Author Topic: Comodo 4.1 still fails with spyshelter leaktests  (Read 66896 times)

Offline andyman35

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1579
Re: Comodo 4.1 still fails with spyshelter leaktests
« Reply #105 on: July 25, 2010, 07:15:35 PM »
No...
and when you ignore... BTW. since when Comodo started to flag tests as a malware, CLT is also malware?

On that point I agree,it's a cop-out to classify these tests as malware since they're clearly not!

Offline w4ke

  • Comodo Member
  • **
  • Posts: 38
Re: Comodo 4.1 still fails with spyshelter leaktests
« Reply #106 on: July 25, 2010, 07:36:53 PM »
clt simulate malware activities it does not make any real damage...

Offline Bad Frogger

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1511
Re: Comodo 4.1 still fails with spyshelter leaktests
« Reply #107 on: July 25, 2010, 08:09:53 PM »
3 more shots, of new alerts. Just for consumption.
Nothing to do with Sandbox, it is disabled.

AV = Stateful
Firewall = Safe
D+  = Safe
Sandbox = Disabled
Configuration = Proactive
 - None of the new upcoming goodies are active yet.

I agree they should probably change the wording in some alerts.
And as andyman35 said
they're by nature artificially introduced and not necessarily representative of real-world scenarios.

So if you decide to ignore the warnings, and just block specific action X,
and keep going back into the Test apps window and clicking buttons,
you will indeed make a recording and a few screen grabs.
Doesn't this departure from reality sink in for many?

Does Comodo have to have someone with a ruler standing by to rap knuckles,
when people ignore the warnings and insist to Run rather than Close or Terminate and Block?

As I would suspect any noob confronted with multiple serious warnings "out of the blue" ,
would/should opt to Clean/Quarantine.
Or failing that choose to Block and at least Close/Exit the App causing the Alerts?

Just thinkin >:-D





[attachment deleted by admin]
CIS    Firefox  NoScript  Please remember to follow The Forum Policy.

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2162
Re: Comodo 4.1 still fails with spyshelter leaktests
« Reply #108 on: July 26, 2010, 02:19:21 PM »
Quote
So in your opinion defense plus is useless because the ways to capture the screen, capture the keystrokes... are infinite,
of course not, I think some things are more important right now like maybe bug fixes.  It can always be improved later on.  Also some elements are more important then others like (for example) keystroke recording is more important then a webcam capture. If someone thinks webcam recording is very important, they would have put a cover on it or a black tape over it when not needed. If the problem is someone coming to the computer to get the recorded keystorkes then building security is the issue

The computer users will always be the weakest link

Quote
On that point I agree,it's a cop-out to classify these tests as malware since they're clearly not!
When these tests start recording your online banking activity's then it's malware and it should be flagged.  Those test are like pre-malware, If AV Companys started flagging stuff like that, you'd have one insanely bloated database.  

****edited it to add one more thing******
I don't know if I'm the only that though of this, but Let's say their is a keylogger in there, a good question would be how did it get there?????  
Senerio 1) maybe someone personally put it on the computer (You can't stop people from getting tricked into it or try to stop someone that's willing to go through great lengths to do something their not supposed to be doing.
or
Senerio 2) maybe online somewhere (if it came from online, how did it get from online to the computer and installed??

That's why current AV's in general are starting to change tactics to stuff like behavior blockers and hips (as an example)


« Last Edit: July 26, 2010, 06:13:43 PM by jay2007tech »
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline ailef

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 946
Re: Comodo 4.1 still fails with spyshelter leaktests
« Reply #109 on: July 26, 2010, 06:32:14 PM »
i just tried the last antiTest.exe 1.3 and got not even one alert when i run the exe and when i run all the tests with defense+ set to paranoid mode and checking all executables files in agressive mode.
windows 7 64-bit with comodo 4.1 build 920
how comes i got no alert when i start antitest.exe ? ???
Windows 8.1 Enterprise 64bit

Security programs installed : Comodo FW 12.0.0.6810

Offline ailef

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 946
Re: Comodo 4.1 still fails with spyshelter leaktests
« Reply #110 on: July 26, 2010, 06:58:18 PM »
i reinstalled comodo 3.14 587 and all alerts are back...
there's something strange happening here with comodo 4.1

i'm able to block all attacks with 3.14 except screenshots and clipboard monitoring, certainly cause of some dlls i have to allow to run the test.
« Last Edit: July 26, 2010, 07:33:15 PM by ailef »
Windows 8.1 Enterprise 64bit

Security programs installed : Comodo FW 12.0.0.6810

Offline salmonela

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 637
  • COMODO Volunteer DEModerator
Re: Comodo 4.1 still fails with spyshelter leaktests
« Reply #111 on: July 26, 2010, 08:40:16 PM »
...
windows 7 64-bit with comodo 4.1 build 920
how comes i got no alert when i start antitest.exe ? ???

I can only guess what is main reason behind lacking some of CIS API protection on 64bits systems:
http://en.wikipedia.org/wiki/Kernel_Patch_Protection

I guess older version of CIS uses ring3 or user mode hooks for protection on 64bits systems, and never builds do not (since Vista SP1 MS started to support some of API to be protected from ring0 or kernel) or your installation is faulty or build is buggy, anyway I cant confirm because my hardware lacking 64bits support

If first, Comodo crew should notify users
« Last Edit: July 26, 2010, 10:10:25 PM by salmonela »
Bad English, I know...
Thanks
PLEASE DO NOT REPLY DUMB QUESTIONS/ANSWERS

Offline nizarawi

  • Malware Research Group
  • Newbie
  • *****
  • Posts: 24
Re: Comodo 4.1 still fails with spyshelter leaktests
« Reply #112 on: July 27, 2010, 06:51:31 AM »
Bad comodo   :-TD

no improvement for 1 year

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2162
Re: Comodo 4.1 still fails with spyshelter leaktests
« Reply #113 on: July 27, 2010, 11:14:58 AM »
Quote
i just tried the last antiTest.exe 1.3 and got not even one alert when i run the exe and when i run all the tests with defense+ set to paranoid mode and checking all executables files in agressive mode.
windows 7 64-bit with comodo 4.1 build 920
Now thats intreasting
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline Sammo

  • Comodo's Hero
  • *****
  • Posts: 213
Re: Comodo 4.1 still fails with spyshelter leaktests
« Reply #114 on: July 30, 2010, 03:43:58 PM »
SpyShelter free was updated today to version 4.50  :)

Offline DARREN1972.

  • Comodo's Hero
  • *****
  • Posts: 389
  • Comodo Internet Security.Never Shaken NeverStirred
Re: Comodo 4.1 still fails with spyshelter leaktests
« Reply #115 on: August 03, 2010, 08:50:20 PM »
 !ot!hi.maybe comodo could perhaps incorparate some form of vulnerability scan in their suite.i see kaspersky has this feature in their suite.or perhaps something like the secunia product.all the best. :P0l
cisv5.3
malwarebytes anti-malware.
superantispyware.
sandboxie.
win patrol.
Hitman Pro.
Eset online scanner.
Trend Micro Housecall.

Windows7 Home Premium. 64-Bit.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek