trojan uses digital certificates

what would happen, if i use comodo defense+ , and i would plug an usb drive in, which contains a trojan which is started by browsing its .lnk, right while for example explorer is opening the folder?
in the scenario in the text it said, the drivers of this trojan would have a digital certificate of a well known company.
what would happen, if i tell comodo defense+ to trust certificates from trusted vendors?
would i even get an “explorer tries to run something” question from defense+?

Yeah, same question here. :stuck_out_tongue:

yes, but as comodo is “default deny”, i think the question is in this area better placed.

if “removal section” was the right place, comodo would not have denied it :wink:

Even if Realtek not trusted (and today we are speaking of Realtek, tomorrow shall be another vendor, i have always strongly advocated for not trusting anything), you have no evidence whatsoever that comodo would stop anything, as no classic executable is used, but only lnk files, sys, and tmp files used as executables.

Comodo has samples and sigs, and Comodo AV correctly identifies the files.

Some questions over the Realtek signing is far from over though, I would suspect.
Conspiracy a la Sony? Rogue contractor? ???

Bad

clocwork intervention spoke of “default deny” which is the normal behaviour of firewall/defense+/sandbox, not of av.

Of course, one guesses that all av in the world now have signatures for this trojan (which actually seems to be a worm, but it is another story), and this is somewhat contradictory to the theory saying that comodo would be not database but prevention aimed: it does not tell if this prevention (defense+) would actually intercept the trojan.

Speaking of “epidemiology”, a kaspersky guy raised some hell (“racism”…) saying it probably came from India where the epidemy is geographically centered and as India is a main computing country, while he claims proofs that the certificate was bought at Verisign.

Would be interesting to here comodo’s response. I remember reading digital signing [white listing] was the way forward on these pages [correct me if I’m wrong].

Please continue the discussion in Rootkit.TmpHider. That will help to keep things in one place.

is it true that comodo used to issue malware vendors signed certificates.?thanks. :P0l

No it’s not true.
Not when put in that wording, as if it were intentional.

There are a few idiot Bloggers, that should be dismissed, as haters from the get go. >:-D

As is the case with ALL Certificate Authorities.
Has it happened, yes. And they are quickly revoked when discovered.
With low grade DV certs. The system is open to be abused.

Comodo is proactively working to fix the systemic weakness, that is the status quot for all CA’s.

To be clear we’re talking about DV certs for SSL, Not code signing certs.

Bad

ok.thank you for your thorough reply.most appreciated. :wink: