Author Topic: [CTM 2.8 tested]Light virtualization software / Partial sandbox test  (Read 35814 times)

Offline andyman35

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1579
Re: [CTM 2.8 tested]Light virtualization software / Partial sandbox test
« Reply #45 on: August 21, 2010, 06:59:48 PM »
In fairness we all make mistakes and I don't believe that Bequick was trolling, just a bit (be)quick to jump to conclusions. ;D

Offline ssj100

  • Comodo's Hero
  • *****
  • Posts: 482
Re: [CTM 2.8 tested]Light virtualization software / Partial sandbox test
« Reply #46 on: August 22, 2010, 01:09:17 AM »
I have this issue confirmed by other people, that's why i do not comment here.I don't want confrontation.As simple as that.And I will never comment SB again, here.

p.s.Sorry for my "trolling"!

Seems you weren't trolling...I was merely suggesting it, since you failed to reply (after making a very bold matter-of-fact claim).  As stated, I have confirmed with tzuk that Sandboxie is NOT bypassed by this malware (in fact, there's absolutely nothing special about this piece of malware - there are thousands out there that are very similar).  I can understand why "other people" think it is bypassed (and why you did/do too), because it appears that the original file disappears after it is executed sandboxed.  However, the original file remains as it is, and what you see disappear is all taking place in the sandbox.

If one doesn't have a good understanding of Sandboxie, one can make mistakes when interpreting how it performs.  I suppose the hard part can be admitting that one did make a mistake.

Your comments here induce a feeling that the "issue" is still unclear.  However, it is very clear.  There is no bypass at all.  The fact that you "will never comment SB again" is beyond my understanding.  Let's think about why I accused you of trolling with this example:

1. I make the following statement on the Comodo forums: "CIS 5 RC is bypassed by this malware file  :) ;) :D ;D"
2. You send the malware file to egeman and he informs you that there is NO bypass whatsoever etc.
3. You post a reply saying that there is no bypass.
4. I fail to make any reply.  Then when prompted, I write the following: "I have this issue confirmed by other people, that's why i do not comment here.I don't want confrontation.As simple as that.And I will never comment CIS again, here."
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)

Offline andyman35

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1579
Re: [CTM 2.8 tested]Light virtualization software / Partial sandbox test
« Reply #47 on: August 22, 2010, 09:43:06 AM »
As with the overwhelming majority of SBIE 'bypasses',this turns out to be a misunderstanding.I honestly believe that given the vast number of easier to exploit products and services,making it uneconomical to try to bypass ,running a browser in a correctly configured SBIE is as close to 100% protection as it gets.

Offline evil_religion

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 475
Re: [CTM 2.8 tested]Light virtualization software / Partial sandbox test
« Reply #48 on: September 05, 2010, 10:25:13 AM »
CTM fails also TDSS 0.02 on x64.
After restoring a snapshot dated before the malware was launched the rootkit is still active.

So don't think there'd be no rootkit danger with CTM on Windows x64...

Offline Tech

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 3027
Re: [CTM 2.8 tested]Light virtualization software / Partial sandbox test
« Reply #49 on: September 06, 2010, 09:28:08 AM »
Thanks for sharing.
Hope that after CTM gets stable and rock solid, the developers dig more with the protection against rootkits/MBR infectors.
avast! team member
Save freeware snapshot technology of Comodo Time Machine. Vote!

Offline ssj100

  • Comodo's Hero
  • *****
  • Posts: 482
Re: [CTM 2.8 tested]Light virtualization software / Partial sandbox test
« Reply #50 on: September 07, 2010, 12:37:25 AM »
I'm in touch with some of the lead developers via MSN and the lead co-ordinator seems to be more focussed on CIS for now.  The lead programmer doesn't sound like he's been doing much lately haha.
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)

Offline Tech

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 3027
Re: [CTM 2.8 tested]Light virtualization software / Partial sandbox test
« Reply #51 on: September 07, 2010, 08:10:00 AM »
I'm in touch with some of the lead developers via MSN and the lead co-ordinator seems to be more focussed on CIS for now.  The lead programmer doesn't sound like he's been doing much lately haha.
On other threads, they promise that each product has its own team and one does not interfere in the other, that they could develop a lot of products at the same time... Is this a hoax? Is it a myth of Comodo development?
avast! team member
Save freeware snapshot technology of Comodo Time Machine. Vote!

Offline andyman35

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1579
Re: [CTM 2.8 tested]Light virtualization software / Partial sandbox test
« Reply #52 on: September 08, 2010, 08:14:22 AM »
I'm in touch with some of the lead developers via MSN and the lead co-ordinator seems to be more focussed on CIS for now.  The lead programmer doesn't sound like he's been doing much lately haha.

It does seem to have gone very quiet,particularly since one of the devs stated that it was straightforward to harden CTM against such threats.

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2027
Re: [CTM 2.8 tested]Light virtualization software / Partial sandbox test
« Reply #53 on: September 08, 2010, 03:16:27 PM »
Quote
that's why i do not comment here.I don't want confrontation.As simple as that.And I will never comment CIS again, here.
I personally viewed all the posts as a "Conversation".  NOT confrontation (:WAV)


It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

 

Seo4Smf 2.0 © SmfMod.Com Smf Destek