Author Topic: rogue AV bypassing Comodo sandbox  (Read 14991 times)

0 Members and 1 Guest are viewing this topic.

Hermite15

  • Guest
rogue AV bypassing Comodo sandbox
« on: July 05, 2010, 09:11:35 PM »
thanks to Pondus who let me know about it ;) anyway doesn't really matter much to me as I only run CIS firewall with Def+ (including the sandbox now) and AV of course completely deactivated. But that's interesting. What would interest me more is how Avast sandbox would have resisted...

http://malwareresearchgroup.com/?p=1715
http://www.youtube.com/watch?v=4AYeIDI4CB4&feature=player_embedded
« Last Edit: July 05, 2010, 09:13:29 PM by Logos »

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: rogue AV bypassing Comodo sandbox
« Reply #1 on: July 05, 2010, 10:14:17 PM »
What's Comodo's reaction to this breach ???

I guess we'll soon see what they have to say:
http://forums.comodo.com/melihs-corner-ceo-talkdiscussionsblog/rogue-anti-virus-products-t37547.0.html;msg412702#msg412702
« Last Edit: July 05, 2010, 10:22:51 PM by bob3160 »
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline superhacker

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 979
  • superhacker != super mario
Re: rogue AV bypassing Comodo sandbox
« Reply #2 on: July 05, 2010, 10:21:13 PM »
Melih will accuse other security companies and tell us that comodo is the best there was and the best now and the best there will be
Dreams don't die, they just fall asleep.

Hermite15

  • Guest
Re: rogue AV bypassing Comodo sandbox
« Reply #3 on: July 05, 2010, 10:34:02 PM »
Melih will accuse other security companies and tell us that comodo is the best there was and the best now and the best there will be

for once I agree with you (yes ;D ) that's exactly what they will do + they will accuse the tester (from malware research group) of doing things the wrong way.

 Expecting reactions after Bob's post there ;D

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: rogue AV bypassing Comodo sandbox
« Reply #4 on: July 05, 2010, 10:44:33 PM »
Hi Logos,

Well it is just as with everything, you have the optimist, that reacts to bob's posting like I quote from there:
Quote
I'm sure it'll be fixed soon. I also wouldn't mind a comment from the Staff to confirm my suspicions.
I wonder how long that will be there, I know Comodo does not like to welcome critical opinion.
All that is coded, bob told me once, can be uncoded, by-passed, developers have to invest time in finding those holes and exploitable code bits, if the malcreants cannot break it as a whole, they do it in parts, this is so for all code, and this is for all software as long as a machine can render more efficiently as the coder's brains, we stay in this rat hole, my friends, tails knit firmly together...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Hermite15

  • Guest
Re: rogue AV bypassing Comodo sandbox
« Reply #5 on: July 05, 2010, 10:48:31 PM »
okay but here we got two problems, not just one:

1 this rogue was known by Comodo and they updated their software (so they say...) to catch it and not be vulnerable to it anymore.

2 the same rogue now is able to bypass their sandbox, completely uninstall Comodo, and install itself after a reboot. Worse scenario one can imagine.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: rogue AV bypassing Comodo sandbox
« Reply #6 on: July 05, 2010, 11:00:15 PM »
Hi Logos,

You know how the Mod replied:
Quote
MRG, yes.  Comodo is fully aware of this.
.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Dch48

  • Guest
Re: rogue AV bypassing Comodo sandbox
« Reply #7 on: July 05, 2010, 11:29:37 PM »
I and others told them from the beginning that things could jump out of the sandbox and at first they denied it and then claimed it was fixed in 4.1. I guess it wasn't  ;)

YoKenny

  • Guest
Re: rogue AV bypassing Comodo sandbox
« Reply #8 on: July 05, 2010, 11:36:45 PM »
I and others told them from the beginning that things could jump out of the sandbox and at first they denied it and then claimed it was fixed in 4.1. I guess it wasn't  ;)

Happy to be Comodo free.  ;)

Quote
Comodo + fake meds
 
Seems Comodo still aren't bothering to check who they're supplying SSL certificates to. Nice to know they give a damn isn't it.
http://hphosts.blogspot.com/2010/06/comodo-fake-meds.html

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: rogue AV bypassing Comodo sandbox
« Reply #9 on: July 06, 2010, 12:21:38 AM »
Hi Logos,

You know how the Mod replied:
Quote
MRG, yes.  Comodo is fully aware of this.
.

polonus
Damien,
Up till now, the Mod hasn't replied to my post.
The only reply has been from a user and he would also like a reply from Comodo.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Mr.Agent

  • Guest
Re: rogue AV bypassing Comodo sandbox
« Reply #10 on: July 06, 2010, 12:24:50 AM »
Look like i do good great for stay away of Comodo. ;D

I hear a War that start soon. Comodo vs MRG or maybe Users vs Comodo.

lol....

Lucky Comodo he thinked to got a product of high quality. Look like no also the version was Premium im sure they will say the Complete would have block it lol.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
The best things in life are free.

Dch48

  • Guest
Re: rogue AV bypassing Comodo sandbox
« Reply #12 on: July 06, 2010, 05:39:36 AM »
Quote
Comodo + fake meds
 
Seems Comodo still aren't bothering to check who they're supplying SSL certificates to. Nice to know they give a damn isn't it.
http://hphosts.blogspot.com/2010/06/comodo-fake-meds.html
[/quote] This certificate problem is not unique to Comodo. All of the vendors have had the same things happen.

Hermite15

  • Guest
Re: rogue AV bypassing Comodo sandbox
« Reply #13 on: July 06, 2010, 09:37:28 AM »
Quote
Comodo + fake meds
 
Seems Comodo still aren't bothering to check who they're supplying SSL certificates to. Nice to know they give a damn isn't it.
http://hphosts.blogspot.com/2010/06/comodo-fake-meds.html
This certificate problem is not unique to Comodo. All of the vendors have had the same things happen.
[/quote]

true, we've been through that before, Verisign etc...they've all done that unfortunately, whether they were tricked or not is another topic. Yokenny posted in the thread I started about that here, I was blaming myself Comodo and after collecting more info, I posted additional links, that might have included that one:
http://www.ccssforum.org/malware-certificates.php
Yokenny must have read that, but he had to post his link again ::) ...of course :D You  know what Yokenny, you're just like Comodo, you're no better then they are...you could work for them ;) may be they're hiring ??? ;D

 Back to topic: in the the thread Tech linked to, they're indeed as predicted (was actually posted before my thread here but I didn't know it) doing their best to attack the method. Comodo as usual won't recognize anything, marking their difference here with other companies, especially Avast. I mean I've seen Avast recognize flaws or mistakes several times, Comodo never. For Comodo, a tester proving that Comodo has a flaw is a criminal and a malware provider himself ;D
« Last Edit: July 06, 2010, 09:43:43 AM by Logos »

Offline Chris Thomas

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1936
  • Christian Geek - aka 'born again' Geek
Re: rogue AV bypassing Comodo sandbox
« Reply #14 on: July 06, 2010, 10:37:08 AM »
Maybe they will push an update soon  :P