i’m talking about anything. a bios modification, reg modification, system 32 deletion
BIOS isn’t stored on your HD, so it will not be touched.
Registry modifications are rolled back, and although I haven’t tried it, I believe a system32 deletion should as well.
so CTM can’t do anything regarding bios but CIS should def let the user know if the bios is being messed with right
the only programs i know who mess with the bios are the bios update utilities, and if any other program would happen to do something with the bios it should run with hight privileges and out of the cis auto-sandbox, if this two fail then the user is the virus
i’ve heard of a bios rootkit but it’s super hard to to get it on someones system right now from what i hear.
melih if you read this, do you know anything about a bios rootkit? if so can you explain how people get infected with them
CTM will give you the possibility to rollback to a time when the computer worked/ wasn’t infected. That exclude bios malware; those malware will be stored in ROM which has nothing to do with windows OS. CIS will only be able to protect you from malware that is only windwos related. So it’s up to comodo to make sure that bios malware are detected or that the user takes d+ advice.
Regards,
Valentin N
Since flashing your BIOS is a pretty tricky procedure, I’m not thinking it’s a huge threat. A tiny mistake will do the malware authors no good because instead of having a machine that has an infection that can live through a reformat it will have a dead machine that will no longer POST.
Not to mention that it would need to be a very specialized piece of malware to co-exist with your BIOS since the BIOS will change from manufacturer to manufacturer, motherboard to motherboard, and even with different BIOS revisions. They would need to target such an exceedingly small subset of machines that it wouldn’t really be worth the effort.
Combine that with the fact that the only way for any malware to get into your BIOS would be to flash it, this would have to be a very deliberate act by the user. Not something that you can basically slip through without user interaction. You’ll need to create a bootable disk and boot into MS-DOS for the flashing utility to work. I’m a bit at a loss how any malware author is going to make this happen without the user knowing something is amiss, unless they trick you into downloading a bogus file to flash your BIOS with.
It should also be noted that since you’ve booted into MS-DOS, there is absolutely nothing CIS can do to protect you. It isn’t even running…
@Valentin:
There are some rootkits that pass through the CTM driver and infect a rolled back system.
There are other threads about reinfection in the forum.
:-TU It is the first time that I hear of such rootkits.
Regards,
Valentin N
It’s a well known security problem. Never solved.
https://forums.comodo.com/news-announcements-feedback-ctm/when-are-comodo-going-to-fix-the-malware-bypass-that-they-are-aware-of-t61245.0.html;msg430919#msg430919
https://forums.comodo.com/help-ctm/can-ctm-be-stronger-against-mbr-changes-by-malware-t59137.0.html;msg414640#msg414640
https://forums.comodo.com/news-announcements-feedback-ctm/ctm-28-testedlight-virtualization-software-partial-sandbox-test-t58848.0.html;msg431528#msg431528
https://forums.comodo.com/news-announcements-feedback-ctm/does-ctm-protect-against-tdsstdl-rootkits-t58723.0.html;msg411320#msg411320
CTM is vulnerable!