CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by ssj100 on 10/7/2010, 02:16

https://forums.comodo.com/news-announcements-feedback-cis/cis-2011-cis-50-sneak-peek-t58989.0.html

Seems like Comodo have unlimited resources! Let's see what their new suite will have:
1. Software Firewall
2. Classical HIPS
3. Antivirus - both traditional and in-the-cloud
4. Sandbox
5. Behaviour Blocker - both traditional and in-the-cloud
6. ???

Combine that with CTM and you have hundreds of dollars worth of software security for absolutely free. Not bad?

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by doskey on 10/7/2010, 09:12

Sure, mate.
In fact, if you install both of CTM and CIS, CIS should show one more button on alarm dialog. It prompts you can take snapshot using CTM.
As you know, CTM is not stable enough. But it will be stone stable very soon. My guys are working hard on CTM. We will see.

COMODO never stop to improve our products. Provide best products for users. Creating Trust Online. That's our goal. Now, it is just a beginning.

Very Happy

Thanks,
Doskey.

doskey
Security Professional
Security Professional

Posts : 4
Join date : 2010-04-26
Location : COMODO

View user profile http://www.comodo.com

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by ssj100 on 10/7/2010, 09:40

Sounds interesting with the integration between CIS and CTM there. And I don't doubt you will continue to improve your products.

However, this is a really good point - "improvement". Fact is, CTM has been released for several months now and as you say, it "is not stable enough". These types of programs take time to develop and to be bug-free for the majority of people. It's all very well to say that you will integrate a component into a "suite". It's much much harder carrying it out, appealing to enough people, and pleasing those people with stable and solid programs.

I recently posted here about how Returnil sounds like it is heading in a similar direction to Comodo, and about some potential concerns:
http://ssj100.fullsubject.com/returnil-f15/coldmoon-s-thoughts-on-returnil-t173.htm#1184

...having so many "layers" of security by one company/program makes me concerned about the possibility of "mediocrity" in at least one of those "layers". For example, Comodo's Defense+ and Firewall are both very powerful, but their AV and Sandboxing technology (and even CTM) have been shown to have numerous holes and/or instabilities.

However, it sounds like Comodo have a fairly big team developing different components of the "suite". Anyway, we will see how things pan out soon.

EDIT: oh, and just one more point - Comodo have the huge advantage of releasing quality products that are completely free for life. Keep it up!

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by languy99 on 31/7/2010, 06:25

beta of cis 5 is out and ready to play with. https://forums.comodo.com/beta-corner-cis/comodo-internet-security-501569851061-beta-released-t59793.0.html you need to be a registered user to get to it. Also FIY, the script fix has not yet been implemented, but it will be before beta is done.
avatar
languy99
Valued Member
Valued Member

Posts : 54
Join date : 2010-07-20

View user profile

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by ssj100 on 31/7/2010, 07:05

Thanks languy99. Time to get the VM fired up, although I probably won't be testing it much. I'm sure you'll be doing a video at some stage, so I'll look forward to that.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by languy99 on 31/7/2010, 08:00

avatar
languy99
Valued Member
Valued Member

Posts : 54
Join date : 2010-07-20

View user profile

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by ssj100 on 31/7/2010, 10:19

Just tried to run it in my VM XP (freshly installed) and Windows froze within the VM (never happened to me before with any Comodo install). I think I'll wait a few days/weeks before trying it out again.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by languy99 on 31/7/2010, 10:33

Yeah there is a problem with the AV right, now a way around it is to disable the AV in safe mode and restart. This problem was not there in the alpha we mods had. They should fix it in the new few days.
avatar
languy99
Valued Member
Valued Member

Posts : 54
Join date : 2010-07-20

View user profile

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by ssj100 on 1/8/2010, 06:23

CIS 5 Beta bypassed (according to MRG):
http://www.youtube.com/watch?v=uEMp9TVxdCA


Last edited by ssj100 on 1/8/2010, 06:53; edited 1 time in total

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by languy99 on 1/8/2010, 06:28

how can you say it is bypassed when the AV engine in this version is not even working right (egemen said fix is coming monday or tuesday), I think they should pull that video until a final version of the program is up and running. Script protection is not even enabled yet.
avatar
languy99
Valued Member
Valued Member

Posts : 54
Join date : 2010-07-20

View user profile

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by ssj100 on 1/8/2010, 06:54

Edited my post. Hopefully MRG will re-test it when the Beta is more stable or when the final version is released. However, something tells me they won't be showing a video of CIS passing a test.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by languy99 on 3/8/2010, 23:33

avatar
languy99
Valued Member
Valued Member

Posts : 54
Join date : 2010-07-20

View user profile

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by Zero_One on 4/8/2010, 00:37

wish they had patched the scripting issues (.vbs, .bat, .hta and others). Very nice GUI, nice and simple!

Zero_One
Security Professional
Security Professional

Posts : 32
Join date : 2010-07-22

View user profile http://www.bluepointsecurity.com

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by languy99 on 4/8/2010, 00:43

they said that will not be available yet, they will patch them but in a future release. This release was to fix the AV issue they had.
avatar
languy99
Valued Member
Valued Member

Posts : 54
Join date : 2010-07-20

View user profile

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by ssj100 on 4/8/2010, 10:12

Seems much more stable this time - tested it against the LNK POC exploit and it still failed in default configuration. I guess who really cares though, since Microsoft has now patched the vulnerability. However, software which blocks zero-day vulnerabilities are always a bonus.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by languy99 on 4/8/2010, 10:22

the script fix has not yet been put into this release, this release is for fixing the AV problem the first release had. I'll let you know when they have put it in.
avatar
languy99
Valued Member
Valued Member

Posts : 54
Join date : 2010-07-20

View user profile

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by ssj100 on 4/8/2010, 10:24

Not sure if the "script fix" will help against the LNK exploit, but we'll see.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by languy99 on 4/8/2010, 10:36

from what I know it will work with all scrips. But like you said we will see.
avatar
languy99
Valued Member
Valued Member

Posts : 54
Join date : 2010-07-20

View user profile

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by languy99 on 11/8/2010, 05:09

new BETA coming tomorrow with more improvements.
avatar
languy99
Valued Member
Valued Member

Posts : 54
Join date : 2010-07-20

View user profile

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by languy99 on 11/8/2010, 10:05

new beta coming tomorrow with some more addons, check this one out.

"Now there is heuristics commandline analysis. You can throw scripts, java files, MSI files, even CHM files aginst D+ now."
avatar
languy99
Valued Member
Valued Member

Posts : 54
Join date : 2010-07-20

View user profile

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by ssj100 on 11/8/2010, 10:12

languy99 wrote:new beta coming tomorrow with some more addons, check this one out.

"Now there is heuristics commandline analysis. You can throw scripts, java files, MSI files, even CHM files aginst D+ now."

That's good to know. In the end, all they need to consider is how SRP blocks files (and perhaps what file types are blocked) and implement the same or similar protection into D+.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by languy99 on 12/8/2010, 01:35

Beta 3 ( .1079) has been released.

What is new in this BETA?

NEW! Heuristic command-line processing of certain applications: Non-PE executables e.g. Scripts,
Java apps, MS installer files, are now handled by Defense+.
NEW! Ability to add a file to trusted files from sandbox notification
NEW! Ability to clear logs reintroduced
FIXED! After initial install, windows hangs in welcome screen
FIXED! Firewall does not filter windows broadband compatible modems
FIXED! BSOD in windows 7 while uninstalling CIS
FIXED! Sandbox alert shows XML code instead of proper dialog
FIXED! AV crashes while doing spyware scanning
FIXED! Isolated application does not appear in unrecongnized files list
FIXED! cfp.exe crashes randomly

https://forums.comodo.com/beta-corner-cis/comodo-internet-security-501588361079-released-t60364.0.html
avatar
languy99
Valued Member
Valued Member

Posts : 54
Join date : 2010-07-20

View user profile

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by ssj100 on 12/8/2010, 14:57

Still fails the LNK POC exploit in default configuration (both methods).

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by DarthTrader on 12/8/2010, 15:52

A poster at Wilders may have found a bypass in the new CIS beta:
http://www.wilderssecurity.com/showpost.php?p=1728193&postcount=180
Some strange bugs on this one. I posted the bug of msi file not alerting and installs right through on their beta forum. If you choose Run instead of Save it bypasses CIS. Saving it to desktop and double clicking it then it gives alert to sandbox.

Also tried another link from MDL the spm2.exe and the AV picked it up I chose clean. I tried the same link a second time the AV missed it and it installed right through. Infected taskhost.exe and when going to summary page in CIS you can see D+ intrusions alert keep adding up. Some temp files created by spm2.exe got put into trusted files. Very weird.

DarthTrader
Member
Member

Posts : 21
Join date : 2010-07-28

View user profile

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by languy99 on 12/8/2010, 21:57

ssj100 wrote:Still fails the LNK POC exploit in default configuration (both methods).

here is the responses I got back from the developers:

The exploit is a windows XP bug. It is NOT a buffer overflow. It is NOT related to commandline parsing neither.
I am afraid It is not in the scope of this beta testing. For the corporate environment, application whitelisting is the only reliable way to proactively prevent this. But that is not applicable for the desktop users. Btw, CIS 3.x or CIS 4(If the DLL is from a removable device) would alert for runDLL version of this too.

Yep not just XP but others too. We analyzed it. MS has to issue a fix for this asap. The proactive mesaures are going to be too noisy for the end user.
avatar
languy99
Valued Member
Valued Member

Posts : 54
Join date : 2010-07-20

View user profile

Back to top Go down

Re: CIS 2011 (CIS 5.0) ** SNEAK PEEK ***

Post by Sponsored content


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum