Would Comodo have stopped the Stuxnet worm?

Would it stop a malware with a stolen digital signature from installing? ???

depends on the config and how a user would answer any/all alerts…
I guess some if not all would be sandboxed because of, you know, they are unknown files after all :wink:
As for digi certs, well, anything can happen…

The next version should be immune to signed malware.

That’s good to hear!

Can you share something or give us a hint?

+1 Sound very interesting :smiley:

Agree with you.

To answer you question: I don’t think it will due to the safe digital signature.

I recommend you to have “unrecognized files will be treated as Untrusted” and unmark Automaticaly trust files from trusted installer in Sandbox Settings.

unknown files will be automatically sandboxed and you will get more pop ups but that’s worth it; you will be protected.

Regards,
Valentin N

I think you are unclear on what this setting does. It’s not like the old, don’t use the trusted vendors list option.

If an installer is trusted (either by CIS or by the user) any files created by this installer are also considered trusted to keep them from being sandboxed during the install.

If you trust the installer, why wouldn’t you want the respective files to stay out of the sandbox?

I mean sandbox settings. Sorry my mistake. I have modified my previous post.

Regards,
Valentin N

But again, I don’t think you are understanding what this option does.

A quick example with Automatically trust files from trusted files enabled:

I want to install MyFavoriteApp.exe. This application uses a .bat file or two to unpack files or copy files to respective folders, or perhaps runs a script. This application is not on the trusted vendor list. I get an alert asking if the installer should be allowed to run. I say yes… Great success!! Installation went without a hitch! ;D

OK, now we disable Automatically trust files from trusted files:

Again, we want to install MyFavortieApp.exe. We tell CIS, yes, let the installer run at the alert. Oh, but wait, this .bat file is unrecognized! I’ll sandbox it for you! Install fails because the .bat or script wants to do some things that our isolation level doesn’t allow. OK, I click on the don’t isolate again link in the sandbox alert, but this doesn’t help because the install has already failed. So, we try again and the install gets past the original .bat, but hey, there’s another one I don’t recognize! Sandbox! Click don’t isolate… Try to install again… Rinse and repeat for however many components of the installer that are unrecognized.

I wouldn’t recommend disabling this. Sure, I guess you could say you’re more secure because each unrecognized file is getting sandboxed, but really, do you want it to do that? If you don’t trust all the components of an installer, you don’t actually trust the installer, now do you? :-X

So, if a malware is signed, it will be treated as unknown? ??? sorry for the confusion, I thought Comodo only automatically sandboxed unknown, unsigned files.

There are 4 possible categories…

signed, known
signed, unknown
unsigned, known
unsigned, unknown.

Am I correct?

It doesn’t just matter that a file is signed. In order for it to be trusted the digital signature must be in the TVL. Otherwise the file is unknown and will be sandboxed (with the information that the file is signed provided in the popup).

Ok, now I see…and thanks for the clarification. :-TU

Thank you for the explanation and for improving my knowledge regarding this option. I hope you also understand why I recommended those settings.

Regards,
Valentin N

True! … again

Unfortunately as it stands now - he is unclear of anything he is posting as far as I am concerned so far… Just posting a lot of … and more & whole load of **** around the place

Well, blame me again … and again

“personal attack”? “flamebait” ? whatever … please go ahead

Cheers! & Happy New Year! to all of you

http://i49.tinypic.com/2z4wlzr.gif

Having a different opinion is essential for democracy…
Now pay attention from a moderator wannabe:
It is advised to use personal messages to resolve differences! :-TU
When in doubt, please take a look [at] this link:
http://help.comodo.com/topic-72-1-170-1630-Introduction-to-Comodo-Internet-Security.html

Thank you for your cooperation, citizens ;D

LMAO on that one GG ! Also big lulz @ the one with the MIB that u did. U have good sense of humor imo. Cheers !

I wonder if there is a gene for anger in our making, if I had that kind of knowledge I would sure experiment on that !

Believe me when I say this, you really don’t want to know where I get the ideas… 8)

It’s called 4chan, google it!

More details, pls. Or U just meant modified TVL from which some number of vendors will be removed due to “questionable practices” ?

I also wonder what he means. Next version? Do you mean v6 or the just releases v5.3?