Please feel free to ask any questions to learn all about Computer Security.

[Guest]

[Melih]

Here you will have access to the world's best security experts to help you learn all about Computer security!

feel free to ask!

Melih

[AOwL]

Ok, now about security.
Does V 3 of CFP protect us against the exploit of mshta.exe?
Why doesn't more malware use it, since it seems to be efficient?
Is HIPS the only way to do that?

In greenborder.com they use a GreenBorder-Security-Test.hta file that you download and run.
It uses mshta.exe (just like some new malware) to create a folder on your desktop with "stolen" documents and so on... It also creates a mshta.exe.mui on your desktop.
It creates a scriptfile that do a "eggdrop"...?
It's called GreenBorderEgDrop.js that do something and saves to "GreenBorderPsSee.exe".
Both files are found in C:\Documents and Settings\YourName\Local settings\Temp
There is something about a MZKERNEL32.DLL...
I found mshta.exe in three folders.
windows\ie7
windows\system32
windows\system32\dllcache

I found some info that it use lsass.exe so that the process talks to LSASS and it reads the data from the
registry, this path is not visible from the Admin context. Permissions needs to be changed to read
it. (stealing passwords?)

These are my observations without knowledge in programming or using special tools.
It would be nice if someone at Comodo explain this test/scenario in a normal language.
The main question is, should I keep mshta.exe renamed?
Do you know if it's needed in other files than .hta?
I only found one .hta file on my PC besides those testfiles. It was for WMP.

[Melih]

Ok, now about security.
Does V 3 of CFP protect us against the exploit of mshta.exe?
Why doesn't more malware use it, since it seems to be efficient?
Is HIPS the only way to do that?

In greenborder.com they use a GreenBorder-Security-Test.hta file that you download and run.
It uses mshta.exe (just like some new malware) to create a folder on your desktop with "stolen" documents and so on... It also creates a mshta.exe.mui on your desktop.
It creates a scriptfile that do a "eggdrop"...?
It's called GreenBorderEgDrop.js that do something and saves to "GreenBorderPsSee.exe".
Both files are found in C:\Documents and Settings\YourName\Local settings\Temp
There is something about a MZKERNEL32.DLL...
I found mshta.exe in three folders.
windows\ie7
windows\system32
windows\system32\dllcache

I found some info that it use lsass.exe so that the process talks to LSASS and it reads the data from the
registry, this path is not visible from the Admin context. Permissions needs to be changed to read
it. (stealing passwords?)

These are my observations without knowledge in programming or using special tools.
It would be nice if someone at Comodo explain this test/scenario in a normal language.
The main question is, should I keep mshta.exe renamed?
Do you know if it's needed in other files than .hta?
I only found one .hta file on my PC besides those testfiles. It was for WMP.

Indeed we will protect against that too with v3!

CFP v3 will be the First line of defense against malware!

CFP v3 will create a quantum shift in the security market from AV being your first line of defense to CFP v3 being your first line of defense against Malware! The time for allowing everything and only catch whats bad (if you know what is bad that is) (eg: AV products today..) is passed its sell by date! we need a proper protection.. we need CFP v3!!

Melih

[AOwL]

That sounds great!

That mshta.exe exploit still worries me though...
CFP 3 isn't out yet...

If you need the source files and the created script and program files from that test, just let me know.

[Melih]

That sounds great!

That mshta.exe exploit still worries me though...
CFP 3 isn't out yet...

If you need the source files and the created script and program files from that test, just let me know.

sure go ahead and send it across pls.
thanks

Melih

[bedo]

Hi, I'm a new user.

Is there anyway I can secure individual documents from getting leaked.

For example, my cv. It's all good and well that my pc and identity is hidden from malicious web users but if someone gets access to my personal files, well, that is scary.

Can this be done with Comodo or do I need another type of programme?

Bedo

[BOO BERRY]

HI!   I WENT TO E-MULE TO DOWNLOAD SONGS, AND I CHANGED MY MIND AND UNINSTALLED IT.....BUT NOW I AM GETTTING LITERALLY HUNDREDS OF BLOCKED INTERNET ACCESS ATTACKS, BLOCKED BY MY ZONE ALARM FIREWALL.  JUST INSTALLED THE COMODO.  I AM NOT AT ALL COMPUTER SAVVY, COULD YOU GIVE ME SOME ADVICE ON HOW TO STOP THESE ATTACKS.......THANK-YOU

[N.T.T.W.]

HI!   I WENT TO E-MULE TO DOWNLOAD SONGS, AND I CHANGED MY MIND AND UNINSTALLED IT.....BUT NOW I AM GETTTING LITERALLY HUNDREDS OF BLOCKED INTERNET ACCESS ATTACKS, BLOCKED BY MY ZONE ALARM FIREWALL.  JUST INSTALLED THE COMODO.  I AM NOT AT ALL COMPUTER SAVVY, COULD YOU GIVE ME SOME ADVICE ON HOW TO STOP THESE ATTACKS.......THANK-YOU

Sounds like you picked up some nasties while downloading Emule.
Firstly I would use a cleaner such as the free CCleaner and delete all temporary files, cookies etc.
Then I would download Spybot Search and Destroy, update it, use the immunize feature and then run a full scan. Use spybot to remove any malware entries it finds.  You can also use Spybot to view and remove any browser helper objects or active x components that are undesirable.
Next, make sure your antivirus is up to date and run a full scan - this should hopefully find any traces of malware on your pc.
Ad-Aware SE personal is also free and sometimes finds things your antivirus or spybot miss.

If this does not solve your problem then post again and I am sure someone will offer further advice.
Links:
p://www.ccleaner.com/

http://www.spybot.info/

http://www.lavasoftusa.com/

 

I would certainly recommend the latest Comodo Firewall Pro and CAVS beta.   

[longhauldump]

Melih,
I am a second user..supposed to be administration on win32 application..win 32 says comodo firewall is not a valid win32 application and won't let me down load..what should I do?

[tazzbuds]

Hi, I'm a new user.

Is there anyway I can secure individual documents from getting leaked.

For example, my cv. It's all good and well that my pc and identity is hidden from malicious web users but if someone gets access to my personal files, well, that is scary.

Can this be done with Comodo or do I need another type of programme?

Bedo 

hello yes comodo site u will see a software program  its shows  a dload that secures your notes but beware if u dont save it all u will lose it so yes go to comodo site and read up u will find it on your right side or on anuther page contact me  [ at ]  harry_markee [ at ] yahoo.com

[NoPayne]

Here you will have access to the world's best security experts to help you learn all about Computer security!   feel free to ask!

Why is it you have time to answer questions about computer security, but you don't have time to answer support requests with helpful information that will make the Comodo firewall install and work properly on my computer?

I submitted support requests over a month ago about the screwed up Comodo 2.4 installer that have gone unanswered.  I have requested assistance in the forums that have also been ignored. 

I can find answers all over the internet to my computer security questions. But, Comodo is the authority on Comodo products, and I would expect to get reliable answers here that will help me get Comodo to install and work properly. Why not put a little more effort into supporting the guinea pigs who test your beta releases???

[NoPayne]

CFP v3 will be the First line of defense against malware!

CFP v3 will create a quantum shift in the security market from AV being your first line of defense to CFP v3 being your first line of defense against Malware! The time for allowing everything and only catch whats bad (if you know what is bad that is) (eg: AV products today..) is passed its sell by date! we need a proper protection.. we need CFP v3!!

Oh, great. So, instead of having a nice little firewall that does what a firewall is supposed to do, you're going to turn Comodo Firewall into another over-bloated suite that attempts to be all things to all people, like ZoneAlarm or Norton.  "Do everything" suites are EXACTLY what I was trying to avoid when I came to Comodo.   

And, then, or course, you will have "dumb down" the interface so every novice idiot can read the cartoon icons and not have learn anything useful or think about what they're doing.  Good grief!!!

[Melih]

Why is it you have time to answer questions about computer security, but you don't have time to answer support requests with helpful information that will make the Comodo firewall install and work properly on my computer?

I submitted support requests over a month ago about the screwed up Comodo 2.4 installer that have gone unanswered.  I have requested assistance in the forums that have also been ignored. 

I can find answers all over the internet to my computer security questions. But, Comodo is the authority on Comodo products, and I would expect to get reliable answers here that will help me get Comodo to install and work properly. Why not put a little more effort into supporting the guinea pigs who test your beta releases???

NoPayne...
it certainly is not our wish or desire not to answer our users. I am sorry if we haven't. You can use the forums to ask these questions if you wish. If not, pls forward me your support ticket no and let me see where the system has failed in answering you.

thanks
Melih

[Melih]

Oh, great. So, instead of having a nice little firewall that does what a firewall is supposed to do, you're going to turn Comodo Firewall into another over-bloated suite that attempts to be all things to all people, like ZoneAlarm or Norton.  "Do everything" suites are EXACTLY what I was trying to avoid when I came to Comodo.   

And, then, or course, you will have "dumb down" the interface so every novice idiot can read the cartoon icons and not have learn anything useful or think about what they're doing.  Good grief!!!

What you are describing is not our intention at all

Melih

[NoPayne]

I'm releived.  javascript:void(0);
Bounce

I'm sure whatever changes are in store will be innovative. I hope they will be efficient and not too imposing.

NP

[Tags:]