watch the live again dude…
You sure this wouldn’t cover it, dude…?
1 Like
Hello my friend. Long time. Sorry the delay.
I’ll try to summarize everything that has been demonstrated in all the tests so far, including what Loyisa herself explained in a short interview I did with her in a video on my channel.
Note: Not necessarily in this order…
-
All tests with all security solutions are performed maintaining the default settings of the tested products. The same occurred with CIS on some occasions.
-
By default, HIPS is not enabled, so it is disabled in the tests;
-
In a video (or live stream, I don’t remember now) I performed the same tests, with the same exploit/malware/ransomware with HIPS enabled, and CIS was obliterated;
-
CIS with default settings = Destroyed;
-
CIS with CruelSister’s settings = Destroyed;
-
CIS with my settings = Destroyed;
-
CIS in paranoid mode or with HIPS enabled should not be tested (although I have tested it in both circumstances and the result was the same as always) because CIS is a security suite, with antivirus, firewall, etc., and not just a tool for isolating unknown threats. For that, we would have to use a virtual machine, which would not be feasible for anyone using CIS as a security solution against threats;
-
The same tests were conducted using Xcitium and the results were the same, and this is because Xcitium is literally CIS, with a few extra features. It’s the same codebase, the same technologies, however, Xcitium makes requests directly to Valkyrie, and CIS does not. That’s why Xcitium started identifying the attack, and this was demonstrated in a video (or live stream);
-
If Xcitium manages to protect the user from this threat, it’s because Comodo/Xcitium simply marked the DLL as dangerous (either by its hash, md5sum, or whatever file identification method is used). However, I demonstrated (proved) in a video (or live stream, I don’t remember) that what the company did was only mark the file as dangerous based on its identification data, not its behavior. Therefore, if someone takes this same DLL, changes a comma in its code, and recompiles it, the result will be a new DLL file. Because it’s a new file, it won’t be classified yet, and therefore it will bypass Xcitium and destroy the user’s system. I demonstrated and proved this live. And it’s because CIS doesn’t work with Valkyrie that the same exploit continues to destroy CIS defenses;
-
I intend to do another live stream to demonstrate, in a better explained and detailed way, each of the main scenarios where CIS will be destroyed by this type of attack;
-
I saw comments indicating that the user would have protection options and shouldn’t complain if they chose to use the default CIS configuration, but this statement is wrong because the default configurations are those that the company developing the product considers most suitable for the majority of users, and since the CIS slogan is to protect everyone by preventing threats from being executed, this exploit demonstrates that this slogan is misleading. Furthermore, I demonstrated in videos and live streams that even with the most extreme configurations, the same exploit can bypass the CIS defenses and encrypt all user data…
I’ve been absent because I was waiting for some statement from COMODO regarding this flaw, but almost two years have passed and so far there hasn’t even been a statement about it. I waited for some news about CIS 2026, which was announced in this forum, but so far nothing either. Perhaps the best thing to do is wait for a new version to be released, if it ever is, to redo all the tests…
To all forum members, moderators, CEO Mellih, and CIS fans: Nothing I say here is intended to attack the product, the company, or you. As pointed out by our colleague, in my last live stream where I demonstrated that CIS remains vulnerable, I stated that I would continue using CIS because it meets my needs, and so I do. CIS continues to be the security solution for all my Windows computers. But we can’t simply ignore facts just because we like a company or a product. Everyone fails. No product is perfect. But when a product fails systematically, the evidence is shown—in the case of an antivirus, the exploit itself sent to the company for analysis—and yet, years later, nothing has been done, it’s something to think about…
I’m off now. I’ll be back later.
Cheers everyone!
1 Like