http://www.avpclub.ddns.info/discuz/viewthread.php?tid=25661&extra=&page=1
It is written in Traditional Chinese.
9 of 30 vendors pass this test.
3 of them partial pass inculding Comodo CIS 4.1 Sanbox
18 of them fail this test.
Detail information please read their report.
Detail information please read their report.
It is written in Traditional Chinese.
How many people on this forum do you assume to be able to read Traditional Chinese?
+1
Here is the translated english version.
Problem here is a failure to communicate.
The report itself is still Chinese, and that, done as a .pdf file, has no translator. (I DL’d the file to look at).
I don’t understand traditional Chinese but what i see from the screens is that all traditional HIPS passed, including very good BB, threatfire.
COMODO 4.1, KIS 2011, and AVAST IS 5.0 partially passed and they all share the same feature - it’s the sandbox.
Can anybody shine a light over the used methodology?
Hi Eric,
As far as I know there are Comodo developers in China
Most likely, as a moderator you can contact them directly 
Sure they will be able to translate the methodology & post it here
Cheers!
p.s. In the past I was able to contact the Ukrainian department (actually the city where I was born 
) and exchange e-mails in Russian… when researching the old bug
So you should not have any issues… I think 88)
Thanks you for the link, nice test.
when i have tried, KIS 2011 can clean an active tdss, AIS and CIS can’t i think, no?
Strange. Paranoid and safe mode fail but sandboxed with unrestricted pass the test.
Is it because of virtualization ?
KIS 2011 also pass the test using sandbox.
The test run a TDSS sample that can be downloaded in the link below;
link removed by moderator
Please don’t post link to live malware in the public part of the boards. It is against Forum Policy to protect less experienced users.
And they use Kaspersky TDSSKiller(2.4.1.2) to check if the test system get infected by the TDSS sample.
May be someone in Comodo can download the sample and try it out.
(note: the test disabled the AV function and just tested the HIPS and sandbox function)
What configuration did they test the default Internet Security or the Proactive Security?
I don’t noticed the configuration in the report and you may better contact XCTeam to get the details.
I think someone in Comodo can just try it out using Internet Security and Proactive Security to verify the result.
Greetings all.
I still think that what was suggested here is better to be done in the 1st place
in order to find out/translate the methodology
added Well, I forgot to mention that probably the original poster - WinBMY can help … most likely (?) 88)
Cheers!
As I mentioned there is no CIS configuration details in the report and it is just a kind of executive summary.
They may have improper CIS configuration or CIS behave differently in their test system.
When someone show that a malware sample can get through CIS, why someone in Comodo just simply test the sample and verify the result. (using the appropriate configuration that you decide)
added SiberLynx, you are right that Comodo should find their internal resources or WinBMY’s help. I shouldn’t be so pushy here.
Current CIS 5 release asks the user what to do…
And Defense+ heuristics detects it also…
CIS configuration 100% Default settings, AV not updated, No Network connection.
Sample started from Command-box.
[attachment deleted by admin]
CIS Pro-Active, Sandbox DISABLED, AV not updated, No Network connection.
Sample started from Command-box.
[attachment deleted by admin]
Thanks hkjoj ,
Nobody is “pushy”, why?
It is just surprising to hear such questions when there are the developers “from the region”
That is not even an extremely questionable discussion about “the regional malware” that took place recently here
… that is about a simple translation
Thanks for the reply & Cheers!
Hi,
Sorry for late respond to the post.
I asked the author if he plan to write an English Report, and he reply “No plan at this moment.”
Therefore, maybe I can translate some of it — try my best. My English is not very good.
The following software are test by XCTeam.
Avira AntiVir Premium 10
Agnitum Outpost Firewall 7.0
avast! Free&IS 5.0
AVG Identity Protection 9
BitDefender AntiVirus Pro 2011
BluePoint Security 2010
BufferZone Free 3.31
COMODO Internet Security 4.1
DefenseWall 3.06
DriveSentry Desktop 3.4
Emsisoft Mamutu 3.0
F-Secure Internet Security 2010
Filseclab Twister AntiVirus V7 R3
GDATA AntiVirus 2011
Gentel Security GeSWall 2.9
Immunet Protect 2.0
Kaspersky Internet Security 2011
Norman Security Suite Pro 2010
Norton Power Eraser 1.51
Emsisoft Online Armor Free 4.0
Online Solution Security Suite 1.5
Panda AntiVirus Pro 2011
Privacyware Privatefirewall 7.0
PC Tools ThreatFire 4.7
Sandboxie 3.48
SpyShelter 4.52
Trend Micro Titanium 3.0
Xacti Spyware Terminator 2.7.2
Xacti System Protect 1.0
Zemana AntiLogger 1.9.2
Methodology:
本測試於8/27 至 9/5 間進行,不採用Beta 版。除非官方已釋出為正
式版。軟體版本均以此時之最新版為準,新版本將不再更新至測試中。
T===>The testing was performed from 2010/08/27 to 2010/09/05. All of the software are not beta version, they are all up-to-date release version.
測試環境:
T===>Testing Environment:
於Microsoft Virtual PC 下、Windows 7 專業版(32Bit)
Intel Q6600 2.4Ghz、RAM 2560MB、網路為連網狀態
T===>
Software Environment:
Windows 7 Pro(32 bit),
VM: MS Virtual PC
Hardware: CPU Intel Q6600 2.4Ghz,
RAM: 2560MB
Internet Connection: Always connecting
測試細節:
T===>Testing Configuration Detail:
T===> 1. If The AV is a Free version that has HIPS function, then this test will not test their Pay version.
T===> 2. The test won’t rebooting PC unless it requires to reboot after installation.
T===> 3. Realtime Anti-Virus detection function was disabled during this test.
T===> If the software has Sandbox function, then this test will be reported by
a. SanBox enable
b. SanBox disable
T===> 5. The standare answer is “No” to all of the HIPS popup “if allow to generate TMP file?”
T===> 6. The PC will back to original status by VM after one software test.
T===> 7. I don’t know how to translate this sentence, therefore, I skip translation to this sentence.
T===> After execution the testing samples, use Kaspersky TDSSKiller to scann for verifying if the PC affected or not,
T===> 9. TDSS testing sample can be download from “Here”, XC Team doesl not responsible for any affection.
COMODO Internet Security 4.1
主動防禦元件名稱:Safe Mode、Paranoid Mode、
SandBox(Unrestricted)
元件設定:預設設定
測試結果:Safe Mode 無法防禦TDSS,系統遭到感染
Paranoid Mode 無法防禦TDSS,系統遭到感染
SandBox(Unrestricted) 成功防禦TDSS,系統安然無恙
備註:Safe Mode 與Paranoid Mode 均沒有跳出任何詢問視窗,直到將
TDSS 加入至SandBox 中執行。
T===> COMODO Internet Security 4.1 Configuration
HIPS setting: (test 3 times of the following mode)
Anti-Virus: Disable (From the Mothodology mentioned above)
Rest of the others: No further setting after installation.
Testing Result:
Note: In our execution test, no popup for asking allow or disable under Safe mode and Paranoid Mode setting. But it popup and show message that TDSS move to SanBox under SanBox enable.