Another bypass ?

salaficall · December 18, 2010, 12:28pm

don’t worry , I guess the cis developers are just doing a great and fast job , I just tested 2 of the signed trusted! malwares that i had problems with last week , and they are fixed now and sandboxed when I execute them …

thanks comodo , keep up the good work

riggers · December 18, 2010, 1:37pm

Can we please return to the topic in hand, any more off topic posts will be deleted!

Thanks,
Matty_R

Citizen_K · December 18, 2010, 6:24pm

Not sure what you mean. Can you rephrase?

hkjoj · December 18, 2010, 7:41pm

Just want to know the time between these two points;

someone reported a malware with valid signature in TVL (assume it is a true malware),
release of a new TVL with above signature removed for update of CIS in our PC.

And I think the above time should be less than the time required for update of virus database if a new virus were reported. It is because I can still be protected by D+ if the AV missed the virus. However, the protection will totally be bypassed if a malware got a valid signature in TVL.

goodbrazer · December 18, 2010, 8:34pm

This example very well :-TU illustrates that TVL feature is flawed (despite it is very convinient), and this is gonna to change only when “trusted vendors” stop sign malware.

salaficall · December 18, 2010, 9:25pm

even with the Norton Insight technology ( it depends on the file hashes as far as I know ) , still you will find some problems like these

I was testing Norton Antivirus 2011 versus malc0de.com’s malwares and I also found like 4 or 5 malwares that norton reports them as ( safe !) and the system got infected so easily.

you will never get a security software with 100 % protection , but you can get a solid software like the free! cis5 and get yourself used to download only famous and trusted softwares , then u will be safe

umesh · December 20, 2010, 5:49pm

Hi,
‘SecureSoft’ is removed from TVL as we found questionable practices used by Vendor.

Thanks
-umesh

miloszcz · December 20, 2010, 6:06pm

Great, what’s about flaged this file as malware?

e_xistense · December 20, 2010, 9:20pm

Hi morphiusz,

Detection will be available soon, with virus signature databases that will follow.

Thanks and regards,
Ionel

siketa · December 20, 2010, 9:49pm

Thank you, guys!

jay2007tech · December 20, 2010, 10:13pm

That’s good to know

goodbrazer · December 21, 2010, 9:10pm

Question is did you check this vendor in terms of “questionable practices” before adding to TVL :-\

aweir14150 · December 25, 2010, 8:26am

I would also like to know the answer to this question, it’s only fair that we are given an answer as to why and how malware gets added to the TVL either on purpose or by accident.

Citizen_K · December 25, 2010, 11:11pm

Things may look good when the publisher gets assessed. But then later they decide to add some adware.

aweir14150 · December 26, 2010, 6:08am

This is why the TVL should not automatically include ALL software from a trusted vendor, but each peice of software tested individually. We cannot even trust trusted vendors…this is scary. :o

Valentinchen · December 26, 2010, 11:19am

I have given a suggestion how to solve this thing problem but no one seems to listen or give feedback!

Regards,
Valentin N

Chiron494 · December 27, 2010, 1:35am

Can you please provide a link to this advice.

Citizen_K · December 27, 2010, 3:12am

Or rather directly quote the post in your reply?

aweir14150 · December 27, 2010, 3:42am

The solution would be to:

Comodo test each software individually, and remove the trusted vendor list.
Remove the “default allow” trusted software vendors from the computer security policy manually.

goodbrazer · December 27, 2010, 5:34pm

Ability to disable autoupdating of TVL (by the cloud?). So after user edited TVL manually those changes won’t be lost.