How on earth do you know these safe financial transaction programs work unless you get hacked.
Do you assume they work and hope for the best when doing online transactions.
Personally i dont do online banking or purchasing,i never have done and never will.
a256886572008, I’m still trying to wrap my head around this.
Can you please let me know the steps which a real-world hacker would have to accomplish in order to transmit users documents to themselves over the internet if the BB is set to FV? I’m trying to understand the potential vulnerability.
So is Comodo we have VK now. But I personally use Trusteer Rapport (Free) for my pay/transactions and the X browser which I only use for banking. Keep it simple.
Mrarnold have a good point. I’m not a firm believer myself in so called “pay/transaction safe zones”.
-
First, the user presses the allow button on the firewall alert window.
-
Then, the behaviors of the malware are restricted by BB.
I test the “2” only.
- The “Blocked Files” is not work in the sandbox level, fully virtualized.
For example, the users can read the “Blocked Files” in VK. (the HIPS is enabled)
Okay, so as long as the user does not allow the Firewall alert they should be okay. Is that correct?
Still, I think I see why this is a problem. Currently there is no way to configure CIS to restrict the access reads of files sandboxed as FV. Is this correct?
(1) Yes
(2) There is a problem for FV, CIS does not block the trusted application (injected by malwares) for outbound connections.
For example, iexplore.exe, svchost.exe,…,etc.
(1) Yes
(2) “Block all sandboxed applications for reading the root of the disk” 
only complementing the questions of Chiron, a User layman would certainly allow such access. We also saw that simply replace a legitimate executable by malware renamed to the same name (only works if the firewall and defense + have custom settings). a256886572008, you could show us this supposed invasion, using the vulnerability reported by Taliban user?
HIPS rule or Firewall rule → always … (It also works in safe mode.)
The design is not wrong.
Hi,
PrivateFirewall have a very interesting feature for this kind of problem.
http://www.cyberspacehq.com/products/privatefirewall/images/f_ss3.gif
I replaced 2 legit files “Hwinfo64.exe” and “avidemux.exe” at %ProgramFiles% and I didn’t get any alert from Comodo at all…
Yes, I replaced them manually, so maybe this is the reason for the missing alert. With the rule ?:* there should have one if a file is trying to modify a file at %programfiles%, but if the file is replaced by the user Comodo will not show any alert from D+ about the modified file because the file is already in the trusted files and the file path is remaining the same.
Regards,
G.
Because the “Trusted Files” is based on the file hash, CIS will popup alert for the “unknown” file if the user does not make a rule for the “path”.