Author Topic: Comodo Internet Security 8.2.0.4978 fixes build is released!!!!  (Read 22571 times)

Offline vitim

  • Comodo's Hero
  • *****
  • Posts: 382
Re: Comodo Internet Security 8.2.0.4978 fixes build is released!!!!
« Reply #15 on: March 22, 2016, 05:49:48 PM »
We have addressed all those bugs in this update guys. As you can read in the history in the bug report link, we worked with Tavis to make sure we understand the issues carefully.

I saw it. this is great egemen!!!

Do you know if some of these updates applies to ccav too?

Offline Cavalary

  • Comodo Member
  • **
  • Posts: 35
    • Cav's Place
Re: Comodo Internet Security 8.2.0.4978 fixes build is released!!!!
« Reply #16 on: March 22, 2016, 05:55:42 PM »
Wondering what the "•New Home Page and Quick Search mechanism" means. Is that about those who choose to let it set their browser home page or actually about the "home page" of the product interface?

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14651
    • Video Blog
Re: Comodo Internet Security 8.2.0.4978 fixes build is released!!!!
« Reply #17 on: March 22, 2016, 06:00:17 PM »
great work everyone!

Offline kibinimatik

  • Star Group
  • Comodo Loves me
  • *****
  • Posts: 169
    • Личный блог
Re: Comodo Internet Security 8.2.0.4978 fixes build is released!!!!
« Reply #18 on: March 22, 2016, 06:33:00 PM »
•   ACLs on Comodo's folder in %ProgramData% allow unauthorized users write access
What have you called "fixed"?
Even guests are still able to modify important Comodo's files!
The simplest path to break CIS (even protected by password!) is the command:
Code: [Select]
%COMSPEC% /c for /R "%PROGRAMDATA%\Comodo" %p in (*) do copy %COMSPEC% "%p" /yhttps://vimeo.com/160023403

And what are you going to do with the weak hash?
https://vimeo.com/160011418
« Last Edit: March 22, 2016, 07:45:24 PM by kibinimatik »
Статьи о Comodo Internet Security. Что нового в статьях — kibinimatik.blogspot.com

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: Comodo Internet Security 8.2.0.4978 fixes build is released!!!!
« Reply #19 on: March 22, 2016, 07:03:00 PM »
I saw it. this is great egemen!!!

Do you know if some of these updates applies to ccav too?

No they do not apply to CCAV. CCAV uses different modules.

Offline vitim

  • Comodo's Hero
  • *****
  • Posts: 382
Re: Comodo Internet Security 8.2.0.4978 fixes build is released!!!!
« Reply #20 on: March 22, 2016, 07:30:47 PM »
No they do not apply to CCAV. CCAV uses different modules.

Thas nice.

And what about kibinimatic is talking?

Quote from: BuketB on Today at 03:24:28 PM
•   ACLs on Comodo's folder in %ProgramData% allow unauthorized users write access
What are you called "fixed"?
Even guests are still able to change severe Comodo's files!
The simplest path to currupt CIS (even protected by password!) is executing the command:
Code: [Select]
%COMSPEC% /c for /R "%PROGRAMDATA%\Comodo" %p in (*) do copy %COMSPEC% "%p" /y
https://vimeo.com/160023403

And what are you going to do with the weak hash?
https://vimeo.com/160011418

Is it for real?

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 24993
Re: Comodo Internet Security 8.2.0.4978 fixes build is released!!!!
« Reply #21 on: March 22, 2016, 08:39:42 PM »
What have you called "fixed"?
Even guests are still able to modify important Comodo's files!
The simplest path to break CIS (even protected by password!) is the command:
Code: [Select]
%COMSPEC% /c for /R "%PROGRAMDATA%\Comodo" %p in (*) do copy %COMSPEC% "%p" /yhttps://vimeo.com/160023403
That's a user bypass. CIS will allow the user everything he or she wants. Try the same thing in a batch file and CIS will stop the actions.

CIS is the nanny of program behaviour, not the nanny of user behaviour.

Edit: Wouldn't the problem not be with Windows in the first place allowing the guest to do these things?

Quote
And what are you going to do with the weak hash?
https://vimeo.com/160011418
This question has been answered and discussed:

[...]
The above lack of evidence corroborates what Melih told us in the mod board:
Quote
ah....crc collision.....theoretical attack...
If there is real life threat, where is it?
Let's not rehash this discussion we have extensively had. As long as Comodo does not see a threat,  judges the scenario as theoretical and  there are no real live malwares Comodo will continue using CRC 32 until further notice.
« Last Edit: March 22, 2016, 09:45:01 PM by EricJH »

Offline netsvc

  • Comodo Member
  • **
  • Posts: 37
Re: Comodo Internet Security 8.2.0.4978 fixes build is released!!!!
« Reply #22 on: March 22, 2016, 11:23:13 PM »
Those are really serious fixes. Thanks to contributors and to Comodo team!
"Imagination is more important than knowledge. Knowledge is limited. Imagination encircles the world." AE

Offline kibinimatik

  • Star Group
  • Comodo Loves me
  • *****
  • Posts: 169
    • Личный блог
Re: Comodo Internet Security 8.2.0.4978 fixes build is released!!!!
« Reply #23 on: March 23, 2016, 03:48:39 AM »
That's a user bypass. CIS will allow the user everything he or she wants. Try the same thing in a batch file and CIS will stop the actions.

CIS is the nanny of program behaviour, not the nanny of user behaviour.
This statement in "release notes" can mean only user's permissions:
•   ACLs on Comodo's folder in %ProgramData% allow unauthorized users write access

Quote
Wouldn't the problem not be with Windows in the first place allowing the guest to do these things?
This is Comodo's blunder to store important files in an unprotected folder. It means a complete failure of self-defence

Quote
This question has been answered and discussed: If there is real life threat, where is it?
You have made off from that discussion ignoring my answers. Shall I repeat them?

Quote
Let's not rehash this discussion we have extensively had.
This problem applies to the current build too. And the CIS-version on the video is the current.

Quote
As long as Comodo does not see a threat,  judges the scenario as theoretical and  there are no real live malwares Comodo will continue using CRC 32 until further notice.
Well, what about putting here on open access a program that converts any file to trusted for Comodo?
« Last Edit: March 23, 2016, 08:12:03 AM by kibinimatik »
Статьи о Comodo Internet Security. Что нового в статьях — kibinimatik.blogspot.com

Offline scmp

  • Newbie
  • *
  • Posts: 7
Re: Comodo Internet Security 8.2.0.4978 fixes build is released!!!!
« Reply #24 on: March 23, 2016, 05:58:23 AM »
Bom bisurdo... Valeu pelo Up... Keep up the good work... :D

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: Comodo Internet Security 8.2.0.4978 fixes build is released!!!!
« Reply #25 on: March 23, 2016, 07:09:16 AM »
We are checking these right now. If there are issues, they will be addressed probably in our 5th of April patch cadence. In the mean time, can you PM me the PoCs you used pls?


This statement in "release notes" can mean only user's permissions: This is Comodo's blunder to store important files in an unprotected folder. It means a complete failure of self-defence
 You have made off from that discussion ignoring my answers. Shall I repeat them?
 This problem applies to the current build too. And the CIS-version on the video is the current.
 Create that bat-file:
Code: [Select]
(for /R "%PROGRAMDATA%\Comodo" %%p in (*) do copy %COMSPEC% "%%p" /y) & rem CAAAAAAAAALe_fiNote: do not add or delete any character, including spaces. The code must contain only one line (without line breaks). For CIS 8.0.4978 x64
Well, what about putting here on open access a program that converts any file to trusted for Comodo?

Offline kibinimatik

  • Star Group
  • Comodo Loves me
  • *****
  • Posts: 169
    • Личный блог
Re: Comodo Internet Security 8.2.0.4978 fixes build is released!!!!
« Reply #26 on: March 23, 2016, 08:03:53 AM »
We are checking these right now. If there are issues, they will be addressed probably in our 5th of April patch cadence. In the mean time, can you PM me the PoCs you used pls?
Which of problems do you mean?

First.
Keeping comodo's base in an unprotected directory is a trivial carelessness. I had never reported about it before, because this problem can be solved by configuration:
1. HIPS Rules > "All Applications" > Modify > Access Rights > Protected Files > Modify > Blocked Files > Add > Group "COMODO Files/Folders"
2. HIPS > Rulesets > "Allowed Application" > ... (the same)

But this (or similar) problem is signed as "fixed" in the Release notes. Thats why I had expressed my bewilderment.

Second.
The vulnerability to breaking of Comodo's hash has been exhaustively described in my report: bug 1772.

What do you want to receive by PM?
« Last Edit: March 23, 2016, 08:05:40 AM by kibinimatik »
Статьи о Comodo Internet Security. Что нового в статьях — kibinimatik.blogspot.com

Offline cracking

  • Newbie
  • *
  • Posts: 1
Re: Comodo Internet Security 8.2.0.4978 fixes build is released!!!!
« Reply #27 on: March 23, 2016, 08:14:10 AM »
very good :-TU

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: Comodo Internet Security 8.2.0.4978 fixes build is released!!!!
« Reply #28 on: March 23, 2016, 08:22:23 AM »
Which of problems do you mean?

First.
Keeping comodo's base in an unprotected directory is a trivial carelessness. I had never reported about it before, because this problem can be solved by configuration:
1. HIPS Rules > "All Applications" > Modify > Access Rights > Protected Files > Modify > Blocked Files > Add > Group "COMODO Files/Folders"
2. HIPS > Rulesets > "Allowed Application" > ... (the same)

But this (or similar) problem is signed as "fixed" in the Release notes. Thats why I had expressed my bewilderment.
These files are already in protected files. So malware or any unknown application cannot modify. In your case, it is corrupted by guest user(not admin) this is an issue i am seeing. It can be of course prevented by a rule like you add above so that even admins cannot change etc..

The fixes were related to folders where we download binaries and load them. Any low privileged user could inject their binaries there. While there were no issues, it had potential for future threats that we may not anticipate. This folder is only used for log files, booster files and some other database files.
Quote
Second.
The vulnerability to breaking of Comodo's hash has been exhaustively described in my report: bug 1772.

What do you want to receive by PM?
Yes. I saw some tools you used to exploit the issue. If you have them, you can send them to me for verification.

Offline Shoonay

  • Comodo Loves me
  • ****
  • Posts: 151
Re: Comodo Internet Security 8.2.0.4978 fixes build is released!!!!
« Reply #29 on: March 23, 2016, 09:59:29 AM »
Of course the "alerts not appearing" on W10 bug is still there, why would you fix that?  88)
GPU: Gigabyte RTX 2070 Windforce; Monitor: AOC AGON AG322QC4 [at] 2560x1440 144Hz; PSU: Chieftec GPS-1350C; CPU: Intel Core i7-8700K; Motherboard: ASUS PRIME Z390-A; RAM: HyperX Predator 64GB DDR4 [at] 3200MHz; Sound card: Sound Blaster Z; OS: Windows 10 Pro version 1809 build 17763.402 (64-bit)

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek