Handle driver seperately

1. What actually happened or you saw:
When i allow a program in HIPS Cis allowed securom driver to be installed without a warning.

2. What you wanted to happen or see:
I would like to have Cis conform things that go deep into the system (like drivers) seperately and make sure they can be uninstalled safely

3. Why you think it is desirable:
To block unwanted software.

4. Any other information:
No

Please elaborate on your wish request.
Is it a vulnerability? What happens if you switch to “Paranoid” level? How did you test it exactly (possible steps)?

Thank you.

As there has been no reply, I will move this report to “Added/Rejected Wishes” section.

Thank you.

It is very funny that you move my thread to rejected without sending me a message that you commented on it after 3 days. You seem to think everone who posts on this forum comes online everyday.

Ofcourse drivers are a security question.
Drivers can go very deep into the system and do quite some damage.
Even if it is not malware but just ■■■■■■ programmed unnessary drivers like lets say Secu rom they can mess up or atleast slow down the computer.

In this way Low level access from programs should always monitored tightly not only in paranoid mode which is almost not useable for dayly use. (i tried to use it it prompted if it should allow my touchpad apps only problmem was that i was not able to use my touchpad then to confirm!)

Is it hard to understand that things that go deeply into the system can do quite some damage?

Do elaborate on (compared to) the existing feature. Your wish request is ambiguous.

Device Driver Installations - Device drivers are small programs that allow applications and/or operating systems to interact with a hardware device on your computer. Hardware devices include your disk drives, graphics card,wireless and LAN network cards, CPU, mouse, USB devices, monitor, DVD player etc.. Even the installation of a perfectly well-intentioned device driver can lead to system instability if it conflicts with other drivers on your system. The installation of a malicious driver could, obviously, cause irreparable damage to your computer or even pass control of that device to a hacker. Leaving this box checked means HIPS alerts you every time a device driver is installed on your machine by an untrusted application (Default = Enabled).

[attachment deleted by admin]

Divice driver alerts should also be shown for safe and trusted programs unless other wise specified.

Additionally i suggest to mark the dangerous requests from programs with a different background color

how can the average user judge if a program request for lets say full controll over the system is dangerous

i will extend the wish and add a full concept for this.

Are you still planning on adding a full concept for this wish?

They are in HIPS paranoid mode, but not in safe mode. So I think CIS does what you wish. Please note that drivers are detected when defined in the the registry not when run. They often run too early for the run to be detected by CIS. (CIS at base is itself a set of drivers!).

I will move to rejected for the moment, but please feel free to challenge if not satisfied.

Kind regards

Mike

Yes but it took some time to actually sit on it and write it :wink:
This request would replace the original request, Please format it as you think it would be proper.

  1. What actually happened or you saw:
    HIPS does treats almost all requests pretty similar, some popup opens and asks the user if he want to allow it OR no popup opens and comodo does it automatically. There is however on the popups no guide for the user if he should allow it or deny it.

Also allowed programs are allowed to execute potentially more dangerous or unwanted things once they are allowed.

  1. What you wanted to happen or see:
    First i would like to see a rating of requests so that comodo rates the request to be harmless, little dangerous, potentially dangerous, dangerous, very dangerous, junkware/unwanted or potentially harming system integrity(As example a bad codet driver that could slow the whole system down).

Now the user should be notified with a very vibrant red popup with a spider on it about the very dangerous requests to give him the optical impression that the request is dangerous.
The way the popup looks should reflect the level of Danger, so the user can directly see how dangerous the request is.

Right now the documentation of the Requests is only one line which says something like if this is one of your dayly application you can likely allow it. I would like to see this extended to describe exactly what the program wants to to and have some example what could go wrong.

The user should be able to configure the level of notification he want to receive for: trusted programs, untrusted programs and unknwn programs.
As example he could opt to get for all programs a popup for the very dangerous requests but disable the less dangerous popups for trusted programs.

  1. Why you think it is desirable:
    This way the user can get more control over what he wants on his system by having finer tools and better information.

  2. Any other information:
    A side not about unlimited access to the computer.
    Right now when a program askes for unlimited access i have only the possibility to sandbox it. However there are times when the user does not want to sandbox it. So I suggest to instead only give the possibility to sandbox it introduce a layer which can still monitor and disallow the programms actions even if it has unlimited access.

A side note about paranoid mode:
I think paranoid mode is not really useable in real life since its just overwhelming the user with popups.
What is more it caused a popup for my touchpad files which caused the touchpad to no longer work so i could not respond to the popup and had to restart the computer.