Do you still think that Comodo V8 is safe to use

Citizen_K · January 17, 2015, 3:20am

Please remember that CIS is very much built to keep a computer clean. It surely is doing a nice job cleaning also with the additional tools.

rigo · January 17, 2015, 2:40pm

SD Ahmad post:40:

                                        New Test
Test install Comodo version 8 on the infected computer
- YouTube

What happened in the test:
I tested two types of malicious software, the first type of malware Rat and the second type of worm
After running malware and check it’s working, I installed Comodo Release 8, after this I restart the computer.
After this, I tested the ability of malware(Rat) on control a computer before checking Comodo files, classification and result Comodo’s failure to tackle malicious software, then tried to test after evaluating the Comodo files and the same result.
I also tested the malware from a worm type, and the result was the same as the first result of malware (Rat)

What can can do malware

malware (Rat)

1-It can take the password easily by option getpassword ,option keyloger or option remote Desktop
2-kill comodo Partially , ability to close the Comodo via mouse control ,And can be uninstalled Comodo via mouse control
3-It can control services,And also delete user files, and destroy system fully via files bat

worm
It can do much, but not strongly malware Rat

So,Do you still think that Comodo V8 is safe to use >:-D

Have you run any tests on other firewalls? If not can you try against Outpost Firewall Pro or Emsisoft Online Armor Premium? I tried both in trials couple months ago while troubleshooting Comodo issues (they didn’t have the performances/bugs issues that current Comodo does). But not sure how much safe they are compared to Comodo. Thanks

sd_ahmad · January 17, 2015, 3:50pm

The default settings cis to allow communication for unknown app.
Comodo is very strong, but the default settings bad, as you can see in the test was to the default settings if I tested on the settings of the proactive Comodo easily tackling sample

Outpost Firewall Pro and Emsisoft Online Armor Premium Can not be comparable with CIS, If the test on the Comodo firewall will be tackling sample very easily because the firewall settings are different from the settings CIS.
Each of Outpost Firewall Pro, Emsisoft Online Armor Premium and CFW Can tackling samples in the test video.
This test prompt for CIS “default settings”

Citizen_K · January 18, 2015, 7:38pm

The default settings are an ongoing debate here at the forums. Advanced users think they are not tight enough. Hence why we advice to follow Chiron’s recommendations as described in his article How to Install Comodo Firewall.

jfcarbel · January 20, 2015, 7:51pm

Is there a way to get version 7 of Chiron install guide?

Also can someone confirm the MD5 hashes for v7 posted earlier as not sure if those are the 64bit ones or 32 bit.

oOeagleOo · January 22, 2015, 8:31pm

What about doing so when we install we get option to install as novice/Advanced user, and then the default settings will be different for those 2.

captainsticks · January 22, 2015, 8:53pm

Hi jfcarbel,
Try the following.

Kind regards.

sd_ahmad · January 22, 2015, 9:00pm

Give me some time, I’m going to test this soon

sd_ahmad · February 6, 2015, 7:55pm

I am sorry for the delay; I was waiting for the new version to test it, but I found out that there is no new between the previous and the new version

Comodo test proactive protection Malware Rat

In the test does not show any alert of the proactive mode, only Firewall Alert.
In this test have not tested to the default settings, but are like the default settings in previous version.

Worrisome in the video as follows:
When you allow malware act to connect once or twice at the most can upload files from the victim’s machine.
malware can also delete files in folders share
Also malware is able to browse the files without the knowledge of the victim.

lugo_58 · February 6, 2015, 8:06pm

SD Ahmad post:49:

I am sorry for the delay; I was waiting for the new version to test it, but I found out that there is no new between the previous and the new version

Comodo test proactive protection Malware Rat

- YouTube
In the test does not show any alert of the proactive mode, only Firewall Alert.
In this test have not tested to the default settings, but are like the default settings in previous version.

Worrisome in the video as follows:
When you allow malware act to connect once or twice at the most can upload files from the victim’s machine.
malware can also delete files in folders share
Serious video is as follows:
When you allow malware act to connect once or twice at the most can upload files from the victim’s machine.
malware can also delete files in folders share.
Also malware is able to browse the files without the knowledge of the victim.

Great test Ahmad :-TU

sd_ahmad · February 6, 2015, 8:38pm

I am glad you like it :azn:

Do you have an idea Why do not Sandbox blocked applications that require access to the mouse?

lugo_58 · February 6, 2015, 9:45pm

I am not used to use Internet Security Config. I alway use Proactive security config.
So, maybe it is a bug! or you allowed the connection so CIS totally allowed everything via this connection. I do not know actually.
If you have time test it with Proactive Config. No need to release here, test it and see yourself. I actually wonder the result.
We all know current default settings is not good. And you always tests CIS with ddeafult Test it in different ways.

sd_ahmad · February 7, 2015, 4:02am

The test was actually a proactive mode

[attachment deleted by admin]

lugo_58 · February 7, 2015, 1:31pm

I missed it then, there was no HIPS alert for maus and keyboard etc.
You can report it as bug In my opinion. This is a big issue for users who trust Proactive mode.

sd_ahmad · February 7, 2015, 2:09pm

Sandbox mode is working on proactive blocked access to the keyboard and the screen but do not block access to the mouse
Maybe the reason that there is no alerts HIPS if any application within the Sandbox
I think that the difference between the level of protection in the default settings and mode proactive, very little
Is it possible that the Sandbox on proactive mode hamper the work of HIPS

lugo_58 · February 7, 2015, 2:22pm

I cannot answer this now, I have no CIS on my PC. But HIPS must work under Sandbox, can you test a keylogger under Proactive mod?
Lets check the HIPS will alert or not under sandbox?

sd_ahmad · February 7, 2015, 2:25pm

I tested this in advance in the video, and the result was blocked access to the keyboard

lugo_58 · February 7, 2015, 2:41pm

Then we need a wish for maus access block Will you create a wish for it?

torx11 · February 10, 2015, 7:25am

Great work Ahmad, I saw your latest video on this issue and the results showed a very grim scene. The RAT at the very least should of never been able to view the files never mind delete them. I’m pretty sure limited sandbox would of blocked this type of action but Comodo seemed to removed that feature in place of total virtualization. Do you think there are any settings that could be modified to prevent this kind of malware access or it is best just to deny the request to connect to the internet?

Xeno · February 10, 2015, 1:35pm

Comodo is not safe until developers fix critical bugs in Heur Cmd-Line Analysis. For example, video with curious situation is attached.
Nice view… >:-D

[attachment deleted by admin]