1. IT-Security >
  2. Cyber Security Nachrichten >
  3. Can anyone here verify the possible Security Flaws or Potential Security Flaws, that I found in Comodo Internet Security?


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Can anyone here verify the possible Security Flaws or Potential Security Flaws, that I found in Comodo Internet Security?

RSS Kategorie Pfeil IT Security Nachrichten vom | Quelle: reddit.com Direktlink öffnen

I am Autistic, and I have either a savant or a non-savant talent to find errors in almost anything. The only reason I am listing these errors on this particular firewall, and not others, since I haven't gotten around to testing if any errors exist in other firewalls. It usually just takes me a few seconds at most to figure out an error in programming. It actually takes me much longer to type an explanation that a normal person can understand, then for my brain to figure it out in the first place. Disclaimer, despite not liking to admit it, nobody is perfect who claims to be able to do what I can do, so it is possible I make mistakes. Please verify for yourself everything I report, and I am not responsible for mistakes.

Here are the errors I found in Comodo Internet Security Firewall (Note: I have my Comodo Internet Security setup to ask whether to allow any application [including System Applications] access to your computer or internet):

  1. Potential Security Flaw: You can actually have "blank lines" listed as applications in this firewall. All you have to do is use the correct registry repair tool, and it will occur. I think anyone with any computer knowledge at all, could see, how having a "blank line" listed as an application that has full access to your computer or internet, can be a slight problem (I'm being sarcastic with the word slight). The registry repair tool, that I was using where this occurred, was Registry Repair Wizard 2012 (on Windows 7). This specific bug occurs when you turn on the "File/Path Reference" option in this registry repair tool and manually select all links found, when checking and repairing the registry. Since this error occurs in this tool, there is no reason it can't occur in other registry repair tools. The reason this potential security flaw occurs in Comodo Internet Security in the first place is because this particular firewall leaves links to applications as having access to your computer or internet, even after that application is no longer on your computer. The programmers who wrote Comodo Internet Security did not write code for the application to check for and remove invalid links, on a regular basis.
  2. Potential Security Flaw: As stated above, any links to applications that no longer exist on your computer, are kept permanently in Comodo Internet Security. So you will have links in all sections of the software that were previously given access to your computer or internet, but the application is no longer on your computer. This is not the same as #1 above, since this refers to applications being listed in the software that no longer exist (but are still listed as having full security rights to your computer or internet). So this is not the same thing as having a "blank line" listed as an application, which is what I described as occuring in #1 above.
  3. Security Flaw: The two I listed above are just "potential" security flaws. The one I am listing now is a definite security flaw. My own computer was infected because of this flaw in Comodo Interent Security. I have Comodo Internet Security setup in such a way that it even asks me whether to allow system applications, the first time that application runs. However, how my own computer was hacked, and how even someone at my intelligence level can be fooled, is because Comodo Internet Security only specifies the application's name and not location when asking you to give full access to that application to your computer and internet. So you may see something in Comodo Internet Security about whether you want to allow explorer.exe to run on your system and have access to your computer and internet. Since explorer.exe is a system application, without thinking, you will click "yes". Anyone figure out the flaw yet? You have a lot more information, then I had, when I figured it out. Comodo Internet Security is NOT listing the directory of the application. So there can, and in many cases are, multiple copies of an application, installed in multiple directories. And if you answer "yes" that you want explorer.exe to run, it may be a trojan or virus, that is NOT installed in the correct system directory. Furthermore, you may of previously allowed Comodo Internet Security to run "explorer.exe" on your computer, and this may of been the correct explorer.exe, that is installed in the correct directory and is the correct Microsoft product. But then you are asked a second time to allow it, and when that happens, Comodo Internet Security doesn't list the directory or even specify that this is the second time, you are allowing an application with that name.
  4. Security Flaw: As stated above, Comodo Internet Security, doesn't state if this is the second time you are running an application of the same name when asking if you want it to have access to your computer or internet. This is a different security flaw, then #3 listed above, since #3 refers to the location, while this one refers to the number of times an application of that name has run.
  5. Security Flaw: As discussed in #3, Comodo Internet Security, doesn't recognize that there are multiple versions of system applications installed in different directories and let the user know about it (even if you run a complete virus scan by Comodo Internet Security, it doesn't let you know about multiple copies of system applications, even if those multiple copies are different sizes and different files.)
  6. Security Flaw: When my computer was infected, Comodo Internet Security would not even update the virus definitions, and did not even protect itself, in the first place, from being compromised so that it could not update itself any longer. Furthermore, there was no message sent to me, that it is not updating any longer. I didn't discover that it wasn't updating, until I noticed that it said it hasn't updated for 24 hours. There is no message to a user, when Comodo Internet Security, can not update itself at the time it is suppose to do it or even if multiple days (I tested it, and even after days of not updating, no message was sent, and it still was listing itself as "Secure".) The user has to read that tiny little spot, that says the last time it was updated, to know it hasn't been updating. Everything else looks and appears, exactly the same as usual, when it is not updating any longer (atleast for a certain number of days).

I am Autistic and can figure out mistakes due to this savant or non-savant gift in almost anything (not just computer software). I decided that it is about time to demonstrate what I can do, and maybe one of these companies will actually hire me. I would think it could be pretty useful to have someone who can do, what I can do.

Sorry for any grammar mistakes that when I write something like the above, the irony is I'm considering using this gift to try to be an author, but I suck at grammar. I also want to state, that I don't disassemble the program code to find problems, I usually just find some error in a program, just by using it.

Could people in this SubReddit, verify the accuracy or inaccuracy of what I am reporting, as far as Comodo Internet Security?

Sincerely Yours,

Robert Twardowski

submitted by /u/Staragox
[link] [comments] ...

Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu Can anyone here verify the possible Security Flaws or Potential Security Flaws, that I found in Comodo Internet Security?






Ähnliche Beiträge

  • 1. Can anyone here verify the possible Security Flaws or Potential Security Flaws, that I found in Comodo Internet Security? vom 332.24 Punkte ic_school_black_18dp
    I am Autistic, and I have either a savant or a non-savant talent to find errors in almost anything. The only reason I am listing these errors on this particular firewall, and not others, since I haven't gotten around to testing if any errors exist in
  • 2. Comodo's so-called 'Secure Internet Browser' Comes with Disabled Security Features vom 139.25 Punkte ic_school_black_18dp
    Beware Comodo Users!Have you Safeguarded your PC with a Comodo Antivirus? Then you need to inspect your system for privacy and security concerns. First of all, make sure whether your default browser had been changed to "Chromodo" -- a free browser offered by Comodo Antivirus.If your head node is "Yes," then you could be at risk!Chromodo brow
  • 3. PMapper - A Tool For Quickly Evaluating IAM Permissions In AWS vom 110.64 Punkte ic_school_black_18dp
    A project to speed up the process of reviewing an AWS account's IAM configuration. Purpose The goal of the AWS IAM auth system is to apply and enforce access controls on actions and resources in AWS. This tool helps identify if the policies in place will acc
  • 4. HELP !!! HOW TO INTERPRET THIS RKHUNTER REPORT? vom 107.52 Punkte ic_school_black_18dp
    I posted all the warnings in final lines,so you dont need to read everything. ​ ​ Checking system commands... ​ Performing 'strings' command checks Checking 'strings' command [ OK ] ​ Performing 'shared libraries' checks Checking for preload
  • 5. Advanced in-app billing: handling alternative purchase flows vom 104.9 Punkte ic_school_black_18dp
    Posted by Oscar Rodriguez, Developer Advocate When designing and developing an app or game, at some point you may ask yourself if you want to monetize it. If you choose to do so by selling products via Google Play, you will most likely have a store screen that shows available items for sale, and use the Google Play Billing Library to
  • 6. Advanced in-app billing: handling alternative purchase flows vom 104.9 Punkte ic_school_black_18dp
    Posted by Oscar Rodriguez, Developer Advocate When designing and developing an app or game, at some point you may ask yourself if you want to monetize it. If you choose to do so by selling products via Google Play, you will most likely have a store screen that shows available items for sale, and use the Google Play Billing Library to
  • 7. Comodo Antivirus Can Cause Severe Graphical Issues on Windows 10 Creators Update vom 101.29 Punkte ic_school_black_18dp
    Software developed by Comodo appears to be hit by some compatibility issues with Windows 10 Creators Update, so all users are urged to install the most recent versions before performing the upgrade to the latest OS release pushed by Microsoft earlier
  • 8. Malcolm - A Powerful, Easily Deployable Network Traffic Analysis Tool Suite For Full Packet Capture Artifacts (PCAP Files) And Zeek Logs vom 90.53 Punkte ic_school_black_18dp
    Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs. These artifacts can be
  • 9. Another country-sponsored #malware: Vietnam APT Campaign vom 87.6 Punkte ic_school_black_18dp
    The background This is a team work analysis, we have at least 5 (five) members involved with this investigation. The case that is about to be explained here is an APT case. Until now, we were (actually) avoiding APT cases for publicity in Malware Must Die!
  • 10. AutoRecon - Multi-Threaded Network Reconnaissance Tool Which Performs Automated Enumeration Of Services vom 87.01 Punkte ic_school_black_18dp
    AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services. It is intended as a time-saving tool for use in CTFs and other penetration testing environments (e.g. OSCP). It may also be useful in real-world engagements. The tool works by firstly performing port scans/service detection scans. From those initial results, the tool will launch further enume
  • 11. TA18-106A: Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices vom 86.27 Punkte ic_school_black_18dp
    Original release date: April 16, 2018Systems Affected Generic Routing Encapsulation (GRE) Enabled DevicesCisco Smart Install (SMI) Enabled DevicesSimple Network Management Protocol (SNMP) Enabled Network DevicesOverview This joint Technical Alert (TA) is the result of analyt
  • 12. The Malicious Use of Artificial Intelligence in Cybersecurity vom 85.77 Punkte ic_school_black_18dp
    Criminals and Nation-state Actors Will Use Machine Learning Capabilities to Increase the Speed and Accuracy of Attacks Scientists from leading universities, including Stanford and Yale in the U.S. and Oxford and Cambridge in the UK, together with civil societ