Author Topic: COMODO Internet Security 8.0.0.4337 is released!  (Read 50140 times)

Offline RandomPerson1000

  • Comodo Loves me
  • ****
  • Posts: 191
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #45 on: November 18, 2014, 06:09:05 AM »
Why final version was released with that serious bug not fixed?
Why we had no RC version?
Why does Comodo always rush?  >:(
 :-TD

It seems that they're trying hard to lose credibility.

Offline soroush1985

  • Newbie
  • *
  • Posts: 9
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #46 on: November 18, 2014, 07:35:02 AM »
It seems that they're trying hard to lose credibility.

 :-TU :-TU

Offline Sanya IV Litvyak

  • Comodo's Hero
  • *****
  • Posts: 4214
  • Lurking
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #47 on: November 18, 2014, 07:48:10 AM »
Is this bug present in v. 7.0.3 as well?

The features that the bug is relevant for isn't available in CIS 7.0.3 so no the bug isn't there because the feature wasn't there in the first place. ;)

The issue comes from the fact that in CIS 8 they changed the way how the sandboxing rules work, by default in the Internet Security config it won't block all unknown files, it will however block all unknown files downloaded from the internet, however it detects that it was downloaded from the internet by checking the alternate streams or what they are called, the issue is that if you download an archive, that archive will look like it comes from the internet, however when you extract the files the file will not have the streams that say they come from the internet, so there isn't a relevant rule for CIS to sandbox the file, this isn't really a bug in my personal opinion, but an issue with the fact that archivers don't attach the streams to the files, the sad result is a lowered security. I don't really see how Comodo could get past this without switching back to sandboxing all unknown files again.
The issue isn't present in CIS 7 because it doesn't look for if the file was downloaded from the internet or anything like that, it just outright sandboxes it if it's unknown.

Worth noting is that Proactive security config doesn't have this issue because it is set up to sandbox all unknown files regardless of where they are or where they come from, so my personal recommendation is switching to the Proactive security config because of the increased security, as it stands now, CIS defaults does not give an adequate protection against malware downloaded and exported from archives.

The above is what I've been able to gather on the subject, I may of course be wrong.
I support privacy and freedom online - eff.org

Offline ............

  • Comodo Member
  • **
  • Posts: 29
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #48 on: November 18, 2014, 08:00:59 AM »
The features that the bug is relevant for isn't available in CIS 7.0.3 so no the bug isn't there because the feature wasn't there in the first place. ;)

The issue comes from the fact that in CIS 8 they changed the way how the sandboxing rules work, by default in the Internet Security config it won't block all unknown files, it will however block all unknown files downloaded from the internet, however it detects that it was downloaded from the internet by checking the alternate streams or what they are called, the issue is that if you download an archive, that archive will look like it comes from the internet, however when you extract the files the file will not have the streams that say they come from the internet, so there isn't a relevant rule for CIS to sandbox the file, this isn't really a bug in my personal opinion, but an issue with the fact that archivers don't attach the streams to the files, the sad result is a lowered security. I don't really see how Comodo could get past this without switching back to sandboxing all unknown files again.
The issue isn't present in CIS 7 because it doesn't look for if the file was downloaded from the internet or anything like that, it just outright sandboxes it if it's unknown.

Worth noting is that Proactive security config doesn't have this issue because it is set up to sandbox all unknown files regardless of where they are or where they come from, so my personal recommendation is switching to the Proactive security config because of the increased security, as it stands now, CIS defaults does not give an adequate protection against malware downloaded and exported from archives.

The above is what I've been able to gather on the subject, I may of course be wrong.

I hope you're right. Thank you very much!  :-TU

Offline ............

  • Comodo Member
  • **
  • Posts: 29
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #49 on: November 18, 2014, 08:13:29 AM »
Maybe they are all auto-submitted when scanned?

Offline malware1

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 3266
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #50 on: November 18, 2014, 08:18:44 AM »
Maybe they are all auto-submitted when scanned?
I didn't scan them, I use Comodo Firewall. The file I sent is still not present in the DB (http://file-intelligence.comodo.com/) after a day.

Offline lyn

  • Comodo's Hero
  • *****
  • Posts: 305
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #51 on: November 18, 2014, 08:50:21 AM »
Opening GUI totally unresponsive. Cavwp.exe high cpu in short a slow computer experience! Win 7 home 64 bit clean install of cis8 now going back to 7 Ps Forgot to say 10hrs Full scan???

[attachment deleted by admin]
« Last Edit: November 18, 2014, 08:54:58 AM by lyn »

Offline slickr

  • Comodo Family Member
  • ***
  • Posts: 56
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #52 on: November 18, 2014, 08:55:44 AM »
Is it using 60% all the time? Every AV out there occasionally uses high CPU resources in order to scan a file and check if its safe or not.

As long as it only lasts few seconds I don't see what the problem is, CPU's are there to be used and unless its running at 100% it won't actually cause slowdowns to your system.

I tested the beta version, I find this new Comodo 8 to be basically version 7 with LESS security. The new policy based sandbox is actually weaker and less secure, since at default settings it only sandboxes unknown files downloaded from the internet. This means if you put a CD or usb or download archived file from internet and extract unknown files it won't automatically sandbox them. This wouldn't be such a big issue if their database was good, but Comodo misses most new viruses and their proactive protection is not capable of properly analyzing if a file is malicious or not.
« Last Edit: November 18, 2014, 08:58:59 AM by slickr »

Offline lyn

  • Comodo's Hero
  • *****
  • Posts: 305
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #53 on: November 18, 2014, 09:08:03 AM »
Cpu spikes every 5 seconds. The opening of the gui can take as long as a minute! The task bar icon can be blanked out as well on occasions. You say 8 is not as secure how does it compare to 7 when both are set as proactive? I'll give another go at installing 8 fresh.

Offline yro

  • Comodo's Hero
  • *****
  • Posts: 667
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #54 on: November 18, 2014, 09:49:05 AM »
There is a bug with archives. When you unpack the files they lose their zone ids which CIS uses to determine how to sandbox them. A bug has been reported
https://forums.comodo.com/format-verified-issue-reports-cis/downloaded-compressed-file-not-sandboxed-after-unzipping-and-running-m1209-t106887.0.html

well, I did the test. i downloaded the malwares pack and did the scan. after that i double clicked one by one. CIS 8 final blocked them all. so what does it means?

ps.: I did it on my production machine (no life no game).
Sorry about my english.. :P

Offline yro

  • Comodo's Hero
  • *****
  • Posts: 667
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #55 on: November 18, 2014, 09:54:23 AM »
Opening GUI totally unresponsive. Cavwp.exe high cpu in short a slow computer experience! Win 7 home 64 bit clean install of cis8 now going back to 7 Ps Forgot to say 10hrs Full scan???

lyn it seems to be a problem on your installation. try to unninstall cis 8, reboot the computer, clean all with ccleaner, reboot again, go into your profile folder and delet the comodo folder that you will find somewhere there, then install cis 8. cancel the automatic update, download the bases updated file and import it. reboot your computer and now let cis do the automatic update and the automatic first scan. now post your feelings for us, please?
Sorry about my english.. :P

Offline morphiusz

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3082
    • Suspicious file?
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #56 on: November 18, 2014, 09:55:10 AM »
well, I did the test. i downloaded the malwares pack and did the scan. after that i double clicked one by one. CIS 8 final blocked them all. so what does it means?

ps.: I did it on my production machine (no life no game).

Depends of what unpacker you've used.

Offline ............

  • Comodo Member
  • **
  • Posts: 29
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #57 on: November 18, 2014, 10:07:36 AM »
CIS 8 firewall (safe mode, create rules for safe apps DISABLED) does NOT create rules for some applications, neither asks. Gom player, MusicBee, Mozilla Thunderbird...and so on, but they can still connect to the internet. Thunderbird works just fine without any rules. How is this possible?
« Last Edit: November 18, 2014, 10:20:49 AM by Ded Omraz »

Offline Cassette

  • Comodo's Hero
  • *****
  • Posts: 247
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #58 on: November 18, 2014, 10:20:07 AM »
CIS 8 firewall (safe mode, create rules for safe apps DISABLED) does NOT create rules for some applications, neither asks. Gom player, MusicBee, Mozilla Thunderbird...and so on, but they can still check for updates. How is this possible?

That's how it's supposed to work. Safe mode allows trusted applications to connect to the internet. Use custom ruleset if you want it to ask.

Offline ............

  • Comodo Member
  • **
  • Posts: 29
Re: COMODO Internet Security 8.0.0.4337 is released!
« Reply #59 on: November 18, 2014, 10:21:38 AM »
That's how it's supposed to work. Safe mode allows trusted applications to connect to the internet. Use custom ruleset if you want it to ask.
Why no rules then? And why do I receive alerts for Firefox, but not Thunderbird?

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek