Prevx vs. COMODO IS - Keylogging

Discussion in 'other anti-malware software' started by raven211, Jun 22, 2010.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    You dont need to create anything, a lot of malware can be found in MDL pe, you can use VM so you will not risk your personal data, but you are a security expert so you already knew that. :D

    Because you are an expert you already know that the test that MRG are doing basically consists in a tool that hijack services.exe and capture the information when is being sent.

    So if you run the MGR tool with Comodo:
    Inside the sandbox nothing happens the app is blocked silently.
    Outside the sandbox the app will be blocked by D+
    Anyway The MGR app still will need to connect to internet to send the information so the firewall will block it also.
    All this taking into account that the behaviour isnt detected by the AV.

    The banking protection is not nothing special. Is not a new science.
    In order to steal you bank account details your computer have to be infected by a malware that will hijack your broswer, it will steal the information and it will send it to internet.
     
  2. guest

    guest Guest

    In other to change the DNS settins in the computer you need to be infected.
    D+ will alert you if any app tries to change the DNS

    Can you proof that you can steal loging details in a computer with comodo without any prompt?

    You dont need to storage your passwords in the broswer there are a lot of free tools to save the passwords encrypted.

    All this kinds of protections that SO offers are usefull if you are already infected.

    Can you show me how to infect a computer with Comodo please?

    SO is a great tool if you computer is infected but will not prevent the infection
     
  3. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    No security solution is perfect and Comodo is a security solution and thanks to Socrates and classical syllogisms that would lead to the conclusion that Comodo is not perfect. I'm not about to go on a vendetta against Comodo as that would be inappropriate but please don't be misinformed by any vendor that they are a silver bullet. Prevx certainly isn't, Symantec isn't, McAfee isn't, and Comodo isn't.
     
  4. guest

    guest Guest

    Ok, you couldn't, you said before that you can bypass Comodo using your keylogguer and now you can't.

    I'm sure that Comodo is not 100% bullet proof, and I never said that SO was a bad product.
    But, in my opinion, and this is what the people dont want to understand that it's just my opinion, no the total truth, SO will not help that much, and as we can see in the MRG test you can get other solutions for free with better results than SO.
     
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    No, I said I wasn't about to go back and forth - we have tested Comodo against keyloggers which can bypass its protection, as have other third party testers.

    Ehm? SafeOnline has passed all MRG tests... Could you please direct me to where these supposed products that perform better than SafeOnline?
     
  6. Kyle1420

    Kyle1420 Registered Member

    Joined:
    May 27, 2008
    Posts:
    490
  7. guest

    guest Guest

    I said with better results, SO has a yellow dot.
    I didnt say that SO has not passed
     
  8. guest

    guest Guest

    I can only see a text file :p and seems to be the panacea...
     
  9. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    3,092
    Location:
    Europe, UE citizen

    OT: for classical syllogisms thanks to Aristotle. :)
     
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I've asked MRG what the reason for this was and it is because Prevx 3.0 is now blocking the threat heuristically before it installs and showing the warning to the user on installation. However, even if the threat was to get past this layer, SafeOnline is still protecting against it.

    I believe SafeOnline is the only product which now covers both sides of this, they didn't anticipate the behavior and will now be changing the report to possibly have a fourth level which says that it both detected the file pre-installation and even if the threat was to get past the malware detection, it is still fully circumvented.

    :D Thanks - I apparently need to re-read my philosophy textbooks :D
     
  11. MaxEntropy

    MaxEntropy Registered Member

    Joined:
    May 21, 2009
    Posts:
    101
    Location:
    UK
    My wife regards me as an 'expert' if I can fix a problem on her PC, but that's as far as it goes. I have no experience of (or desire to engage in) malware testing, and my security knowledge is limited to tweaking XP and installing some useful security apps.

    This is your opinion, but my understanding is that MRG are not giving away any details of how their tool actually works.

    On the contrary, I think that PrevxHelp's patient and detailed reply to your post above eloquently illustrates some of the special features that the Prevx team have introduced to make SafeOnline work as it does. It's a product that specifically addresses the critical issue of online-banking security, which is of concern to the OP in the first post of this thread.

    It's up to Commodo to address the kind of security issue raised by Kylie1420 and to provide their users with the level of browser protection that Prevx currently achieves. They may well be able to achieve this, but there doesn't seem to be any hard evidence that the necessary protection is there at the moment for the OP's online banking from Comodo alone.
     
  12. guest

    guest Guest

    If you would pay more attention to the report you will see some useful screenshots.

    He have not proof anything yet, is a source code.
     
  13. lu_chin

    lu_chin Registered Member

    Joined:
    Oct 27, 2005
    Posts:
    295
    After I read through this thread I feel much better and not to worry about keyloggers or losing my online banking credentials through some unknown malwares. All I need to do is just use Windows SRP, any 3rd party HIPS, anti-executable programs or a security application that either silently blocks any untrusted programs or prompts me when such programs try to run. The (unnamed) perfect security suite I can use will have no problems tackling leak tests and will pass 100% as I always choose to disallow unknown programs from running in the first place. End of all leak tests with 1 layer of protection. Unfortunately a lot of users out there whose machines get infected with rogue programs don't make the right choice before running them. :D
     
  14. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    lu chin agree with you man;)
     
  15. Kyle1420

    Kyle1420 Registered Member

    Joined:
    May 27, 2008
    Posts:
    490
    What do you mean i don't have any proofo_O? source code is the best form of proof:rolleyes:
     
  16. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    209
    I’ve tried to stay away from this thread, but you have made it impossible for me.

    First of all where do you get the idea that MRG Simulator can’t bypass Comodo? What, Comodo told you and you believed them? Sorry mate, but that is not how it is.

    I would advise you to stop passing “expert” opinions on subjects you are not familiar with; it can cause damage to others who may follow your advice.

    Without having a clue how our simulator works, you said that Comodo can’t be bypassed:

    Is this really true?

    MRG Financial Malware Simulator VS Comodo

    Take a look :)

    Regards,
    Sveta
     
  17. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,545
    LMAO! I'm done watching :)
    yay to MRG ^^
    boo to guest...

    See ya! ;) :thumb:
     
  18. guest

    guest Guest

    I never said that I was an expert, and I wonder why you have hide this fact instead give the proofs months ago.
    Only works in paypal? only works with IE?

    I think that you are not using the proactive configuration, you didnt show the half of the important settings.
    You didnt show the network security policy, and you are manually allowing your tool to have access to internet if you are using the Proactive configuration that can be choose during the installation.
     
    Last edited by a moderator: Jun 26, 2010
  19. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,955
    Location:
    Somethingshire
    Any security software can be. I saw "user" bypassing Comodo by allowing it (clicked several times to allow various prompts). Can you make it not react to your simulator? Not to detract from the fact that sandbox is leaking. Hopefully it will be fixed in further builds
     
  20. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,772
    Can you run the test again and block rather than allow on the red D+ window? The text was blurry and hard to read, but it appeared you allowed something that probably should have been blocked.
     
  21. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    yes i saw it too in the first alert:D but the first alert it's the installer:) isnt it?
     
  22. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,772
    The first alert was sandboxed, but a little later a D+ alert comes up, which the user allowed.
     
  23. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    no wonder it fails:D he suppose to hit denny:)
     
  24. Sveta MRG

    Sveta MRG Registered Member

    Joined:
    Aug 16, 2009
    Posts:
    209
    Program tries to run with elevated privileges and is an Unknown Publisher to Comodo, that is not enough for us to have a reason to click on Block.

    We have tried to install many safe and known applications with Comodo Internet Security running in the background, in 150+ cases we got identical warnings from CIS as we get with the simulator. So why should we hit Block?

    It is obvious that CIS can't distinguish Safe from the Unsafe applications in many cases, it only detects the behavior which ,unfortunately, is not enough.

    Regards,
    Sveta
     
  25. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,772
    That depends on the user. In the hands of a smart user, CIS provides awesome protection. I do not recommend it (or any HIPS program) to someone that won't be able to tell known programs from unknown.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.