If you are a user of Comodo IS Premium on Windows: Do you observe a similar behavior as described below on your system?
If you are a developer of Comodo IS Premium for Windows: Is the behavior described below a direct or indirect danger to the security and privacy of the system OR a direct or indirect contribution to the security and privacy of the system? Is the behavior described below intended by the developers of Comodo for the purpose of protecting the system or this behavior has been added to Comodo for purposes other than protecting the security and privacy of the system?
On every WinXP reboot or on every launch of Comodo Killswitch, Comodo Killswitch registers and launches (see the screenshot) this boot start driver with a new random 6-letter name.
This is where you can see the driver:
Comodo IS Premium on Windows XP SP3 > Tasks > Advanced Tasks > Watch Activity > Comodo Killswitch
System tab, Services section. Click Start Type column to sort by it. Look at the drivers with Boot Start as Start Type.
This is how the driver looks like:
Name - 6 random lowercase letters (e.g. ywilru or xqlakn)
Display Name - the same 6 random lowercase letters as in Name
Type - Driver
Status - Running
Start Type - Boot Start
PID - (empty)
Binary Path - (empty)
Error Control - Ignore
Group - (empty)
Load Order - (empty)
A HIPS/Sandbox creature like CIS keeps an eye on what is happening underneath the hood of Windows. The programming techniques it monitors are used by both normal and malicious programs. From the fact that D+ flags a program we cannot conclude that a program is therefor malicious.
Also CIS will protect executables from being tampered with by unknown programs.
Thank you for your opinion. Still, this is only one personal opinion of unknown accuracy. Other visitors are very welcome to express their observations and knowledge on the subject, for the sake of objectivity.
Users: have you observed a similar behavior?
Developers: is this behavior harmful? (see above for details)