ssj100 Security Forums
Would you like to react to this message? Create an account in a few clicks or log in to continue.
ssj100 Security Forums

Where freedom of speech meets computer security!


Comodo bypassed (allegedly)

3 posters

ssj100 Security Forums :: Security Software :: Comodo

Go down

Comodo bypassed (allegedly) Empty Comodo bypassed (allegedly)

Post by ssj100 5/7/2010, 18:27

https://forums.comodo.com/news-announcements-feedback-cis/another-mrg-video-t58497.0.html;msg412479#msg412479

Please see latest video here https://www.youtube.com/watch?v=4AYeIDI4CB4 As you will see, we are able to bypass CIS from within the sandbox, with CIS displaying no alerts.

Cheers,

Chris
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Comodo bypassed (allegedly) Empty Re: Comodo bypassed (allegedly)

Post by doskey 10/7/2010, 09:15

Relax. This is just a video. If these guys want to help us, please provide binaries. No 100% security in the world, what we can do and what we are doing is fighting with malware. Never stop.
That's all.

Thanks,
Doskey.

doskey
Security Professional
Security Professional

Posts : 4
Join date : 2010-04-26
Location : COMODO

http://www.comodo.com

Back to top Go down

Comodo bypassed (allegedly) Empty Re: Comodo bypassed (allegedly)

Post by languy99 14/8/2010, 01:31

It's interesting that I don't see anymore videos coming with the new beta version from MRG. I guess they can't bypass it anymore since the new command-line scanning feature has been implemented.
languy99
languy99
Valued Member
Valued Member

Posts : 54
Join date : 2010-07-20

Back to top Go down

Comodo bypassed (allegedly) Empty Re: Comodo bypassed (allegedly)

Post by ssj100 14/8/2010, 01:47

It's also interesting to see such little activity at their own forums. Ever since that Wilders thread was locked, I'd completely forgotten about MRG. I think if they released their POC to the public, it would get much more interest!

And it's fairly clear that they are out there to belittle Comodo etc. It's rather sad really.
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Comodo bypassed (allegedly) Empty Re: Comodo bypassed (allegedly)

Post by languy99 14/8/2010, 01:50

from what I heard, this is just what I heard, it is not their POC. They took it from someone else and modified it a little.
languy99
languy99
Valued Member
Valued Member

Posts : 54
Join date : 2010-07-20

Back to top Go down

Comodo bypassed (allegedly) Empty Re: Comodo bypassed (allegedly)

Post by languy99 14/8/2010, 01:51

also have you tired to new beta 3 .1079? I like it, and it is much better. I just found a java exploit and it caught it and put it in the sandbox. Much improved.
languy99
languy99
Valued Member
Valued Member

Posts : 54
Join date : 2010-07-20

Back to top Go down

Comodo bypassed (allegedly) Empty Re: Comodo bypassed (allegedly)

Post by ssj100 14/8/2010, 01:55

I only tested it against the LNK POC exploit.

Java exploit? Any chance you could PM me this?
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Comodo bypassed (allegedly) Empty Re: Comodo bypassed (allegedly)

Post by languy99 14/8/2010, 02:00

I got it from the mbam forum, I'll pm it to you. here is results for it.

http://virscan.org/report/3ce30cc58d51d3646fb7facbd2f9640b.html
languy99
languy99
Valued Member
Valued Member

Posts : 54
Join date : 2010-07-20

Back to top Go down

Comodo bypassed (allegedly) Empty Re: Comodo bypassed (allegedly)

Post by ssj100 14/8/2010, 02:01

By the way, this concept of sandboxing unknown applications is exactly the same approach as what I've been employing for nearly a year - I use Sandboxie to open any newly introduced file, even likely benign files like .txt etc. In my opinion, Comodo are definitely employing a very good security approach. The great thing is that they are automating things so that even the "noob" user can handle it.
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Comodo bypassed (allegedly) Empty Re: Comodo bypassed (allegedly)

Post by languy99 14/8/2010, 02:08

Sent to you.

Comodo is working very hard to keep security at high as possible while keeping user interaction as low as possible. It is very hard to do it, but the end goal is to reduce pop ups so much that when the user sees a pop up they should be like whoa, wait a minute, this is strange. I have never seen a program ask for this, to be safe I will block it.
languy99
languy99
Valued Member
Valued Member

Posts : 54
Join date : 2010-07-20

Back to top Go down

Comodo bypassed (allegedly) Empty Re: Comodo bypassed (allegedly)

Post by languy99 14/8/2010, 05:05

I just tested a pdf exploit against comodo V5.1079 and it did very well.

CIS saw the exploit, and sandboxed it. The exploit tries to access svchost.exe and CIS notified me. I blocked it.

Then it tries to modify the setupapi.app.log file. After that it tries to once again access svchost.exe, I block it again. Then it gives up and closes.

languy99
languy99
Valued Member
Valued Member

Posts : 54
Join date : 2010-07-20

Back to top Go down

Comodo bypassed (allegedly) Empty Re: Comodo bypassed (allegedly)

Post by ssj100 14/8/2010, 05:10

languy99 wrote:I just tested a pdf exploit against comodo V5.1079 and it did very well.

CIS saw the exploit, and sandboxed it. The exploit tries to access svchost.exe and CIS notified me. I blocked it.

Then it tries to modify the setupapi.app.log file. After that it tries to once again access svchost.exe, I block it again. Then it gives up and closes.


Again, can I please have the sample via PM? Thanks.

By the way, it sounds like older versions of CIS would have done well too.
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Comodo bypassed (allegedly) Empty Re: Comodo bypassed (allegedly)

Post by languy99 14/8/2010, 05:25

I will send it to you. I tested it with a older version of adobe reader and it worked. I don't know if older version with sandbox would have caught it.
languy99
languy99
Valued Member
Valued Member

Posts : 54
Join date : 2010-07-20

Back to top Go down

Comodo bypassed (allegedly) Empty Re: Comodo bypassed (allegedly)

Post by ssj100 14/8/2010, 05:27

languy99 wrote:I will send it to you. I tested it with a older version of adobe reader and it worked. I don't know if older version with sandbox would have caught it.

I'm sure Defense+ would have caught it even in version 3.
ssj100
ssj100
Administrator
Administrator

Posts : 1390
Join date : 2010-04-14

https://ssj100.forumotion.com

Back to top Go down

Comodo bypassed (allegedly) Empty Re: Comodo bypassed (allegedly)

Post by languy99 14/8/2010, 05:32

yeah in v3 it would have easily.
languy99
languy99
Valued Member
Valued Member

Posts : 54
Join date : 2010-07-20

Back to top Go down

Comodo bypassed (allegedly) Empty Re: Comodo bypassed (allegedly)

Post by Sponsored content


Sponsored content


Back to top Go down

Back to top

- Similar topics

ssj100 Security Forums :: Security Software :: Comodo

 
Permissions in this forum:
You cannot reply to topics in this forum