rogue AV bypassing Comodo sandbox

thanks to Pondus who let me know about it :wink: anyway doesn’t really matter much to me as I only run CIS firewall with Def+ (including the sandbox now) and AV of course completely deactivated. But that’s interesting. What would interest me more is how Avast sandbox would have resisted…

http://malwareresearchgroup.com/?p=1715
http://www.youtube.com/watch?v=4AYeIDI4CB4&feature=player_embedded

What’s Comodo’s reaction to this breach ???

I guess we’ll soon see what they have to say:
http://forums.comodo.com/melihs-corner-ceo-talkdiscussionsblog/rogue-anti-virus-products-t37547.0.html;msg412702#msg412702

Melih will accuse other security companies and tell us that comodo is the best there was and the best now and the best there will be

for once I agree with you (yes ;D ) that’s exactly what they will do + they will accuse the tester (from malware research group) of doing things the wrong way.

Expecting reactions after Bob’s post there ;D

Hi Logos,

Well it is just as with everything, you have the optimist, that reacts to bob’s posting like I quote from there:

I’m sure it’ll be fixed soon. I also wouldn’t mind a comment from the Staff to confirm my suspicions.
I wonder how long that will be there, I know Comodo does not like to welcome critical opinion.
All that is coded, bob told me once, can be uncoded, by-passed, developers have to invest time in finding those holes and exploitable code bits, if the malcreants cannot break it as a whole, they do it in parts, this is so for all code, and this is for all software as long as a machine can render more efficiently as the coder’s brains, we stay in this rat hole, my friends, tails knit firmly together…

polonus

okay but here we got two problems, not just one:

1 this rogue was known by Comodo and they updated their software (so they say…) to catch it and not be vulnerable to it anymore.

2 the same rogue now is able to bypass their sandbox, completely uninstall Comodo, and install itself after a reboot. Worse scenario one can imagine.

Hi Logos,

You know how the Mod replied:

MRG, yes. Comodo is fully aware of this.
.

polonus

I and others told them from the beginning that things could jump out of the sandbox and at first they denied it and then claimed it was fixed in 4.1. I guess it wasn’t :wink:

Happy to be Comodo free. :wink:

[b]Comodo + fake meds[/b]

Seems Comodo still aren’t bothering to check who they’re supplying SSL certificates to. Nice to know they give a damn isn’t it.

http://hphosts.blogspot.com/2010/06/comodo-fake-meds.html

Damien,
Up till now, the Mod hasn’t replied to my post.
The only reply has been from a user and he would also like a reply from Comodo.

Look like i do good great for stay away of Comodo. ;D

I hear a War that start soon. Comodo vs MRG or maybe Users vs Comodo.

lol…

Lucky Comodo he thinked to got a product of high quality. Look like no also the version was Premium im sure they will say the Complete would have block it lol.

It’s being discussed here:
http://forums.comodo.com/news-announcements-feedback-cis/another-mrg-video-t58497.0.html

[b]Comodo + fake meds[/b]

Seems Comodo still aren’t bothering to check who they’re supplying SSL certificates to. Nice to know they give a damn isn’t it.

http://hphosts.blogspot.com/2010/06/comodo-fake-meds.html
[/quote]
This certificate problem is not unique to Comodo. All of the vendors have had the same things happen.

This certificate problem is not unique to Comodo. All of the vendors have had the same things happen.
[/quote]
true, we’ve been through that before, Verisign etc…they’ve all done that unfortunately, whether they were tricked or not is another topic. Yokenny posted in the thread I started about that here, I was blaming myself Comodo and after collecting more info, I posted additional links, that might have included that one:
http://www.ccssforum.org/malware-certificates.php
Yokenny must have read that, but he had to post his link again ::slight_smile: …of course :smiley: You know what Yokenny, you’re just like Comodo, you’re no better then they are…you could work for them :wink: may be they’re hiring ??? ;D

Back to topic: in the the thread Tech linked to, they’re indeed as predicted (was actually posted before my thread here but I didn’t know it) doing their best to attack the method. Comodo as usual won’t recognize anything, marking their difference here with other companies, especially Avast. I mean I’ve seen Avast recognize flaws or mistakes several times, Comodo never. For Comodo, a tester proving that Comodo has a flaw is a criminal and a malware provider himself ;D

Maybe they will push an update soon :stuck_out_tongue:

Hi folks,

I do not feel sorry now I took this CPU-hog off of my comp, Comodo has not given me the right user experience,
sorry, not for me…

polonus

Hi D. !!
Are you talking about the sandbox, the firewall or the whole suite…?
asyn

Btw: Go Holland…!! :slight_smile:

the firewall and the HIPS there are definitely to separate from all the rest, i.e. all the crap they provide (you know, stickers, cups, flags etc… ;D ) but it’s getting harder and harder to dissociate even the very few good products from the company producing them and their behavior. I wanted to ditch CIS for ages, I did, and I’m using the firewall again…will be like that as long as I don’t find an equivalent.

I was shocked by the video.It s amazing how Comodo stood still when it was beeing flushed from the system.The example is with a rougue but lets think further ,what if the thing that “uninstalls” Comodo installs something invisible ?! :slight_smile:
Having in mind many users install Comodo for the firewall components only i m wondering if the same file can “uninstall” Comodo when runned normal not sandboxed.
Many users do P2P to download “stuff” ,if this stuff is upgraded with this thingy we can conclude many users may be left without firewall protection in no time maybe even not knowing.
At this moment i stopped trusting Comodo totally.
Practically Comodo self protection is NULL.
So many questions when you use it and when something unistalls it completelly it stayes sillent like a dead fish.

Will you do the same when avast miss a virus that infect your computer?
Or when avast gives you a BSOD or you can’t login?
Besides high temperature discussion about Comodo, they are working on a solution (maybe a captcha or other security lock for uninstallation). Indeed, a huge problem.