What you need to know for your Computer Security

Professor ■■■■ is … a Professor and a searcher, and as such wrote something yes, quite theoric, but that could be easily exploited.

And the “goodbye world” thing has not to be intercepted by AV since it is innocuous: it merely serves as an example to show that 2 different files can have the same MD5, to conclude that MD5 is not a safe protection anymore.

In the same time, load eicar.exe to virus total or download it, and everyone shall jump altough eicar is also perfectly innocuous.

The problem is that AV rely on databases and sometimes “heuristic behavior”, but that even “heuristic behavior” relies on a database: not in the database, not caught, and it is the reason of the “hello world” suggestion by Melih, but where if you were writing yourself your own malicious “hello world” program, it would never be caught, the only line of defense remaining a “unknown file default blocking behavior”.

I don’t use CIS AV, but i believe it wouldn’t be more efficient against this kind of threat than Avira, failing.
I also get no warning whatsoever from CIS firewall, but of course, when i try to run “hello world”, defense+ warns me that it is unknown.

We also must remind that, if not getting fooled by one file between many in a downloaded compressed folder, the best line of defense is betweeen our ears: no one should be fool enough to run a file he is not sure of.

The “compressed folder” situation is somewhat more difficult, and can be compared to mail attachements: if one does not deliberately click the unknown file, he stays safe if he forbids default scripting (IE Active X and so on, calling the malicious file when you meant to open plain html).

I’ve received the following answer from Igor (an avast developer):

Still, I don't see the problem as that critical... I mean, for an successful attack, you have to deliver an executable on your machine, let the user allow that in the firewall, and then [b]replace[/b] the file with the other one. Who would perform that replacement, however... a malicious code, already running on the computer? If so, then there's probably an easier way than abusing MD5 collisions.

Does he really mean just that? Or something else?

Well… not exactly. The malware behavior of “my” “hello world” could be caught by other antimalware techniques besides the signatures…

For sure it won’t…

And what if the user clicks “ok”…? Such a no-fool technology is to be developed.

[Mr Melih. Call free Comodo Internet Security Supplement for a year, i’m unemployed and i can not afford. Thanks

And what if the user clicks "ok"...? Such a no-fool technology is to be developed.

On what behalf, excepting an infinite database?

In the conditions you are speaking of, i would forever be thrown out of some dos utilities, and i definitely wouldn’t like it.

Indeed. It’s a problem: databases increases indefinitely.
Behavior blocker helps. Generic signatures and algorithm detection reduces the size of the database.

first of all :rocks: and great topic very helpful
and " Go to your local Clothes shop and try to steal something……the alarm you will hear, as you try to get out of the door while 2 big guys are running towards you" lol
:BNC (:CLP)

Not sure where to post this. If its in the wrong place, please let me know where you moved it.
Question Please:"ServerBusy Box popped up while doing a Comodo Scan on my PC. ( has popped up recently at other times) Read"This action cannot be completed because the other program is busy.Choose
‘Switch to’ to activate the busy program and correct the problem.’
Also my Remote Access keeps being checked tho I have never checked it and I keep un-checking it.
How can I prevent this ?
Thank you.
Marj

Well I did a couple a Sytem Restore. Seems its OK. Hope its OK.
Marj

No you are not wrong you are right. Once there was a time when there was not so much software, only some computers in labs, universities and libraries, selected people using them and now everyone can fool around. I dont know what is so funny to infect someones PC writing malware, trojans, rogue software. Look at these hundreds of pages
here https://forums.comodo.com/av-false-positivenegative-detection-reporting/submit-malware-here-to-be-blacklisted-2013-no-live-malware-t89868.0.html
and here https://forums.comodo.com/av-false-positivenegative-detection-reporting/report-trusted-and-whitelisted-malware-here2013-no-live-malware-t89869.0.html

I would never considere such criminal acts = and Melih you are right these people are criminals and they must be defeated; we need an internet we can trust and go online secure=. And Comodo does this excellent, e.g. with the Comodo Internet Security Premium Suite which does more being freeware as many so often highly recommended paid programs.
And if more and more people have their computers ant networks secured with Comodos high security software = a good brand High Security Software= we all, as an army of Comodo soldiers can create with you Melih a real WOT, a Web of Trust. Thank you for this crusade for the freedom of secure surfing and working providing us with such excellent high tech weapons. And dont ever tell someone the code and how this works. I know what i have to know: that Comodo suites me best.
It is not a software, but a concept with the right people, devs, CEO; mods; admins, buddies and users working together in a decent way. Keep and expand this. And keep it free and fully packed as suite. forever.