Stories of heroism and victory....against malware using KillSwitch :)

[Guest]

[lordraiden]

two different things

1)Identify whats bad (works if you know the malware and its in your db etc)
2)Identify whats bad thru "elimination".

The way I would find a malware that AVs miss is thru this method.

So KillSwitch helps me identify by "reducing" the pool of processes I have to check by  only showing "untrusted" processes..this, believe it or not, makes the whole process of fighting the malware much more managable and will (is) being appreciated by all the guys who clean malware day in day out.

Melih

Yes, ok but anvir do all those things they have a safe database and an AV database (bigger or little than comodo but the idea it's the same), take a look: http://www.anvir.com/programs-overview-task-manager.htm
download the trial version and take a look, maybe you can take some ideas.

It has exactly the same features than KillSwitch and much more the only difference is that they use 1 engine and KillSwitch +20

This is why Comodo need to do a Market research before release any app, to know what is already in the market and how to improve it, in this case, would be Hitman Pro and Anvir. And in the case of KillSwitch for at least dont claim something that you didn't invented.

At least DACS is still out there, is not new but it's revolutionary.

[Melih]

Yes, ok but anvir do all those things they have a safe database and an AV database (bigger or little than comodo but the idea it's the same), take a look: http://www.anvir.com/programs-overview-task-manager.htm
download the trial version and take a look, maybe you can take some ideas.

It has exactly the same features than KillSwitch and much more the only difference is that they use 1 engine and KillSwitch +20

This is why Comodo need to do a Market research before release any app, to know what is already in the market and how to improve it, in this case, would be Hitman Pro and Anvir. And in the case of KillSwitch for at least dont claim something that you didn't invented.

At least DACS is still out there, is not new but it's revolutionary.

thanks for that lordraiden..very useful.

I can't find the feature where you can show "only the untrusted processes in memory".
can you pls point me to it...thank you for your help

Melih

[lordraiden]

thanks for that lordraiden..very useful.

I can't find the feature where you can show "only the untrusted processes in memory".
can you pls point me to it...thank you for your help

Melih

They have the feature of plot with different colours depending on the file, and Killswitch doesn't
So this is the core of killswich? "show only the untrusted processes in memory" jajajaja are you telling me that this is the super revolutionary technology the only and most important thing?

I can tell you several REAL features that killswich does not have and anvir yes and are quite useful for malware cleaning but is better if you install the program and check it by yourself, or at least read the features list.

You asked this:

I didn't know other process managers have the ability to verdict a file?
Can you pls show me which Process Manager have this ability? thanks

And I told you anvir, so until you can prove the opposite like you rudely said to other forum member:
Shut up!
And don't change the topic to talk about a feature that nobody cares, at least nobody is talking about it, you are the only person metioning it over and over while you can simple order the process by verdict to get the same effect.

[Melih]

They have the feature of plot with different colours depending on the file, and Killswitch doesn't
So this is the core of killswich? "show only the untrusted processes in memory" jajajaja are you telling me that this is the super revolutionary technology the only and most important thing?

I can tell you several REAL features that killswich does not have and anvir yes and are quite useful for malware cleaning but is better if you install the program and check it by yourself, or at least read the features list.

You asked this:And I told you anvir, so until you can prove the opposite like you rudely said to other forum member:
Shut up!
And don't change the topic to talk about a feature that nobody cares, at least nobody is talking about it, you are the only person metioning it over and over while you can simple order the process by verdict to get the same effect.

Ability to terminate all "untrusted processes"?

Anvir seems like a good task manager.

To me: ability to kill all "unknown" processes as long as you have a good whitelist offers a great feature.

Melih

[lordraiden]

Ability to terminate all "untrusted processes"?

Anvir seems like a good task manager.

To me: ability to kill all "unknown" processes as long as you have a good whitelist offers a great feature.

Melih

Why I would want to kill any unknown process? very stupid option, maybe kill all the dangerous process option would be useful, and would be more intelligent, and maybe you can save a couple of seconds compared with anvir functionality, but thats all.

[Melih]

First of all, pls allow me to stat again, thy coder for anvir has done an excellent job and built a very good task manager.

Here is a small test i did on a VM machine with not much stuff in it...

Check the screenshots....

Killswitch showed Zero untrusted process (this shows the power of whitelisting)
vs
Anvir showed many files as it didn't know the verdict on them (thats my understanding of course I could be wrong)..

So, If i was hunting a malware on this PC, KillSwitch would have made my life much easier as I didn't have to go thru many files to "deduct" what could be malware.

Like I said, this is how I removed malware (day zero)...you just want to know what is untrusted...and let me find amongst whats untrusted which one is really untrusted.

Again, anvir coder has done a good job and welldone to him for a nice and sophisticated task manager.

thanks
Melih

[Melih]

Why I would want to kill any unknown process? very stupid option, maybe kill all the dangerous process option would be useful, and would be more intelligent, and maybe you can save a couple of seconds compared with anvir functionality, but thats all.

If you have a good whitelist which includes all the critical files for OS etc...then its ok to fight malware by killing all unknown processes....this gives you a chance to work out where the problems are..gives you a breathing room..again these are my own experiences for malware cleaning. We are more than happy to improve with our users suggestions.

thanks
Melih

[lordraiden]

First of all, pls allow me to stat again, thy coder for anvir has done an excellent job and built a very good task manager.

Here is a small test i did on a VM machine with not much stuff in it...

Check the screenshots....

Killswitch showed Zero untrusted process (this shows the power of whitelisting)
vs
Anvir showed many files as it didn't know the verdict on them (thats my understanding of course I could be wrong)..

So, If i was hunting a malware on this PC, KillSwitch would have made my life much easier as I didn't have to go thru many files to "deduct" what could be malware.

Like I said, this is how I removed malware (day zero)...you just want to know what is untrusted...and let me find amongst whats untrusted which one is really untrusted.

Again, anvir coder has done a good job and welldone to him for a nice and sophisticated task manager.

thanks
Melih

I was not saying which one is better, bigger white/black list. I was answering this question:

Quote from: Melih on Today at 08:07:53 AM
I didn't know other process managers have the ability to verdict a file?
Can you pls show me which Process Manager have this ability? thanks

Here: http://www.anvir.com/

Of course anvir does not have the same resources than Comodo to get a huge white/black list.

All your shourcuts are ok, but still you can do the same with anvir, process hacker or any other.

Show only untrusted with Comodo requires 2 clicks
Order the files by veredict (same visual effect) for anvir/KillSwitch : 1 click

Instead kill all the untrusted (2 clicks) you can select holding the "cap" key the first untrusted app and the last one, right click terminate (4clicks).

Ok you save a couple of clicks to the world.

[Melih]

I was not saying which one is better, bigger white/black list. I was answering this question:

Of course anvir does not have the same resources than Comodo to get a huge white/black list.

All your shourcuts are ok, but still you can do the same with anvir, process hacker or any other.

Show only untrusted with Comodo requires 2 clicks
Order the files by veredict (same visual effect) for anvir/KillSwitch : 1 click

Instead kill all the untrusted (2 clicks) you can select holding the "cap" key the first untrusted app and the last one, right click terminate (4clicks).

Ok you save a couple of clicks to the world.

But having a tool combined with a huge whitelisting will create an ability that doesn't exist in other task managers.

That ability is to terminate unknown files. You see, if you have a good whitelist, you can easily terminate unknown files. If you don't have this whitelist, then terminating all unknown will cause you a lot of problem. You can do that will Killswitch much easier than you can with other task managers. that was my point. Its not about the task manager..its about the combination of Comodo's infrastructure into this task manager that makes the product so unique.

Melih

[wj32]

It has exactly the same features than KillSwitch and much more the only difference is that they use 1 engine and KillSwitch +20

The only feature in my biased view that AnVir has over KillSwitch/PH is the bloated and ugly UI. Look at how many icons and custom menus they use. And just like all the other process viewers (aside from Process Explorer) the author of AnVir Task Manager doesn't actually know what he's doing, and thus fails all basic tests like not being fooled when a process tries to fake its own file name in its RTL_USER_PROCESS_PARAMETERS block (although PE fails this as well).

[Melih]

The only feature in my biased view that AnVir has over KillSwitch/PH is the bloated and ugly UI. Look at how many icons and custom menus they use. And just like all the other process viewers (aside from Process Explorer) the author of AnVir Task Manager doesn't actually know what he's doing, and thus fails all basic tests like not being fooled when a process tries to fake its own file name in its RTL_USER_PROCESS_PARAMETERS block (although PE fails this as well).

Process Hacker has been written someone who "gets" security! And Comodo's usage of Process Hacker is a testament to that. It is important to understand that KillSwitch is based on a very sound and well architected platform - Process Hacker!

Melih

[wj32]

Well, I'm not really a security person, and I'm not a fan of the "security" industry at all or even the existence of it. Anyway, hope you enjoyed reading my small rant about AnVir. IMHO it's one of the worst process viewers out there, just for its horrible UI.

[salaficall]

To me: ability to kill all "unknown" processes as long as you have a good whitelist offers a great feature.

Melih

indeed , I totally agree.

comodo's whitelist is superior and it makes the cleaning process with KillSwitch very convenient rather than other task managers that I have to go through all the running processes to find this nasty piece of  malware that is compromising the system !!.

On heavily infected systems you can get dozens of evil malware processes running , and sometimes it looks like legitimate processes exactly !!.

so without the comodo's whitelist ( like in anvir ! )  it will be just like searching for a needle in a haystack !!

and above all these features , It has DACS ! built in so u can also check for the unknown processes before terminating them and ruin your system ! , and this is awesome !!      

and let me tell u something , it's totally free !      

many thanks to melih and the developers team. you guys rock !
 

[Melih]

indeed , I totally agree.

comodo's whitelist is superior and it makes the cleaning process with KillSwitch very convenient rather than other task managers that I have to go through all the running processes to find this nasty piece of  malware that is compromising the system !!.

On heavily infected systems you can get dozens of evil malware processes running , and sometimes it looks like legitimate processes exactly !!.

so without the comodo's whitelist ( like in anvir ! )  it will be just like searching for a needle in a haystack !!

and above all these features , It has DACS ! built in so u can also check for the unknown processes before terminating them and ruin your system ! , and this is awesome !!      

and let me tell u something , it's totally free !      

many thanks to melih and the developers team. you guys rock !
 

Indeed you are very welcome..

I bet you hunt for malware regularly..you understand the pain points like I do

Melih

[arjunpa]

Melih, It would be nice if u include some tweaks in Killswitch like the ability to 'Enable Task manager', 'Enable access to registry editing tools' etc.. when they are disabled due to malware infection.
 

[Tags:]