Author Topic: Comodo 4.1 still fails with spyshelter leaktests  (Read 67331 times)

Offline lordraiden

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 921
Re: Comodo fails with the new spyshelter leaktests
« Reply #45 on: May 05, 2010, 01:26:06 PM »
Looks like you have a knack for mixing a good advice with such nonconstructive remarks.




It's called irony

Offline Cavehomme

  • Comodo's Hero
  • *****
  • Posts: 391
Re: Comodo fails with the new spyshelter leaktests
« Reply #46 on: May 05, 2010, 03:13:56 PM »
It's called irony

Do people in the "Testers group" talk with the developers? At least before 2008? 
It's called sarcasm    ;D

Offline lordraiden

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 921
Re: Comodo fails with the new spyshelter leaktests
« Reply #47 on: May 05, 2010, 04:20:06 PM »
Do people in the "Testers group" talk with the developers? At least before 2008? 
It's called sarcasm    ;D

You asked in the wrong way, the question is:
Do the developers talk with anybody else?

Offline Cavehomme

  • Comodo's Hero
  • *****
  • Posts: 391
Re: Comodo fails with the new spyshelter leaktests
« Reply #48 on: May 06, 2010, 03:12:53 AM »
You asked in the wrong way, the question is:
Do the developers talk with anybody else?

I see that Melih and others pop into these forums. Why can't they seize hold of these issues more visibly or seriously / quickly I wonder. I noticed that the "advanced servicehost handling" issue has been around for years and still nothing. It it is a huge issue if exploited.

When I used to visit Avast forums the developers were right in there, picking up hints and doing a damn fine job.

I like comodo but I worry about some aspects very seriously. I think they may run things on a shoestring and so become very stretched as they offer a wide range of features and products. They need to focus more on quality.

anyway, off my pulpit and back to work!

Offline burebista

  • Comodo's Hero
  • *****
  • Posts: 668
Re: Comodo fails with the new spyshelter leaktests
« Reply #49 on: May 16, 2010, 01:20:26 PM »
A new version of this test is out. CIS fails another couple of screenshot tests.
Endymion after doing what you say here sound is blocked but those Webcam settings has no effect on Seven x64, my ugly face is captured.  ;D
If it ain't broke... fix it until it is.

Offline lordraiden

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 921
Re: Comodo fails with the new spyshelter leaktests
« Reply #50 on: May 16, 2010, 02:33:44 PM »
New version 1.3 with many new methods: http://www.spyshelter.com/download/AntiTest.exe

Can anyody test it with comodo sandbox?

Thanks

Offline Ovidiu G.

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 260
  • The only real valuable thing is intuition-Einstein
    • Comodo Reviews in limba română
Re: Comodo fails with the new spyshelter leaktests
« Reply #51 on: May 16, 2010, 05:15:08 PM »
New version 1.3 with many new methods: http://www.spyshelter.com/download/AntiTest.exe

Can anyody test it with comodo sandbox?

Thanks

I have tested the new version on my computer:

1. the screenshots test (only test 4 a/b and 5 a/b) do not passed
2. the webcam test: on the first start, the webcam is working but only a picture is captured (like a photo). when I start a second time this test, no picture will be captured
3. the sound record test: the test ist running, but NO sound is recorded

I use Comodo Internet security v4 with the Sandbox enabled and the options "Automatically detect installers/updaters and run them outside the Sandbox" is uncheked. I have Windows 7 and Proactive Security Configuration.

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: Comodo fails with the new spyshelter leaktests
« Reply #52 on: May 16, 2010, 08:12:20 PM »
I am running Windows 7 x64. I'm using V4 set to proactive security with the Sandbox disabled.

1) I am vulnerable to all of the screenshot attempts!

2) I also fail the 'System Protection' test!

Can anyone else confirm this? As I said I'm running this without the Sandbox and I'm failing these tests.


Edit: It turns out I had rules already saved for the application. When I renamed it and ran the test I only fail two of the Screenshot tests. (4a/b and 5a/b)
« Last Edit: May 17, 2010, 12:28:12 PM by Chiron »

Offline fOrTy_7

  • Comodo's Hero
  • *****
  • Posts: 594
Re: Comodo fails with the new spyshelter leaktests
« Reply #53 on: May 17, 2010, 04:37:37 AM »
I am running Windows 7 x64. I'm using V4 set to proactive security with the Sandbox disabled.

1) I am vulnerable to all of the screenshot attempts!

2) I also fail the 'System Protection' test!

Can anyone else confirm this? As I said I'm running this without the Sandbox and I'm failing these tests.

I have the same results as galea.ovidiu. With the Sandbox disabled CIS fails these tests: capturing screenshot method 4a, 4b, 5a and 5b; sound recording; webcam.  CIS is set to use Proactive Security configuration.
« Last Edit: May 17, 2010, 04:40:29 AM by fOrTy_7 »

Offline Cavehomme

  • Comodo's Hero
  • *****
  • Posts: 391
Re: Comodo fails with the new spyshelter leaktests
« Reply #54 on: May 17, 2010, 05:05:09 AM »
I am running Windows 7 x64. I'm using V4 set to proactive security with the Sandbox disabled.

1) I am vulnerable to all of the screenshot attempts!

2) I also fail the 'System Protection' test!

Can anyone else confirm this? As I said I'm running this without the Sandbox and I'm failing these tests.

I can confirm that it fails if I have Defense+ setting on clean PC or below. On Safe mode an alert kicks in whether to allow explorer.exe to execute antitest.exe and thereafter if you choose to block, it blocks OK.

But remember to rename the .exe to something like antitest2.exe because CIS will remember what it did to last .exe so important to rename before next test.

The problem that I see is that rather than default settings the high security settings are needed to stop this stuff and most people will use default. This is a serious design and implementation matter for the CIS Team. I really think that they need to increase the size of the whitelist, perhaps working with another company or whatever, and then have the sandbox really deny complete access unless the user chooses otherwise.

But even then, it is not a sandbox like sandboxie which allow exe to run without these kinds of problems, so perhaps it needs a fundamental review of sandobxing in CIS or Melih getting his cheque book out and buying sandboxie before someone else does    :-\

Offline Camille Case

  • Comodo Loves me
  • ****
  • Posts: 173
Re: Comodo fails with the new spyshelter leaktests
« Reply #55 on: May 17, 2010, 05:40:20 AM »
I have the same results as galea.ovidiu. With the Sandbox disabled CIS fails these tests : capturing screenshot method 4a, 4b, 5a and 5b; sound recording; webcam.  CIS is set to use Proactive Security configuration.

Hi,

same results here with Windows XP SP3 - CIS : Proactive Security - Firewall : Custom policy - D+ : Paranoïd - Sandbox : Disabled - AV : on access.

Offline Endymion

  • Comodo's Hero
  • *****
  • Posts: 1360
  • Reality is subordinate to perception.
    • Faces -The Madman (Kahlil Gibran, 1918)
Re: Comodo fails with the new spyshelter leaktests
« Reply #56 on: May 17, 2010, 08:25:44 AM »
A new version of this test is out. CIS fails another couple of screenshot tests.
Endymion after doing what you say here sound is blocked but those Webcam settings has no effect on Seven x64, my ugly face is captured.  ;D

Can you post also a screenshoot  of such Webcam "Device instance id" (eventually removing vendor numerical id) ?

It would be possible to confirm it using device manager just like for other devices:


Please mention also if you tested such custom webcam setting after disabling the sandbox.
« Last Edit: May 17, 2010, 08:48:57 AM by Endymion »
I have learnt silence from the talkative, toleration from the intolerant, and kindness from the unkind; yet strange, I am ungrateful to these teachers.
Kahlil Gibran (1883 - 1931)

Offline burebista

  • Comodo's Hero
  • *****
  • Posts: 668
Re: Comodo fails with the new spyshelter leaktests
« Reply #57 on: May 17, 2010, 08:43:52 AM »
Can you post also a screenshoot  of such Webcam "Device instance id"?
Sure, in a couple of hours. I'm at work now. :)

Please mention also if you tested such custom webcam setting after disabling the sandbox.
Yep, tested with and without Sandbox enabled. Same bypass.
If it ain't broke... fix it until it is.

Offline burebista

  • Comodo's Hero
  • *****
  • Posts: 668
Re: Comodo fails with the new spyshelter leaktests
« Reply #58 on: May 17, 2010, 12:14:46 PM »
Sorry, I don't have that Property.
That from attachment is good enough?

[attachment deleted by admin]
If it ain't broke... fix it until it is.

Offline Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11951
Re: Comodo fails with the new spyshelter leaktests
« Reply #59 on: May 17, 2010, 12:27:11 PM »
But remember to rename the .exe to something like antitest2.exe because CIS will remember what it did to last .exe so important to rename before next test.
Yep, you were right. I renamed the test and got the results that it fails Screenshot tests 4a/b and 5a/b.

I can't test the webcam or sound record tests as I don't have either of these.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek