Re: How good is Comodo Internet Security?

nik wrote:

Ikarus Virus

It isn't that new. I just found a blog that mentions it back in October
2007 (http://www.av-comparatives.org/weblog/?p=78). Yet I don't see
Ikarus listed in any of their comparative reports (to see how well is
its coverage). I did find a Sep 2007 white paper there for a separate
test (http://av-comparatives.org/seiten/ergebnisse/ikarus07.pdf). Read
the last sentence of section 4. Maybe they've gotten better since then
regarding false positives, so that it detected something not found by
other antivirus programs may simply mean it was a false positive. Did
you ever submit the suspect file to the multi-scanner sites of
VirusTotal (http://www.virustotal.com/) or Jotti
(http://virusscan.jotti.org/)?

http://www.ikarus.at/
Never trialed it. I'll wait until they get an English version web site.

as for the LUA ia have always used xp and logged in as an
administrator. you mean I should create a new user account but
limited or a guest one and use that?

but then hopw will I be able to install new application if iam on LUA
mode?

You can choose to create a new Windows account that is a limited
(standard) account. That will restrict what you can do, and what
malware can do, too. Of course, to install software you will probably
have to logoff and logon under an admin-level account. This is a
nuisance but has been a long-time recommendation by those that don't
want to bother using protection utilities on their web browser while
logged under an admin-level account. Using a limited Windows account
is a lot of hassle but it does have some advantages. I have way to
many duties and activities that require using an admin-level account to
waste my time trying to use a limited Windows account. I'd be
repeatedly bouncing between my standard and admin-level accounts during
the day.

A process can be made to run under a LUA (limited user account) token.
That is, the process will have the same privileges as that token. Since
the token has the limitation of a standard user account, that process
is also limited. But that only applies when you run that process under
the limited environment. When using DropMyRights, SysInternals'
psexec, or other such utilities that run the child process under
limited privileges, only the process they start is limited. So if you
use them to start the web browser, that instance of the web browser is
limited and you get more protection. If you do not use them to start
the web browser but instead start the web browser directly, you are
running an unlimited browser process just like you are now. Since
these utilities only limit the process they start, they will not limit
the same process started by some other application, like e-mail. So
they do not help to limit the browser when, say, you click on a URL in
an e-mail. The only time you'll have a limited browser is when you
specifically use these utilities to drop their privileges. Unless you
use these utilities to load the web browser, your web browser will be
running unlimited.

The author of DropMyRights also wrote a RunSafer utility. It modifies
policies for the application to reduce its privileges. That means that
program will always run limited no matter what application started it.
However, when you need to run unlimited, like when visiting Windows
Update, doing an Adobe Flash update, etc., you can't until you rerun
that utility to remove those limiting policies. The same is true of
Online Armor and its Run Safer option you can enable on an application.
It will always run that application under limited privileges and you're
stuck having to wade through their config screens to disable the Run
Safer option and then go start that application. A lot of hassle.

GeSWall is both a policy enforcer and a near-sandbox. Not only does
GeSWall enforce the limited privileges of running a process under a LUA
token but restricts it even further as to where in the registry and
file system that the restricted process can write or read. Anything
downloaded by that restricted process is tracked as untrusted and
you'll get warned when you try to run it that it is untrusted. If the
payload gets ran, like using a buffer overrun exploit, it is ran inside
the isolated mode in which that restricted process is running under
control of GeSWall. A sandbox, like Sandboxie, is even more
restrictive than GeSWall but also more a nuisance to use if you do want
to keep something of your browser session. The next further
restrictive step is to use a virtual machine.

You could just use DropMyRights or SysInternals psexec to limit the web
browser only when you want it limited, like making a shortcut for it on
your desktop and Quicklaunch toolbar. However, that would be the only
time your browser is limited. Clicking on a URL link in an e-mail or
some application whose help uses the browser to look at the online
pages for that help would mean that browser is unlimited. One some of
my hosts, I use GeSWall to automatically ensure that every web browser
instance is limited and also isolated no matter who started it, plus I
can easily switch back to non-isolated, unlimited mode for the browser
just by clicking a "G" button in the titlebar. One some of my other
hosts, I don't use GeSWall and instead just use the SysInternals'
psexec program (or I could use DropMyRights) to limit just the
instances of the browser that I choose to start. Depends on the
software config on a host and how comfortable you feel with what level
of interfering security. All security interferes with your work, some
methods being worst than others.

As for a browser iam currently using Google's Chrome. If I use Sandbox
will it be able to save files from web pages on my hdd?

Google bought GreenBorder which was a sandboxing utility. They
incorporated it into their Chrome web browser. There is also
separation between each tab that you open in that it starts another
process plus each is using the GreenBorder technology to sandbox each
tab's process. I haven't experimented much with Chrome. While it does
have some very good advances for web browser features, I simply don't
like it. Not just because of its slimlined UI but mostly for a lack of
features along with the lack of an army of add-ons to customize it. For
one, when using a sandbox for the web browser, like Sandboxie, I can
choose to keep some content from sandboxed environment when I close the
browser. Can't do that with the sandboxed tab processes for Chrome.
If wanted to go further than GeSWall to limit and protect my web
browsers, I'd probably look into Sandboxie (alas, their free version is
just too crippled in that it won't protect all instances of an
application no matter who starts it and it turns into nagware after the
30-day trial). I do hope that it will spur Microsoft and Mozilla to
incorporate similar sandboxing into their browsers. See Google's comic
strip for more info about Chrome and its limited sandboxing scheme on
page 25 at:

http://www.google.com/googlebooks/chrome/
.

Loading