From Ian “Gizmo” Richards
Support Alert Newsletter
""Can the Security Product Detect Process Injection?""
I used the ZapAss test program that injects an implant into a running process and then downloads a file using that process.
None of the security products tested warned of the process injection. Simple as that. Better get out your IDS program ;>)
rki: I’d reply by saying…You should have included COMODO Personal Firewall onto your test and see what happens!
And another quote from The Whirly Wiry Web team(Source 2)
Masquerades vs Implants ZoneAlarm is rightfully considered the best software firewall available, using advanced techniques to identify applications that request access to the Internet. ZoneAlarm was initially the [s]only[/s] firewall that successfully withstood Steve Gibson's LeakTest 1, a test trojan that masquerades as a trusted application.
rki: No, ofcourse, CPF also Passed with flying colours!
Now, you may all be wondering what I’m I talking about?
-“It’s all about the zapass trojan test” - Zapass is a harmless test trojan that can inject an implant in whatever process running, including Internet Explorer, Netscape Navigator, Opera, Outlook or even Notepad! .
Yes it is HARMLESS because I’ve tested it SEVERAL TIMES
My Results with CPF+zapass!!!
I tried injecting CTF Loader with the zapass trojan and CPF pops out with a message “zapass.exe has modified ctfmon.exe in memory. This is a typical of virus.Trojan and spyware behaviour” Injection Failed.
Tried Injecting mIRC & MSN messenger
Issue download - Failed
Issue Lifecheck - Failed
Screen shot attached below
Description: application Access Denied (ctfmon.exe: 127.0.0.1:8080)
Protocol: TCP Out
Now, has you’ve seen CPF has an advanced techniques in identifing and noticing applications that request any Outgoing access to the Internet. CPF has no compitetors when it comes to the question of “what’s the Best Firewall today”, there’s just no firewall that comes 2nd to CPF and I hereby request for all we the users to give a special thanks to the COMODO TEAM starting from the CEO(Melih) down to its Developers and Admins/Mods for putting down such a GREAT/FREE Products OUT.
NB: The mods are allowed to edit my post to suite their needs in any form they may want to change/add to it !
[attachment deleted by admin]