Matousec - All HIPS vulnerable to a test

Readme.
Bad? Very bad? Catastrophic? Abandon Windows and migrate to Linux? ;D

if Comodo is vulnerable how did it get 100% in there proactive security challenge?

Seems that security software now have also to take a look into securing their own software. >:(

I’ll migrate to Linux when it support more games.

Maybe Mac is better isn’t it 88)

That very strange ??? if this problem was 100% true then Comodo shouldn’t past the 100% in there proactive security challenge test?

How can Comodo confirmed this problem from Matousec ??? ??? can this problem be resolved ???

Steam is moving to linux! even possibly as early as this june! ;D do a google search :-TU :-TU :-TU

It’s a different test. If I understand correctly, better kernel hooking (aka secure kernel hooks) should solve it. Therein lays the problem, since that’s not easily achieved.
Disconnecting your pc running M$ windows from the net, should dissolve the threat though ;)or only connecting to the net with your pc running a linux live cd/dvd/usb-stick.

I don’t know if comodo is effected by this, but comodo has very strong self-defence :slight_smile: Even if it’s vulnerable, comodo has a multilayer defence for it to get through. Humans are still the main weakness

Don’t start jumping off of bridges yet. This type of story comes along every so often, the problems are never as bad as they’re made out to be. By saying this is Matousec saying that their own test is useless?

Cool, just waiting for Starcraft/Starcraft 2 (Battle.net) to move to Linux too haha.

Linux? A very interesting OS …

Zzzzz …

By saying this is Matousec saying that their own test is useless?
No, that test is just separate for the others

Guys, whilst we just got 100% from matousec, just read this new article today appearing in the IT press about the whole basis of detection is useless, including surprisingly Comodo.

http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php#final-observations-and-notes

Melih, you need to bury your methodolgy stick in the ground and be a real man and your best brains on this immediately and beat the competition! This is SERIOUS

mod edit: Message merged by Mod. kail

Yes it is vulnerable…

All these software are vulnerable including CIS 4

http://www.matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php

I repeat: This is just another “crisis” that happens every so often. It WILL be fixed, security will evolve, we all are not going to perish in a great virtual widows cataclysm. Panic (not the mod ;D) is apparently the way of the PC nerd. :stuck_out_tongue:

Why so complacent? Don’t you think the malware writers are already aware of this and may have been implementing this for months / years!? If not them, then the security services wanting to know what’s on your PC?

Because I’ve seen too many of these “disasters” to fly into a tiz over it. The malware authors AND developers know about it. I want it to be fixed but there’s no need to panic IMO. As I’ve said, security is constantly evolving. Why? Because there are ALWAYS loopholes, nothing is foolproof. This is another loophole, we will evolve, the world will still spin tomorrow. :wink:

http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php

would the defense+ ITSELF catch this intrusion attempts? and what would be the question that defense+ would ask then?
there was just mentioned that comodo free version 4(…) is vulnerable, so its not clear which part they meant.

as its not the best solution to use the sandbox of cis, when you already use a real other sandbox, it would be interesting to know, if cis can defend against this threat without the CIS sandbox enabled.

EDIT: can you add this to the already existing topic about matousec, because its not a double post … mainly its the question about: how would defense+ tell me about this happens…

just read this new article today appearing in the IT press about the whole basis of detection is useless, including surprisingly Comodo.
No, The basis of detection was the model that their talking about. COMODO model is about "prevention". That's what Comodo's years of coding is geared to. That's way their Firewall and HIPS are top-notch and some of their competitors like pctools will try to mimic it (basicly PATCH to PASS) Like it took awhile for pctools to finally passed the 84 tests, now with the new tests that came out which another 100 tests were added, pctools bombed. COMODO passed ALL 100 new tests

Sandboxie is not vulnerable to this.

I remember running Sandboxie + CIS for about one year, and had no issues. Very powerful combination indeed, except you risk having (hidden) conflicts, since both programs hook the kernel for security purposes.