoned response, rather than a repetition of an unsubstantiated claim, whether it is for the tenth time or not.

    It's for the OP, and indeed anyone else who is concerned about the security of their onlne banking, to decide whether they rely upon an untested security solution that may or may not protect them or upon one that has been shown to afford some degree of protection.

    I don't personally find this a difficult choice or a controversial one.
     
  21. guest

    guest Guest

    Every time is more clear that you have not read the thread, is no a repetition and if you want the long and detailed version is already written in the threat.

    Untested security solution?? jaja

    Could you please demostrate how CIS can be bypass by a malware? Comodo will pay you 500$ if you are able to do it.

    Please do that and then come back, any discussion without this proof is pointless. I dont have time to lose with you becase you are not able to read the whole threat.
     
    Last edited by a moderator: Jun 25, 2010
  22. MaxEntropy

    MaxEntropy Registered Member

    Joined:
    May 21, 2009
    Posts:
    101
    Location:
    UK
    Well, I'm glad that things are getting clearer for at least one of us. This is what constructive debate is all about.

    If I follow your drift, Comodo's protection of online banking is not untested (as I take your "jaja" to be an ironical repetition of the German affirmative rather than an oblique reference to a Brazilian footballer). But unfortunately you haven't followed that up, in a reasoned way, by pointing to a test that demonstrates their online-banking protection, which, lest we forget, is the essential concern here.

    I'm not personally in a position to create or install rootkits or whatever might be required to test Comodo's online-banking protection. Moreover, I could end up losing more than $500 from my bank account if Comodo's protection failed me after I ditched my other security (which I know does protect me). So, I hope that you won't mind if I forego that seemingly generous offer.

    It would, however, be a bit a bit of a wheeze if Comodo's good friends at MRG were to use their latest gizmo to pocket the $500 reward. Or, alternatively, their test might support your claim that Comodo does indeed protect online-banking sessions. We could all rejoice then. But, unfortunately, it seems that, owing to a spat between the two firms, that's not going to happen. Since my experience of Comodo folk is limited to the exchanges here with you, I can't begin to imagine how they could possibly fall out with the chaps at MRG, but there you are.

    So, we are left bereft of facts that might support your oft-repeated assertion, which one might paraphrase as "all you need is Comodo". Mind you, if you repeat this phrase enough times, then someone, somewhere is bound to believe it eventually, even if it's not true. Hmmm, where did I pick up that silly idea?
     
  23. Kyle1420

    Kyle1420 Registered Member

    Joined:
    May 27, 2008
    Posts:
    490
  24. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Unfortunately this is not the case for today's malware whose sole purpose is to work covertly. I'll go through each point here to clear up the apparent confusion on SafeOnline:

    The point of a DNS level hijack is that you would not see givemeyourbankaccount.com if going to google.com. Whether it is a hosts file redirection, something in the LSP chain, something at the TDI/NDIS level, a firewall hook used maliciously, or any myriad of other techniques, these attacks make the user completely unaware that the destination website is indeed not their destination website. Rogue DNS servers are quite frequent but not in the context that users have been saying here - malware frequently replaces DNS settings with malicious ones that the hackers have set up to redirect users. It is possible that the actual legitimate DNS server could be compromised, but that would be much rarer.


    Unfortunately no, it isn't covered by CIS or KeyScrambler. We've had independent tests verify as well but both CIS and KeyScrambler do not cover many types of keyloggers which SafeOnline covers. I won't go into full details here because of the "a vs b" type nature, but SafeOnline covers about two dozen types of keyloggers where other products cover the basic 5-6. In total, SafeOnline covers nearly 60 different vectors of attack (I'll outline a few more below).

    Yes, there are many antiphishing products but none of them work how SafeOnline works. We do use a blacklist and heuristic monitoring of URL structure (i.e. Facebook shouldn't be served in China) but we also have the antiphishing tied directly to our credential protection monitoring. If a user has protected their credentials, any website trying to access the credentials or trick the user into thinking they're visiting another website will be immediately blocked. This provides perfect antiphishing protection and has already stopped millions of phishing attacks since the inception of SafeOnline, all of which would have logically gotten past the browser's protection already because of where SafeOnline sits in protecting the browser.

    No it isn't. Browser process manipulation is quite complex because the user has to be able to use their addons which already have to sit within the browser. To protect this, SafeOnline has anti-hooking technology and internal process protection (protecting the process from modifications coming from within the process) and a boatload of underlying protection behind this. While some HIPS products may show a warning that something is trying to modify the memory of another process, today's information stealing trojans get past this directly because they're either running from the MBR/kernel mode/or already within the browser because they've replaced a core browser component or have registered themselves to load legitimately - no memory manipulation needed.

    No, not at all - if you open the Cookies folder within the operating system or copy the program databases from IE/FF/etc. you will see that you can fully view every cookie from outside. Private browsing prevents new cookies from being written, but it does not protect existing cookies from being stolen/read by malware.

    In addition to this, every time you store your password in a browser, it logically must be actually stored on the system. Because of this, it becomes extremely easy for malware to siphon passwords directly from the stored browser areas (whether that is Protected Storage in IE or the signons*.txt file in Firefox, etc.) No other security product protects this and browsers themselves logically cannot protect it as they are the culprits and have to access the data :)

    The other side of that is protecting the passwords in memory - unfortunately browsers aren't high security applications and they store your passwords in memory for all eyes to see if they look properly. SafeOnline also protects browser memory and interfaces into the browser to prevent leakage of data.

    True, to some degree. Most information stealing malware and keyloggers can run without a problem from a limited user account or even from within a sandbox. Because a sandbox is meant to keep the system safe from the browser, it unfortunately doesn't keep the browser safe from the other threats that tried to come from the browser. Additionally, while the infection vector coming from the browser into the operating system may be secured, what happens when an infected PC on your network infects you via an exploit or a USB stick gets inserted? Sandboxes are only helpful when they cover everything... and if you actually use your PC they end up defeating themselves because samples can still run within the sandbox and affect other sandboxed programs.

    There are many, many more features of SafeOnline, between screen grabber protection, proxy evasion, session isolation, clipboard protection, addon isolation, and generic defense against all state-of-the-art information stealers, SafeOnline covers a massive amount of infection vectors and potentially exploitable areas.

    I hope that helps clarify a small portion of what SafeOnline does. Please let me know if you have any questions on this :)
     
  25. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Prevx intentionally does not block CLT. There is no benefit in blocking tests like that except to mislead people into thinking that blocking a series of leaktests means you have full protection. If a threat uses any of the techniques in CLT in a malicious manner, Prevx will block it directly but we have a policy of not blocking leaktests.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.