http://www.zemana.com/webcamlogger_test.aspx i have tryed all they’s tests and comodo passes, however this one webcamlogger it does not pick it up at all. no matter what settings you have, i downloaded with defense in safe mode and proactive security, and even tryed putting it on paranoid mode image execution on high still nothing. the image execution does pop up when you try to run it but you are suppose to allow that part, and hit start then you should get an alert. but no alert from comodo. maybe some of you can test this cause it fails for me.
Hi there,
I think this has been discussed before somewhere here, i have also been testing with this a few months back.
It does require tweaking of D+ protection settings to block this. It’s not monitored by default as far as i know.
I’ll see if i can test this sometime tomorrow
oh sorry about that, i tryed to search the name in here and nothing came up so i thought i would post. you would think as powerfull as comodo is and the type of risk, it would beable to block this by default. i was surprized that it let it threw. and yes you could block pretty much anything if you tweak it. but a novice user wont have a clue on how to do that.
Comodo needs to make CIS much more intuitive. They also MUST make the default CIS settings highly secure and they must activate these settings during install. Nobody should have to tweak the program to get it to be secure…it should be secure by default.
Hopefully Comodo will address these issues in the next version of CIS.
I have done some testing and i can make this fail by adding the following to the “default” setup.
Go to D+, Select My Protected Files.
Press Groups, Press Add, A New Group, give it a name like “Webcam Alert”
Scroll down to the newly created group and select it, right mouse click add, type:
\Device\Usb#Vid*
Press the [ + ] button and click Apply twice, now click on the Add button and select, File Groups, Webcam Alert and press Apply.
Now if you start the webcamlogger it will alert you for accessing this interface.
If you block this request the application will pop-up a list of video devices, if you click OK on that screen webcam logger will tell you you security software blocked the access to the webcam.
I know it’s not perfect, but if your looking for protection of your webcam this should work.
Can someone please confirm that this works on their setup also ?
It works here as welll. Once the USB device that maps to the webcam has been confirmed the wildcarded \Device\Usb#Vid* could be edited as well. :-TU
On the other hand the webcam logger PoC could be also used to notice the glitches of such approaches:
[ol]- Before logging takes place. it is necessary to specify a correct video source.
- Webcams usually come with a lens cap that cover the optic. A piece of paper would have the same effect
- Web-cam access is exclusive and can be used by only once application at time. Starting a different application that access the webcam will made the PoC fail.
- It is impossible to capture the webcam input when in use by a legitimate app[li][/ol]
Assuming that a malicious app of such type exists and found a way to workaround the first flaw of that PoC, capturing the webcam would be impossible by applying usually available lenscap protections.
If a malicious app already accessed the webcam, legitimate video grabbing apps wouldn’t be able to capture the webcam output and thus there would be no point to remove the protective lens cap.
If a legitimate app is capturing the webcam a supposedly existing malicous app won’t be able to capture the webcam input.
In the end using a the bundled lenscap or even a band aid it could be possible to defeat those weblogging attempts differently from screen grabbing or keylogging which necessarily require an appropriate software protection.
[attachment deleted by admin]
so what you are saying is the webcam would have to be off for this type of Application to have any affect, since you cant run cam on 2 separate apps at the same time. and thanks for the reply’s and help. i myself dont find this to be a big problem. i posted it to see what others would think of this type of risk. i think the chances of running into something like this is pretty rare, but you never know. however i understand that webcam is a trusted app. what i dont understand is how another Application thats not trusted can launch a trust application with out any alert by hips. if im looking at this at a wrong point of view let me know.
FYI - there are drivers available that can split a video stream between two output apps, but the driver has to be told what the two apps are before the stream can be split. Also, the splitting driver has to be selected as the video source in both apps.
Ewen 
Do those drivers installation trigger a D+ alert or they do not and thus provide a workaround to the flaws of this PoC if they were actually included?
Should webcam access be considered non-exclusive, like for video display or keyboard, only when such splitting drivers would be installed or also when they usually are not?
The splitter driver does trigger an alert. I only mentioned it out of interest.
cheers,
Ewen