SQL slammer worm and ShadowSurfer

Is it safe to play with SQL slammer worm in shadow mode of ShadowSurfer?
Will Comodo stop its spread?

Any ideas?

Thanks

 

aigle, if i were you i'd either mess around with that worm on a test pc or use a virtualization app like the vmware one (or failing that returnil ).

 

Hi zopzop, Returnil is a bit similar to SS.
U r right that best choice will be VM.

 

hey aigle. i think returnil is slightly safer than shadowsurfer. i don't have time now but i'll post a link to some tests someone ran on these boards.

 

Ya, I know this but SS will protect all partitions of my HD that Returnil can,t.

 

ah i see. i only have 1 partition on my machine so i never noticed returnil only protects a single partiton. hmmm, i think using a virtualization program is your best bet aigle (unless you have a second pc). but i wouldn't risk it dude

 

Virtualization? Don't need no steenkin virtualization. Just make an image & try anythiing what you wishes, mon.

P.S. I use SS, too. Ergo, I'm interested to see if anyone can answer aigle's question based on substantive trial data. Truly I am.

 

Which version of Comodo are you going to test? 2.4 or beta 3? I'm just curious

 

I have 2.4.

I noticed that many FW detect these sort of worm by sig based IDS( like Norton and Kaspersky) but I am not sure if Comodo has such functionality or not.

Can anybody throw some light on this?
Thanks

 

I would have used VM but I have no extra licence for XP.

 

I could not resist and run it anyway.

First, tried in GW, nvdm.exe executed isolated and there was an error message and nothing happened.

Executed outside GW.

EQS gave two warnings:

1- Explorer.exe executing ntvdm.exe- allowd
2- Ceate file in C:\ - allowed

I got a popup that windows is shutting down by NTauthority.
Rebooted and everything seems normal. Seems SS saved from it.

BTW no warnings from Comodo FW version 2 or Cyberhawk.

 

Execution with GesWall.

 

For some strange reason, I am not able to run it again. It gives an error message. Anyway I guess GW, EQS and SS were all successful against it but i am not sure at all.