I think an Exploit Prevention module is more needed and necessary like other 2 famous IS (Norton and Kasperky) to become an additional layer of Security even when other Programs (such as OS) are not updated and patched.This will be a Challenge and Priority for Security softwares in future,as I know Eset has added a module in Version 7 to protect against Exploits included in Metasplot and Armitage framework.Following link from MRG-Effitas is about Exploit Prevention Test of Security Softwares:
+1 :-TU
comodo already protects against exploits
Sure it protects against buffer overflow, but does that protect against all kind of exploits?
Sure HIPS might stop exploits but it doesn’t really tell you an exploit is going on so the user has to determine whether the actions carried out are malicious. I don’t really know about the sandbox though, most likely it protects against many exploits but you don’t always want to use the sandbox.
Basically what I’m wondering is, does CIS have any kind of exploitation protection other than buffer overflow protection that doesn’t rely on HIPS or sandbox?
im pretty sure it protects against against all kinds. why wouldnt you want it to rely on sandbox or HIPS? these are CIS’ zero day components. the av which catch ones it detects but for undetected ones defense + will you protect you
I was thinking exploits in the web browsers, I mean, they patch exploits all the time don’t they? Which pretty much means there are always some sort of exploit… otherwise they wouldn’t patch exploits… Sure I’d love to run my browser in the FV sandbox, if it didn’t make it run like a slug. (30 fps on a 120Hz monitor is horrible!)
you dont have to run your browser fully virtualized the auto sandbox will protect from exploits
I’m not using auto-sandbox, I’m using HIPS. But I assume what you mean is that the auto-sandbox will stop exploits that makes the web browser download and execute an unknow executable? I remember seeing before an exploit that would make the attacker able to send commands straight through the browser, so for example they could delete files right from the browser, of course that was probably patched but I don’t remember what browser it was, either way my point is that such an exploit could always happen again, would the auto-sandbox protect against that?
Actually I don’t even know why I’m arguing this, I don’t believe Comodo absolutely needs exploit protection, I believe they need to fix the issue where chromium based browsers run badly in the FV sandbox so that I can run it like that. I guess I’m playing devil’s advocate or something.
Look at this threads if u think Comodo blocks Metasploit related Exploits:
https://forums.comodo.com/firewall-help-cis-b135.0/-t85532.0.html
https://forums.comodo.com/defense-sandbox-help-cis-b136.0/-t85713.0.html
No I’ve tested myself : In case of being Attacker in Trusted network (For example: Home Zone),Metasploit works perfectly and can capture
screen but Kaspersky and Norton block. Link 1 is related to my Tests.I’ve tested with Sandbox=Disabled and HIPS=Enabled in Safe Mode.