Author Topic: Comodo 4.1 still fails with spyshelter leaktests  (Read 66771 times)

Offline languy99

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3981
Re: Comodo fails with the new spyshelter leaktests
« Reply #60 on: May 17, 2010, 12:43:09 PM »
It fails the following; camera capture, screen capture 4a/b 5a/b and mic capture.

just as a side note I ran this test against KIS 2010 and it failed everything.
http://www.youtube.com/languy99

Software Reviews for all.

Follow me on Twitter http://twitter.com/#!/languy99

Offline Endymion

  • Comodo's Hero
  • *****
  • Posts: 1360
  • Reality is subordinate to perception.
    • Faces -The Madman (Kahlil Gibran, 1918)
Re: Comodo fails with the new spyshelter leaktests
« Reply #61 on: May 17, 2010, 01:12:06 PM »
Sorry, I don't have that Property.
That from attachment is good enough?

Thanks. Guess that hardware id will do as well.
AFAIK the Webcam custom setting was meant for such types of devices ids (\Device\Usb#Vid*)  :(

Hopefully some other member will come with an alternative custom setting (in case device naming conventions changed on more recent windows releases)
« Last Edit: May 17, 2010, 01:37:52 PM by Endymion »
I have learnt silence from the talkative, toleration from the intolerant, and kindness from the unkind; yet strange, I am ungrateful to these teachers.
Kahlil Gibran (1883 - 1931)

Offline Luc[y]

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 671
Re: Comodo fails with the new spyshelter leaktests
« Reply #62 on: May 19, 2010, 10:22:29 AM »

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2153
Re: Comodo fails with the new spyshelter leaktests
« Reply #63 on: May 19, 2010, 02:53:56 PM »
Quote
Sound Record: FAIL
As much as I love to tweak things on my computer, some of the tests I feel are pointless, Do any of you people really care about about the Sound Record TEST???  As for the webcam, just do what my friend does if your that concerned, rip out a tiny piece of paper and get a piece of tape to cover the web cam.  

Here's a more realistic test for a corporate environment (I forgot where I got this from)
Quote
How to defeat hardware loggers, the best part (it doesn't cost anything and doesn't need to modify any software to pass this test)

    This is an example of a very simple way to defeat inline, hardware-based keystroke loggers, like the kind that go inbetween your computer and the keyboard.

    They work by storing anything you type (64,000 characters or more) in their internal memory for retrieval later.  They require no software to operate and are not detectable without a physical search of your computer.

    Their simplicity is also their downfall.  The Key Katcher draws its power from the +5 VDC line on computer's internal keyboard port.  This is usually PIN 4 on the PS/2-style (mini-DIN) keyboard connector.  By disabling the keyboard's +5 VDC power line internally within the computer, anything connected to the keyboard port will not receive any power, including any Key Katchers (or any keyboards).

    To power the keyboard you just need to run an external +5 VDC power line, or you can even use batteries within the keyboard.
Here's a picture if it helps



[attachment deleted by admin]
« Last Edit: May 19, 2010, 02:55:37 PM by jay2007tech »
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline darcjrt

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 466
Re: Comodo fails with the new spyshelter leaktests
« Reply #64 on: May 19, 2010, 03:12:32 PM »
http://www.testmypcsecurity.com/securitytests/all_tests.html
Anyone can try all of theses tests?

I tested the advanced process terminator included in the all_tests.zip file. Comodo failed Kill #10
which uses WinStationTerminateProces(requires terminal services). I think Comodo should take a look at this. At least cpf.exe was terminated. I did not test if it continue protecting. I will upload a video later on.

http://www.youtube.com/watch?v=xdcWoh8h9n0
« Last Edit: May 19, 2010, 03:28:56 PM by darcjrt »
Best Regards,

J

Offline languy99

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3981
Re: Comodo fails with the new spyshelter leaktests
« Reply #65 on: May 19, 2010, 03:32:56 PM »
I tested the advanced process terminator included in the all_tests.zip file. Comodo failed Kill #10
which uses WinStationTerminateProces(requires terminal services). I think Comodo should take a look at this. At least cpf.exe was terminated. I did not test if it continue protecting. I will upload a video later on.

http://www.youtube.com/watch?v=xdcWoh8h9n0

it might have killed just the tray/UI, but importantly was it able to kill cmdagent.exe? That is the protection part of comodo.
http://www.youtube.com/languy99

Software Reviews for all.

Follow me on Twitter http://twitter.com/#!/languy99

Offline darcjrt

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 466
Re: Comodo fails with the new spyshelter leaktests
« Reply #66 on: May 19, 2010, 03:47:51 PM »
it might have killed just the tray/UI, but importantly was it able to kill cmdagent.exe? That is the protection part of comodo.

It was only the cpf.exe so I guess it was only the GUI part of CIS that was terminated.
 (V)
Best Regards,

J

Offline languy99

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3981
Re: Comodo fails with the new spyshelter leaktests
« Reply #67 on: May 19, 2010, 04:11:44 PM »
It was only the cpf.exe so I guess it was only the GUI part of CIS that was terminated.
 (V)

good to hear, so in reality it did not kill comodo, it was still working you just would not get any warnings or pop ups, it would automatically block everything that it would normally ask you about.  (:KWL)
http://www.youtube.com/languy99

Software Reviews for all.

Follow me on Twitter http://twitter.com/#!/languy99

Offline LaserWraith

  • pillow fighting fool
  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 4590
  • I'm going to go out with a bang
Re: Comodo fails with the new spyshelter leaktests
« Reply #68 on: May 19, 2010, 04:15:03 PM »
good to hear, so in reality it did not kill comodo, it was still working you just would not get any warnings or pop ups, it would automatically block everything that it would normally ask you about.  (:KWL)

Only if this is enabled, right?



[attachment deleted by admin]

Offline fOrTy_7

  • Comodo's Hero
  • *****
  • Posts: 593
Re: Comodo fails with the new spyshelter leaktests
« Reply #69 on: May 19, 2010, 04:30:14 PM »
it might have killed just the tray/UI, but importantly was it able to kill cmdagent.exe? That is the protection part of comodo.

All CIS proccesses are protected by Defense+, so if cfp.exe was killed then most likely cmdagent.exe would have been killed as well.

[attachment deleted by admin]

Offline languy99

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3981
Re: Comodo fails with the new spyshelter leaktests
« Reply #70 on: May 19, 2010, 04:33:14 PM »
Only if this is enabled, right?



nope, that is concerning applications that you run on the system, not CIS it's self.
http://www.youtube.com/languy99

Software Reviews for all.

Follow me on Twitter http://twitter.com/#!/languy99

Offline languy99

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3981
Re: Comodo fails with the new spyshelter leaktests
« Reply #71 on: May 19, 2010, 04:36:27 PM »
All CIS proccesses are protected by Defense+, so if cfp.exe was killed then most likely cmdagent.exe would have been killed as well.

nope, because cmdagent is part of the kernel driver and you can't kill it. I can make cfp.exe crash and I will still be protected. The only way to kill cmdagent is to try to unhook the kernel driver which would be impossible do do it without a reboot, once the system is running disabling drivers is next to impossible.
http://www.youtube.com/languy99

Software Reviews for all.

Follow me on Twitter http://twitter.com/#!/languy99

Offline darcjrt

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 466
Re: Comodo fails with the new spyshelter leaktests
« Reply #72 on: May 19, 2010, 06:52:04 PM »
nope, because cmdagent is part of the kernel driver and you can't kill it. I can make cfp.exe crash and I will still be protected. The only way to kill cmdagent is to try to unhook the kernel driver which would be impossible do do it without a reboot, once the system is running disabling drivers is next to impossible.

I totally understand but I have a question. How do you get D+ popups or av notifications if cpf.exe crashes?? Dows cmdagent is the one that handles those? if it is like that then we have nothing to worry about!
Best Regards,

J

Offline languy99

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3981
Re: Comodo fails with the new spyshelter leaktests
« Reply #73 on: May 19, 2010, 07:00:45 PM »
I totally understand but I have a question. How do you get D+ popups or av notifications if cpf.exe crashes?? Dows cmdagent is the one that handles those? if it is like that then we have nothing to worry about!

you don't get any warnings, if cpf.exe crashes comodo automatically denies everything. That is why it is called default deny protection. Just like if you leave the computer running and you get a popup, if after a while it does not get answered, it just gets denied for safety.
http://www.youtube.com/languy99

Software Reviews for all.

Follow me on Twitter http://twitter.com/#!/languy99

Offline darcjrt

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 466
Re: Comodo fails with the new spyshelter leaktests
« Reply #74 on: May 19, 2010, 08:20:47 PM »
DDP!! Excellent!! Thanks!
Best Regards,

J

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek