Author Topic: does CTM protect against TDSS/TDL rootkits?  (Read 35992 times)

Offline dax123

  • Comodo Loves me
  • ****
  • Posts: 160
  • Big Clucker
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #15 on: July 02, 2010, 12:46:33 AM »
Hey mate. Do you mind uploading and and PMing those samples to me (Just for testing purposes).

Josh

I sent you the link.
:)

Offline Flykite

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 516
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #16 on: July 02, 2010, 02:03:15 AM »
so you've already tested with TDSS rootkits?
I have some kinds of TDSS rootkit and a SafeSys worm.
I can send you these samples right away  ;D

I have not tested. Please send those samples to me(jackwang[at]comodo.com).
Thank you very much.
Best Regards!

Offline dax123

  • Comodo Loves me
  • ****
  • Posts: 160
  • Big Clucker
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #17 on: July 02, 2010, 02:25:51 AM »
I have not tested. Please send those samples to me(jackwang[at]comodo.com).
Thank you very much.
Best Regards!

I sent a link.
and I'm testing it again with bigger disk
greets  ;D
:)

Offline Tech

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 3025
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #18 on: July 02, 2010, 07:41:22 AM »
The result is frustrating.
Yeah :'(

but shadow defender shows good results.
Seems it has a "better" drive to protect the system.
But it does not allow snapshots, just a "frozen" system that can be reverted.
Although avast gives me a very good protection against rootkits (with GMER technology incorporated), you know, it would be better to have a stronger CTM driver.
I'm "disappointed"...
avast! team member
Save freeware snapshot technology of Comodo Time Machine. Vote!

Offline dax123

  • Comodo Loves me
  • ****
  • Posts: 160
  • Big Clucker
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #19 on: July 02, 2010, 08:50:46 AM »
Yeah :'(
Seems it has a "better" drive to protect the system.
But it does not allow snapshots, just a "frozen" system that can be reverted.
Although avast gives me a very good protection against rootkits (with GMER technology incorporated), you know, it would be better to have a stronger CTM driver.
I'm "disappointed"...

yeah I agree.
CTM has more features like snapshot, rebooting support, etc. and it's free.
for security, we'd rather use a disk imaging software as i mentioned before.
we once used to live on without that software. O0
:)

Offline Tech

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 3025
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #20 on: July 02, 2010, 08:54:47 AM »
we once used to live on without that software. O0
Are you giving up? ;D
avast! team member
Save freeware snapshot technology of Comodo Time Machine. Vote!

Offline dax123

  • Comodo Loves me
  • ****
  • Posts: 160
  • Big Clucker
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #21 on: July 02, 2010, 09:17:26 AM »
Are you giving up? ;D

no I'm not giving in, I just decided to have a peace of mind.
waiting for CTM to patch those valnerabilities, drink a cup of coffee, yeah.
And i've got to be more cautious, I totally trusted those softwares before and even sometimes i turned off the AV.
maybe I won't be a sandboxfag anymore  ;D
:)

Offline taleblou

  • Comodo Loves me
  • ****
  • Posts: 104
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #22 on: July 02, 2010, 12:23:20 PM »
Hi:
Thanks for the tests. I was wondering if anyone can test sandbox softwares like "sandboxie", "Bufferzone free", "Geswall", etc. against tdss/tdl rootkits from internet please. Thanks in advance.

Offline dax123

  • Comodo Loves me
  • ****
  • Posts: 160
  • Big Clucker
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #23 on: July 02, 2010, 01:15:49 PM »
Hi:
Thanks for the tests. I was wondering if anyone can test sandbox softwares like "sandboxie", "Bufferzone free", "Geswall", etc. against tdss/tdl rootkits from internet please. Thanks in advance.

I'll do the test again this time it targets partial sandbox software
i hope their results are good.

( thread moved to http://forums.comodo.com/news-announcements-feedback-ctm/light-virtualization-software-partial-sandbox-test-includes-ctmcisbox-t58848.0.html )
« Last Edit: July 03, 2010, 03:40:50 PM by dax123 »
:)

Offline languy99

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3981
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #24 on: July 02, 2010, 01:17:33 PM »
remember when testing commodo's sandbox to have the be fair you have to right click on the malware and select run in sandbox. Just like the rest of the software.
http://www.youtube.com/languy99

Software Reviews for all.

Follow me on Twitter http://twitter.com/#!/languy99

Offline dax123

  • Comodo Loves me
  • ****
  • Posts: 160
  • Big Clucker
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #25 on: July 02, 2010, 01:28:03 PM »
remember when testing commodo's sandbox to have the be fair you have to right click on the malware and select run in sandbox. Just like the rest of the software.

yes sir I won't forget  ;D
I'll try to be fair so people can rely on the result.
any behavior / file objects out of the box will assumed failure.
:)

Offline Tech

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 3025
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #26 on: July 02, 2010, 04:45:08 PM »
I totally trusted those softwares before and even sometimes i turned off the AV.
Well, I did not turn off the AV but I was tempted to do so.
Seems CTM, as any other software, is vulnerable.
avast! team member
Save freeware snapshot technology of Comodo Time Machine. Vote!

Offline Tech

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 3025
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #27 on: July 02, 2010, 04:47:27 PM »
I'll do the test again this time it targets partial sandbox software
Can you submit your samples to www.virustotal.com and post which antivirus do detect it?
Thanks.
avast! team member
Save freeware snapshot technology of Comodo Time Machine. Vote!

Offline taleblou

  • Comodo Loves me
  • ****
  • Posts: 104
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #28 on: July 02, 2010, 04:55:54 PM »
Hi:

Well it seems antimalware companies are doing something atlast against tdss/tdl rootkits. Before only one to detect was hitman pro and tdsskiller but now microsoft security essential became the first antivirus to detect all and the latest tdss/tdl rootkits and is now part of it. Also the latest superantispyware added tdss/tdl detection and removing engine and can detect these rootkits. I just hope soon others (specialy would love for Comodo internet security) to add tdss/tdl detection and so on.

Offline Tech

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 3025
Re: does CTM protect against TDSS/TDL rootkits?
« Reply #29 on: July 02, 2010, 05:01:54 PM »
Can you test if Norman TDSS Cleaner could clean the infected machine?
http://www.norman.com/support/support_tools/77201/en-us
avast! team member
Save freeware snapshot technology of Comodo Time Machine. Vote!

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek