Some tests

[Guest]

[MagisDing]

Here are some samples transhipped from xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, attached in the accessory.
Stop.exe and Stop2.exe can lock the mouse;
htaaa.exe can terminate the processes(may include processes of system and HIPS), so does htbbb.exe, but the latter one cannot be run in the virutual environment. htccc.exe can terminate the explorer.exe.
So, try your HIPS

Mod edit : URL removed. Please do not post URL for sites containing objects that can do material harm to an unsuspecting users PC in the publicly accessible boards.

[metalforlife]

Does Comodo pass this test?

[MagisDing]

Well, why not have a try first? They don't do harm to your PC indeed
Actually, Comodo faild to pass most of them since V3 can't intercept some functions.
So can any developers test all of these above and discuss the possiblities of using the "flaws" by malwares to penetrated the Comodo shield

[mjj09]

Actually, Comodo faild most of them since can't intercept some functions.

Such as?

BTW, cannot download the file without registering for the site, which I'm not inclined to do.

[MagisDing]

Such as?

BTW, cannot download the file without registering for the site, which I'm not inclined to do.

I've attached a compressed file in the accessory, and here is a direct download link:xxxxxxxxxxxxx

Mod edit : Link removed

[metalforlife]

There must be an abundance of such advanced malicious codes, breaching, even the heavily armoured sentries of Comodo.

Doesn't really make Comodo seem all that invincible. I believe, in general terms, rather than finding new solutions for newer problems, strengthening the base, makes a solution at all circumstances and all times.

I don't even know if what I wrote made any sense, or if any of it was at least one percent relevant to PC security.

But one thing is true, once malware writers start focusing, specifically, on circumventing HIPSs, cases as such as this will become more common.

[metalforlife]

I'll wait till I hear from the developers before reaching a conclusion.

[Creasy]

Do not visit that website.
It's from china.

The site is one of websites which has tons of security holes (eg,SQL Injection).
It was an issue that some of webpages of that site put malwares to connected PCs automatically.

Also some of pages can make people infected and attacked by XSS attack.

One of moderator should delete the link.

[commanding the celsius]

Someone willing to run the termination test?

[burebista]

Yep, stop2.exe kill my mouse (not able to click anymore) and htccc.exe kills explorer.
D+ in safe mode, everything checked in Monitor settings.

[ssj100]

Easy, use Sandboxie and configure it appropriately to run your web browser sandboxed with reduced rights etc.  I use CIS 3.9 beta and Sandboxie.  CIS alone is not really enough.  On the other hand, Sandboxie alone and configured properly is arguably enough.

[MagisDing]

Easy, use Sandboxie and configure it appropriately to run your web browser sandboxed with reduced rights etc.  I use CIS 3.9 beta and Sandboxie.  CIS alone is not really enough.  On the other hand, Sandboxie alone and configured properly is arguably enough.

Have you ever tried these programmes with Sbie?

[commanding the celsius]

Easy, use Sandboxie and configure it appropriately to run your web browser sandboxed with reduced rights etc.  I use CIS 3.9 beta and Sandboxie.  CIS alone is not really enough.  On the other hand, Sandboxie alone and configured properly is arguably enough.

Nice combo.. To me however CIS is enough. Also can sandboxie protect you from keylogging? can sandboxie prevent malware dialing home and sending your info somewhere? If no then sandboxie is not enough..

Sandboxie has a history of letting stuff escape from time to time as well. I wouldn't pick sandboxie over CIS..
Especially not if your definition of properly configured means "run your web browser sandboxed".

Thats not a "total" protection but could serve as a compliment. As it would guard one thing, the web browser.. And the stuff it might "install".

However all your other applications (whatever those might be), would still connect home with no checking and with no firewall there to guard them (your system is still there running in the back, its not just a browser).. + you would lack info on the stuff thats already on your computer and what they are doing sandboxie would never detect any baddie you already got.. Something that CIS actually does. =)

[ssj100]

Mate, I don't think you understand the power of Sandboxie.  Yes, it does protect against keyloggers etc.  When my browser is opened, I have restricted file run access and also file internet access.  Also I have dropped the rights of the programs running in that sandbox.  Easy.

Sure, but I do agree that Sandboxie can only protect certain programs at a time.  That's why I use CIS!  CIS is great!

[Breen]

I've checked those files, and D+ was penetrated! I hope devs will check this up.

[Tags:]