Is Defence+ immune to other software's vulnerabilities?

Imaginary situation. Someone found a critical bug in Internet Exploiter. Someone else wrote an exploit and placed it on a webpage. Someone third got on that webpage and - oh no! - he is using IE. CFP D+ is running in “Clean PC Mode”. IE gets exploited and does what it is not supposed to. Will D+ stop it from harming system? what i mean is - IE is safe app, which means it is allowed to do whatever it wants to (Clean PC Mode, Safe apps allowed everything). Or maybe i misunderstand the “Clean PC Mode”?

yes it will…

cos nasty stuff to come in, there must be injection of code somehwere (the nasty bit)… v3 checks all that…

Melih

thanx :slight_smile: (:WIN)

hmm but wait! i still can’t figure out… i mean - the malicious code is running from INSIDE internet exploiter - does it really has to load a dll? i mean maybe it has to, but if everything is coming from inside IE - then nothing will be noticed and all that noticed will be learned and allowed? correct me if i’m wrong

any new code has to be introduced one way or the other.
either as a file on its own… in which case it will be caught… or
as an injection to another process… in which case it will be caught.

we have the A-VSMART architecture!!

Melih

ok i got it now :-))) (V)

Take IceSword for example Burillo – while it can completely bypass all of Comodo’s defenses (it can kill the process, it can access quarantined files, etc.), you still have to allow it to do all of these things. In that sense, if IceSword was malware, or was exploiting something, you’d be notified when you downloaded it, when you installed it, when it accessed something. There are so many steps along the way.

For instance, I was at a site the other day that was trying to download/modify tons of content in my temp internet folder (very likely this was all malware, given the site), and I kept hitting block, block, block and it kept trying to install more files. I finally had to just kill internet explorer to get it to stop trying to install files, but Comodo caught it every step of the way -before- any files even landed on my computer.

Additionally, you can run other programs as well that aid in the fight. I run AVG Pro (I should have gone with Nod32, but AVG is cheaper and only less effective against polymorphics, still great with signatures) and Windows Defender (I do like Microsoft’s Anti-Spyware/Malware program…). On top of that, I even have Windows XP Firewall turned on ;-x

I know, I know, two firewalls… but I don’t really consider XP Firewall a real firewall, albeit it does block general access and allow what you tell it to. And then Windows OS itself has things built in that prevent possibly malicious code from running (very seldom have I seen the message, but Windows XP itself will notify you occasionally of some iffy programs…)

For instance, I was at a site the other day that was trying to download/modify tons of content in my temp internet folder (very likely this was all malware, given the site), and I kept hitting block, block, block and it kept trying to install more files. I finally had to just kill internet explorer to get it to stop trying to install files, but Comodo caught it every step of the way -before- any files even landed on my computer

this is an excellent point igniteice. This site was most likely mounting an attack, otherwise would have gone unnoticed. And if this was a new malware that no AVs recognised that you would have been infected and you wouldn’t have known about it. But this is exactly what V3 is designed to do, Protecting you thru Prevention! It prevents them from coming into your PC in the first place!

thanks for sharing that with us

Melih

Here’s what the log looks like Melih. Can you tell anything about it from this? Why does the filename keep getting longer and longer?

11/27/2007 8:31:22 PM C:\Program Files\Internet Explorer\iexplore.exe Modify File
\Temporary Internet Files\Content.IE5\55R3OMQD\installer[1].exe 

11/27/2007 8:31:25 PM C:\Program Files\Internet Explorer\iexplore.exe Modify File
\Temporary Internet Files\Content.IE5\55R3OMQD\installerCAW9BT0E.exe

11/27/2007 8:31:28 PM C:\Program Files\Internet Explorer\iexplore.exe Modify File
\Temporary Internet Files\Content.IE5\55R3OMQD\installerCAW9BT0ECAJFET1N.exe 

11/27/2007 8:31:30 PM C:\Program Files\Internet Explorer\iexplore.exe Modify File
\Temporary Internet Files\Content.IE5\55R3OMQD\installerCAW9BT0ECAJFET1NCAFYOLVE.exe 

11/27/2007 8:31:32 PM C:\Program Files\Internet Explorer\iexplore.exe Modify File
\Temporary Internet Files\Content.IE5\55R3OMQD\installerCAW9BT0ECAJFET1NCAFYOLVECADQIK6T.exe 

11/27/2007 8:31:35 PM C:\Program Files\Internet Explorer\iexplore.exe Modify File
\Temporary Internet Files\Content.IE5\55R3OMQD\installerCAW9BT0ECAJFET1NCAFYOLVECADQIK6TCABEKN36.exe 

11/27/2007 8:31:37 PM C:\Program Files\Internet Explorer\iexplore.exe Modify File
\Temporary Internet Files\Content.IE5\55R3OMQD\installerCAW9BT0ECAJFET1NCAFYOLVECADQIK6TCABEKN36CAPUJ18J.exe 

11/27/2007 8:31:41 PM C:\Program Files\Internet Explorer\iexplore.exe Modify File
\Temporary Internet Files\Content.IE5\55R3OMQD\installerCAW9BT0ECAJFET1NCAFYOLVECADQIK6TCABEKN36CAPUJ18JCAARCTG1.exe 

11/27/2007 8:31:43 PM C:\Program Files\Internet Explorer\iexplore.exe Modify File
\Temporary Internet Files\Content.IE5\55R3OMQD\installerCAW9BT0ECAJFET1NCAFYOLVECADQIK6TCABEKN36CAPUJ18JCAARCTG1CATI4PJW.exe 

11/27/2007 8:31:45 PM C:\Program Files\Internet Explorer\iexplore.exe Modify File
\Temporary Internet Files\Content.IE5\55R3OMQD\installerCAW9BT0ECAJFET1NCAFYOLVECADQIK6TCABEKN36CAPUJ18JCAARCTG1CATI4PJWCA998TQ3.exe 

11/27/2007 8:31:47 PM C:\Program Files\Internet Explorer\iexplore.exe Modify File
\Temporary Internet Files\Content.IE5\55R3OMQD\installerCAW9BT0ECAJFET1NCAFYOLVECADQIK6TCABEKN36CAPUJ18JCAARCTG1CATI4PJWCA998TQ3CA59YF6V.exe 

11/27/2007 8:31:54 PM C:\Program Files\Internet Explorer\iexplore.exe Modify File 
\Temporary Internet Files\Content.IE5\55R3OMQD\installerCAW9BT0ECAJFET1NCAFYOLVECADQIK6TCABEKN36CAPUJ18JCAARCTG1CATI4PJWCA998TQ3CA59YF6VCAFYTOJ8.exe 

11/27/2007 8:32:20 PM C:\Program Files\Internet Explorer\iexplore.exe Modify File
\Temporary Internet Files\Content.IE5\55R3OMQD\installerCAW9BT0ECAJFET1NCAFYOLVECADQIK6TCABEKN36CAPUJ18JCAARCTG1CATI4PJWCA998TQ3CA59YF6VCAFYTOJ8CAQ00KOC.exe 

very good example :slight_smile: i’d dare to ask “do we still need any AV program?” :BNC

PS use Firefox/Opera and there will be no malware trying to self-install :slight_smile:

PPS i think the filename is getting longer and longer because you deny access to disk… it maybe thinks there is another file with that name, generates new one and tries to self-install again… don’t you see - filenames are obviously randomly-generated!

good example indeed.

its difficult to identify exactly what it is trying to do, but one thing for sure it ain’t nice :slight_smile:

and that’s all you need to know to say “No thanks” to it :slight_smile:

Melih