You mean the “trusted” vendors list that includes malware authors added there by the “entrepreneur of the year” and that cannot be modified by users? Ah… : ;D
Thanks to the trusted vendor list, a trojan dropper signed by trend micro inc. was able to work successfully (good job Comodo!). When you add a trusted vendor list, all it does is provide one giant security hole for droppers which are falsely signed
Well, it’s the same as saying that the antivirus doesn’t detect every piece of malware out there, just some of them (which is true, there are unknown malware files).
Sure, that’s how it is and how it always will be - there’s no magic to achieve 100% detection, no matter if for “ordinary detection” or autosandbox heuristics.
The difference between autosandbox and ordinary detection is that the autosandbox heuristics is “more generic” - marks more files. Sure, marking more files brings more false alarms - but they are not that “bad” in this case; the file is not reported as infected, not removed automatically… the user is just offered to run the executable in sandbox, which shouldn’t hurt even if the file is OK/clean.
But - you probably wouldn’t be very happy if for every executable you started (clear or not), you were asked whether you want to run it in sandbox, right? So, there always will be files that are not autosandboxed, and yes, some of them could be malicious. Nothing is 100% in the AV area, I’m afraid.
Yes, the heuristics will definitely be improved in the future - and it will be done via virus definition updates, i.e. no need for program updates in this case. But again, if you’re expecting 100% efficiency, you’re expecting miracles.
I just had to post here because I use COMODO Firewall alongside avast! (and well, other things). First of all, you can delete entries from the Trusted Vendors List, but there is no option to select all >:( . To bypass this so-called “Trusted Vendors” list, go to Defense+ settings in COMODO > Sandbox Settings > then uncheck “Automatically detect installers/updaters and run them outside sandbox” and also uncheck “Automatically trust files from trusted installers”. Also if you want, set you sandbox level to “Limited”. If you choose to delete from the trusted vendors list, give yourself 1-2 hour(s) and 5 cups of coffee. Just a bit of advice.
1/ Disable completely != remove particular vendor(s)
2/ When I last tried, they get re-added back on updates, I have no time for such stupidity
3/ The way I would like to use it is exactly opposite to they way it is programmed (i.e., empty by default, I add whatever I trust). Again, this wasn’t possible last time I tried.
4/ Not checking anything and adding any vendor there just because they’ve paid $$$ to Melih for certificate is outright retarded. They have added some many “trusted” vendors that the only option would be to wipe the list and start from scratch, whitelisting only reputable well established vendors after quite a bit of checking. Not gonna happen I’m afraid, since the situation looks like this:
less popups marketing + $$$$ for certificates >> actual concern about users' security.
5/ Have they stopped storing just about everything in registry, causing Windows to halt for a couple of minutes when rewriting the tens of megs registry blob whenever you change some rules after couple weeks of usage? I guess not.
Sorry, not seeing myself going back to CIS anytime soon.
Thanks for explanation. No, I’m not expecting 100% malware detection nor sandboxing. But I have to admit that I’m perhaps a little Comodo infected in the past ;D and compared it to close with Avast. I don’t use Comodo anymore, because it’s a system hog and many many false detections.
Thanks to the trusted vendor list, a trojan dropper signed by trend micro inc. was able to work successfully (good job Comodo!). When you add a trusted vendor list, all it does is provide one giant security hole for droppers which are falsely signed
My experience with Comodo was different. I abandoned it because the whitelisting wasn’t extensive enough and I kept getting needless alerts for perfectly safe things. I never deleted anything from the Trusted vendors list, I had to add things to it to make the program have better usability.
Personally, I’m not a fan of sandboxing in the first place and really see no need for it. Avast! should just tell you that something looks suspicious and ask if you really want to run it or not. If it’s something you know is okay you allow it,if not you don’t. Why run something unknown in a sandbox? What’s the point? The behavior shield is enough in my opinion.
Well, the point is, like 95% of users suck or better said utterly fail when guessing whether it’s OK or not. No harm will be done in the sandbox when your guess fails.
You don’t even have to guess. If it’s something you know that you installed and know is safe then it should be okay. If it’s something you don’t recognize, it might not be so you don’t run it. No guesswork involved there.
Most infections today are drive by download or java exploit. If a site is infected by a java exploit your java plug-in in your browser downloads other malware if your antivirus don’t detect it.
A browser used with Sandboxie for instance can’t harm anything of your real machine. All bad things aren’t able to bypass the sandbox. A far as I know. Therefor sandboxing is useful in my opinion.
You don't even have to guess. If it's something you know that you installed and know is safe then it should be okay. If it's something you don't recognize, it might not be so you don't run it. No guesswork involved there.
Many fake antiviruses (rogue software) aren’t easy to recognize for computer beginners.