Security Suite Challenge(s)

Discussion in ''Personal' Software Reviews' started by Gnosis, Apr 29, 2013.

  1. Gnosis

    Gnosis Senior Member Known Member

    I am wondering if anyone is interested in testing Comodo Internet Security in the form of a video review.   It will need to be done without a VM;  actual test machine.   I will like to see around 500 of the nastiest and newest malware samples thrown at it.  Some known, some unknown.  It would be nice to see it presented in two parts:

    Part 1:   Comodo's AV only, tweaked as much as it can be  (firewall, BB, HIPS, Sandbox, Firewall all turned off)

    Part 2:   Now with firewall and HIPS set to "safe mode" and BB set to "untrusted";  heuristics set to "HIGH" and NO POP-UP WARNINGS ALLOWED for ALL of the Comodo defenses.  Make sure to set all actions to "quarantine" so FP's can be checked for in quarantine since Comodo pop-up warnings will be turned off. No Sandbox assist either, in essence, don't sandbox the browser used in test (SEE END OF POST 4 of this thread for exception to my "no sandbox" rule).
     
    Use a test  system with all kinds of random programs that the average user might have.  That way we can see potential FP's in a more realistic way (and a noisy, bloated OS like Windows 7, maybe?)

    Follow up with HitMan Pro and Dr. Web CureIt when each part is completed. 

    I know everyone is busy, but this would be nice.
    At your convenience.

    Thanks for reading. 
     
  2. Google Adsense

  3. Bala

    Bala Administrator Staff Member

    RE: Security Suite Challenge

    I hope Umbra can do it. Dont have a spare test machine atm. How is Windows 7 bloated and noisy?
    When compared with Linux yes it is, but its the best MS OS.
     
  4. Umbra Polaris

    Umbra Polaris Board Enthusiast Silver Member

    RE: Security Suite Challenge

    i never do videos ^^ maybe Bioz
     
  5. Gnosis

    Gnosis Senior Member Known Member

    RE: Security Suite Challenge

    "I hope Umbra can do it. Dont have a spare test machine atm. How is Windows 7 bloated and noisy?
    When compared with Linux yes it is, but its the best MS OS."



    It just always seems like Windows 7 has a lot of useless stuff hogging nearly half of CPU at any given time.
    Not saying it is a flawed OS, only a busy one, or at least the bloatware is busy.

    EDIT PERTINENT TO REQUESTED TEST:

    Under "Behavior Blocker"  set it to "auto sandbox untrusted" for test number 2 (check upper-most box in Behavior Blocker settings and set to "untrusted")
     
  6. artoor

    artoor Moderator Staff Member

    RE: Security Suite Challenge

    It must have been someone who considers throwing away his HDD, because as far as I know some MBR/VBR Rootkits are not curable (eg. Sinoval), even when we do low-level format :-/
     
  7. Spirit

    Spirit Initiat3 Silver Member

    RE: Security Suite Challenge

    Linux is always harder and slower to me compare to windows xp,windows 7 and also windows 8

    Hard to believe that formating hd didn't remove infection
     
  8. artoor

    artoor Moderator Staff Member

    RE: Security Suite Challenge

    Spirit, I may be wrong, but I read about this somewhere a while ago. Anyway It seems to be quite hard to remove it as it resides on your MBR, hiding another viruses - everything works pretty good, you don't even think that there is that hickey inside ;) Unless you use GMER to scan your disk, because another piece of IS, or AV may not find it... ehhh... horrible scenario. One way or another - I wouldn't try to play with it.
    Shadow Defender doesn't protect against Sinowal (or the latest version have some improvement to do so partially), even DishShot (which was announced as it should protect MBR, it starts before Windows) - it failed. The only one which passed the test was Sandboxie as I know ;)

    Sorry for off-topic, I had afflatus :p
     
  9. Gnosis

    Gnosis Senior Member Known Member

    RE: Security Suite Challenge

    "As for Windows being bloated: you can turn off certain services. this is also visible in Windows 8, just not as much as Windows 7."

    Thank you for that.  It helps to convey  what I meant with my vague statement pertinent to Win 7.

    "Hard to believe that formating hd didn't remove infection"

     
    As far as I am concerned, you are wise beyond your years;  I certainly have thought that for some piece of malware, such as a bootkit, to evade a HDD reformat, that it meant the hacker would have to have physical access to one's PC in order to install said bootkit in firmware (bascially have it preinstalled into firmware and then swap the tainted firmware with the legit firmware). 

    So is MBR/VBR to be consider a BIOS rootkit?  This is what I have been very confused about when people start saying that bootkits cannot be wiped via HDD formatting (point: if the bootkit is not in RAM and it is not on the HDD, where is it?)

    "Shadow Defender doesn't protect against Sinowal (or the latest version have some improvement to do so partially), even DishShot (which was announced as it should protect MBR, it starts before Windows) - it failed. The only one which passed the test was Sandboxie as I know"

    We are on the same page;  while reading the posts I was thinking Sandboxie all the way.

    Regardless, isn't the MBR scenario able to be tackled with various MBR fix tools such as Avast's or GMER's boot-fix tools?
     
  10. Bala

    Bala Administrator Staff Member

    RE: Security Suite Challenge

    Its true MBR rootkits only a few of them cannot be removed using HDD formatting. You have to clear the boot manager section and in some very rare cases flash a new bios. Most of them can be cleared by a hdd format +installing a new bootloader.

    As for BIOS based infection, I think they exists but as Tyrant says you need physical access to flash into bios.
    MBR/VBR should not be considered as bios virus. Bios is stored in a seperate ROM, while MBR ie master boot record is on your hdd itself.
     
  11. artoor

    artoor Moderator Staff Member

    RE: Security Suite Challenge

    Indeed, Tzuk is liable for Sandboxie, and that's why I respect him, and admiring his work.
    It seems that most of AV should protect against it, but when something will go wrong, and there will be an infection (and you won't know it) it could be hard to find out that something resides in OS, and won't be easy to cure it - that's what I heard (read) - I have never expierieced it.
     

Share This Page