Your approach starts to frighten me. I do not say this is too high risk, still this is the same risk any keylogger/screenlogger/webcamlogger presents. There is no logic in catching screen/webcam loggers while ignoring tcp/ip traffic loggers. Nobody knows in what way a LOT of third-party programs send data over non-crypted connections. Security MUST guarantee this traffic cannot be sniffed at least on a computer it is installed on.
alex_s.
It would appear you a security expert, with an extensive knowledge of the inner workings of firewalls. As such i think it would be very helpful for our readers if you would take a few minutes to post a profile of your experience and affiliations. This way people reading your views will know they are accurate and may store weight by their contents.
BTW even if I’m not a security expert I’m curious to know if OA catches webcam loggers too…
Still AFAIK there are few details that make keylogger and screenloggers different from webcam loggers.
PS: Even audio loggers ought to be more of a threat than webcam loggers for the same reason…
If it was interesting to me, I’d made a test. So, while it is interesting to you, who should run the test ?
It is interesting to note though that [i]actual[/i] security experts may object when they acknowledge no real threats and get their [i]opinion[/i] about such individual who put so many efforts to stretch the perception of casual readers.
Hm, I’m not sure I understand what you talking about, sorry. Could you put it in more direct way ?
I’d prefer not to slip into discussing my personality, but to stay on a technical ground ONLY. Do you have something to say about the issue ? If not, then sorry, you need to look for someone else to talk with. BTW, when I hire the people I never read their profiles, I just talk to them and I wish to practice this approach to everybody. In any case a profile can be faked, real knowledges never can be.
You need not to be security expert, but you can take Zemana WebCamLoggerTest and see that OA intercepts it. Do you know any other tests about webcamloggers ? If yes, then all you need is to gimme a link to and I’ll be happy to report the outcome, even if outcome is negative. In the later case I’ll report it also to OA team and in a week it will be fixed.
Indeed I’m not going to install OA to test that but I wondered if you were already aware of such negligible details…
Very much.
It worths mentioning that actual security experts may object when they acknowledge no real threats and get their opinion about such individual who put so many efforts to stretch the perception of casual readers.
BTW this do not mean you cannot be Mike Nash himself of his official speechperson.
Indeed even audio loggers ought to be more of a threat than webcam loggers as AFAIK there are few details that make keyloggers and screenloggers and audiologgers different from webcam loggers.
Anyhow security experts (which I hope you are) should take it not only literally, but to see all the possible outcomes, especially if some product could be considered just a “test passers” and “paper security”
Although actually there would be no need to be a security expert to notice such details after running (eg.) Zemana’s test…
Nope, I’m only aware of the details I personally regard as essential. As far as I remember HW requierements for any modern Windows is higher than 128kb, but sometimes I run the tests in VM with XP and 392kb of RAM. In this config OA feels itself quite comfortable.
It worths mentioning that actual security experts may object when they acknowledge no real threats and get their opinion about such individual who put so many efforts to stretch the perception of casual readers.
BTW this do not mean you cannot be Mike Nash himself of his official speechperson.
I can be even Melih himself or Bill Gates. Does it really matter ? Forum rules allow to stay incognito, so asking a person to identify himself is a bit more than you are allowed to ask according to the rules. I hope your question is closed ?
But if you are really qurious I’m from Ukrain and I know some guys from Comodo Odessa office, so it can be said I’m familiar with Comodo not only from outside, but in a way from inside.
It’s very much as i anticipated. You come here and call into question the capability of a product, which you claim to know a considerable amount about, yet when push comes to shove, you refuse to substantiate your technical abilities or affiliations.
Personally I would call into question any comment you choose to make, regarding this or any other product, for which you claim knowledge.
Quite frankly, until you prove you technical prowess with something more than hearsay, I suggest you refrain from posting.
Ok let me list you the differences between keyloging and passive packet sniffing and hopefully you will see:
1 - Keylogging is designed to sniff your confidential information like username and passwords whether there is a network connection or not. The information does not have to be sent through any network channel. E.g. Windows logon authentication, all sorts of CRM programs (those where people keep their confidential information) etc.
2 - With keylogging an adversary can obtain a singificant deal of information with 5 lines of code, whereas with passive sniffing, adversary has to write a lot of protocol parsing code in order to get “some” information. This makes passive sniffing a highly specialized and targeted threat. So in laments terms, only an adversary with a quite experience in TCP/IP protocols programming can write it and only for a targeted environment i.e. a PC whcih he knows what sort of network communication is going on.
3 - Keylogging can steal information from even encrypted channels whereas passive sniffing is as risky as connecting a computer to the Internet.
These 3 basic differences are quite obvious. While the risk profile is equivalent to conecting to the internet, AND WHILE there is a WAY to DETECT and PROTECT this if wanted(Defense+ is able to block access to Windows Socket Interface if wanted), we will ofcourse focus on real threats and protecting our users from the real threats(Unless ofcourse your aim is to pass the leak tests).
Now tell me your affiliation and let me talk about your company and how proactive your company is.
Please do not try to waste my time as acting like an avreage technical person who is interested only in innocent technical discussions. You have OBVIOUS problems with COMODO as company and everyone should know why first.
Again a misleading comment. You are talking as if that test is intended to test a DOS attack against the system. It has nothing to do with it. Passing that test does NOT make your system immune to those kind of issues.
And yes, the test itself was designed with somewhat different purpose, but while it is allowed for the users to take things literally, security experts (which I hope you are) should take it not only literally, but to see all the possible outcomes, especially if they claim to be not just "test passers".
Well obviously matousec took the test literally. But since you asked, lets talk about it. We ofcourse evaluated the test and found absolutely nothing related to security of the user. I myself could not even see any crash although we modified its grace time for 20 minutes. Nonetheless i am assuming there is an application crash somewhere.
If you have a point be direct and techncial. We are not disccusing theory of software quality assurance or system performance and reliability.
We are talking about a simple test. Tell me with your experience what practical effects have you seen as a result of this test? What system stability issues or security malfunction have you observed against CIS? Nothing…Please state otherwise.
Again if you want to talk about quality assurance or software development or even simple technical things, first show your credentials and be honest. Let everyone know whom I am talking with. It is very easy to act as a security expert and fabricate stuff to mislead users.
So you agree, the risk is real. For me this is enough not to ignore that risk, at least not in a proper security product. That is to say some keylogger types need more than just 5 lines of the code, socksniff POC is not too diffucult to reproduce, and some malware samples demonstrate very high technical level. The main idea I want to say using raw sockets is a sign of malicious activity (unline device\afd\endpoint, which is used by a lot of the programs), so the better approach to prevent this risk is to intercept in directly. Comodo for for now intercepts it very very indirectly.
Focusing on real threats is fine, but ignoring known risk vectors is not. Focusing only on real == known threats you are always step back after the threats. I understand that it’s impossible to predict everything, but to prevent known is “must do”, undoubtedly.
Now tell me your affiliation and let me talk about your company and how proactive your company is.
Please do not try to waste my time as acting like an avreage technical person
I don’t need that you to spend your time. You are free to leave anymoment.
You have OBVIOUS problems with COMODO as company and everyone should know why first.
I don’t think everyone should know. I think people should know more about the products they use. And this is the primary target of this forum, isn’t it ? And, please, do not make me to say rude things, by asking immodest questions.
This depends much on HOW you pass it. If you reserve some memory you know is enough for your program to function normally, for example, this is what you talk about, but if you PREVENT crazy program from taking too much memory, you save not only itslef, but a system as well.
Well obviously matousec took the test literally. But since you asked, lets talk about it. We ofcourse evaluated the test and found absolutely nothing related to security of the user. I myself could not even see any crash although we modified its grace time for 20 minutes. Nonetheless i am assuming there is an application crash somewhere.
The test can be improved. If improved it can put ANY system into semi-functional state, because ALL the available memory is taken, swapping is enourmous, responce is VERY slow. This is definitely a potential security risk. You can ignore this risk, of course, but do not expect everybody to follow your approach. I know people that do not forgive much less risky “ignores” to security.
If you have a point be direct and techncial. We are not disccusing theory of software quality assurance or system performance and reliability.
We are talking about a simple test.
Nope, not me. I’m talking about approach this test demonstrates and all the possible unpredictable outcomes that can be prevented and can be ignored. I prefer the first.
This comparative thread was started by “cimmind”, who seems to be CIS user.
I don’t think CIS is a real threat to OA, but unfair and misleading information about OA is a real threat.
CIS is a very usable product now. It has achieved great security and great usability with the reduction in pop ups that is less than others afaik. And we don’t charge for that. CIS is a threat to anyone who is trying to make money from consumers by charging for the security product they provide!
Comodo’s real competitors are Symantec, McAfee and likes of Kaspersky. They are the ones that has the market share that we are after tbh.
No please read the post again. If you consider connecting to the internet a risk, then it is a risk. Again if this is not a misleading attempt what is it?
I don't think everyone should know. I think people should know more about the products they use. And this is the primary target of this forum, isn't it ?
I am sorry. You have been asked at least 4 times before to explain your affiliations and you are still avoiding to name it.
If you dont want everyone to know, PM me and let me know. This is important because as you said people should know the products they are using. If you have an affiliation, then my replies to your messages will be really really technical and revealing.
I have proofs that you intentionally tried to mislead the users against COMODO before. And you did not make my judgement about you any better by saying you know people from our offices.
Until you do this, I do not see any point in continuing a dead end, neither here nor there discussion with you.
