Can anyone tell me specifically what appears to be flawed about the test Josh posted? :isay:
-{ Quote: "Interesting Test: http://malwareresearchgroup.com/?page_id=2

Cheers,
Josh" }-

-{ Quote: "Can anyone tell me specifically what appears to be flawed about the test Josh posted? :isay:" }-
Not so much flawed test as perhaps some ??? interpretations.
MRG's statement "this was (sic) test was conducted simply to check the ability of today’s Anti-Malware programs when dealing with malware samples which have been around for some tome (sic)." seems like a fair description of the data. Some methodology questions, like "detected not removed counted?", "why not report results of first scan?", ... . Who the MRG is, whether they have any qualifications in the statistical design and analysis of experiments, whether they have studied and perhaps even have degrees that would lead creedence to their conclusions, whether one should draw any conclusions, seem bypassed by that description. How far above "we have a bag full of malware that we collected somehow, so we ran it through a bunch of AVs and these are the results" in terms of what you can generalize is not stated. But it looks like an interesting group effort, does reasonably track some better known testing results, and starts to give a feeling that CAVS (the sometimes neglected subject of this thread) may be becoming mature enough to start testing it against the historical AV benchmark testing programs and future extensions in response to AMTSO. Maybe it is about time to see the pony start to emerge?

Thanks for the reply, sded :) . I took a look at the site too, and you're right when you say they don't really document their methods.

-{ Quote: "Maybe it is about time to see the pony start to emerge?" }-
Yes, that's something I would (and I'm sure many others) would like to see.

But the thing is all the other antiviruses fall in the right spots, Avira And a-squared followed by others, all the best sites show the same result.

So if all the others are right how come only Comodo is wrong, and i remember some warez site, or some other site did a test a while earlier, and they said comodo's detection is around 92%.

-{ Quote: "But the thing is all the other antiviruses fall in the right spots, Avira And a-squared followed by others, all the best sites show the same result.

So if all the others are right how come only Comodo is wrong, and i remember some warez site, or some other site did a test a while earlier, and they said comodo's detection is around 92%." }-
I'm not going to distrust these results. True, this isn't a VB100-like test, but there's I've yet to see concrete evidence that says their testing is flawed :-\ . If someone can come up with some proof, that'd be swell; otherwise, innocent until proven guilty.

-{ Quote: "One needs a layered approach anyway, and the antivirus is one of the least important aspects of this. In fact, some might argue that because of their experience and common sense in computer security, you do not need a real time antivirus. I know Ilya claims to use DefenseWall only. Let me repeat this fact. Ilya claims only to use DefenseWall and nothing else. That's how powerful HIPS products can be if run by an experienced user.

Anyway, the answer to the original question of this thread is that Comodo AV is getting better and so are other AVs. This changes nothing to my computer security setup - since Comodo AV is the lightest AV for me out there, I'm sticking with it. I'll let the Firewalls, Sandboxie, and Defense+ handle everything anyway." }-
For most people (average users) an antivirus is still an important component to verify files that they think are safe are clean.

Biggest flaw with CIS 3.9 is that it doesn't tell you that file that you've just executed is bad. It just blocks it and you have to figure it out on your own why nothing happened. Thats totally lame and stupid.

I'm talking about Defense+ of course.

-{ Quote: "I'm not going to distrust these results. True, this isn't a VB100-like test, but there's I've yet to see concrete evidence that says their testing is flawed :-\ . If someone can come up with some proof, that'd be swell; otherwise, innocent until proven guilty." }-
Shouldn't it be guilty until proven innocent? Or else we'll all be trusting any random test that pops up. :o

-{ Quote: "Weird. Usually people complain about getting too many pop-ups, not getting too few haha. Maybe you can try posting your problem at their support forums. It's good to provide feedback to a company providing free software." }-

I did and it seems i'm talking some alien language that no one understands me there.

Program simply has to tell the user whatever bad it blocked. I'm not saying about questions what to do but for stuff where CIS does all the blocking by itself. Imagine ThreatFire blocking stuff and not telling that to the user.
If there was a false blocking (like false positive), it's a total hell to diagnose that. Especially by an inexperienced user.

Erm, most of malware. If something gets blocked, i want to know about it.
I want it to be silent on clean stuff but there should be at least 1 popup per program/file that was blocked.

But no one but you has this problem?

It's not a problem, it's a flawed design. Besides, i notice things no one else seems to care about. ::)

-{ Quote: "It's not a problem, it's a flawed design. Besides, i notice things no one else seems to care about. ::)" }-
I don,t know how did u manage to get the programs blocked without a single pop up.

Can you explain?

Having "block" as the default action under "access rights" is one way to do it.

You should know by now that it is always the same when Comodo is being discussed here.

Eice and Trojanhunter try to put the boot in and RejZor undermines it in a more subtle manner.

Only time will give the true picture.

This only applies to version 3.9! Only in few rare cases, there was some popup.

From what I understand, even if you only run the AV - like me - (yes, not even D+) in v3.9, you also get memory-protection through integration of BOClean's features and db. Is that correct? ???

I understand the same.

-{ Quote: "Yes, from what I understand, that is correct raven211. I'd recommend using the full suite though! Your choice!" }-

The stateful-feature is also on by default, right? Is that the mode in which the real-time protection scans by default?

Thought about it seeing your sig. :)

-{ Quote: "Yes, Stateful is on by default. Stateful is some weird technology that I don't fully understand yet. It basically only scans a file in real-time once and doesn't scan anymore after that unless the file changes.

I think the question has been asked: what if the file contained a virus and wasn't picked up until Comodo AV updated its database? Wouldn't Stateful scanning be therefore unsafe?

This was replied by saying that the files are re-scanned (once) every time the database is updated. Sounds a bit pointless to me! Anyway, the other option "On Access" scanning is just as light. I don't notice any system slowdown whatsoever, which is rather amazing." }-

Sounds cool... and in that mode, it'll detect the threat, or whatever it's, as soon as it enters your PC or so, right? For example, you've an EICAR-test-file on your desktop and click on it - not run it, just "mark" it.

Tested this scenario... I download an EICAR-test-file through Opera. I save it to my desktop, then I first just mark it. Then I'll right-click on it to see if anything happens with COMODO.

So far, both modes will do the same. Not when you download, not when you mark, but when you right-click to bring up the menu - then it'll react.

Therefore I've gone back to the default scanning mode for the Real-Time Protection - only because on my system I don't find any difference in operation. ;) Tell me what your results are if you test the same scenario with the two modes of the RTP. :) Maybe you run a different browser. 8)

-{ Quote: "Comodo AV alerts me immediately once the download of the EICAR-test-file is complete. It doesn't even get a chance to get on my desktop. This is true for both "Stateful" and "On Access" modes. I'm not sure why you're not getting the same results. I am using Firefox 3.1 Beta 3." }-

My guess is that FF is more compatible with CIS.

-{ Quote: "Comodo AV alerts me immediately once the download of the EICAR-test-file is complete. It doesn't even get a chance to get on my desktop. This is true for both "Stateful" and "On Access" modes. I'm not sure why you're not getting the same results. I am using Firefox 3.1 Beta 3." }-


I have it on, On access. And using chrome.

As soon as the download finishes, comodo catches it. Sometimes even before the i select start downloading.

-{ Quote: "Yes, I doubt that the type of web browser would have anything to do with Comodo AV not catching viruses immediately on real-time. I could be wrong though, who knows." }-

Yes, cause that makes me wonder why there's no difference over here. I do think too that it shouldn't affect the result, but it seems to be or something. :)

-{ Quote: "
In saying that, with CIS, you can configure it so it will never give a pop-up - you do this by enabling parental control, password protection and alert suppression. CIS will thus act as a powerful default-deny security program. That is, you will only be able to use the trusted applications or trusted aspects of the applications already installed on your computer. Any attempt to execute unknown applications of any sort will be denied by default without any user intervention." }-

Hi ssj,

I have just installed CIS on a friends PC. Her daughter keeps downloading dodgy files from P2P sites. I like the idea you mentioned above. What settings would be best for the Firewall and Defense + as I find all the different settings i.e safe mode, clean PC mode a bit confusing!!

tezzaa

-{ Quote: "Hi ssj,

I have just installed CIS on a friends PC. Her daughter keeps downloading dodgy files from P2P sites. I like the idea you mentioned above. What settings would be best for the Firewall and Defense + as I find all the different settings i.e safe mode, clean PC mode a bit confusing!!

tezzaa" }-

Tezzaa,

Your friend will be much better of with DefenseWall, easy no pop-ups. When you set a password, you will need this password to change a file from trusted to untrusted. So when her daughter does not know the password, she can't install programs requiring system or admin priveledges. Untrusted files can not install, simple as that.

When you do not know what to block you can end up with a crippled system. Now that is not the favour you want to provide your friends. So when you find D+/FW confusing stay away from it, because you won't be around to help them when something is blocked silently which cripples the system.

Add a good AV like Avira free, with heuristics high, set to check on writes only for all files. This will only involve new arrivals, so a False Positive of teh amasing Avira heuristics engine will be no big deal.

Add Keyscrambler free for IE8 (just use IE with DW it is absolutely safe), do not step into trap of crippling your browser (e.g. FF with no scripts). DW offers full functionality on IE with full security.

Keep using Windows FW for inbound and for 30 euro's initially and 10 Euro's (edit) in successive years you have a great user friendly security setup.

-{ Quote: "Hi ssj,

I have just installed CIS on a friends PC. Her daughter keeps downloading dodgy files from P2P sites. I like the idea you mentioned above. What settings would be best for the Firewall and Defense + as I find all the different settings i.e safe mode, clean PC mode a bit confusing!!

tezzaa" }-

You should have installed the V3.9 beta, there are extremely few pop ups in that version.

-{ Quote: "Tezzaa,

Your friend will be much better of with DefenseWall, easy no pop-ups. When you set a password, you will need this password to change a file from trusted to untrusted. So when her daughter does not know the password, she can't install programs requiring system or admin priveledges. Untrusted files can not install, simple as that.

When you do not know what to block you can end up with a crippled system. Now that is not the favour you want to provide your friends. So when you find D+/FW confusing stay away from it, because you won't be around to help them when something is blocked silently which cripples the system.

Add a good AV like Avira free, with heuristics high, set to check on writes only for all files. This will only involve new arrivals, so a False Positive of teh amasing Avira heuristics engine will be no big deal.

Add Keyscrambler free for IE8 (just use IE with DW it is absolutely safe), do not step into trap of crippling your browser (e.g. FF with no scripts). DW offers full functionality on IE with full security.

Keep using Windows FW for inbound and for 30 euro's initially and 10 successive years you have a great user friendly security setup." }-

Hi Kees,

Thank you for your thorough reply. I will take a look at all the programmes you suggest. I have already downloaded DW as you suggested and have installed it onto my own Laptop to try it out.

Thanks

tezzaa