PC Defender rogue av also bypasses CIS v5 beta. It’s on MDL. When running the .msi it gets automatically added to trusted files and takes over computer. Sandbox doesn’t pick it up.
yeah there still is a problem with msi installers.
also egemen, when I ran that file that was “signed” the verdict v5 gave me is that is said scanned online and found safe. How could that be? Shouldn’t it have said scanned online and found unknown?
Yes thats the bug.
which one the online scanner or the msi issue?
now speaking of the msi issue, will that be taken care of, becasue I think it is a major one.
especially since I read more viruses are now using this form of exploit with very little out there to protect systems.
This fix would be a big plus for Comodo
I think a Norton-type reputation rating for files would be awesome. Might defeat most of these type of threats.
We already have it. It will be activated with the updates to cIS 2011 this year.
I am assuming this was the issue that Chrish from MRG was attempting to point out? It seems similar.
I tested this rogue AV against CIS4 and CIS failed to block it. Proactive Security, D+ on Paranoid mode, SB disabled, FW in Custom Policy Mode. PM to me if anyone needs it. The rogue was that PCDefenderSilentSetup.msi
But if somebody is using CIS without the AV what happens? the malware will be trusted anyway?
bump
I would like to get a solid answer from someone at comodo concerning the msi issue, I think it is much bigger than any other issue, even the script one. Reason being is that there is live malware using msi and they are out there.
Where is Melih? Vacations?
Too many questions without answers :-
I’m afraid I must go back to Comodo Firewall only (without D+, sandbox and AV)
For AV solution I’ll choose either Avast or MSE.
Until better times …
I was just thinking about this. Think I will keep everything enabled except the av, and run the MSE beta with it.
This is indeed a major issue, I can understand if it were affecting the beta only such behavior is expected, but if it effects CIS 4 then there should be a fix made immediately. Getting infected may put people off Comodo forever.
I’m keeping Comodo because, chances of infecting yourself with this thing is minimal if you know what you’re doing. Like I am gonna go on purpose on MDL and download it… It should be fixed. Kaspersky trusts MSI installer because it’s from Microsoft, Norton does too, everybody does, so does Comodo. You wanted no popups, there you have it. Now you want it back? LOL
Just kidding, but there is no reason for alarm yet, hang on tight…
The main problem with Comodo is that it offers bunch of theoretically excellent solutions you can’t rely on.
Because even though it works in most cases, there are often ridiculous holes and bugs that leave malware to simply go past. I know no software is perfect but as much as i try to rely on Comodo based on features provided and my own testing, i always have doubts that it actually works as it was intended by the programmers.
And I have seen norton’s PIFTS.EXE scandal, McAfee crash of systems [deleted windows system file] and so on… Comodo is good enough for normal usage, but if you intentionally want to infect yourself, nothing will save you.
So far, and I am speaking for myself, I had 0 incidents. That makes me confident in this product.
Besides, it is a big plus that we have strong community and that we find potential exploits.
By the time digitally signed malware start massively infect systems, we will get a fix against this threat. Comodo 5 BETA started very good, in the end it will be awesome! :-TU
Quoted for the truth. Comodo, in theory, is awesome. Product conceptualization is really, really amazing. I would give creative a bonus. The implementation is where it all get tricky.
But, to be honest and fair, aren’t we all like that. I’ve come up with some excellent ideas, but failed to implement them properly. One time i came up with a trading algorithm which gave 30%CAGR over 25 years. Too good to be true - programming error, new result 4%… oops.
That said, I do feel that CIS is the closest or 2nd close (after norton) to a complete internet security solution. Once we have msi under control… we are set. You have to be really unlucky to get hit by scripting attacks. ;D
ps. soyabeaner and I came up with a solution to the msi problem in our “comodo as an anti-executable thread”. Disable msiexe.exe from running on its own. Only run it when you are 150% sure of a programs authenticity. A dead give away to malware, in my own experience, is that its never more than 1mb and usually between 50-500kb in size.