Author Topic: The Good, The Bad and The UGLY (ugly because its unknown!!)  (Read 32496 times)

Offline ssj100

  • Comodo's Hero
  • *****
  • Posts: 482
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #30 on: May 31, 2010, 04:55:29 PM »
Users make mistakes;

That's exactly right!  And this is the reason why a default-deny approach is the best.  I'm not saying that a default-deny approach will work for everyone in all scenarios.  But if I was living with someone and they kept getting their computer infected by malware, I would seriously consider employing a LUA/SUA + SRP/AppLocker/Anti-executable 3 security setup/approach for them.  In this way, the user can't even run anything new (therefore, the user doesn't need to make a decision of whether a file is bad or not) by default even if they wanted to.  If they wanted to run something new, they'd have to ask you for the admin password etc.  Then you (the person who has more experience) can work out whether it's safe or not.
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)

Offline ssj100

  • Comodo's Hero
  • *****
  • Posts: 482
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #31 on: May 31, 2010, 05:01:47 PM »
Do you belive what are you saying? so if I execute any malware in the world D+ is going to stop it the 100% of the times... Taking into account that D+ is going to ask me about to execute any file we could say yes, but them UAC is also 100% efficient.
If we accept to execute the file and them we block the rest of alerts some malwares will infect the computer anyway, every release of comodo has bugs, bugs of D+ bugs of the sandbox...

Melih started to laugh about the new scanner of norton, let me remember the SUPER Comodo Cloud scanner so everybody can laugh now.
Norton has AV with Behaviour Blocker, whitelist, blaklist, greylist, cloudAV, firewall, and also system protection like D+ but light, and many other technologies. So the only thing that comodo has and Norton not is the sandbox and that its something relatively new in comodo. Without mention that Noton AV is much better than CAV. So you can use sandboxie+Norton and you will get a better protection, the only problem is that you need to pay for norton, anyway the web is plenty of AV's better than CAV

Anyway I use Comodo, I like it, I would like to see someday a comodo with BB and cloudAV (comodo has a big comunity), but I think that comodo need to improve a lot and fix a lot of problems before criticize the others.

It's possible to smell the arrogance in this forums sometimes, and this is the major bug of comodo.

I don't really understand what you're saying really.  But to answer your question, yes Defense+ will stop almost 100% of all real-world malware out there if configured properly/optimally (it is a CLASSICAL HIPS) and used properly.  Even in default configuration, it is very powerful.  Find me a malware sample that can bypass it right now.  You won't be able to!  Or if you can, I'd be very interested to get hold of that sample haha.

Regardless, the last time I checked, Norton didn't have a CLASSICAL HIPS.  Does it?
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)

Offline lordraiden

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 921
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #32 on: May 31, 2010, 05:10:14 PM »
Follow the whole conversation and you will understand it.
So now D+ is 100% bug free?
Even if is true (is not true) who wants to make 50 click only to open and application, or 500 to install something, is not a real solution, and also you can get infected anyway if you dont make the right choice.
« Last Edit: May 31, 2010, 05:13:30 PM by lordraiden »

Offline ssj100

  • Comodo's Hero
  • *****
  • Posts: 482
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #33 on: May 31, 2010, 05:17:38 PM »
So D+ is 100% bug free?
Anyway who wants to make 50 click only to open and application, or 500 to install something, is not a real solution.

Not sure what you mean by "bug free", but I'm starting to understand what you're actually trying to say.  And in reply to that, read my post at the top of this page.  I personally used Defense+ for a long time but realised after a while that all I needed (personally) was a default-deny anti-executable.  And I subsequently discovered that there was already one built-in to my OS (Windows XP) called SRP.  I also subsequently discovered that SRP has never been bypassed by real-world malware.  Furthermore, AppLocker (built into Windows 7) has never been bypassed by real-world malware and also has never been bypassed by any POCs, period.

Regardless, Comodo's Defense+ when used properly is extremely powerful.  Unfortunately, it does need to be used properly.  If a user really wants to run something and everything, then the only thing that can stop them is to configure CIS accordingly and password protect Defense+ and suppress alerts etc.  But by doing this, you're simply employing the equivalent of SRP etc.
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)

Offline Kyle

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 3679
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #34 on: May 31, 2010, 05:36:56 PM »
I think the bottom line is, Antivirus sucks and is more and more so becoming out dated.. Including Comodo's AV.  ;D

Maybe sucks isn't the right word.. maybe i should of said, Obsolete and ineffective. :P
Don't worry, be happy ????

*No longer active*

Offline darcjrt

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 466
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #35 on: May 31, 2010, 06:39:41 PM »
why do you guys keep talking about a COMODO technology by itself. CIS is a HIPS, Sandbox, AV, firewall and memory firewall. That is why comodo is really good. Not only the sandbox gets rid of popups but it protects and prevents! the hips is really effective, even with the 500 clicks you say. The AV is really good as it is just an AV. All combined, now that is some good security. so if you are going to day D+ sucks, try CIS as a whole. go to malware domain list dot com and look for a sample that COMODO cant stop. if you do, submit it to comodo ;)
Best Regards,

J

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14692
    • Video Blog
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #36 on: May 31, 2010, 09:04:44 PM »
Have you read the whole thread?, do you understand what I said and why? I dont think so

D+ prevent the installation of the 100% of malware?

classical AV vs D+ with sandbox...

You must be joking!!!!

Show me a malware that can bypass D+ :)

Why we have sandbox? Come on man...how many times we have to say it.....usability!!!! Security is provided thru D+ everything else is mainly usability, including blacklisting in the AV engine, whitelisting etc

Melih

Offline Citizen K

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 26177
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #37 on: May 31, 2010, 09:23:49 PM »
Do you belive what are you saying? so if I execute any malware in the world D+ is going to stop it the 100% of the times...
I never said that; not even by implication. In case you had assumed that I corrected myself:
D+ is capable of catching almost all malware upon installation.
I don't know where you get the 100% protection claim from D+ from.

Quote
Taking into account that D+ is going to ask me about to execute any file we could say yes, but them UAC is also 100% efficient.
???
Quote
If we accept to execute the file and them we block the rest of alerts some malwares will infect the computer anyway, every release of comodo has bugs, bugs of D+ bugs of the sandbox...
I never said that, in case you were talking to me,; not even by implication. In case you had assumed that I corrected myself:
D+ is capable of catching almost all malware upon installation.

Quote
Melih started to laugh about the new scanner of norton, let me remember the SUPER Comodo Cloud scanner so everybody can laugh now.
Norton has AV with Behaviour Blocker, whitelist, blaklist, greylist, cloudAV, firewall, and also system protection like D+ but light, and many other technologies. So the only thing that comodo has and Norton not is the sandbox and that its something relatively new in comodo.
Last thing I know CIS outperfomed Norton by a mile on the Matousec Proactive test.
Quote
Without mention that Noton AV is much better than CAV. So you can use sandboxie+Norton and you will get a better protection, the only problem is that you need to pay for norton, anyway the web is plenty of AV's better than CAV
I don't know the exact latest scores but traditionally Norton's AV is top notch.

Quote
Anyway I use Comodo, I like it, I would like to see someday a comodo with BB and cloudAV (comodo has a big comunity), but I think that comodo need to improve a lot and fix a lot of problems before criticize the others.
Let's await the developments. Even though there is always room for improvements I count my blessings with the serious foundation of D+ default and eagerly await all improvements that will come for AV, sandbox as well as the introduction of the behaviour blocker.

Quote
It's possible to smell the arrogance in this forums sometimes, and this is the major bug of comodo.
It's hard not to be with a solid foundation like D+...;) :D O0

Offline Kyle

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 3679
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #38 on: June 01, 2010, 01:52:49 AM »
~SNIP~

Show me a malware that can bypass D+ :)

~SNIP~

Melih

http://forums.comodo.com/news-announcements-feedback-cis/how-to-kill-cis-easily-t56353.0.html

kek.

Not malware in it's self, but the vulnerability is there.
« Last Edit: June 01, 2010, 01:55:33 AM by Kyle »
Don't worry, be happy ????

*No longer active*

Offline lordraiden

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 921
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #39 on: June 01, 2010, 03:35:58 AM »
classical AV vs D+ with sandbox...

You must be joking!!!!

Show me a malware that can bypass D+ :)

Why we have sandbox? Come on man...how many times we have to say it.....usability!!!! Security is provided thru D+ everything else is mainly usability, including blacklisting in the AV engine, whitelisting etc

Melih

D+ is  a lose of time UAC is equally effective (you can say no every time you open a executable) or any anti-executable software. The combination of D+ and the "sandbox" (is no really a sandbox) is very interesting, but still the sandbox gives as many problems as D+
D+ have been bypass over the time why not again? and the sadbox is bypass every week...


One example of D+ and sandbox been bypass only 2 weeks old: http://forums.comodo.com/news-announcements-feedback-cis/comodo-fails-with-the-new-spyshelter-leaktests-t55558.0.html
If I could found this and I am a simple user I cant imagine what would be able to do a real hacker.

Anyway we where talking about Norton, why they make false publicity and not Comodo?
And if you are the CEO and Comodo is so great why dont you try to make publicity of comodo? If you are sure that Comodo is 100% safe you can start a competition offering 1000$ or 100$ to the first person able to bypass comodo with a malware writen by himself. Comodo will appear in all the security sites.
Or even better, join to AV-Comparatives they already make real live test as you wanted.
Are we waiting to the Behaviour Blocker now? it should appear in 4.1 but the changes in 4.1 is remove things, change the name and little bugs (I hope to see something else)
Maybe we are waiting to the "acid cleaning", I dont know.


« Last Edit: June 01, 2010, 03:38:11 AM by lordraiden »

Offline ssj100

  • Comodo's Hero
  • *****
  • Posts: 482
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #40 on: June 01, 2010, 03:44:49 AM »
D+ is  a lose of time UAC is equally effective (you can say no every time you open a executable) or any anti-executable software. The combination of D+ and the "sandbox" (is no really a sandbox) is very interesting, but still the sandbox gives as many problems as D+
D+ have been bypass over the time why not again? and the sadbox is bypass every week...

Please don't compare UAC with D+ or an anti-executable mechanism/program - it simply isn't.  UAC allows a lot of executable code to run (thus theoretically putting your computer at increased risk), while SRP/AppLocker, classical HIPS software etc do not.
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)

Offline lordraiden

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 921
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #41 on: June 01, 2010, 03:50:07 AM »
Please don't compare UAC with D+ or an anti-executable mechanism/program - it simply isn't.  UAC allows a lot of executable code to run (thus theoretically putting your computer at increased risk), while SRP/AppLocker, classical HIPS software etc do not.

Any anti-executable can be also "100% effective" like D+ and you need to answer less popups.
http://www.faronics.com/es/Products/AntiExecutable/AntiExecutableCorporate.aspx

Offline ssj100

  • Comodo's Hero
  • *****
  • Posts: 482
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #42 on: June 01, 2010, 03:51:00 AM »
Any anti-executable can be also "100% effective" like D+ and you need to answer less popups.
http://www.faronics.com/es/Products/AntiExecutable/AntiExecutableCorporate.aspx

Exactly.  But not UAC.
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14692
    • Video Blog
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #43 on: June 01, 2010, 08:59:06 AM »
D+ is  a lose of time UAC is equally effective (you can say no every time you open a executable) or any anti-executable software. The combination of D+ and the "sandbox" (is no really a sandbox) is very interesting, but still the sandbox gives as many problems as D+
D+ have been bypass over the time why not again? and the sadbox is bypass every week...


One example of D+ and sandbox been bypass only 2 weeks old: http://forums.comodo.com/news-announcements-feedback-cis/comodo-fails-with-the-new-spyshelter-leaktests-t55558.0.html
If I could found this and I am a simple user I cant imagine what would be able to do a real hacker.

Anyway we where talking about Norton, why they make false publicity and not Comodo?
And if you are the CEO and Comodo is so great why dont you try to make publicity of comodo? If you are sure that Comodo is 100% safe you can start a competition offering 1000$ or 100$ to the first person able to bypass comodo with a malware writen by himself. Comodo will appear in all the security sites.
Or even better, join to AV-Comparatives they already make real live test as you wanted.
Are we waiting to the Behaviour Blocker now? it should appear in 4.1 but the changes in 4.1 is remove things, change the name and little bugs (I hope to see something else)
Maybe we are waiting to the "acid cleaning", I dont know.



1)Again, pls show me a malware that bypasses CIS... not theoretical PoC :)
2)we do give $500 warranty if CIS fails to protect the end user

Any more points you care to raise ;)

Melih

Offline Kyle

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 3679
Re: The Good, The Bad and The UGLY (ugly because its unknown!!)
« Reply #44 on: June 01, 2010, 09:02:06 AM »
Melih, Are you saying if I write malware to exploit the vulnerability you'll give me $500 USD?
Don't worry, be happy ????

*No longer active*

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek