Author Topic: Kiosk Vulnerable to Simple Simple LeakTest  (Read 20528 times)

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: Kiosk Vulnerable to Simple Simple LeakTest
« Reply #30 on: February 14, 2013, 09:44:02 PM »
How legitimate is this test file.?..
Is the firewall faulty in general or just in the virtual environment.?
To be honest isnt that what generally constitutes a true virtual environment?..Nothing can get in even the security program.?
Even if that is the case this is still a vulnerability. Something, regardless of what it is, needs to be able to stop malware from sending anything it is able to log back to its creators. For reference, please see the topic  here, which shows that it's possible for an application sitting in the FV environment to log keystrokes from the actual computer.

Coupled with this vulnerability, which allows data to be leaked past the Firewall component, I believe this definitely warrants our concern.
« Last Edit: February 14, 2013, 10:57:41 PM by Chiron »

Offline Dch48

  • Comodo's Hero
  • *****
  • Posts: 2547
Re: Kiosk Vulnerable to Simple Simple LeakTest
« Reply #31 on: February 14, 2013, 11:59:54 PM »
Even if that is the case this is still a vulnerability. Something, regardless of what it is, needs to be able to stop malware from sending anything it is able to log back to its creators. For reference, please see the topic  here, which shows that it's possible for an application sitting in the FV environment to log keystrokes from the actual computer.

Coupled with this vulnerability, which allows data to be leaked past the Firewall component, I believe this definitely warrants our concern.
I just ran the AKLT keylogging test in the Comodo sandbox and it did record every keypress from outside the sandbox.  Running it outside the sandbox and with the BB set to restricted, it captures nothing. With the BB set to Fully Virtualized, it once again captures every keypress. It's almost like CIS is treating things in the sandbox as if they were trusted. This is troubling.

[attachment deleted by admin]
« Last Edit: February 15, 2013, 12:21:01 AM by Dch48 »
Avatar FX6327X Desktop
AMD FX-6300 6 core CPU
Sapphire R9-270X GPU
Windows 8.1 64 bit, IE11 & Outlook 2007
Comodo Internet Security 7.0 full package, MBAM on Demand

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek