Author Topic: rogue AV bypassing Comodo sandbox  (Read 14988 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: rogue AV bypassing Comodo sandbox
« Reply #15 on: July 06, 2010, 11:51:09 PM »
Hi folks,

I do not feel sorry now I took this CPU-hog off of my comp, Comodo has not given me the right user experience,
sorry, not for me...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: rogue AV bypassing Comodo sandbox
« Reply #16 on: July 06, 2010, 11:56:12 PM »
Hi folks,

I do not feel sorry now I took this CPU-hog off of my comp, Comodo has not given me the right user experience,
sorry, not for me...

polonus

Hi D. !!
Are you talking about the sandbox, the firewall or the whole suite..?
asyn

Btw: Go Holland..!! :)
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Hermite15

  • Guest
Re: rogue AV bypassing Comodo sandbox
« Reply #17 on: July 07, 2010, 12:41:13 AM »
the firewall and the HIPS there are definitely to separate from all the rest, i.e. all the crap they provide (you know, stickers, cups, flags etc...  ;D ) but it's getting harder and harder to dissociate even the very few good products from the company producing them and their behavior. I wanted to ditch CIS for ages, I did, and I'm using the firewall again..will be like that as long as I don't find an equivalent.

Sm3K3R

  • Guest
Re: rogue AV bypassing Comodo sandbox
« Reply #18 on: July 07, 2010, 01:42:25 PM »
I was shocked by the video.It s amazing how Comodo stood still when it was beeing flushed from the system.The example is with a rougue but lets think further ,what if the thing that "uninstalls" Comodo installs something invisible ?! :)
Having in mind many users install Comodo for the firewall components only i m wondering if the same file can "uninstall" Comodo when runned normal not sandboxed.
Many users do P2P to download "stuff" ,if this stuff is upgraded with this thingy we can conclude many users may be left without firewall protection in no time maybe even not knowing.
At this moment i stopped trusting Comodo totally.
Practically Comodo self protection is NULL.
So many questions when you use it and when something unistalls it completelly it stayes sillent like a dead fish.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: rogue AV bypassing Comodo sandbox
« Reply #19 on: July 07, 2010, 02:03:20 PM »
At this moment i stopped trusting Comodo totally.
Practically Comodo self protection is NULL.
Will you do the same when avast miss a virus that infect your computer?
Or when avast gives you a BSOD or you can't login?
Besides high temperature discussion about Comodo, they are working on a solution (maybe a captcha or other security lock for uninstallation). Indeed, a huge problem.
The best things in life are free.

Sm3K3R

  • Guest
Re: rogue AV bypassing Comodo sandbox
« Reply #20 on: July 07, 2010, 02:50:29 PM »
I ve lost my trust in BitDefender during a year or so after seeing instability ,BSOD -s ,lock-ups , HDD corruption while using it and observing the inability of fixing the issues from the BD coders.I dont know how BitDefender works at this moment ,maybe they fixed their issues ,but I ll stay away from iit at least 1 year.I never had infections with it.
  
If a similar thingy happens with Avast i ll do the same.I m refering to annoying issues which Avast team is not able to fix in time .Keep in mind i had a 1 year license for BD and i simply stopped using it and as you know it s not a free AV.
Anyway I m using Avast for maybe 2 years and a half now and i dont think i ll see it beeing uninstalled silently.Avast 5 is already a mature product thing i cant say about Comodo 4.The Avast team do fix issues faster than BD team ,better feedback and support in my point of view.

In Comodo case they already struggle with this vulnerability for some time now and they ve said they fix it.Now looking at the video we can see they didn t :)
Comodo is the software that is known for the huge number of pop-ups and seeing it now that it was silent when beeing "done" maliciously surprized me.It was also always considered the best and we can see it failing in protecting it s own files.
If i use  sandboxie + a HIPS ,which Comodo tryed to integrate in CIS 4 ,i will get pop ups from the HIPS when something tryes to get out of Sandboxie.Another question is why at default Comodo did not asked nothing ,this is what i see in the video.

One of the features I look for at a security software is the self protection ,Comodo failed .
Another feature is the ability of the coding team to solve problems fast ,the vulnerability was known ,they said it s fixed ,we can see it s not.2 elements that broke my trust in Comodo.
Remember we are talking about security software where any minute counts .We also know rogue is the fastest changing thingy on the internets.You can t wait days for something like this to get fixed.
Someone that uses W7 can simply activate the build in firewall and personally and manually uninstall Comodo before it gets uninstalled by something else.
« Last Edit: July 07, 2010, 02:55:20 PM by Sm3K3R »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: rogue AV bypassing Comodo sandbox
« Reply #21 on: July 07, 2010, 03:14:49 PM »
Avast 5 is already a mature product thing i cant say about Comodo 4.
I'm not comparing the two softwares and, indeed, they seem to be in different stage of development.

Another question is why at default Comodo did not asked nothing ,this is what i see in the video.
There are two long threads at Comodo forum where the CEO answer what happened.

One of the features I look for at a security software is the self protection ,Comodo failed .
For sure, it needs improvements.

Another feature is the ability of the coding team to solve problems fast ,the vulnerability was known ,they said it s fixed ,we can see it s not.2 elements that broke my trust in Comodo.
I'm fighting against lack of support all the time. There and also here. There are some threads of mine that was never answered by avast team... they just died...
The best things in life are free.

Sm3K3R

  • Guest
Re: rogue AV bypassing Comodo sandbox
« Reply #22 on: July 13, 2010, 02:39:09 PM »
LOL : http://forums.comodo.com/news-announcements-feedback-cis/test-with-comodo-bypassed-t59176.15.html
So Tech ,do you still trust a "sandbox" that it s not a sandbox :)
Is it an advertising thingy that Comodo has a sandbox ??
Practically when i surf i use a sandbox exactly for the temp files so they stay in the sandbox ,to clear them on exit.That is the main purpose of a sandbox ,to protect the websurfing .Comodo is not able to provide that and even worse it brakes you PC security with vulnerabilities it brings.
Or maybe i m wrong.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: rogue AV bypassing Comodo sandbox
« Reply #23 on: July 13, 2010, 02:50:44 PM »
So Tech ,do you still trust a "sandbox" that it s not a sandbox :)
I'm not an expert on sandboxing. I won't jump to conclusions without knowledge, I usually don't do that.

That is the main purpose of a sandbox
Not if it is used in a default deny protection scheme.
Protect the websurfing is for antivirus (default allow).

Comodo is not able to provide that and even worse it brakes you PC security with vulnerabilities it brings.
What about avast vulnerabilities?
And recent bugs?
http://forum.avast.com/index.php?topic=58954.0
http://forum.avast.com/index.php?topic=61741.0
http://forum.avast.com/index.php?topic=61745.0

I believe in software development. Try to keep myself open minded.
Please, do not take any comment as personal. They're my opinion.
The best things in life are free.