Author Topic: A score of 50/340 on Comodo Leak Test with CIS 5.3 !!!!??  (Read 10396 times)

Offline rapidon

  • Product Translator
  • Comodo Member
  • *****
  • Posts: 40
  • Perdu Sur La Terre/Lost On Earth
A score of 50/340 on Comodo Leak Test with CIS 5.3 !!!!??
« on: January 17, 2011, 02:23:45 PM »
Hello (and sorry for my bad english i prefer not use auto Translator)

What is my surprise when i was test Comodo Internet Security 5.3.xxxx with CLT.

A result of 50/340 !!!!

I have 3 systems: One with XP x32 ,another with Vista x32 and the last with Seven x64.

With all x32 system i have a score of 330/340 but with Seven x64 it's a very bad result of 50/340 ,with exactly the same configuration !!!

Comodo is a very bad protection software with 64 bits system ??!

I use CIS since many years and is the first time i am in the point to remove them to my 64 bit system.

But before make this i prefer ask to the community his opinion.

Thank.
AMD Phenon II 940 B.E. 3.00Ghz & Noctua NHC12P+Asrock 790GXH+ ATI Radeon HD4870 1Go + 4Go PC6400  Dual Channel -
Comodo CIS+Avira+Comodo BackUp+Comodo SystemCleaner+ComodoTimeMachine+Comodo EasyVPN

Puissance et Efficacité COMODO.

Offline elliotcroft

  • Presto User
  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 419
  • I draw strength from my HIPS.
Re: A score of 50/340 on Comodo Leak Test with CIS 5.3 !!!!??
« Reply #1 on: January 17, 2011, 02:30:29 PM »
Any application is weaker on a 64bit computer, because windows driver signing makes Comodo unable to hook to the kernel, Comodo has less of a priority and may be unable to perform its duties correctly.


Offline DARREN1972.

  • Comodo's Hero
  • *****
  • Posts: 389
  • Comodo Internet Security.Never Shaken NeverStirred
Re: A score of 50/340 on Comodo Leak Test with CIS 5.3 !!!!??
« Reply #2 on: January 17, 2011, 02:38:21 PM »
Thats odd.
I have a 64-bit machine and got 340/340.
Although that was with version 5.1.
Maybe i should test the 5.3.
cisv5.3
malwarebytes anti-malware.
superantispyware.
sandboxie.
win patrol.
Hitman Pro.
Eset online scanner.
Trend Micro Housecall.

Windows7 Home Premium. 64-Bit.

Offline elliotcroft

  • Presto User
  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 419
  • I draw strength from my HIPS.
Re: A score of 50/340 on Comodo Leak Test with CIS 5.3 !!!!??
« Reply #3 on: January 17, 2011, 02:39:58 PM »
Thats odd.
I have a 64-bit machine and got 340/340.
Although that was with version 5.1.
Maybe i should test the 5.3.
Version 5.3 is the official name for version 5.1.


Offline DARREN1972.

  • Comodo's Hero
  • *****
  • Posts: 389
  • Comodo Internet Security.Never Shaken NeverStirred
Re: A score of 50/340 on Comodo Leak Test with CIS 5.3 !!!!??
« Reply #4 on: January 17, 2011, 02:47:38 PM »
thanks for that info elliott.
cisv5.3
malwarebytes anti-malware.
superantispyware.
sandboxie.
win patrol.
Hitman Pro.
Eset online scanner.
Trend Micro Housecall.

Windows7 Home Premium. 64-Bit.

Offline JoWa

  • Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3535
Re: A score of 50/340 on Comodo Leak Test with CIS 5.3 !!!!??
« Reply #5 on: January 17, 2011, 02:49:11 PM »
Windows 7 x64 with no security software installed gets 190/340, so maybe something was wrong with CLT.
Ubuntu 13.10, 64-bit | Chrome 35β | HTTPS Everywhere
Forum Policy | Comodo Product Help

Offline DARREN1972.

  • Comodo's Hero
  • *****
  • Posts: 389
  • Comodo Internet Security.Never Shaken NeverStirred
Re: A score of 50/340 on Comodo Leak Test with CIS 5.3 !!!!??
« Reply #6 on: January 17, 2011, 02:56:02 PM »
I always find that CLT is a test on the user.
How defence+ alerts were answered affected the result.
cisv5.3
malwarebytes anti-malware.
superantispyware.
sandboxie.
win patrol.
Hitman Pro.
Eset online scanner.
Trend Micro Housecall.

Windows7 Home Premium. 64-Bit.

Offline Maxxwire

  • Comodo's Hero
  • *****
  • Posts: 638
Re: A score of 50/340 on Comodo Leak Test with CIS 5.3 !!!!??
« Reply #7 on: January 17, 2011, 07:01:02 PM »
I couldn't quite get a CLT score of 340/340 with either v4.1 or v5.0, but just after I upgraded to v5.3 I configured it, ran CLT and it got a perfect score...

~Maxx~

Offline Jacob

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2809
Re: A score of 50/340 on Comodo Leak Test with CIS 5.3 !!!!??
« Reply #8 on: January 17, 2011, 07:08:38 PM »
340/340 with Current CIS Version; Win7 x64

:)
Thanks....Jake

Please Follow The Forum Rules!


I'm Offline!

Offline rapidon

  • Product Translator
  • Comodo Member
  • *****
  • Posts: 40
  • Perdu Sur La Terre/Lost On Earth
Re: A score of 50/340 on Comodo Leak Test with CIS 5.3 !!!!??
« Reply #9 on: January 17, 2011, 08:26:11 PM »
340/340 with Current CIS Version; Win7 x64

:)


Very strange !?
AMD Phenon II 940 B.E. 3.00Ghz & Noctua NHC12P+Asrock 790GXH+ ATI Radeon HD4870 1Go + 4Go PC6400  Dual Channel -
Comodo CIS+Avira+Comodo BackUp+Comodo SystemCleaner+ComodoTimeMachine+Comodo EasyVPN

Puissance et Efficacité COMODO.

Offline thebigshot

  • Comodo Member
  • **
  • Posts: 26
Re: A score of 50/340 on Comodo Leak Test with CIS 5.3 !!!!??
« Reply #10 on: January 17, 2011, 10:55:29 PM »
I'm using Win 7 x64 and with CIS stock configurations I had 110/340.

I found that unchecking "Automatically detect installers/updaters and run them outside the Sandbox" will give me a score of 320/340, failing two vulnerabilities - Impersonation: ExplorerAsParent and Impersonation: DDE.

But when I disable the sandbox I get way more Defense+ and Firewall alerts and I scored a perfect 340/340.







Offline pc_pete

  • Comodo's Hero
  • *****
  • Posts: 363
  • No idea where this came from!
Re: A score of 50/340 on Comodo Leak Test with CIS 5.3 !!!!??
« Reply #11 on: January 17, 2011, 11:03:57 PM »
I'm using Win 7 x64 and with CIS stock configurations I had 110/340.

I found that unchecking "Automatically detect installers/updaters and run them outside the Sandbox" will give me a score of 320/340, failing two vulnerabilities - Impersonation: ExplorerAsParent and Impersonation: DDE.

But when I disable the sandbox I get way more Defense+ and Firewall alerts and I scored a perfect 340/340.

If as I understand, the Comodo Leak Tester takes no account of whether the activity is malicious, then this makes sense.
Other capable suites score very poorly when tested with CLT because they allow access to anything whitelisted and/or not in their malware database.

Offline pc_pete

  • Comodo's Hero
  • *****
  • Posts: 363
  • No idea where this came from!
Re: A score of 50/340 on Comodo Leak Test with CIS 5.3 !!!!??
« Reply #12 on: January 17, 2011, 11:05:03 PM »
Any application is weaker on a 64bit computer, because windows driver signing makes Comodo unable to hook to the kernel, Comodo has less of a priority and may be unable to perform its duties correctly.

Do you mean,
a) that the lack of Microsoft-signed kernel-mode drivers in CIS means that it cannot intercept some malware, or
b) that the requirement for malware to have MS-signed kernel-mode drivers limits the potential for such exploits?
« Last Edit: January 18, 2011, 02:09:55 AM by pc_pete »

Offline thebigshot

  • Comodo Member
  • **
  • Posts: 26
Re: A score of 50/340 on Comodo Leak Test with CIS 5.3 !!!!??
« Reply #13 on: January 17, 2011, 11:14:25 PM »
If as I understand, the Comodo Leak Tester takes no account of whether the activity is malicious, then this makes sense.
Other capable suites score very poorly when tested with CLT because they allow access to anything whitelisted and/or not in their malware database.

I think I'll keep sandbox disabled for now.
I had it disabled in 5.1 and when I upgraded to 5.3 I decided to stick with stock configurations, as I've seen most all malware tests performed under those conditions. But I'm perfectly fine with all kinds of alerts/pop-ups. Also, in my opinion, I think the leak test is a pretty important test so having CIS set up to score perfect gives me some peace of mind  :D

Offline BoredNow

  • Comodo's Hero
  • *****
  • Posts: 344
Re: A score of 50/340 on Comodo Leak Test with CIS 5.3 !!!!??
« Reply #14 on: January 18, 2011, 02:09:56 PM »
I think I'll keep sandbox disabled for now.
I had it disabled in 5.1 and when I upgraded to 5.3 I decided to stick with stock configurations, as I've seen most all malware tests performed under those conditions. But I'm perfectly fine with all kinds of alerts/pop-ups. Also, in my opinion, I think the leak test is a pretty important test so having CIS set up to score perfect gives me some peace of mind  :D

But that test was not designed to test the sandbox.
Read ...
https://forums.comodo.com/leak-testingattacksvulnerability-research/getting-accurate-leak-test-results-t61715.0.html

The sandbox lets things 'run' which fools the CLT into thinking that there was a leak.
The test was designed to test the HIPS side of Comodo.

HP pavilion media center 2006
Windows 7 64bit - Standard Acct.
EMET 3
CIS-5.10
Sandboxie 3.76

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek