Quote from: BuketB on Today at 03:24:28 PM
• ACLs on Comodo’s folder in %ProgramData% allow unauthorized users write access
What are you called “fixed”?
Even guests are still able to change severe Comodo’s files!
The simplest path to currupt CIS (even protected by password!) is executing the command:
Code: [Select]
%COMSPEC% /c for /R “%PROGRAMDATA%\Comodo” %p in (*) do copy %COMSPEC% “%p” /y
That’s a user bypass. CIS will allow the user everything he or she wants. Try the same thing in a batch file and CIS will stop the actions.
CIS is the nanny of program behaviour, not the nanny of user behaviour.
Edit: Wouldn’t the problem not be with Windows in the first place allowing the guest to do these things?
And what are you going to do with the weak hash?
https://vimeo.com/160011418
This question has been answered and [url=https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-8204792-windows-10-version1511-hotfix-is-released-t113688.0.html;msg831157#msg831157]discussed[/url]:
[quote="EricJH post:180, topic:307747"]
[...]
The above lack of evidence corroborates what Melih told us in the mod board:
ah....crc collision.....theoretical attack...
If there is real life threat, where is it?
[/quote]
Let's not rehash this discussion we have extensively had. As long as Comodo does not see a threat, judges the scenario as theoretical and there are no real live malwares Comodo will continue using CRC 32 until further notice.
This statement in “release notes” can mean only user’s permissions:
Wouldn't the problem not be with Windows in the first place allowing the guest to do these things?
This is Comodo's blunder to store important files in an unprotected folder. It means a complete failure of self-defence
This question has been answered and [url=https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-8204792-windows-10-version1511-hotfix-is-released-t113688.0.html;msg831157#msg831157]discussed[/url]: If there is real life threat, where is it?
You have made off from that discussion ignoring my answers. Shall I [url=https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-8204792-windows-10-version1511-hotfix-is-released-t113688.0.html;msg831192#msg831192]repeat them[/url]?
Let's not rehash this discussion we have extensively had.
This problem applies to the current build too. And the CIS-version on the [url=https://vimeo.com/160011418]video[/url] is the current.
As long as Comodo does not see a threat, judges the scenario as theoretical and there are no real live malwares Comodo will continue using CRC 32 until further notice.
Well, what about putting here on open access a program that converts any file to trusted for Comodo?
We are checking these right now. If there are issues, they will be addressed probably in our 5th of April patch cadence. In the mean time, can you PM me the PoCs you used pls?
First.
Keeping comodo’s base in an unprotected directory is a trivial carelessness. I had never reported about it before, because this problem can be solved by configuration:
These files are already in protected files. So malware or any unknown application cannot modify. In your case, it is corrupted by guest user(not admin) this is an issue i am seeing. It can be of course prevented by a rule like you add above so that even admins cannot change etc…
The fixes were related to folders where we download binaries and load them. Any low privileged user could inject their binaries there. While there were no issues, it had potential for future threats that we may not anticipate. This folder is only used for log files, booster files and some other database files.
Second.
The vulnerability to breaking of Comodo's hash has been exhaustively described in my report: bug 1772.
What do you want to receive by PM?
Yes. I saw some tools you used to exploit the issue. If you have them, you can send them to me for verification.
First of all. Good to see you around egemen. Always a pleasure.
Could you elaborate on the issue you see with this? As far as my understanding goes it is a user bypass from the perspective of CIS. I am not intimately familiar with the privileges Windows grants but I could imagine a problem with Windows guest privileges. Could you shine a technical light on where the issue exactly is; on whose side of the fence?
Yes. I saw some tools you used to exploit the issue. If you have them, you can send them to me for verification.
Looking forward to hear your threat assessment. Here or in a non public board.
Nice to see some important issues being addressed… I rarely come to see the forums these days, CIS is working fine for me (win 10 install, not win 7 upgrade), it has become a great, mature product (I’m a proud user since 2009)… update went smooth.
Congratulations and my thanks to the devs, community and all who contribute for keeping the internet and us safe !
I think Comodo had the highest number of BSOD occurrences in the whole AV industry. Can count upto at least 15 times over the years in this PC alone. I knew it wasn’t coded well as a result and if people looked into it, there would be problems. These thoughts were proven to be correct today.
Still, I use Comodo because it is the best even with the BSODs. Nowadays, there are no BSODs. I give plus points to Comodo for fixing their product over the years as well.
There is still a chance for BSOD with one game that I am playing called ‘PlanetSide 2’ but I found a way around it, after installing the game and just before loading, I minimize the game screen and select the Comodo popup and allow the game. If I don’t do that, the PC freezes and have to hardboot.
Anyway, appreciate these fixes. Wish all the best.
As usual my Vista-machine had last update check hrs ago and on 1st manual update it updated database only and on 2nd it updated program too. I see that CIS ain’t still fully Vista compatible.
