It looks like Comodo’s self-protection is still weak against fake mouse clicks attack:
Review by PC Magazine:
“My wacky attempt to turn off protection using simulated mouse clicks did succeed, but just barely. The little program I wrote can fake a click in any location, but I didn’t give it a way to move slider controls. Setting the firewall to Disabled using fake clicks required pixel-perfect accuracy—there’s no way a malicious program could automate the process. CFP is fully armor-plated against attacks by the bad guys.” http://www.pcmag.com/article2/0,2704,2240714,00.asp
At work all the PCs have a third party firewall installed and an application monitoring & deployment program. For reasons not fully understood, the monitoring program on occasion instructs the firewall to shut down. The workaround for this is for the firewall to prompt for a password whenever it is instructed to shut down.
I turned on the password feature under “parental controls” and found that you can’t change settings without providing the password. This would seem to be an effective mechanism to prevent a “mouse click” program from changing firewall settings.
Well, it is highly unlikely, that the person that infiltrated your work’s network (if any one did infiltrate) would use fake mouse clicks. It would be too noticeable for a vigilant administrator. Anyways yes setting a password would be quite effective.
The scenario here is a trojan horse not someone infilitrating/hacking through your network.
If you are running defense+ type defenses, the trojan horse, would be run (you would allow it to execute on prompt), then it would try some thing that would require more previlages (install driver) which would trigger more prompts… This is where most malware would fail. But if theyuse false mouse click, they can click “accept” automatically… and bam! you are finished.
Passwords would be effective, but not if passwords are needed to change settings, but you can still respond to prompts without passwords.
You need a lockout mode, where all prompts are set to deny by default… and you need the password to change the mode,.
I thought you could disable a prompts on the parental controls tab (where you set the password). I assume the idea for parental controls is to lock all settings in place.
Well if you set a password, it will make it much more difficult to change anything. Even if it is a trojan it will make it that much harder for the hacker to do anything, with the password in place.
Yes, but your early post indicated that a admin would know about the “infiltration” that would only be likely in the case of a direct network based attack…
But in order to plant a trojan, yo would have a list of sites visited, IPs connected, destination IPs, an admin would be able to piece it all together.
You have too limited an imagination, if a targetted attack was done, one wouldn’t rely on such a random unreliable attack as hoping the employee would visit a certain site…
A very common way of getting in, is when the employee brings in the infection himself, either cos his flash drive is infected or because he manually ran a app that he uses at home, but that app is compromised. These “backdoor” methods, are the greatest threat to corporate security as you know.
Of course you should have security policy in place…
My imagination is just fine, I am talking on topic, and will proceed to other methods of attack when nessesary. Im here to help not show off my knowledge, of currently un related topics. Though your response is on topic the question was ‘will a password keep me safer’ I answered.
And it’s necessary here. :D. Not idea why you jump to conclusions that false mouse clicks attack must be something that works over the internet… I was pointing out the correct scenario in which it will be used…
True, the method is not common yet, but only because few people use things like comodo defense+.
Though your response is on topic the question was 'will a password keep me safer' I answered.
well i don’t think my response is quite on topic, but i was just correcting your misconception of how such attacks are used…
