Author Topic: CIA: "Comodo is a giant PITA."  (Read 6545 times)

Offline Sartre

  • Comodo Family Member
  • ***
  • Posts: 78
CIA: "Comodo is a giant PITA."
« on: March 07, 2017, 08:47:30 AM »
From the latest WikiLeaks:

Quote
Comodo is a giant PITA.  It can and will catch and show your entire chain of execution and a great deal of your file I/O.  If you drop and run, it will show where you drop, what you run, and what you run runs.  Yeah, its that bad.

However...

There is a magical place that for some reason Comodo likes to ignore.  The Recycle Bin.  You know, that folder of stuff users have deleted?  Stuff that probably has no business executing at all, let along dropping and running other code?  Yeah – they like to ignore initial execution out of that bad boy.

So, if Comodo is being a pain (i.e., working as intended), try throwing your binaries into C:\$Recycle.Bin (Win Vista/7/8) or C:\RECYCLER (XP).  You don't even have to throw it into any of the actual user's recycle bin folders (the ones with the ginormously long SIDs as folder names), just in the root of the recycle bin itself is fine.

Please note that this is only a partial defeat.  It may let you get away with initial execution, but other things you do once running could still get caught.  Comodo is annoying like that.  Test, test, retest, and may the force be with you.

 :o


Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5127
Re: CIA: "Comodo is a giant PITA."
« Reply #1 on: March 07, 2017, 09:48:44 AM »
From the latest WikiLeaks:

 :o



Mind linking the source of this quote? Although this statement is false because the sandbox has a rule that blocks execution of executables that are located in the "suspicious locations" file group which contains the recycle bin path.


Offline liosant

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1517
  • GOD cure me epilepsy and atrophy - Sou brasileiro!
Re: CIA: "Comodo is a giant PITA."
« Reply #3 on: March 07, 2017, 09:58:44 AM »
The CIA does not need a flaw to monitor the world; 88)
Sorry for the joke!

The sandbox blocks "recyclebin", but the folder is in the exceptions of the antivirus and depending on the execution mode of the malicious file can perform part of the tasks for which it was assigned >:-D

Offline Ronny

  • Retired - Product Translator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 13551
  • Retired - Volunteer Moderator
Re: CIA: "Comodo is a giant PITA."
« Reply #4 on: March 07, 2017, 11:34:48 AM »
And in an other one

Quote
Comodo's user base, paranoid bastards that they are, has apparently caught wind of this and
Retired - Volunteer Moderator
Any concerns? Please send me a PM or review the Forum Policy -  update Jan 3rd 2013!

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5127
Re: CIA: "Comodo is a giant PITA."
« Reply #5 on: March 07, 2017, 12:11:51 PM »
The CIA does not need a flaw to monitor the world; 88)
Sorry for the joke!

The sandbox blocks "recyclebin", but the folder is in the exceptions of the antivirus and depending on the execution mode of the malicious file can perform part of the tasks for which it was assigned >:-D
The AV exclusion of the recycle bin is just that, an exclusion to prevent the av from scanning and thus detecting files in the recycle bin, if said files attempt to get executed then depending on how CIS is configured, you will get a HIPS alert warning for execution or sandbox automatically blocks the execution due to mentioned sandbox rule.


And in an other one


to finish that quote:
Quote
lots of them haven't upgraded to 6.X.  Kind of a shame, cuz this is a hole you could drive a very large wheeled freight carrying vehicle through.  However, if you're lucky enough to be going against a target running 6.X, have fun!

Sounds like both documents about comodo are talking about version 6 which means none of that is relevant for version 10.

Offline qmarius

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 3843
  • making simple things complicated
Re: CIA: "Comodo is a giant PITA."
« Reply #6 on: March 07, 2017, 12:27:13 PM »
Not worth reading.

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14676
    • Video Blog
Re: CIA: "Comodo is a giant PITA."
« Reply #7 on: March 07, 2017, 12:27:51 PM »
is this CIA calling Comodo's security

PITA
Annoying
Pain
colossal pain in the posterior.
?

and with a very old version ...ver 6...they are saying its only a "partial defeat"?
« Last Edit: March 07, 2017, 01:19:09 PM by Melih »

Offline morphiusz

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3082
    • Suspicious file?
Re: CIA: "Comodo is a giant PITA."
« Reply #8 on: March 07, 2017, 02:18:45 PM »
Excluded recycle bin from AV scanning is not a big deal since we have default sandbox rule to block any execution from this location.
Although, I've requested removing it from exclusions back in 2013 with CIS version 7.0 alpha (Bugzilla=694). It was the time ZeroAccess rootkit placing its files in the recycle bin.

Further read:

Quote
Comodo, as you may know, is a colossal pain in the posterior.  It literally catches everything until you tell it not to, including standard windows services (say what?!?).

...at least, that's what happens on Comodo 5.X.  In 6.X, Comodo apparently decided that catching things that were part of windows was a Bad Thing(tm).  Their "fix" was... kinda lame

Anything running as SYSTEM is automatically legit under 6.X.  ANYTHING.  Let that sink in.  Got a kernel level exploit?  Good, because you can drop the kitchen sink and the contents of your garage and as long as you continue to run as SYSTEM you are golden.  Yeah.

Needless to say, Comodo 6.X doesn't catch nearly as much stuff.  Comodo's user base, paranoid bastards that they are, has apparently caught wind of this and lots of them haven't upgraded to 6.X.  Kind of a shame, cuz this is a hole you could drive a very large wheeled freight carrying vehicle through.  However, if you're lucky enough to be going against a target running 6.X, have fun!
« Last Edit: March 07, 2017, 02:47:23 PM by morphiusz »

Offline 3941

  • Newbie
  • *
  • Posts: 17
Re: CIA: "Comodo is a giant PITA."
« Reply #9 on: March 07, 2017, 02:38:55 PM »
If any of these holes are still relevant, please fix.
Love the flattery though. It's a pain in the ass, and we're paranoid bastards. Why thank you, CIA! I love you too!

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14676
    • Video Blog
Re: CIA: "Comodo is a giant PITA."
« Reply #10 on: March 07, 2017, 03:04:41 PM »
If any of these holes are still relevant, please fix.
Love the flattery though. It's a pain in the ass, and we're paranoid bastards. Why thank you, CIA! I love you too!

none of these exist in latest version...they were never full holes as they admit......"Please note that this is only a partial defeat."

Comodo is the only Antivirus company that received such flattery from CIA!

Offline 3941

  • Newbie
  • *
  • Posts: 17
Re: CIA: "Comodo is a giant PITA."
« Reply #11 on: March 07, 2017, 03:10:51 PM »
none of these exist in latest version...they were never full holes as they admit......"Please note that this is only a partial defeat."

Comodo is the only Antivirus company that received such flattery from CIA!

That's great to hear, thank you!

I'd love to read about all the others, but most of the details on security software in the leak are missing and marked as "SECRET". Also parts on Comodo.
« Last Edit: March 07, 2017, 03:51:02 PM by 3941 »

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14676
    • Video Blog
Re: CIA: "Comodo is a giant PITA."
« Reply #12 on: March 07, 2017, 03:29:32 PM »
That's great to hear, thank you!

I'd love to read about all the others, but most of the details on security software in the leak are missing and marked as "SECRET". Also parts on Comodo.

https://wikileaks.org/ciav7p1/cms/page_2064514.html


Offline L Holden

  • Newbie
  • *
  • Posts: 5
Re: CIA: "Comodo is a giant PITA."
« Reply #14 on: March 07, 2017, 04:31:13 PM »
Quote from: Melih
none of these exist in latest version...they were never full holes as they admit......"Please note that this is only a partial defeat."

Comodo is the only Antivirus company that received such flattery from CIA!

Is that including the "run as system" vulnerability? The other one (recycle bin) I laughed at but this one definitely made me go "wait what?".

But there is also this list: https://wikileaks.org/ciav7p1/cms/page_13762910.html

That page is mostly secret/redacted. I'm assuming it won't stay that way but for now all we can do is speculate.

Honestly, these leaks have been the most interesting leaks for me in a long time. I'm learning all kinds of fun stuff pouring through these documents.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek