Just wondering since this last release it it worth trying now or is it still not there yet? Thanks

It'll be there when they add BOClean memory scanner and actual CIMA based heuristics. Until then, it's ok but not yet there.

Yes it's certainly improving all the time but wait a month or so for CIMA and BOClean functionality before relying upon it.

works fine in thi ssetting :P http://www.wilderssecurity.com/showthread.php?t=234443

http://internetsecurity.comodo.com/updates/vdp/database.php

The number of definitions has reached 1,7 Millions, There is a issue with FPs still Its not there yet, I would as rejzor wait for next version with CIMA, version 3.9!

You can still try it however, Its probably better than ClamWin by now, and do detect a few stuff. 8) :wacko:

Or to be on the safe side, sandbox the browser and have a couple of on-demand scanners at your disposal!

Ice

Is it able to install Comodo AV as on demand? With no guards and real time processes?

-{ Quote: "Is it able to install Comodo AV as on demand? With no guards and real time processes?" }-

Good question. I actually thought about this originally when I had installed CIS. I really like Avast home. I believe you can install the FW, D+ and the AV but just disable the realtime access after you install the package. Then you could keep your current AV and use Comodo's only as a on-demand. I might consider doing this in that I'm still getting FP's with the AV part of CIS. Apparently, in the next month, Comodo will implement Boclean (memory scanner) and use their far superior Heuristic Analysis module (CIMA) implemented within the product. This will give less FP's and a more powerful analysis of suspect files. I have SBIE and CIS installed on my Vista Home pc and Geswall and CIS on my XP pro pc. CIS works well with sandbox type security!

Ice

-{ Quote: "Just wondering since this last release it it worth trying now or is it still not there yet? Thanks" }-

Yes it's worth trying.
Went thru the pre betas, the betas and now version .477 which, I think, is the best yet.
Have the FW set to custom, Defense + to clean pc mode and av turned on.
All monitor settings on along with buffer overflow protection.
Heuristics set to medium.
Very few pop ups and basically the only ones I do get is when I forget to put it in install mode for a new program.
Have had no fp's with this version.

You have to remember that no av or fw is perfect.
Reading thru all the threads in this forum will verify this.
It's what works well for you. :)

-{ Quote: "Good question. I actually thought about this originally when I had installed CIS. I really like Avast home. I believe you can install the FW, D+ and the AV but just disable the realtime access after you install the package. Then you could keep your current AV and use Comodo's only as a on-demand. I might consider doing this in that I'm still getting FP's with the AV part of CIS. Apparently, in the next month, Comodo will implement Boclean (memory scanner) and use their far superior Heuristic Analysis module (CIMA) implemented within the product. This will give less FP's and a more powerful analysis of suspect files. I have SBIE and CIS installed on my Vista Home pc and Geswall and CIS on my XP pro pc. CIS works well with sandbox type security!

Ice" }-
Your belief is well founded you can do that.;)

The way things are right now, it's only "better" because people have gotten weary of correcting the tireless fanboys who constantly proclaim that the AV is now good. Comodo is winning the war of attrition on the propaganda front, but the abilities of the product is still right where it used to be.

Keep on holding your breath for the "next version" that will magically bring long-awaited usability and detection. Comodo has been saying that since I don't know how many versions ago, but then again people keep falling for it, so I guess I can't blame them entirely...

-{ Quote: "The way things are right now, it's only "better" because people have gotten weary of correcting the tireless fanboys who constantly proclaim that the AV is now good." }-
Agreed. :thumb:

-{ Quote: "The way things are right now, it's only "better" because people have gotten weary of correcting the tireless fanboys who constantly proclaim that the AV is now good. Comodo is winning the war of attrition on the propaganda front, but the abilities of the product is still right where it used to be.

Keep on holding your breath for the "next version" that will magically bring long-awaited usability and detection. Comodo has been saying that since I don't know how many versions ago, but then again people keep falling for it, so I guess I can't blame them entirely..." }-

Where in this thread is anyone proclaiming this av is good??
I don't see it.
I like the suite though.
The FW with D+ is good and the hips will block nasties the av could miss.
The av itself is not there yet and others are better at this point.
The useability is there but the detection of the av does need improvement.
Time will tell on how good it ends up being but to say it's right were it used to be is nonsense.

I confess i don't understand the glee some people take in rubbishing Comodo and the barely disguised wish they have for it to fail miserably???

Everyone should want this to succeed whether or not they choose to use it,because a top ranking free security suite will benefit all since competitors will have to rethink their own pricing policies.Perhaps they're happy spending £30 or £40 a year??? if so good for them,others haven't got so much spare cash.

Nobody I've read is claiming that Comodo's AV is the equal of the likes of Avira yet (or even close).A fair time to pass judgement would be after the 12 months Melih stated as required to produce a top AV.

-{ Quote: "I confess i don't understand the glee some people take in rubbishing Comodo and the barely disguised wish they have for it to fail miserably???

Everyone should want this to succeed whether or not they choose to use it,because a top ranking free security suite will benefit all since competitors will have to rethink their own pricing policies.Perhaps they're happy spending £30 or £40 a year??? if so good for them,others haven't got so much spare cash.

Nobody I've read is claiming that Comodo's AV is the equal of the likes of Avira yet (or even close).A fair time to pass judgement would be after the 12 months Melih stated as required to produce a top AV." }-

I couldn't have said it better myself!
Ice

-{ Quote: "I confess i don't understand the glee some people take in rubbishing Comodo and the barely disguised wish they have for it to fail miserably???" }-
That's okay, since this has nothing to do with taking glee in rubbishing Comodo, and everything to do with distaste for blatant misinformation and dubious advertising claims.

As for making the industry rethink its pricing policies, I'll just chuckle quietly to myself as I anticipate Comodo succeeding where other real top-notch free products have failed.

-{ Quote: "I confess i don't understand the glee some people take in rubbishing Comodo and the barely disguised wish they have for it to fail miserably???

Everyone should want this to succeed whether or not they choose to use it,because a top ranking free security suite will benefit all since competitors will have to rethink their own pricing policies.Perhaps they're happy spending £30 or £40 a year??? if so good for them,others haven't got so much spare cash.

Nobody I've read is claiming that Comodo's AV is the equal of the likes of Avira yet (or even close).A fair time to pass judgement would be after the 12 months Melih stated as required to produce a top AV." }-


Agreed!

There is always a lot of hate against comodo, by no apparent reason. Its probably one if not the most hated product here at wilders! ;D ;D I have yet to see a thread about comodo that won't involve some critic saying it sucks, its flawed or similar, or a thread that won't turn to flaming CIS for using full HIPS.

In my experience CIS is good. And fact still remains, It got the best prevention if the user understands the D+ module.

And I would not bother post in every norton category and say "man its so bad".. Even if I think so. CIS is the strong option for advanced users.. And its getting user friendlier and user friendlier..:thumb: :thumb: And its freaking free..

CIS also has the advantage that Vista and Windows& force application developers to stay as much as possible in the user space, which in itself reduces pop-ups.

As posted earlier I have tweaked a setup to put on the Vista64 gaming machine of my son as soon as Vista64 ThreatFire becomes available, because it is an efficient internet suite.

CIS is the first version which let you 'patch' all the issues I have with classical HIPS (see this post for idea behind it http://www.wilderssecurity.com/showpost.php?p=1413356&postcount=28). The only thing I would like that when an ASK generates a rule, it would inherite the original rule it triggered with only one aspect set to allow or block (instead of generating a custom rule with all others set to ASK).

Regards Kees

I am not surprised that so many hate Comodo, there must be many on the forum whose jobs will be at risk if a free program becomes the best available and the general public realise that.

-{ Quote: "That's okay, since this has nothing to do with taking glee in rubbishing Comodo, and everything to do with distaste for blatant misinformation and dubious advertising claims.

As for making the industry rethink its pricing policies, I'll just chuckle quietly to myself as I anticipate Comodo succeeding where other real top-notch free products have failed." }-
There haven't been any other free complete security suites to be able to have failed that I'm aware of???

But that aside I still don't follow the idea that it's good news or amusing for CIS to fail.If it succeeds it'll benefit many people and far fetched advertising won't lessen that (SAS one day only offer anyone)

If nothing else Comodo offers an option in a shrinking market where many smaller products are being abandoned or swallowed up by the big boys.

-{ Quote: "I am not surprised that so many hate Comodo, there must be many on the forum whose jobs will be at risk if a free program becomes the best available and the general public realise that." }-
No doubt that's a motivating factor for some.

-{ Quote: "
All monitor settings on along with buffer overflow protection.
" }-

So once again buffer overflow protection is not on by default, even though it's supposed to be so important and a big new feature, or did I get that wrong? Is it disabled for a reason like high-risk for FPs or similar?

BO protection is enabled by default.

-{ Quote: "BO protection is enabled by default." }-

Okay, thx for the answer, RejZoR! :)

;D ;D ;D ;D

"BO protection is enabled by default"

Kiss the need for underarm deodourant goodbye!!
Love that post, class!!

-{ Quote: "Just wondering since this last release it it worth trying now or is it still not there yet? Thanks" }-

We've recently rolled out the AV and D+ components of CIS onto a state Government LAN of a little over 3,500 seats and its performance over the past three months has been remarkable.

Previously, we had used an enterprise version of a major AV for a little over 6 years. We had trialled CIS AV in our test lab (48 seats) and on a minor segment for over 6 months prior to the rollout.

Over the past three months, we have saved over $11,000 (approximated to US$) and AV incident/ resolution (and its accompanying costs) has dropped more than 85% when compared to our previous solution.

We are eagerly awaiting the release of the updated Comodo Security Endpoint Manager which will work with the latest CIS. This will greatly reduce the bandwidth costs currently caused by each workstation updating over the internet, rather than from a central internal instance.

In short - we love it!! It's is a far more cost effective solution and, after configuring the D+ component and Parental Controls (we use this to supress dialogues, auto-quarantine and protect the configuration from alteration) to suit our MOE, we have far less incidents to manage.

Admittedly, we operate strictly managed environments and workstations with a limited range of software, and this is ideal for a locked and pre-configured installation of CIS. Having said that, CIS is still providing us with better protection and lower operating costs.

CT:D
Comodo Forum Moderator

P.S. In case this is viewed as an intrusive post - although I am a moderator on the Comodo forums, I recused myself entirely for the selection, testing, approval and implementation process, as is required by our internal ethics guidelines. I have only involved myself once the entire selection/implementation process was completed. The time/cost figures quoted were produced by our internal accounting staff.

-{ Quote: "Is it able to install Comodo AV as on demand? With no guards and real time processes?" }-

According to Comodo's website you can choose to install either or both the antivirus and firewall. I'd imagine that the real-time part of the av could be disabled.

Hello,

I am a Global Moderator on the Comodo Forums. Here are the download links for Comodo Security Endpoint Manager with latest CIS:

http://download.comodo.com/cesm/download/setups/CIS_RM_Setup_3.8.65951.4
77_XP_Vista_x32.msi
Size:47M (48830464)
MD5:1e746485e2b7a359562fbd1dfe2a493b
SHA1:4571cfbe07528573b5d26f144405c495fbe16077

http://download.comodo.com/cesm/download/setups/CIS_RM_Setup_3.8.65951.4
77_XP_Vista_x64.msi
Size:50M (52164096)
MD5:51e8b4085e183947dd5da819250075b4
SHA1:e0e81d0825bb4c3ef1b409e88f71e9d67f234f7d

http://download.comodo.com/cesm/download/setups/CESM_Setup_1.1.1813.31_X
P_Vista_x32.msi
Size:15M (14713344)
MD5:c64165fc95709908033c4981c4e7db2f
SHA1:848f81f998bfa9cbf18f70bbb4c3b65a11a1794f

http://download.comodo.com/cesm/download/setups/CESM_Setup_1.1.1813.31_X
P_Vista_x64.msi
Size:15M (15211008)
MD5:47e2cc5e19e3355e54d5a8182c04bea9
SHA1:b5271e82a7aabda91537ee2e84c54b7a6d952f74

Website is here: http://enterprise.comodo.com/security-solutions/endpoint-security/

That enterprise website was launched in February... Let me know if you need anything.

Cheers,
Josh

I wasn't impressed with the new AV heuristics engine in the latest Comodo Internet security. The Heuristics ruined a legitimate program, that being Webroot window washer. Comodo stated that it had quarantined those files, so I thought I could recover them easily and all would be well....but No sign of the files in the quarantine for some reason. I reinstalled Window washer and removed Comodos Junk from my system.

Wierd.. Quarantine working fine here..

I neither was impressed with 3.8's heuristic. ::) But it might become by 3.9.. Currently in Pre-Alfa :)

As for the threads subject.. Comodo AV better now, It now got a 2.67 million DB.. Instead of the 1.7 M that it had when this thread started out..

Hopefully its better..

I am sure it is better after the many database updates. Yes when the heuristics were first rolled out there were some false positives, but I am surprised that any experienced user would quarantine heuristic detections rather than checking them out first and then reporting them as fps.

The next version with heuristics based on CIMA should be a great step forward again, but for now it is working well and to describe it as 'Comodos Junk' is a ridiculous statement.

Well, current heuristics are a joke and shouldn't even be called heuristics.
CIMA thing will be something different.

-{ Quote: " I am surprised that any experienced user would quarantine heuristic detections rather than checking them out first and then reporting them as fps." }-

I didn't ask Comodo to quarantined or should I say remove these files. When I installed Comodo IS the software quarantined the files without asking me , just a pop-up telling me it had 'quarantined' my Webroot Window washer files.This was before I had run a scan, Comodos real-time protection. When I checked the quarantine folder the files weren't there, so the software had removed legitimate files without my consent.

-{ Quote: "The next version with heuristics based on CIMA should be a great step forward again, but for now it is working well and to describe it as 'Comodos Junk' is a ridiculous statement." }-

Any sercurity software that does what I describe above is complete Junk, I'm sorry but it is. I prefer software that's properly tested and Comodo needs more of this.

-{ Quote: "I didn't ask Comodo to quarantined or should I say remove these files. When I installed Comodo IS the software quarantined the files without asking me , just a pop-up telling me it had 'quarantined' my Webroot Window washer files.This was before I had run a scan, Comodos real-time protection. When I checked the quarantine folder the files weren't there, so the software had removed legitimate files without my consent.
" }-

This is really odd, to say the least! I haven't heard of any other reports of CIS AV auto-deleting any files.

When you say "This was before I had run a scan", do you mean that Webroot was running (or you had just attempted to run it) and the realtime component of CIS AV detected it and auto-removed it?

When you re-installed Webroot Windows Washer (before removing CIS), did it auto-remove the files a second time?

What version of CIS did you install? V3.8.X.477 does not have auto-quarantine enabled as default and there is no setting to auto-remove.

This is probably best reported on the Comodo support forums (https://forums.comodo.com).

CT :)

-{ Quote: "
When you say "This was before I had run a scan", do you mean that Webroot was running (or you had just attempted to run it) and the realtime component of CIS AV detected it and auto-removed it?" }-

Webroot was already running yeah, CIS real-time scanner detected then removed a couple of Webroot program files, but comodo told me they were quarantined...but nothing was in the quarantine.

-{ Quote: "When you re-installed Webroot Windows Washer (before removing CIS), did it auto-remove the files a second time?" }-

I didn't try a second time..I just removed Comodo. It seems that my above statement was not worded to well "I reinstalled Window washer and removed Comodos Junk from my system" I should have said that I removed than re-installed webroot...sorry.

-{ Quote: "What version of CIS did you install? V3.8.X.477 does not have auto-quarantine enabled as default and there is no setting to auto-remove." }-

Not quite sure on the version, but it had the new heuristics that were set on the default low...so presuming the latest? I didn't change any default settings BTW.

Thanks for the follow-up.

I am still at a loss to explain why it deleted rather than quarantined, let alone quarantined at all if you had not enabled auto-quarantine.

Auto-quarantine has been available since V3.5.X but has NEVER been enabled by default. This has always been a user selectable setting.

If it's any comfort, your report is unique - I've just checked back through all CIS posts on their forums and there is no mention of any other users having files deleted rather than quarantined.

CT :)

Comodo ppl just confirmed today that they are bunch of incompetent noobs.
They want to live in a world where their beloved software is a form of unmistakable perfection. And i'll let them live in their fairy tale because they don't give you any other option.
You tell them that whole bunch of stuff is designed badly and they ban you in return. Gee, thanks. ::)
Get rid of stupid fanatic fanboys and Comodo software might some day actually be good. I'm returning to ALWIL Software where they appreciate any feedback, be it good or bad. They also act like professionals and i don't have to explain myself 50 times for my statements. And even though there is a language barrier (Czech-English-Slovenian) we always manage to communicate properly. But with Comodo ppl i always felt like i'm talking quantum physics to a 2 years old kid... And that applies to volunteer members and official staff members.
I was totally shocked when i needed 3! forum pages of explaining regarding Memory Firewall development just to find out in the end i'm not going anywhere with the conversation.

i was just gonna say it doesnt work on windows 7 but seems i wont even bother to say it if thats the case lol.

I hear you. There are good folks that left them for obvious reasons. :blink:

-{ Quote: "Comodo ppl just confirmed today that they are bunch of incompetent noobs.
They want to live in a world where their beloved software is a form of unmistakable perfection. And i'll let them live in their fairy tale because they don't give you any other option.
You tell them that whole bunch of stuff is designed badly and they ban you in return. Gee, thanks. ::)
Get rid of stupid fanatic fanboys and Comodo software might some day actually be good. I'm returning to ALWIL Software where they appreciate any feedback, be it good or bad. They also act like professionals and i don't have to explain myself 50 times for my statements. And even though there is a language barrier (Czech-English-Slovenian) we always manage to communicate properly. But with Comodo ppl i always felt like i'm talking quantum physics to a 2 years old kid... And that applies to volunteer members and official staff members.
I was totally shocked when i needed 3! forum pages of explaining regarding Memory Firewall development just to find out in the end i'm not going anywhere with the conversation." }-

Funny you say this, I thought I was the only one not getting thru. I think I was the first person pointing out in their CPF v3 beta that it was smoking the cpu. I had to explain myself about 10 times but they kept telling me it was software I had installed on my machine. Finally, after 2 weeks of frustration, they fixed it. I was willing to help them debug the problem but no one listened. That being said, I can't criticize people for making free software. I can only try and help, which I know you had been doing. They have a lot of potential but I got tired of beta testing. I wish Comodo the best but for now I'll stick with stuff that works.

Ice

Please stay on topic guys.

Cheers,
CT :)

-{ Quote: "i was just gonna say it doesnt work on windows 7 but seems i wont even bother to say it if thats the case lol." }-
BTW It does work.

-{ Quote: "Please stay on topic guys.

Cheers,
CT :)" }-

They are on topic.
RejZoR, lodore, Miyagi and IceCube have experience and do not go around bashing products for the hell of it.
Since you are new here, 5 posts, you might want to listen to them.
What they say could affect the development of their av.
I use CIS but not a fan boy by any means.
I use what works for me and my computer.
Personally I think the av has improved. No troubles with it, no fp's and runs great for me on XP.
On Vista it's a problematic whore and after going around with them I gave up and will not use it any longer.
Good forum help, stateing problems and resolving them are important with any software.
If they don't provide this I'd like to hear about it. 8)

No comodo bashing here, but trying to find out some info on the forums.

But I have to say, that is a lot of forums and sub-forums. Some are three levels deep! More than 100 forums! Trim the fat, dudes!

More than double the number of wilders forums and, wilders has a of diversity with their products. Get me outta there! ;)

I hear you.
You need a road map over there! ;D

[at] danny9 and normishmael,

I was simply trying to retain focus on the original topic "Comodo AV better now?". I interpreted this as asking whether the raw performance (prevention, detection and cure) of Comodo's AV had improved and was just trying to stick to it, as I had noticed from browsing these forums that the mods regularly post asking users to remain on topic or lock topics if they have run to a logical conclusion.

I was not, in any way, trying to deflect the arguments away from whether Comodo, as a company, is good, bad or indifferent. Comodo are big enough and ugly enought to stand up for themselves.

While I agree that there is a higher degree of "fanboy" within the Comodo community than within other software communities, I would like to think that I, personally, am not included in that bunch, either by my actions or by the suppositions of others.

Cheers,
CT :)

-{ Quote: "[at] danny9 and normishmael,

I was simply trying to retain focus on the original topic "Comodo AV better now?". I interpreted this as asking whether the raw performance (prevention, detection and cure) of Comodo's AV had improved and was just trying to stick to it, as I had noticed from browsing these forums that the mods regularly post asking users to remain on topic or lock topics if they have run to a logical conclusion.

I was not, in any way, trying to deflect the arguments away from whether Comodo, as a company, is good, bad or indifferent. Comodo are big enough and ugly enought to stand up for themselves.

While I agree that there is a higher degree of "fanboy" within the Comodo community than within other software communities, I would like to think that I, personally, am not included in that bunch, either by my actions or by the suppositions of others.

Cheers,
CT :)" }-

I did deviate off-topic a bit. But to answer your question, the last iteration I used of Comodo AV did get better from the previous one but I still received too many FP's. I was using the CIS package 3.8, forgot the sub version. They will in time have a solid AV. I think what RejZoR and myself are trying to say is that we have reported some issues with the AV or other modules and Comodo was slow to act on them. Like I said in my previous post, I can't criticize any company that will give free software away. I really hope Comodo succeeds in their philosophy because it will only make PC security that much better for the rest of us. Other companies will also improve their products. It's a win/win situation.

thanks danny9 for watching my six

Ice

Well, if you can't criticize free software, i can. If they want to play software development, they can play it just like everyone else. And thats with critics and all.
If they ask for feedback and then disregard it, why they even asked for it?

I've said many times that their so called heuristics are just packer detection and should be optional (even when CIMA heuristics will be a part of CIS). No one even cared.
I've said that doing so would decrease false positives greatly. No one cared.
I've said that keeping Memory Firewall as stand alone tool would be a good idea. After 3 pages i've ended up in a "word fight" with a mod and Melih that was basically caused by themself (especially Melih was insisting on BOClean analogy that i used there).
We were collecting a list of programs with digital signature that were suppose to be added in CIS to decrease popups on known software.
They never implemented it and that thread is now lost who knows where.
I've reported a bug during beta testing, Comodo programmer assured me it was going to be fixed in final release. The bug was not fixed at all.
I've said that Defense+ is way too chatty for casual users and that they should convert it into behavior analyzer (the stuff is basically there, they just have to build it on top of Defense+). They again flooded the thread with praise how their whitelist rocks. Well i'm still seeing loads of popups when i install programs and games, so what gives?
I've said that even memory scanner can be easily circumvented from detecting supposedly unencrypted malware. Melih again disagreed and again caused a word fight by himself.
And the list could go on and on.

Why they even need forums if there is zero productivity from them?
Just so bunch of fanboys can gather around and hail Comodo?
That won't improve anything lol

If ppl like Comodo software as it is, fine, but if you have intention to have serious feedback and recommendations, don't even bother.

Comodo has the right intent in developing their programs.

But a comodo forum member or a wilders forum member is vastly different from a regular user.

So as the AV improves, if the program doesn't reduce its popups, a regular user will not be able to handle comodo in its current format. They would panic at anymore than two popups in succession.

Regarding your thread RejZor, it made sense. Continue developing their memory firewall as a standalone program.

The problem with some posters here (you know who you are) is that they want to have features from paid software suites incorporated to a FREE software suite.

Well, if you do not like the features and the benefits of D+ giving total control over your system, you always have the choice to choose a much inferior, paid software alternative.

In all honesty, D+ is literally the most comprehensive classical HIPS module available in the market, paid or free.
If you find it obstrusive and too complicated for you to configure/understand, then don't use it. Simple as that.


Anyways, back on topic.

No, Comodo AV has yet to improve its heuristics detection. I expect improvements with the next update with CIMA engine.

So if it's free, you will tolerate bugs and all sorts of other nonsense?
I'm perfectionist and i don't tolerate such things anywhere.
HIPS is good for expert users, not casual users which Comodo is clearly targeting.

-{ Quote: "So if it's free, you will tolerate bugs and all sorts of other nonsense?
I'm perfectionist and i don't tolerate such things anywhere.
HIPS is good for expert users, not casual users which Comodo is clearly targeting." }-
you are right

-{ Quote: "So if it's free, you will tolerate bugs and all sorts of other nonsense?
I'm perfectionist and i don't tolerate such things anywhere.
HIPS is good for expert users, not casual users which Comodo is clearly targeting." }-
No security software is perfect.

You should no that by now.

Even the best of the best amongst security software available in the market have major bugs and performance/compatibility issues.


Anyways, good luck in trying to find that imaginary "perfect security program" you're looking for ::) .

Well for avast! they fixed even the smallest things i reported in each next update. Once i asked why some checkbox isn't greyed out on 64bit systems and they fixed that. It was just a minor visual glitch and they fixed it.
With comodo i've reported few bigger bugs and they acted like they don't give a damn. Hello?

I also agree that Comodo team put very low quality on software they produce.

Like others here, I felt useless to use their forum or support because everything remains the same after we suggest or report something, so I just left to care about any Comodo development for some time, and as you know and to be honest we have better options out there, and they are also free and with much better quality on every aspect, so...

Maybe Companies producing paid products think that they can afford to employ people to drop everything so as to concentrate on a few users who demand immediate attention and action.

When you consider when Comodo launched this av, I think it is amazing how much progress they have made with it. Of course it still has improvements to come and I would imagine the development team are working hard to achieve what they set out to do, rather than spend most of their time chatting on forums.

It would be good if some folk could see their way to being helpful and supportive of this project, rather than constantly moaning about lack of attention to their personal concerns.

OK so don't use it for now if you don't think it is ready yet.

-{ Quote: "Well, if you can't criticize free software, i can. If they want to play software development, they can play it just like everyone else. And thats with critics and all.
If they ask for feedback and then disregard it, why they even asked for it?" }-
If you can, I suggest you give the legion of cartoon characters led by Melih a wide berth, and get directly in touch with some of the developers (like umesh) via PM. I find it a lot more productive to talk direct with the people who actually know stuff, instead of wasting time with the fanboys.

I don't like answering tons of Allow and deny pop-ups personally, not because I don't understand how it works, but I like to actually do things with my PC, instead of time consuming annoying pop-ups. Some claim Defense + or similar is the best form of sercurity and in theory it is, but I don't believe it's bullet proof as claimed because it still relies solely on user decision. Such systems prompt on the good as well as the bad, so unless it's obvious malware, who's to say it wont get on your system anyway by mistake? Comodo claim they are trying to reduce the pop-ups with White listing, but with my recent experience, this wasn't the case. Since Comodos Anti-virus still sucks and some of us don't want endless pop-ups means Comodo has a way to go until they can move into the mainstream of sercurity and compete with the big guns. I know Comodo is free and all that, but Comodo couldn't reasonably charge for that dinosaur.

-{ Quote: "If you can, I suggest you give the legion of cartoon characters led by Melih a wide berth, and get directly in touch with some of the developers (like umesh) via PM. I find it a lot more productive to talk direct with the people who actually know stuff, instead of wasting time with the fanboys." }-

Well, it is what it is. I'm most probably not going to waste any of my time with them anymore.

Its fun to see how a comodo thread here at wilders ALWAYS turns into a whine thread where people starts criticising all aspects of CIS you can find..
THE HIPS is chatty.. Its too complicated, I prefer bla bla..
Comodo sucks.. Fanboys keep defending this flawed junk bla bla..

-{ Quote: "
Just so bunch of fanboys can gather around and hail Comodo?" }-

The comodo forum does have fanboys, but most posts is answered respectfully and people there tries to help out. And being a fan dosn't automatically mean that the response is any worse than the response from a none fan. many comodo "fans" are as skilled if not more than some wilder users. who cares.. There is non technical people on all forums..
But its far from a FANBOY only place. as some try to make it sound. I doubt the Avast! or norton forum totaly lacks fans either..? ;)

-{ Quote: "
"I don't like answering tons of Allow and deny pop-ups personally"" }-
The AV does this against you?
-{ Quote: "
"I also agree that Comodo team put very low quality on software they produce."" }-
What makes you think Comodo has a lower quality than other softwares?
I mean try CSC for instance, much better than CCleaner imo.


Its not like CIS is the ONLY software with bugs. No software is BUG free. No software. With millions of CIS users the expectation for CIS to be totally bug free is unrealistic. Norton is not bug free either neither is AVIRA or PrevX or... MS office..

There's Nothing wrong with liking something and being a fan, but it's just some people take this to a different level and act childishly...that's the difference.

But there is something wrong with describing a Company's product like this:
-{ Quote: "
Since Comodo's Anti-virus still sucks and some of us don't want endless pop-ups means Comodo has a way to go until they can move into the mainstream of sercurity and compete with the big guns. I know Comodo is free and all that, but Comodo couldn't reasonably charge for that dinosaur." }-

The sort of remarks designed to give offense and I have to wonder why someone would wish to do that.

-{ Quote: "But there is something wrong with describing a Company's product like this:" }-
It was quite accurate, as far as I can tell. What specifically is your problem with it?

-{ Quote: "Its fun to see how a comodo thread here at wilders ALWAYS turns into a whine thread where people starts criticising all aspects of CIS you can find..
THE HIPS is chatty.. Its too complicated, I prefer bla bla..
Comodo sucks.. Fanboys keep defending this flawed junk bla bla..



The comodo forum does have fanboys, but most posts is answered respectfully and people there tries to help out. And being a fan dosn't automatically mean that the response is any worse than the response from a none fan. many comodo "fans" are as skilled if not more than some wilder users. who cares.. There is non technical people on all forums..
But its far from a FANBOY only place. as some try to make it sound. I doubt the Avast! or norton forum totaly lacks fans either..? ;)


The AV does this against you?

What makes you think Comodo has a lower quality than other softwares?
I mean try CSC for instance, much better than CCleaner imo.


Its not like CIS is the ONLY software with bugs. No software is BUG free. No software. With millions of CIS users the expectation for CIS to be totally bug free is unrealistic. Norton is not bug free either neither is AVIRA or PrevX or... MS office.." }-

Quote ! Definitively.

Well, you made me look, even though I don't use Comodo and have never tried their AV. As usual, some of the funniest stuff is in the discard pile at http://forums.comodo.com/forum_policy_violation_board/comodo_antivirus_just_reached_2_million_signatures-t37231.0.html;msg266337#new . From reading the thread, Comodo is taking the position of no formal AV testing until dynamic testing is available so they can throw D+ into the mix, instead of just testing CAVS-after all, CAVS doesn't deal with executing malware either. They have made a business decision. So your choice to use it on faith or go somewhere else. But don't count on outside influences to get changes made, at least in the near term. Or was there some other message, other than a little abuse and browbeating of the dissenting posters?

-{ Quote: "It was quite accurate, as far as I can tell. What specifically is your problem with it?" }-

Gratuitously offensive to a competitor's product.

Mind you I have come to expect that from some self-opinionated members of this forum, but it is unpleasant don't you think?

The Comodo fan boys are a curse, you can't talk with these people.
Another problem is Melih, you can't discuss with him either...

Nevertheless I like CIS and AV detection really improved.

I agree that no product is bug free but some are overloaded and for worst they are too tough to admit it and especially COMODO are too proud for their product. But it is a fact they are doing a hard job refimimg their product

-{ Quote: "Its fun to see how a comodo thread here at wilders ALWAYS turns into a whine thread where people starts criticising all aspects of CIS you can find..
THE HIPS is chatty.. Its too complicated, I prefer bla bla..
Comodo sucks.. Fanboys keep defending this flawed junk bla bla.." }-

Actually most turn into threads defending Comodo if you do some searching around.



-{ Quote: "The comodo forum does have fanboys, but most posts is answered respectfully and people there tries to help out. And being a fan dosn't automatically mean that the response is any worse than the response from a none fan. many comodo "fans" are as skilled if not more than some wilder users. who cares.. There is non technical people on all forums..
But its far from a FANBOY only place. as some try to make it sound. I doubt the Avast! or norton forum totaly lacks fans either..? ;)" }-

Depends on who's answering the posts. You're right, quite a few are answered respectfully...by regular users. Once you get a dev, mod, or Melih involved, it often (not always) turns into a different story, and those are the posts that matter, right? I claim that as fact because I have posted there in the past quite often myself. Half the time it turned into " There must be a problem with other software you're using" or "We can't duplicate that issue" (when quite a few others had the same issue) or, as Rezjor has said, "It'll get fixed in the next release" (it didn't).

I'm all for defending one's product, any sensible developer would and should. But there have been too many cases of "Our products' sh** don't stink and can do no wrong" for me to want to use it even if the bugs and useability WERE worked out. That's all I really have on the matter.

-{ Quote: "Actually most turn into threads defending Comodo if you do some searching around.





Depends on who's answering the posts. You're right, quite a few are answered respectfully...by regular users. Once you get a dev, mod, or Melih involved, it often (not always) turns into a different story, and those are the posts that matter, right? I claim that as fact because I have posted there in the past quite often myself. Half the time it turned into " There must be a problem with other software you're using" or "We can't duplicate that issue" (when quite a few others had the same issue) or, as Rezjor has said, "It'll get fixed in the next release" (it didn't).

I'm all for defending one's product, any sensible developer would and should. But there have been too many cases of "Our products' sh** don't stink and can do no wrong" for me to want to use it even if the bugs and useability WERE worked out. That's all I really have on the matter." }-
The respect works both ways.Often people post a complaint with little detail,then start flaming and disrespecting when an instant solution isn't provided.The majority of folks there are unpaid volunteers trying to assist with issues,some of which are extremely complex,why should they waste time on rude and obnoxious people?
Where I agree with you is that some fanboys won't hear of any criticism of CIS however minor,and rear up on anybody doing so.It can be frustrating to suffer issues with the software and to be harangued for pointing them out,it's unfortunate when reasonable people give up on finding a solution because of this.

-{ Quote: "The respect works both ways.Often people post a complaint with little detail,then start flaming and disrespecting when an instant solution isn't provided.The majority of folks there are unpaid volunteers trying to assist with issues,some of which are extremely complex,why should they waste time on rude and obnoxious people?
Where I agree with you is that some fanboys won't hear of any criticism of CIS however minor,and rear up on anybody doing so.It can be frustrating to suffer issues with the software and to be harangued for pointing them out,it's unfortunate when reasonable people give up on finding a solution because of this." }-

I agree wholeheartedly, if you act like a horses behind right off the bat, you SHOULDN'T expect a reasonable response. You're also right that when it comes to posts that state the software doesn't work or is giving errors, without also explaining what was being done at the time or what other software you have on the system, expecting clear, precise help isn't likely either.

However, I often found there that even when details were given, efforts had been made to self-diagnose, and the question was polite and to the point, the posts still managed to get "Comodo does no wrong, you do"-type posts, and not just from the general forum members. That's not the quickest way to get me to use their product, but that's me. As far as the product itself, I had trouble with CIS and the firewall itself, but I can't say that that makes it a bad product.

-{ Quote: "The respect works both ways.Often people post a complaint with little detail,then start flaming and disrespecting when an instant solution isn't provided.The majority of folks there are unpaid volunteers trying to assist with issues,some of which are extremely complex,why should they waste time on rude and obnoxious people?" }-
Let's stop kidding ourselves. Comodo's reputation for indulging in fanboyism is more than well-deserved. There are well-populated forums out there catering to other products with user bases multiple times the size of Comodo's, and many of them fail to suffer from such a disgusting reputation.

I may be only a reader there, but as far as I can tell there are certain Comodo company officials posting on the forums (I won't name who) who actually seem to actively encourage the fanboy culture. Advertising with exaggerated superlatives and theatrics, dispensing with the type of flattering and fawning that only the immature would fall for, and of course clamping down on dissent (I've once seen that particular company official claim that "like their products", he's good at "detecting and shutting down malicious intent" when he locked a thread by a user reporting a problem). It's a telling sign that you can hardly find people who actually know stuff on the Comodo forums, because they become disillusioned sooner or later; RejZor isn't the only one, though judging by the number of intelligent people still there, he may be the last.

-{ Quote: "Comodo's reputation for indulging in fanboyism is more than well-deserved. " }-
Agreed.

Comodo is unique.
I've used or seen others using Comodo 3.X a number of times and it's the only security app for which I find it necessary to keep my thoughts about the program itself completely separated from the enigmatic propagandists who promote it "110%".

-{ Quote: "The problem with some posters here (you know who you are) is that they want to have features from paid software suites incorporated to a FREE software suite." }-
No, not "want to have". Rather "are accustomed to having".

-{ Quote: " CAVS doesn't deal with executing malware either. They have made a business decision." }-
My observation is that CIS 3.8 AV resident scanner doesn't scan executables on-access. Anyone know if this is true?

CIS does scan files on-access just like other AV's do.

If I may, Id like to add a few points to this discussion.
As I said earlier, I do use CIS.
AV enabled, FW to safe, Defense and security level to safe and configuration to Proactive Security.
IMHO the the AV has improved since I started using it along with the rest of the suite.
I feel secure running CIS.

As to the forums and the posters, some there are definitely fanatics to the point that Comodo can do no wrong.
On the other hand there are some good people there also.
andyman35,:thumb: , who posts here regularly, tried to help me get CIS running on my Vista laptop. I just became frustrated and decided to wait for the next version.
Other posters have answered some questions I've had and some were never answered.
In a forum of that size there will be a mix of different people.
Some good and some bad.
I think a little patience, which I sometimes lack, is called for at times.
Starting with myself. 8)

Thanks RejZor

It's just that 'cfp.exe' seems too inactive when starting a large program for it to be checking.

You can try with EICAR. If it's detected, then it's working.

-{ Quote: "Thanks RejZor

It's just that 'cfp.exe' seems too inactive when starting a large program for it to be checking." }-

If you mean the Av then I know that it by default only checks files to the size of 20 MB. (something I dislike). But you can change that under Av > scanner settings.

The last time I tried the AV in CIS it marked one of my MP3's as a trojan. Imagine that. Haven't used it since. I'd imagine it must have been a weird FP and they would have corrected it by now. Seems there's still a long way to go. Free is good tho.

-{ Quote: "Let's stop kidding ourselves. Comodo's reputation for indulging in fanboyism is more than well-deserved. There are well-populated forums out there catering to other products with user bases multiple times the size of Comodo's, and many of them fail to suffer from such a disgusting reputation.

I may be only a reader there, but as far as I can tell there are certain Comodo company officials posting on the forums (I won't name who) who actually seem to actively encourage the fanboy culture. Advertising with exaggerated superlatives and theatrics, dispensing with the type of flattering and fawning that only the immature would fall for, and of course clamping down on dissent (I've once seen that particular company official claim that "like their products", he's good at "detecting and shutting down malicious intent" when he locked a thread by a user reporting a problem). It's a telling sign that you can hardly find people who actually know stuff on the Comodo forums, because they become disillusioned sooner or later; RejZor isn't the only one, though judging by the number of intelligent people still there, he may be the last." }-
I notice you selectively quoted only half my post there,missing out the part where I criticised the attitude of some fanboys on the forum.You have a great future in politics::)

I dislike aggressive fanboyism the same way I dislike forum trolls but alas both are a part and parcel of any web forums.It's wrong to tar the whole of Comodo with the same brush however.

Andyman, I think you have hit the nail on the head there, because I notice far more aggression here than you will find on the Comodo forum.

Many posters there are very young and like to have fun as well as discussing serious things, but it is full of people trying their best to be helpful and the general atmosphere makes their forum a pleasure to read.

Sure Melih is a showman and trying to spread his message without paying vast amounts for advertising. If you give a free product you have to restrict the budget surely.

I doubt whether you could access the CEOs of any of the paid competition.

-{ Quote: "Andyman, I think you have hit the nail on the head there, because I notice far more aggression here than you will find on the Comodo forum.

Many posters there are very young and like to have fun as well as discussing serious things, but it is full of people trying their best to be helpful and the general atmosphere makes their forum a pleasure to read.

Sure Melih is a showman and trying to spread his message without paying vast amounts for advertising. If you give a free product you have to restrict the budget surely.

I doubt whether you could access the CEOs of any of the paid competition." }-
Gee, I see Mike Nash of OA, Vlk of Avast!, others on their own forums and here at Wilders all the time, lots of other principals whose products i don't use but who provide interesting insight into where the industry is going. Prevx provides almost instantaneous full time support here for their users, with communication to their development team and management. Both here and on their own forums we talk to them regularly, and get real answers at that level instead of mostly showmanship and rhetoric and self-serving positioning. And I have yet to see them try to whip up the frenzy of the fanboys in either place as is done on the Comodo forum.
BTW, I don't know how you can describe the thread closures, banning, use of a Forum Policy Violation Board ( http://forums.comodo.com/forum_policy_violation_board-b111.0/ plus lots of stuff just removed from public view at Comodo as symptoms of anything but "aggression." But I don't post there, so probably miss much of the flavor, LOL.

~rant over Comodo~

-{ Quote: "Ok, they've banned my second account where i posted just regular posts without even the slightest negative tone.
What a f**king bunch of retarded morons. I hope they choke with their idiotic pride. I never thought there can be anyone this dumb. But oh well, it appears there are ppl like this. You help them get into Malware Research, offer unbiased feedback, your own free time to report bugs and offer suggestions and in return they ban you. Thats a nice way to say thanks to someone. ::)" }-

A sad day for the comodo community + comodo ofc.. (really I think so, not trying to be a sarcastic jerk..) :argh: :argh:

They obviously want bad publicity...

Interesting. Went to look at what was happening at Comodo, and discovered that one of the mods who disagreed with their plan to not test CAVS is no longer a mod (and made a post in RejZor's defense) and one of the members who agreed with him is now a guest (presumably banned). http://forums.comodo.com/general_discussion_off_topic_anything_and_everything/why_was_rejzor_banned-t37498.0.html;msg266968#new . So purging of the dissidents appears to be underway at Comodo. Does anyone know what happened to Gibran, BTW?

-{ Quote: "Interesting. Went to look at what was happening at Comodo, and discovered that one of the mods who disagreed with their plan to not test CAVS is no longer a mod (and made a post in RejZor's defense) and one of the members who agreed with him is now a guest (presumably banned). http://forums.comodo.com/general_discussion_off_topic_anything_and_everything/why_was_rejzor_banned-t37498.0.html;msg266968#new . So purging of the dissidents appears to be underway at Comodo. Does anyone know what happened to Gibran, BTW?" }-

I got a feeling the others in that thread will get warnings or bans too. This is exactly what I was talking about earlier, criticism is treason and the defense goes to the gallows with the "offender". *sigh* Again, not a knock on their product, but if the forums are handled that way, who bloody cares how could the product is.

It seems someone was a bit too trigger happy on their end, though i have to admit it i'm sometimes maybe too agressive when i'm trying to make a point.

-{ Quote: "It seems someone was a bit too trigger happy on their end, though i have to admit it i'm sometimes maybe too agressive when i'm trying to make a point." }-

To your defense RejZor, I'm not one to criticize software. After all, I program myself on the iSeries in some obscure language called RPGLE. But to get to the point, I believe the points you had been making all seem valid enough and Comodo should have at least tried some of the suggestions you did bring up. You do come off hard at times but that's life. Every software developer should expect some accolades and some criticism.

Just my .02 cents
Ice

-{ Quote: "You can try with EICAR. If it's detected, then it's working." }- -{ Quote: "If you mean the Av then I know that it by default only checks files to the size of 20 MB. (something I dislike). But you can change that under Av > scanner settings." }- Thanks guys. Been there, done that. :)
So, maintaining separation between the product and the hype (http://www.wilderssecurity.com/showpost.php?p=1439202&postcount=75), cred must go to the Comodo devs for scanning so much (.exe .bin .dll etc.) with so little (impact, that is!)


==========================================================


In the interest of encouraging mature, balanced points of view, the response by 'bobbybobbyyup' to the PCMAG review (http://www.pcmag.com/article2/0,2817,2333811,00.asp) has been a real hit with me since I frist saw it.

and then there's Melih Vision (http://www.youtube.com/watch?v=VtON10pQMbc&feature=channel_page)

Draw your own conclusions.

-{ Quote: "
...... and one of the members who agreed with him is now a guest (presumably banned).
" }-

If you're referring to who I think you are referring to, it's OK, as he has several other accounts there and is actively using them all. Again, assuming it's the one I'm thinking of, he wasn't banned. The user deleted his own account.

-{ Quote: "
Does anyone know what happened to Gibran, BTW?
" }-

Yes, I do. Although I don't think this is the most appropriate place to discuss this, I do not want this left hanging, given the current tone and emphasis on this topic, despite the original topic being about whether Comodo's AV has improved.

He decided to voluntarily stand down as a moderator. His input was, and still is, highly regarded and very much appreciated. He is still a member and he will be welcomed back as a mod whenever he chooses.

He's a nice guy and one that I still count as a friend.

CT :)

I'd be sorry to see anyone banned from Comodo merely for expressing an opinion contrary to that of the product developers.Unfortunately as is the case in the real world some mods get a bit giddy with power and let personal dislike toward other members cloud their judgement.:wacko:

You're a reasonable guy AM. Some people become so enthusiastic about a product, which is understandable, but that enthusiasm can sometimes lead to 'religous' type behaviour.

When it comes down to it, it's a program, that's all it is. And everyone likes to see programs improve.

Hey, if it starts to do what I want it to do, I won't hesitate in using it. :)

CT, thank you for the information. :)

-{ Quote: " Some people become so enthusiastic about a product, which is understandable, but that enthusiasm can sometimes lead to 'religous' type behaviour.

When it comes down to it, it's a program, that's all it is. And everyone likes to see programs improve.
" }-

I think sometimes what some people on forums don't realise is that while a reported issue may well be rare or hard to reproduce,that issue is a problem for the individual involved.Stock answers such as "hey it works fine for me" or "wait until version x,it'll be great" are of no help to those suffering BSODs or lockups with the product here and now.

In those circumstances people may well be justifiably irritated with the company in question and as long as they keep to the guidelines (no personal abuse,etc),shouldn't be censured for expressing their annoyance.

There's a world of difference between these people and the type of trolls that regrettably frequent every forum.

excuse me for just jumping in but comodo av'll include antimalware (boclean) functionality or does it allready?

would anyone consider comodos av enough or should I stick to avast home?

asking since I'm starting clean today, thanks.

Version 3.9 will have BOClean integrated and there were some words from devs that CIMA heuristics will be there too.
As for changing from avast!. Donno. Response time and FP's fixing is awful with Comodo. They seems to have massive problems with poly file infectors.
D+ does detect it at one stage but AV just isn't up to the task yet.
avast! on the other hand has superb detection of new Virut variants (Win32:Vitro), response on new samples is very fast and fixing FP's is just a question of hours usually. Thats something i'd usually not trade for anything else.

-{ Quote: "would anyone consider comodos av enough or should I stick to avast home?" }-
BOClean is a non-factor. Unless you want a HIPS, stick with avast.

-{ Quote: "excuse me for just jumping in but comodo av'll include antimalware (boclean) functionality or does it allready?

would anyone consider comodos av enough or should I stick to avast home?

asking since I'm starting clean today, thanks." }-

Probably not as good as Avast yet but Improving.
I'm running the whole suite with configuration in proactive security.
No problems and extremely lite.
Scan with MalwareBytes or SAS once a week just to be sure. :)

The situation will change when avast! 5 hits the net. It should arrive around june/july. I'm quite certain it'll rock the AV world (from the info i gathered from ALWIL team). :P
Thats what i was saying to Melih. Sure you're improving Comodo, but others are not standing still either.

-{ Quote: "Thats what i was saying to Melih. Sure you're improving Comodo, but others are not standing still either." }-
And that includes the bad guys as well. The Comodo of today may have made great strides against the malware of yesteryear, but when measured against today's malware scene... they're still right where they used to stand, unfortunately.

Not to sound like a fanboy here but they have made great strides. I have used many AV's and some I like and some I don't but Comodo is closing the gap on the big boys in the AV world. They are not there yet but closing in.

Ice

-{ Quote: "Interesting. Went to look at what was happening at Comodo, and discovered that one of the mods who disagreed with their plan to not test CAVS is no longer a mod (and made a post in RejZor's defense)" }-

Hi Ed :)

As you know I have good contacts with some Comodo Developers and with some Administrators/Moderators as well ( You were once such a good contact :) ). And from what I was told in confidence, that was defenately NOT the reason why he was removed from the Mod Team.

Greetz, Erik aka Red ).

Thanks Erik, just unfortunate timing then. My limited visibility seemed to indicate a shift of a lot of the work to the newer and less experienced mods these days (more easily influenced? ;) ), and he was someone who had been around for a while.
Regards, Ed.

-{ Quote: "And that includes the bad guys as well. The Comodo of today may have made great strides against the malware of yesteryear, but when measured against today's malware scene... they're still right where they used to stand, unfortunately." }-

Here you go again with the flaming, would you care to back up that opinion with a few facts?

-{ Quote: "Here you go again with the flaming, would you care to back up that opinion with a few facts?" }-
My dear fellow, not everything that disagrees with your pro-Comodo biases are flames. It was just a fact, plain and simple.

http://bbs.kafan.cn/thread-450322-1-1.html

Wish I could read Chinese as it doesn't make much more sense translated by Google lol.

-{ Quote: " but Comodo is closing the gap on the big boys in the AV world.
" }-

Any proof that Comodo is closing the gap on other Anti-virus? Seems to be a lack of testing.

-{ Quote: "Wish I could read Chinese as it doesn't make much more sense translated by Google lol." }-
I can't either, but it's not too hard to figure out. Sum up the 2nd and 3rd columns, divide them by the 4th, and you get the detection percentages listed in the 5th column. Seems like the testing is carried on a day-to-day basis.

-{ Quote: "Any proof that Comodo is closing the gap on other Anti-virus? Seems to be a lack of testing." }-
It's a universally accepted gospel truth and needs no proving. Expect all statements to the contrary, however, to be met with vigorous demands for evidence.

-{ Quote: "I can't either, but it's not too hard to figure out. Sum up the 2nd and 3rd columns, divide them by the 4th, and you get the detection percentages listed in the 5th column. Seems like the testing is carried on a day-to-day basis.


It's a universally accepted gospel truth and needs no proving. Expect all statements to the contrary, however, to be met with vigorous demands for evidence." }-

Seems more like spreading rumours to me Eice, you need to do better than that to be convincing.

-{ Quote: "Seems more like spreading rumours to me Eice, you need to do better than that to be convincing." }-
*sigh*

Well, it's none of my business what you choose to believe. I've presented the data, and if you insist on continuing to live in la-la land, I'm not here to preach to or convert you. As someone who has a fairly good idea of Comodo's abilities, I'm just here to answer a non-fanboy's honest question of whether he should go with avast! or Comodo.

-{ Quote: "*sigh*

Well, it's none of my business what you choose to believe. I've presented the data, and if you insist on continuing to live in la-la land, I'm not here to preach to or convert you. As someone who has a fairly good idea of Comodo's abilities, I'm just here to answer a non-fanboy's honest question of whether he should go with avast! or Comodo." }-
While I would agree with you in the sense that avast! is a better choice (oops! Type A vs. Type B thread, anybody?), you appear to give absolutely no credit to COMODO for their work: completely scrapping AV v2, spending months coming up with v3, improving v3, all the while having to keep their firewall up-to-par. Furthermore, you appear to have forgotten the thread title and poster's original question:

-{ Quote: "Just wondering since this last release it it worth trying now or is it still not there yet? Thanks" }-
country2: It's improved, but supposedly their new & improved heuristics are coming in v3.9. I had no troubles with CIS 3.8, but then again I'm a pretty cautious computer user and don't go looking for trouble.

Now, I await all the accusations of me being a COMODO fan boy; that seems to be the general trend here :thumbd: >:( .

No the CIMA heuristics are not coming until version 4.

Seems neither Eice nor I know where it is up to, but he is determined to spread fud whereas I am an optimist.

Mind you at my age that becomes important, as I cannot wait forever. Mmmm there is life away from the computer.

They've mentioned ease of use is a goal for some future version as well. Is v4 that milestone? Will automatic quarantining of found threats be default by then?

I simply never see a reason to not automatically fix known threats or detections through accurate heuristics unless it could affect something else (for example, Norton asks the user in that case, so he or she can make an informed decision). FPs are another thing - those should obviously never even appear in a finished product, so that can't be an argument against it IMO. Then every company can simply temporarily disable automatic cleaning for betas that have changes to detection functionality.

-{ Quote: "Any proof that Comodo is closing the gap on other Anti-virus? Seems to be a lack of testing." }-

This is true. There are really no authenticated AV tests that I'm aware of. Only my small independant tests and some others like removemalware.com etc. I only make the statement that they are closing the gap in that some malware samples I had, their first iteration would not recognize them but now it does. They seem to add more to the AV like heuristics and such but until they get into AV compartives and such, one will never know.

Ice

Does anyone get a bit tired of hearing how good the next version will be? We need protection NOW! Running against some of the standard test programs would at least help quantify how hard you need to work D+ for the various AV options, and whether the CAVS might be an option for other Firewall/HIPS combinations. And the next version of all these security programs will be better-as, unfortunately, will the malware. The malware will also not wait for the next release. WABOS.

-{ Quote: "Does anyone get a bit tired of hearing how good the next version will be? We need protection NOW!" }-

CIS D+ component alone already catches everything your setup (OA 3.5 full, Avast! 4.8, Prevx Edge, MVPS Hosts, Windows Defender, SAS/MBAM offline, Acronis True Image) can catch + probably more and the firewall is as good if not better than OA..

So what's the reason for bashing CIS for its security? "we need security now".. what a load of crap.
The AV ain't the best. I admit that.. But you are still protected against everything with CIS since its other components are superb.

The AV in CIS is unessential really. SInce CIS already has a 100% catch rate. Far better than any AV known to man.

=S

Hardly bashing to ask how good CAVS (or anything else) is at this point vs sometime in the future-I have no knowledge of that, and think that whatever the situation is is probably OK as long as users understand it and can deal with it. And decide whether to use CAVS now or wait a while. Certainly the party line is to avoid any impartial testing of the AV by itself, but faith based security is not for everyone. Obvious question Comodo refuses to answer, even though the tools are available: How does the AV compare to the ones we are familiar with at this point? And the answer immediately switches over to defending D+. But some think a HIPS or other such tool should augment whatever AV is used, not replace it. Of course OA and Outpost and a bunch of others also have a fine HIPS component that should work just as well as D+ (another unsubstantiated claim). Giving users a little current data might help them make decisions on what configurations they feel most comfortable with. Not everyone seems to feel comfortable with unsubstantiated claims for D+. And it is "protection" we need now, BTW.

-{ Quote: "Hardly bashing to ask how good CAVS (or anything else) is at this point vs sometime in the future-I have no knowledge of that, and think that whatever the situation is is probably OK as long as users understand it and can deal with it. And decide whether to use CAVS now or wait a while. Certainly the party line is to avoid any impartial testing of the AV by itself, but faith based security is not for everyone. Obvious question Comodo refuses to answer, even though the tools are available: How does the AV compare to the ones we are familiar with at this point? And the answer immediately switches over to defending D+. But some think a HIPS or other such tool should augment whatever AV is used, not replace it. Of course OA and Outpost and a bunch of others also have a fine HIPS component that should work just as well as D+ (another unsubstantiated claim). Giving users a little current data might help them make decisions on what configurations they feel most comfortable with. Not everyone seems to feel comfortable with unsubstantiated claims for D+. And it is "protection" we need now, BTW." }-

I agree with you about the AV..
But disagreed with the claim that CIS somehow do not offer protection NOW, it does since it got D+, the firewall and so on.

It's true that we can't tell how good or bad the AV component is since it rarely gets tested..
But all points to that it don't have as great detection as the big ones yet ex. Avira.. But protection is still there thanks to D+!

Sorry, I did not mean that CIS doesn't offer protection now; just that ignoring how well CAVS does that now and instead bringing up future capabilities, other components, and avoiding quantifying experiments is unsatisfying, and a disservice to the users. And really doesn't answer the OP. What I would expect to see is the story unfolding proving how CAVS is approaching the big boys in AVS protection, and when you add D+ and all the other neat features, you do even better. Instead we get too much faith and trust stories, instead of impartial testing and peer review. Not just a Comodo problem; I don't take Vlk or Mike Nash or anyone else as a substitute for demonstrating/proving it where they can, but they seem much more willing to go outside and to try to explain their rationale. ;)

-{ Quote: "CIS D+ component alone already catches everything your setup (OA 3.5 full, Avast! 4.8, Prevx Edge, MVPS Hosts, Windows Defender, SAS/MBAM offline, Acronis True Image) can catch + probably more and the firewall is as good if not better than OA.." }-
Do you have any proof of this? Somehow it seems unlikely that D+ is better than another top HIPS, a BB, multiple signature scanners and an image backup program.

-{ Quote: "So what's the reason for bashing CIS for its security? "we need security now".. what a load of crap.
The AV ain't the best. I admit that.. But you are still protected against everything with CIS since its other components are superb.

The AV in CIS is unessential really. SInce CIS already has a 100% catch rate. Far better than any AV known to man.

=S" }-
But most people (especially average users) don't have the knowledge the answer correctly 100% of the time Defence+ pop ups.

-{ Quote: "Seems neither Eice nor I know where it is up to, but he is determined to spread fud whereas I am an optimist." }-
It seems like not only are you denying the data, you're determined to pretend that they don't even exist as well.

Oh well. To each his own.

The fanboys can exploit the general lack of knowledge about how badly Comodo performs to chant how it's "catching up with the big boys", but there are people out there who are capable of performing their own testing and arriving at the facts. A smart move by Comodo to run away from testing, but not everyone's going to fall for it.

-{ Quote: "CIS D+ component alone already catches everything your setup (OA 3.5 full, Avast! 4.8, Prevx Edge, MVPS Hosts, Windows Defender, SAS/MBAM offline, Acronis True Image) can catch + probably more and the firewall is as good if not better than OA.." }-
D+ catches nothing. All it does is ask the user about anything and everything, and it's up to the user to do the catching. Imagine hiring a security guard who runs up to the office and asks the manager every time a customer enters the store and tries to take a step anywhere. And of course, when malware is stopped, it's all thanks to D+, when malware slips through, it's all the user's fault.

For the purposes of computer security, HIPS has always been a failed model, and I don't see that changing anytime soon.

-{ Quote: "Do you have any proof of this? Somehow it seems unlikely that D+ is better than another top HIPS, a BB, multiple signature scanners and an image backup program." }-

It really don't matter how well those other HIPS preforms. Since CIS already catches 100%, you can't beat 100% but you can score as well..

If someone claims they got some kind of sample able to totally bypass CIS then stop trolling and send it to me. :dry: :dry:

-{ Quote: "
But most people (especially average users) don't have the knowledge the answer correctly 100% of the time Defence+ pop ups.
" }-

True. But most people got some kind of malware installed without knowing. With CIS you at least get alerts for anything unknown. And won't have to relay on the flawed AV technology that catches like 20-40% of the new threats..

-{ Quote: "

D+ catches nothing. All it does is ask the user about anything and everything, and it's up to the user to do the catching. Imagine hiring a security guard who runs up to the office and asks the manager every time a customer enters the store and tries to take a step anywhere. And of course, when malware is stopped, it's all thanks to D+, when malware slips through, it's all the user's fault.

For the purposes of computer security, HIPS has always been a failed model, and I don't see that changing anytime soon.
" }-

While its true that D+ is a bit more "dumb" than a "BB" its also true that D+ is harder to fool. And D+ just don't alert "about anything", even if that was the case before. I welcome you to try the latest CIS beta, and see for your self how chatty it is.. Lot's have changes, ease of use has been greatly improved without lowering the security. :thumb: :thumb:

-{ Quote: "

D+ catches nothing. All it does is ask the user about anything and everything, and it's up to the user to do the catching. Imagine hiring a security guard who runs up to the office and asks the manager every time a customer enters the store and tries to take a step anywhere. And of course, when malware is stopped, it's all thanks to D+, when malware slips through, it's all the user's fault.
" }-
Well said..... It's a pretty ridiculous way to run a computer....

I've been warning over that for a long time and as always they disregarded my expert opinion that D+ is only good when expert is selecting allow/deny. But from what i know, the number of expert users is rather small in general. Yesterday i performed a quick proactive test of new 3.9 beta by throwing my massive archive of various junk at it.
It was actually doing really well, up to a point where i apparently executed a Sality sample and even though i know plenty about everything, i have at some point selected Allow where VirtualPC service requested access to some other program that by all characteristics appeared a legit activity. It was just one wrong action and whole system was infected beyond repairability (typical for Sality/Virut). Well it could be cleaned but most of the time it's just not worth it.
So only 1 wrong action and all the "100%" security goes down like a building after scheduled demolition. It's better in 3.9 than it was in 3.8 but still it depends on user's knowledge so much it can either have near 100% protection or near zero protection.

-{ Quote: "If someone claims they got some kind of sample able to totally bypass CIS then stop trolling and send it to me. :dry: :dry:" }-
I think aigle has already proved that quite well with Conficker. It's you who needs to stop your ridiculous "COMODO CATCHES 100%!" trolling claims.

-{ Quote: "While its true that D+ is a bit more "dumb" than a "BB" its also true that D+ is harder to fool." }-
You still don't get it. Who needs to fool D+? It's not the one doing the catching at all! :argh: The malware just needs to fool the user, that's it.

-{ Quote: "And D+ just don't alert "about anything", even if that was the case before. I welcome you to try the latest CIS beta, and see for your self how chatty it is.. Lot's have changes, ease of use has been greatly improved without lowering the security. :thumb: :thumb:" }-
Comodo's been claiming that since day one, the next version will be better/more usable, blablabla, they've started building up the hype even before CIS 3 was released, but each and every time it's nothing but the same old. I haven't tried the latest beta (I will when the final ver is released, though), but frankly I don't see anything in the changelog that even remotely suggests that this might be true.

-{ Quote: "I think aigle has already proved that quite well with Conficker. It's you who needs to stop your ridiculous "COMODO CATCHES 100%!" trolling claims.
" }-
Iam getting SICK and TIERD to tell this to everyone here at wilders..
Agie had added 4 various ALLOW RULES in CIS, yet it popped..

It even says MALWARE BEHAVIOUR and you get at least 11 popups in proactive, not one as reported. Its far from not catching it..

Read the COMODO thread about it instead, ALL FACTS ARE THERE..
And if you login you can see what really happens and how the popups look if CIS is started in normal or proactive.


https://forums.comodo.com/leak_testingattacksvulnerability_research/downadup_conficker_worm_versus_defence_plus-t33410.0.html

WITHOUT THE FOLLOWING CRIPPLING RULES THAT AIGLE DID:
-{ Quote: "

1- I allowed svchost.exe to creat any file anywhere otherwise I get too many alerts about it creating/ modifying file that was legit but bothersome for me.

Now here the malicious dll( vmx) and autorun files are created in USB devices via svchost.exe so during my testing it was a puzzle for me that which process is actually creating these files. I did not know until after many tries I found it out.

2- Similarly a dll in system32 is created by svchost.exe that my custom rules allowed silently.

3- I allow creation of tmp files globally without any pop up in my rules, so i never got an alert about creation of tmp file( ?driver) in this case.

4- More worse, just think of it. CFP intercept any dll execution by any process by default but it gives literally dozens of pop ups while executing legit applications, so i made a custom rule to allow any dll to be executed by any parent from anywhere.

Now if malicious dll is not spoofed as a vmx, you can guess what will happen. I will not get even a single alert and malware will execute n do its harm.
" }-

-{ Quote: "
You still don't get it. Who needs to fool D+? It's not the one doing the catching at all! :argh: The malware just needs to fool the user, that's it.
" }-

Sure you can fool a silly girl to even disable norton or avira.. But its not like that is needed. With CIS the user has to do fault.. With most products you don't even have to fool the user.. The user is totally unprotected, Just use a UD sample. Or acctually you have both options, Fool the user or the product.

-{ Quote: "
Comodo's been claiming that since day one, the next version will be better/more usable, blablabla, they've started building up the hype even before CIS 3 was released, but each and every time it's nothing but the same old. I haven't tried the latest beta (I will when the final ver is released, though), but frankly I don't see anything in the changelog that even remotely suggests that this might be true." }-

CIS is improving, at what I think A great speed.
All product needs time to develop, I think some has too high expectations.

But that don't mean they don't deliver as "promised".
I thought it was sad CIMA did not make it to this release, but well..

-{ Quote: "Iam getting SICK and TIERD to tell this to everyone here at wilders..
Agie had added 4 various ALLOW RULES in CIS, yet it popped..

It even says MALWARE BEHAVIOUR and you get at least 11 popups in proactive, not one as reported. Its far from not catching it..

Read the COMODO thread about it instead, ALL FACTS ARE THERE..
And if you login you can see what really happens and how the popups look if CIS is started in normal or proactive." }-
Sure. And to get those popups you can't even trust Windows system files. You can't even allow .tmp files that Windows creates and deletes like crazy by the thousands. You have to tell CIS to prompt you for every single frigging action performed by the OS, even for COM actions that force you to click "Allow" 4-5 times just to start a program, with a whole crapload more coming your way when the program actually tries to do anything. That's how you get your so-called "100% protection" - not to mention an unusable system.

At best that's called poor design, at worst it's just sheer stupidity. It's just a ploy by Comodo to push all security to become the responsibility of the user, yet take all the credit for "stopping" attacks. I can't believe there are actually people who buy this poop.

-{ Quote: "Sure you can fool a silly girl to even disable norton or avira.. But its not like that is needed. With CIS the user has to do fault.. With most products you don't even have to fool the user.. The user is totally unprotected, Just use a UD sample. Or acctually you have both options, Fool the user or the product." }-
Again, you still don't get it.

With other products, the malware first has to trick the user into going against common sense, and running or clicking on something they don't know to be safe. THEN it has to bypass the security software. With CIS, the user is the first, only, and last line of defense. CIS contributes nothing, because everything is up to the user. That's why fooling CIS isn't needed.

-{ Quote: "CIS is improving, at what I think A great speed.
All product needs time to develop, I think some has too high expectations." }-
Perhaps expecting a company to deliver more than empty promises is considered as "too high expectations" for you. It's the same with every CIS release, next version will be better! More usable! And then... poof. Same old.

But like I said, to each his own.

-{ Quote: "Sure. And to get those popups you can't even trust Windows system files. You can't even allow .tmp files that Windows creates and deletes like crazy by the thousands. You have to tell CIS to prompt you for every single frigging action performed by the OS, even for COM actions that force you to click "Allow" 4-5 times just to start a program, with a whole crapload more coming your way when the program actually tries to do anything. That's how you get your so-called "100% protection" - not to mention an unusable system." }-

You really like discussing how bad CIS is in every thread? the enjoyment of the day..? Why not pick on something else once in a while.. I saw a PC Tools Antivirus v. 6 thread just below, maby go in and bash it for not being up to avira is a great idea?

Actually if you just tried CIS latest you would realise that it don't pop for every safe application at all.. Thanks to the White list..
But if you like it to still pop for "safe" applications then you can still do that thanks to paranoid settings. Or if you like it to just pop for applications that got onto your computer after CIS then Clean PC mode is great!

-{ Quote: "
At best that's called poor design, at worst it's just sheer stupidity. It's just a ploy by Comodo to push all security to become the responsibility of the user, yet take all the credit for "stopping" attacks. I can't believe there are actually people who buy this poop." }-
I can't believe people actually pay for products that got worse or no better protection than all the free alternatives.

-{ Quote: "
Again, you still don't get it.

With other products, the malware first has to trick the user into going against common sense, and running or clicking on something they don't know to be safe. THEN it has to bypass the security software. With CIS, the user is the first, only, and last line of defense. CIS contributes nothing, because everything is up to the user. That's why fooling CIS isn't needed." }-
Bah, it got a AV, and it got a memmory scanner now as well, and D+ can remove threats when they are running just fine and makes sure not too much damage can be coursed. + common sense is all that is needed to understand when a program is bad, especially with CIS.

-{ Quote: "
Perhaps expecting a company to deliver more than empty promises is considered as "too high expectations" for you. It's the same with every CIS release, next version will be better! More usable! And then... poof. Same old.

But like I said, to each his own." }-

What do you mean.? Not improved usability eh? I think you simply overlook all improvements that has and are being made, CIS 3.8 had a huge impact on CIS usability, thanks to introducing a whitelist, 3.9 has not made any promises to be more user-friendly, yet it has.

But its really version 4 that they said usability will come, thanks to a new GUI.

-{ Quote: "With CIS you at least get alerts for anything unknown. And won't have to relay on the flawed AV technology that catches like 20-40% of the new threats.." }-
So users get alerts for everything and it's all their fault when they allow the malware? Also, there are other technologies other than D+ and AV. And according to AV-comparatives AVs detects around 40-70%, not 20-40%.

-{ Quote: "I can't believe people actually pay for products that got worse or no better protection than all the free alternatives." }-
D+ only has great security when it is used by an advanced users, which is the minority, and therefore not suitable for average users. Those other products have better usability which in practical terms equals to better security for average users.

-{ Quote: "So users get alerts for everything and it's all their fault when they allow the malware? Also, there are other technologies other than D+ and AV. And according to AV-comparatives AVs detects around 40-70%, not 20-40%." }-

Users don't "get alerted for everything". But it gets alerts for every bad one, + it gives alerts for "some" safe applications.

Its a default deny approach and might not suite some.. But it sure as hell works.

-{ Quote: " Also, there are other technologies other than D+ and AV. And according to AV-comparatives AVs detects around 40-70%, not 20-40%." }-

Sure might be the case.. 40-70% that's great.
All 100% are stopped with CIS default deny approach however.

-{ Quote: "D+ only has great security when it is used by an advanced users, which is the minority, and therefore not suitable for average users. Those other products have better usability which in practical terms equals to better security for average users." }-


Its suitable for avrege users yes. But wow do we define "works". In my experience it dosn't. I have installed CIS on many users computers, they all stayed clean.. After I gave them some instructions.

And I also installed and visited people with other various well known brands, usually their computer are slow + infected but the av says "Green light your computer is clean no virus found".. But its really not when you do some on demand scans, and manual checking. :wacko: :wacko:

They never even realise "hey I was hacked"

They just get "green light, system clean".. with no chance whatsoever to prevent the infection since detection just wasn't and still isn't there.

Uhh. I don't wanna be a part in all this CIS flameing anymore thats not why I joined, to defend CIS from unfair critic based on false facts (as the example with conflicker). This topic is not about the AV any more and Iam sorry about that.

I declare myself out of the discussion.:wacko: :wacko: And hope one day, we can have CIS discussions without all the flame, just as we can have PrevX threads, spybot, avira or OA threads with little/no irrelevant offtopic "got to bash the product posts" made by the same users on a regular basis.

As we know no product are perfected this apply to CIS as well.
Now you guys can post and get the last word as usual.

Claiming that Iam stupid or whatever.. or maby that I got no insight in nothing, or go into technical details or make up users that would all fail to use D+. Or refer to one more wrongly preformed test.. Or why not go to personal assault as I experienced before where claims are made that Iam silly.

It's funny that when you complain, they don't like that. But when you expect them to fix the things you complain about, they are not interested in fixing them either. And we complain again and they again don't like that.
This never seems to end.

-{ Quote: "Uhh. I don't wanna be a part in all this CIS flameing anymore thats not why I joined, to defend CIS from unfair critic based on false facts (as the example with conflicker). This topic is not about the AV any more and Iam sorry about that." }-
Well, the only thing that you have proved is that to get D+ to defend against Conficker, one has to be willing to suffer a bombardment of popups 24/7 and an unusable PC.

My 0.02€ about this whole conversation: you simply can not rely upon D+ to do the blocking.

In the end, it's the user that selects the action, and frankly we all know how confusing prompts can be (especially to a non-technical user). This simply will not work. This is great for power users though :)

It's good that Comodo keeps going with development.

Yeah, thats what I've been saying for sometime too about Defence + , it's only providing protection, if the user understands what each of the hundreds of Pop-ups mean. Lets not forget Malware can be really sneaky and appear to be something legitimate when infact it's not.

The testing is unfair, because the testers download malware and they know that the pop-up appearing will allow them to deny it, because they know for sure what it is. That's why comodo does so well in prevention tests, but forget tests and think about real life situations where the user has already been bombarded with tons of pop-ups, how can they know for sure what's malware and what's not? unless it's obvious.

Comodo can gloat about their bullet proof protection, but what they really offer is a very flawed sercurity solution coupled with a flaky Anti-virus.

Not being a fanboy here so please no flames. I've been using CIS on/off since its inception. I can say they expanded their white list with each version so the popups are minimal. The trusted Software vendors list seems to work now. The problem that I see with this product and you guys have hit on it already is the fact there are so many options to choose from. Sure you can take the defaults but I'm not sure this is the best security with the product. Right now I'm running it on (FW=Safe mode, D+=Clean PC mode and Stateful=AV). I have modified some of the options in D+ to get more security. Will a average user know to do this? I have tried running many apps and on my machine and I have had 1 or 2 popups. The Treatcast thing is a nice touch similar to DriveSentrys with how many users allowed/denied. I still feel they need some polish to make it bullet proof but I like it.

Just my .02 cents
Ice

-{ Quote: "It really don't matter how well those other HIPS preforms. Since CIS already catches 100%, you can't beat 100% but you can score as well..

If someone claims they got some kind of sample able to totally bypass CIS then stop trolling and send it to me. :dry: :dry


" }-

While I'm an admirer of CIS it's misleading to state that it catches 100% of threats.I can give you a simple scenario now.

A user finds this great new anti-spyware application whilst surfing,lets call it XPAntispyware Gold.Having read the awesome reviews on the site they decide to supplement CIS and install it.They then pop D+ into installation mode to prevent all the pop-ups which after all are quite normal when installing a security product,clicking Allow on any that do arise of course.

There you have it,system compromised without any requirement to circumvent D+ because the user did the job for them! Yes D+ is very good at notifying unauthorised activity,but offers zero protection against the user himself.

-{ Quote: "While I'm an admirer of CIS it's misleading to state that it catches 100% of threats.I can give you a simple scenario now.

A user finds this great new anti-spyware application whilst surfing,lets call it XPAntispyware Gold.Having read the awesome reviews on the site they decide to supplement CIS and install it.They then pop D+ into installation mode to prevent all the pop-ups which after all are quite normal when installing a security product,clicking Allow on any that do arise of course.

There you have it,system compromised without any requirement to circumvent D+ because the user did the job for them! Yes D+ is very good at notifying unauthorised activity,but offers zero protection against the user himself." }-
It seems like their argument is that then it is the user's fault and Comodo did not fail at all. :dry:

-{ Quote: "While I'm an admirer of CIS it's misleading to state that it catches 100% of threats.I can give you a simple scenario now.

A user finds this great new anti-spyware application whilst surfing,lets call it XPAntispyware Gold.Having read the awesome reviews on the site they decide to supplement CIS and install it.They then pop D+ into installation mode to prevent all the pop-ups which after all are quite normal when installing a security product,clicking Allow on any that do arise of course.

There you have it,system compromised without any requirement to circumvent D+ because the user did the job for them! Yes D+ is very good at notifying unauthorised activity,but offers zero protection against the user himself." }-

This is where a very good white list might come in handy and prevent the user from installing the rogue app. DriveSentry does this very well. Hopefully Comodo's white list can be as powerful as that.

Ice

Ice

With all due respect to COMODO and Defense+ (I used to have in one system, before I was told a bug totally blocking access to the Desktop wasn't a top priority to be fixed.), pretty much everything is unknown.

The fact is that it lacks a great database of well-known and digitally signed applications (whilelisting), which would make everything so much easier. Even unknowledgeable users would be able to run it in full power, and only get alerts for everything, which would be the unknown processes/applications.

This is just to state my view as a former user, and someone who still tests it, to see how it evolves.

COMODO claims that each version reduces alerts.... Heck, why shouldn't it? Pretty much all advanced settings are off, with default installation, which is what most people would use.

Yes, sure, keylogger protection is provided by their AV. Sure... Until it isn't... Like everything else, uh?

Since the actualy CIMA heuristics aren't coming until v4, how will integrated BOClean affect detection rates, if any? Should it improve the amount of malware caught, or why is COMODO integrating it?

Also, how good are the CIMA heuristics? Do you guys think they're a giant leap forward, a small one, or (heaven forbid :-\) not a step forward at all?

The reason I ask both questions is because I have used neither BOClean or CIMA online. Now, it's obvious to me from reading this thread that we have a few people who dislike CIS for whatever reason. All I ask is that if you are going to be kind enough to answer my questions, please answer them honestly. There's a reason I asked my question here and not at the COMODO forums, but there is no reason to start throwing out more comparisons with other security products, especially for my second question.

Well, current heuristics are worthless crap. It's just detecting packers and thats it. CIMA however works similar to Norman Sandbox (since most are familiar with it). So yeah, that will be a significant upgrade.
Memory scanner, well, Melih is placing huge bets on it, but i think it'll only catch something here and there and will not make a huge difference. It'll benefit from BOClean signatures though since they are now merged in CIS.

-{ Quote: "Since the actualy CIMA heuristics aren't coming until v4, how will integrated BOClean affect detection rates, if any? Should it improve the amount of malware caught, or why is COMODO integrating it?" }-
TBH I've never been impressed with BOClean. Due to how it works it cannot stop threats before they activate, it only scans memory every few seconds and shuts down detected threats. Of course, if the threat is found in memory god knows what it's done already.

Until Comodo can raise the AV module from the poopy heap, CIS's biggest feature continues to be D+.

Actually the memory scaning is performed on execution and not on fixed intervals (even though thats also the case).

-{ Quote: "Actually the memory scaning is performed on execution and not on fixed intervals (even though thats also the case)." }-
Given the complexity of some packers today, that's a very unreliable mechanism AFAIK, simply because you cannot determine which instruction eventually causes the executable to be unpacked to memory.

Do you have any further details on this?

-{ Quote: "This is where a very good white list might come in handy and prevent the user from installing the rogue app. DriveSentry does this very well. Hopefully Comodo's white list can be as powerful as that.

Ice

Ice" }-
With all due respect the only defence against rogue applications is blacklistin.Heuristics(CIMA or otherwise) won't help at all simply because there's little to differentiate a rogue AM from a legitimate one in terms of code structure.All CIMA might say is "suspicious because this program is attempting to perform action A,B.or C" all of which a genuine security utility could do also.Most rogues are not malware in the traditional sense of the word,just in the end result.

-{ Quote: "Its a default deny approach and might not suite some.. But it sure as hell works" }-

Thats not a default deny approach, its a default you decide approach. A default deny is what you get from an Anti Executable - no choice, its simply stopped in its tracks, not allowed to run.

-{ Quote: "Most rogues are not malware in the traditional sense of the word,just in the end result." }-

BRAVO! And that is exactly the point. Don't compare yourself with the average user. If you read that here then you're a couple of steps ahead of them because you do know you need security. The average user doesn't even understand that! So how do you expect him to make the right decision?

If user education would have worked we wouldn't even have a malware problem!


You really need to tell users "Yes, we HAVE SEEN IT. We had it in our labs, someone had a look at it and it's REALLY BAD, NO DOUBTS about that."

And *that* you can only do with blacklisting and a proper threatname for the sample.

I'm not saying that all the other defense stuff is useless but it is highly ineffective as soon as a unexperienced user is making decisions the software should do.

Hi,

I must say that I am amazed by such Comodo bashing going on in this thread. As it stands now, I myself do not use Comodo as it is not usable enough and I want protection without interference. Therefore I do agree that Comodo has to do a lot more to make its HIPS more intelligent and it also needs to improve the detection of the AV and has to prove itself both in tests and in the real world.

However I do not understand why people are criticizing every part of Comodo-Av, Defence+, Heuristics, GUI, forum and its members and even the CEO. This is really unfair and you should all acknowledge that they are working hard on the product and though it is not the best today, it is improving rapidly and soon many users throughout the world will be able to benefit given that it is a FREE product.

To conclude, I would say that the more Comodo makes progress, the more it will be subject to mass criticism because Comodo being free both for individual and commercial uses, represents a direct threat to other companies in the security industry. However I still believe that this forum will be up to its reputation and when Comodo finally becomes a good product, people here will give it its credits like they have done with NIS 09.

Thanks.

Oh well, only a few people here are still doing their best to discredit everything about Comodo. I am sure those with an open mind and no hidden agenda will follow their progress with much interest. There will always be posters on any forum trying to cause dissent, it is known as trolling of course.

http://www.genesbmx.com/trolls.jpg

-{ Quote: "Hi,

I must say that I am amazed by such Comodo bashing going on in this thread. As it stands now, I myself do not use Comodo as it is not usable enough and I want protection without interference. Therefore I do agree that Comodo has to do a lot more to make its HIPS more intelligent and it also needs to improve the detection of the AV and has to prove itself both in tests and in the real world.

However I do not understand why people are criticizing every part of Comodo-Av, Defence+, Heuristics, GUI, forum and its members and even the CEO. This is really unfair and you should all acknowledge that they are working hard on the product and though it is not the best today, it is improving rapidly and soon many users throughout the world will be able to benefit given that it is a FREE product.

To conclude, I would say that the more Comodo makes progress, the more it will be subject to mass criticism because Comodo being free both for individual and commercial uses, represents a direct threat to other companies in the security industry. However I still believe that this forum will be up to its reputation and when Comodo finally becomes a good product, people here will give it its credits like they have done with NIS 09.

Thanks." }-

Yes there is some unwarranted Comodo bashing around these forums,but I'm not one of them.Speaking for myself personally it's a great application (Defence+) but it's not a panacea for all security problems.As Inspector Clouseau (a top tier developer) points out there's only so far you can go with the user being responsible for themselves,at some stage the product has to step in and save the non-tech users from sometimes extremely cleverly created malware.

If the Comodo AV component progresses as promised then a major drawback to CIS will be eliminated.

-{ Quote: "BRAVO! And that is exactly the point. Don't compare yourself with the average user. If you read that here then you're a couple of steps ahead of them because you do know you need security. The average user doesn't even understand that! So how do you expect him to make the right decision?

If user education would have worked we wouldn't even have a malware problem!


You really need to tell users "Yes, we HAVE SEEN IT. We had it in our labs, someone had a look at it and it's REALLY BAD, NO DOUBTS about that."

And *that* you can only do with blacklisting and a proper threatname for the sample.

I'm not saying that all the other defense stuff is useless but it is highly ineffective as soon as a unexperienced user is making decisions the software should do." }-

No I copyrighted that soundbite myself;D

I agree that for this type of threat there's no substitute for a clear "this is malware" instruction that anyone can understand.There are a lot of very computer literate folk here but I'll bet that a lot of them have had to research a security application at some time to see if it's a rogue or not,it's very hard to tell good from bad in many cases.

-{ Quote: "With all due respect the only defence against rogue applications is blacklistin.Heuristics(CIMA or otherwise) won't help at all simply because there's little to differentiate a rogue AM from a legitimate one in terms of code structure.All CIMA might say is "suspicious because this program is attempting to perform action A,B.or C" all of which a genuine security utility could do also.Most rogues are not malware in the traditional sense of the word,just in the end result." }-

Oh. Maybe I got my black/white list wrong. Sorry.
Ice

RejZor and Eice, thank you both for your responses. I'll be looking forward to CIS v4, then :) .

-{ Quote: "This is really unfair and you should all acknowledge that they are working hard on the product and though it is not the best today, it is improving rapidly and soon many users throughout the world will be able to benefit given that it is a FREE product." }-
Very well put :thumb: .

-{ Quote: "I think aigle has already proved that quite well with Conficker. It's you who needs to stop your ridiculous "COMODO CATCHES 100%!" trolling claims.
" }-
Sure it was not a bypass, just i thought that warning pop ups could be better.

BTW any HIPS( including) CFP can be bypassed but sure it is not common and even less important if it is fixed early.

Wow, Comodo really fires up a conversation, doesn't it? Guys, nothing is foolproof or "100%". Anyone who believes that should just stop posting, seriously. HIPS mainly relies on user decisions, and when the vast majority of users are asked to make a decision, sh**s gonna go bad real quick. I don't care how good Comodo supposedly is or how bad it supposedly is, one wrong move and Comodo goes down the comode along with the computer it's running on.

Again, I have no problem with Comodo the software, I DO have an issue with their staff, but that was discussed elsewhere here. You guys can throw rocks at each other and call each others mamas' names all day if you please, but no matter which side of the argument you take, your "precious Comodo" or your "arch enemy Comodo", is gonna go down in big, orange flames when Average Joe and/or little Jimmy or Janet decides they want to play that game they downloaded, whether Comodo says it's bad or not, or answers allow when they should have answered block.

All i'm afraid of is that Comodo may become a victime of its own success.
That happens when you are over confident about your product but its capabilities are just not yet up to the task.

-{ Quote: "D+ only has great security when it is used by an advanced users, which is the minority, and therefore not suitable for average users. Those other products have better usability which in practical terms equals to better security for average users." }-

Yes, but so we have a software as KIS 2009 who decides all by itself, with preconfigured and defaults rules, and if you are an advanced user you have a big work to change and to restrict them as you want. Not for me.

-{ Quote: " HIPS mainly relies on user decisions, and when the vast majority of users are asked to make a decision, sh**s gonna go bad real quick" }-

Agree completely therefore in regard to HIPS I prefere policy management either implemented through the OS, or by programs like DefenseWall and GeSWall.

Additional policy HIPS focuss on the threat gates in stead of all applications and the OS internals, so this by nature makes much easier to become quiet applications: the trusted - untrusted decision is made for you.

Another big advantage of white listing over black listing is that a black list can't be 100% complete, a white list which focusses on internet facing aps can (because the known good Internet facing is an inverted blacklist, these are applications known to be vulnarable due to the fact they communcate with the outside world and hence are posisble entry point for malware).

This are the key words for security:
a) Usability/user friendliness (how easy is it to answer correctly after an pop-up, or remove/reduce the option to choose while maintaining full functionality in a transparent way)
b) Staying out of risky places (reduces chances of infection and a possible wrong answer to a pop-up)
c) Reducing the attack surface (contain threat gates by policy)
d) Ability to cover the scope of the defense mechanism completely
e) The architecture and quality of the software (like when Chrome was implemented with an old Webkit version which made Chrome inherit the exploits of that version)

When combining network and application level (white list) policy with a traditional black list solution, you can not go wrong IMO

Regards Kees

-{ Quote: "
Yes, but so we have a software as KIS 2009 who decides all by itself, with preconfigured and defaults rules, and if you are an advanced user you have a big work to change and to restrict them as you want. Not for me.
" }-

You're (and most of others) are not thinking appropriate for the situation.
The best design is to have a dumbed down fully automated features enabled by default and an option to change all that for advanced users.
So it works great out of the box for completely inexperienced users, while it also provides power and control for advanced users.
Because doing it the other way around is just not realistic.
Normal users just expect programs to work and do its job with as little popups, warnings and interuptions as possible.

Also, if changing from basic control is "a big work" for you, then how would a casual user feel doing the other way around?
That would be like mission impossible for him/her.

-{ Quote: "

Also, if changing from basic control is "a big work" for you, then how would a casual user feel doing the other way around?
That would be like mission impossible for him/her." }-

Ya, sure, but I spoke about KIS 2009: it's impossible to install it not in Installing mode, alone any rules, and to create rule for rule by zero, as others fw and HIPS let do. And it's impossible to delete all the rules: the default rules, i.e. these for the fw, can only to be edited. It's not my idea of a configurable and granular HIPS/fw.

-{ Quote: "Also, if changing from basic control is "a big work" for you, then how would a casual user feel doing the other way around?
That would be like mission impossible for him/her." }-

-{ Quote: "Ya, sure, but I spoke about KIS 2009: it's impossible to install it not in Installing mode, alone any rules, and to create rule for rule by zero, as others fw and HIPS let do. And it's impossible to delete all the rules: the default rules, i.e. these for the fw, can only to be edited. It's not my idea of a configurable and granular HIPS/fw. " }-

You guys are close to agreeing in parts. KIS 2009 and CIS are extremes and represent examples of what each of you doesn't like.

EDIT - REMOVED.

DF, I agree Comodo is powerful program, but the argument still remains, currently it is a powerful program in the hands of an 'experienced' user. In the near future it may be more user-friendly.

And currently it's a powerful program in anti-virus tests where the user knows an alert will be produced, and knows to select 'deny'.

But in every day situations, some inexperienced users who think they can handle a program suited to more intermediate and experienced users, might experience more problems then solutions.

I agree all AV companies are playing catch-up, as they can't detect malware which they have previously not seen. But AVs are still accepted in the community as being a user-friendly approach, even though many still struggle with them.

It's taken years, but people have finally caught on, 'hey I need an AV - hang on, I'll get Norton'. Yet these people still struggle to handle the 'one alert' thrown-up a week, let alone one alert a month. They might still pick up the phone and call say the family member who installed the program and say, 'hey AV found a virus, should I delete it?'.

The even better programs for inexperienced users (who are the significant majority of the population, the key target group a company must focus on to earn some $$ to recover for the development costs) will quarantine the threat automatically, without any user interaction.

Yes the AV can get the file wrong, but this is usually a rare situation, in far more instances these programs get the answer right.

So it still remains, Comodo has a way to go before being user-friendly - allowing inexperienced users to use the program.

User-friendly also meaning - minimal interaction, automatically taking care of risks, and allowing the user to use their computer for the main reason they bought their computer.

People are always using car analogies on here, so I'll throw one in. People take their car to a mechanic for the mechanic to solve any problems. People buy an AV for the program to solve any problems.

A program which throws up a lot of alerts is like a mechanic giving you a call every 15 minutes while your car is at the workshop, saying, 'should I replace the oil filter', you reply 'yes', then 15 minutes later calls again, 'should i rotate your tyres', then later on 'do you think your clutch needs replacing'. The customer's reply is going to be 'I don't know, I thought you were the expert, not me!'.

-{ Quote: "Seriously. What Antivirus can detect everything? Even your software (VIPRE, Sunbelt) Can't detect every single malware out there." }-
Unfortunately, it's still better than what CIS has to offer: a poopy antivirus, a failed prevention model, and a whitelist that the fanboys keep promising "is getting better".

You know, I've got nothing against the product, but why not wait until it actually arrives and THEN make these sort of claims?

-{ Quote: "DF, I agree Comodo is powerful program, but the argument still remains, currently it is a powerful program in the hands of an 'experienced' user. In the near future it may be more user-friendly.

And currently it's a powerful program in anti-virus tests where the user knows an alert will be produced, and knows to select 'deny'.

But in every day situations, some inexperienced users who think they can handle a program suited to more intermediate and experienced users, might experience more problems then solutions.

I agree all AV companies are playing catch-up, as they can't detect malware which they have previously not seen. But AVs are still accepted in the community as being a user-friendly approach, even though many still struggle with them.

It's taken years, but people have finally caught on, 'hey I need an AV - hang on, I'll get Norton'. Yet these people still struggle to handle the 'one alert' thrown-up a week, let alone one alert a month. They might still pick up the phone and call say the family member who installed the program and say, 'hey AV found a virus, should I delete it?'.

The even better programs for inexperienced users (who are the significant majority of the population, the key target group a company must focus on to earn some $$ to recover for the development costs) will quarantine the threat automatically, without any user interaction.

Yes the AV can get the file wrong, but this is usually a rare situation, in far more instances these programs get the answer right.

So it still remains, Comodo has a way to go before being user-friendly - allowing inexperienced users to use the program.

User-friendly also meaning - minimal interaction, automatically taking care of risks, and allowing the user to use their computer for the main reason they bought their computer.

People are always using car analogies on here, so I'll throw one in. People take their car to a mechanic for the mechanic to solve any problems. People buy an AV for the program to solve any problems.

A program which throws up a lot of alerts is like a mechanic giving you a call every 15 minutes while your car is at the workshop, saying, 'should I replace the oil filter', you reply 'yes', then 15 minutes later calls again, 'should i rotate your tyres', then later on 'do you think your clutch needs replacing'. The customer's reply is going to be 'I don't know, I thought you were the expert, not me!'." }-

I completely agree with you.

Yes, CIS does have work to do for usability. But All I am saying is the Suite alone is only 5 months old, Including the AV. Yes, It has taken time for people to get use to AV a while ago, And now days even a Teenagers friend saids the word "virus" and thinks of virus protection.

However... I understand what Comodo is doing. People are still using detection to protect them selves and Comodo is trying to change the old technology we use to a new, much more far more effective one. I am sure Comodo will make CIS user friendly without any user interaction, while still maintaining prevention first.

-{ Quote: "
You know, I've got nothing against the product, but why not wait until it actually arrives and THEN make these sort of claims?" }-

Wait and see. ;) No Claims, No Promises.

Sorry if I go off topic here but, with CIS their greatest strength is their greatest weakness and that is the options. There are just so many options for the average user that he/she dosen't know what is right or wrong. However, with an experienced user it is a dream come true. Fine tune all you want. When Comodo establishes a big white/black list, then they should work on some sort of install option for users that don't want to see all the options present and ones that do.

Just my .02 cents
Ice

-{ Quote: "Sorry if I go off topic here but, with CIS their greatest strength is their greatest weakness and that is the options. There are just so many options for the average user that he/she dosen't know what is right or wrong. However, with an experienced user it is a dream come true. Fine tune all you want. When Comodo establishes a big white/black list, then they should work on some sort of install option for users that don't want to see all the options present and ones that do.

Just my .02 cents
Ice" }-

The completely new GUI usability overhaul in CIS v4 is going to solve this issue. It will be for novices and Experienced users.

CIS v4 is due a few months after v3.9 is released.

-{ Quote: "Seriously. What Antivirus can detect everything? Even your software (VIPRE, Sunbelt) Can't detect every single malware out there. Let's look at new malware. There is no way that every AV Company is going to detect all the new 30k-40K malware released every day. Yes you see WHAT YOU HAVE HAVE found in your AV labs, Playing the catch up with the malware providers and then new malware are coming in and people are getting infected, Then you create a signature. This is the ISSUE today, Just rely on detection based solutions such as AV. No, You can't just say you seen a malware in the labs and have created a proper threat name for it and that's all you need. So what? You're not going to detect everything. AV's can't detect 100% of malware, Actually no protection solution is 100%. It simply dosen't exist. However, With a Whitelisting approach and Prevention as first line and detection it is MUCH better then just relying on a threatname and blacklisting. CIS is already building heavy on whitelisting.

This is why Comodo Internet Security is building a layered security architecture with Prevention, Detection Cure where Prevention comes first and not detection. And now usability for CIS is huge, especially in the latest v3.9 beta." }-

The point he was making is that in regard to rogue AMs,which are a prevailent threat now (because they work),none of these pro-active measures will do any good if the user believes they're installing a genuine application They'll simply skip over any warnings because they are installing it themselves willingly,a threatname and blacklisting is the only defence in this instance.The best pro-active defence would be for the user to thoroughly research before installation,all D+ can do is inform the user what the installation is doing on their system,not the intended motive behind it.

-{ Quote: "The point he was making is that in regard to rogue AMs,which are a prevailent threat now (because they work),none of these pro-active measures will do any good if the user believes they're installing a genuine application They'll simply skip over any warnings because they are installing it themselves willingly,a threatname and blacklisting is the only defence in this instance.The best pro-active defence would be for the user to thoroughly research before installation,all D+ can do is inform the user what the installation is doing on their system,not the intended motive behind it." }-

Ah. I misunderstood. Sorry, I edited my previous post. Yes it's true... Rouge Application, Users cant differentiate between a good, legitimate AV product and a Rouge one. :(

Once their AV picks up some steam, hopefully they will offer it as a standalone product (rather than enabling/disabling).

There will be plenty of inexperienced users, who fear firewall programs, that will use the AV as the Comodo name is not only well known, but it's considered a trustworthy company.

Agree with IceCube. Experienced user, Comodo shows you every single thing that is happening, every step of the way. Inexperienced, they don't care about much, just want to visit sites like facebook.

Comodo always seem to imply that every AV company is just using blacklisting while their D+ is so great, but that's not true. While Comodo is improving, so is every other AV and malware as well. IMHO Comodo's advertising claims are rather deceptive.

Have you guys seen how quite CIS v3.9 Beta is?

One Click Allow & One Click Block Alerts introduced too.

-{ Quote: "Have you guys seen how quite CIS v3.9 Beta is?

One Click Allow & One Click Block Alerts introduced too." }-

I agree.
The Beta is very quiet and I have yet to see any major problems.
Looking forward to the release. 8)

CIS v4 will be awesome. Here (https://forums.comodo.com/feedbackcommentsannouncementsnews_cis/cis_comments_from_nonexpert_user-t37848.0.html;msg270920#msg270920) and here (https://forums.comodo.com/feedbackcommentsannouncementsnews_cis/to_melih_can_i_ask_why_cima_was_not_integrated_into_39_beta-t37849.0.html;msg270910#msg270910) Melih talks about Time Machine, Behavior Blocker and Sandboxing in CIS for v4. This will bring great Security and usability.

-{ Quote: "Have you guys seen how quite CIS v3.9 Beta is?

One Click Allow & One Click Block Alerts introduced too." }-

Main problem is that it's too quiet when it should be chatty.
I've tested against loads of samples and in pretty much all cases after execution, nothing happened. Malware did not execute and D+ did not show any message that something was completely blocked.
Thats bad actually as you can't know what happened. Did program failed to run, CIS blocked it or what really happened.
Imagine antivirus that detects and blocks malware but doesn't give you ANY notification what so ever? Thats not really practical.

Sounds good. Don't get me wrong, I am looking forward to their product getting better.

In those threads, the user 'Wibble', I tend to agree with his post. Hopefully too much cramming doesn't lead to endless bugs.

And Melih's reply that users are increasing. That's all very well, but are those one million new users a month retaining the product, or simply installing and then uninstalling. His figure of '5% uninstallation' I can't quite digest.

The old saying, 'I bet my left nut', I'd apply here at the start of the next sentence. All products, would have an uninstallation figure higher than that, say at least 10 per cent, due to general curiosity in trying products, and even the conflicts (BSODs) that may occur.

For example, I could recommend a product to three users here, and guarantee, one of them will uninstall the product in the first day. The other most likely after a week just to try something else, and the other might keep it. But what about the general population? True they would keep a product on for much longer, as they wouldn't know how to install or uninstall a product. I still think Comodo appeals to many technical savy users, and these users know about many products, and are continually changing setups.

So without harping on his reply, I thought he'd be more along the lines of, 'we'll take that on-board, and look at our program closely over the next several months whether stand alone or integrated setups suit our users best'.

Well the 70000 total forum members out of the godzillion users sure put out a lot of bug reports and have a lot of problems, as well as those who join mostly to be enthusiastic. What do the others do? My experience with users is that if there is a problem with new software, the average user either removes it and tries something else or goes somewhere for advice. So either only ~ .2% of these new users have any issues/questions/praise or Comodo's method of counting is a bit optimistic.

-{ Quote: "Main problem is that it's too quiet when it should be chatty.
I've tested against loads of samples and in pretty much all cases after execution, nothing happened. Malware did not execute and D+ did not show any message that something was completely blocked.
Thats bad actually as you can't know what happened. Did program failed to run, CIS blocked it or what really happened.
Imagine antivirus that detects and blocks malware but doesn't give you ANY notification what so ever? Thats not really practical." }-
Have you checked the D+ logs?

Yeah, trilions of items. Do you think i want to filter all that by hand? No thanks.
But i would appreciate that upon of execution of malware with name server.exe, i would get one popup saying server.exe was bad and wass completely blocked. Thats what all antiviruses and behavior blockers do.
And HIPS. Not that you have to literally debug a program why nothing happened after execution. Sure it blocks malware but you don't know what happened really either. No feedback by the program.
Just that square popup above taskbar would be enough, notifying the user of blocked actions and then automatically dissapearing after few seconds.

-{ Quote: "Yeah, trilions of items. Do you think i want to filter all that by hand? No thanks.
But i would appreciate that upon of execution of malware with name server.exe, i would get one popup saying server.exe was bad and wass completely blocked. Thats what all antiviruses and behavior blockers do.
And HIPS. Not that you have to literally debug a program why nothing happened after execution. Sure it blocks malware but you don't know what happened really either. No feedback by the program.
Just that square popup above taskbar would be enough, notifying the user of blocked actions and then automatically dissapearing after few seconds." }-

I'm sure you looked at this but there is an option to automatically quarantine threats in the AV options. (Realtime and Schedule).

Ice

D+ has nothing to do with AV settings...

-{ Quote: "D+ has nothing to do with AV settings..." }-

Nothing to do with D+. The AV component has optional settings to automatically quarantine. I agree with you, I would never want that. The user should always be informed of a baddie on the system. Under the AV component/Common Tasks/Scanner Settings/ You will see the automatic quarantine thing. I'm not sure if this is the issue. In DriveSentry they had something similar and if you weren't looking on the lower right hand of the screen, you would miss the 2 second popup. It would auto quarantine by default.

Ice

-{ Quote: "The user should always be informed of a baddie on the system.

Ice" }-

And users like myself prefers less message if possible. As long as the choice is there (more vs less messages), is that a problem?

http://internetsecurity.comodo.com/updates/vdp/database.php

the AV is getting there guys. :)

Cheers,
Josh

-{ Quote: "http://internetsecurity.comodo.com/updates/vdp/database.php

the AV is getting there guys. :)

Cheers,
Josh" }-

Josh, I've been warned by other members that the AV produces FPs, a reason why I shouldn't run it in automatic mode ATM. Is this only because of the beta state of the new 3.9, and will this not be the case with v4?

-{ Quote: "I'm afraid the FPs are nothing much to do with the product being in Beta. They are trying to improve it, though, and they fix the FPs very quickly if you submit it to them.

I'm still trying to find an alternative Antivirus to try out in the mean time, to go with Comodo Firewall and Defense+. I might create a new thread for this!" }-

If you mean a free one, I would personally choose PCTAV since it also features a memory guard and should be effective in automatic operation (me'sa'like ;D) - AVG has proven itself to me it's not when run automatic and sometimes even not interactive. I would use AntiVir Personal, but it can't be set to automatic in the free version and can be a pain in the butt when in interactive mode. :-\

Why?has it been ill?

-{ Quote: "
One Click Allow & One Click Block Alerts introduced too." }-
What do u mean by this? Alerts are same( i use alerts with all options).

-{ Quote: "If you mean a free one, I would personally choose PCTAV since it also features a memory guard and should be effective in automatic operation (me'sa'like ;D) - AVG has proven itself to me it's not when run automatic and sometimes even not interactive. I would use AntiVir Personal, but it can't be set to automatic in the free version and can be a pain in the butt when in interactive mode. :-\" }-
I think its memeory guard is not available in XP but I am not sure. Any idea how does thgis works? Memory scanning in real time? CPU spikes? Any testing done with it?
I wanted to try but the install on XP in the past did not show the memory gurad to be there.

-{ Quote: "I think its memeory guard is not available in XP but I am not sure. Any idea how does thgis works? Memory scanning in real time? CPU spikes? Any testing done with it?
I wanted to try but the install on XP in the past did not show the memory gurad to be there." }-

Okay... Well, I don't know all the facts since I've not tested it personally yet, but I'll do that in the future. Find it odd if the XP compatibility wasn't the best for the AV...

-{ Quote: "Josh, I've been warned by other members that the AV produces FPs, a reason why I shouldn't run it in automatic mode ATM. Is this only because of the beta state of the new 3.9, and will this not be the case with v4?" }-

v4 will be a totally different animal all together with Sandboxing and behaviour blocking coming up... But for the AV, it should be quite good IMO. However, FP's? I personally have NOT seen any. And if you go to the forums, You will see the AV Analysts fix FP's in just a day and are very responsive. (See The FP Reporting Board (http://forums.comodo.com/false_positivenegative_reporting_is_this_a_malware_that_cis_hasnot_detected-b154.0))

-{ Quote: "What do u mean by this? Alerts are same( i use alerts with all options)." }-

As with v3.9 beta, Alerts are now shown with "Allow" and "Block". You Allow once, You allow all. You Block once, You block all. This improves usability by a mile. For example:

Frostwire trying to create a new file/folder in system 32....
Oh now it's trying to write to registry...
Well now it's trying to write to another registry...

Those days are over by default now. :-)

Cheers,
Josh

-{ Quote: "As with v3.9 beta, Alerts are now shown with "Allow" and "Block". You Allow once, You allow all. You Block once, You block all. This improves usability by a mile. For example:

Frostwire trying to create a new file/folder in system 32....
Oh now it's trying to write to registry...
Well now it's trying to write to another registry...

Those days are over by default now. :-)

Cheers,
Josh" }- You mean if I allow an application,s just one action, it will be treated as Trusted for rest of its actions?

-{ Quote: "You mean if I allow an application,s just one action, it will be treated as Trusted for rest of its actions?" }-

Theoretically yes.

However, If an application has more then one parent (executable) you will also be asked for that. But most LEGITIMATE applications have just one single executable and you simply allow it. But programs like Sandboxie, has a few processes and parents with it so you will get maybe 3 or 4 Alerts for it. But MUCH better compared to v3.8.

For example. Run the Comodo Leak Tests and see many Alerts you get.

Cheers,
Josh

Hmm... I think you missed to mention that this is applicable only if u choose default pop up style. If you go for More Options pop up style, you will get all alerts as usuall.

Am i right?

-{ Quote: "Hmm... I think you missed to mention that this is applicable only if u choose default pop up style. If you go for More Options pop up style, you will get all alerts as usuall.

Am i right?" }-

Yes. Right.

But by default... This is the default pop up style. More options give more Advanced users the options back.

-{ Quote: "Another question from my end, perhaps directed at 3xist. I am struggling to get clear answers from the Comodo forum.

Regarding Comodo Antivirus, is there any work being done to speed up its On-demand scanning speed (to be fair it's already fairly fast, taking about 5-6 mins longer than Avira or NOD32) and whether they are fixing the issue of significant computer slow down while the on-demand scan is going?

EDIT: I'm tossing up between staying with Comodo Antivirus or going with Avira Free. Please see my Avira thread here:
http://www.wilderssecurity.com/showthread.php?t=239276" }-

Yep! On-demand scanning has been improved, Infact it's even faster in v3.9. It will always been improved! :)

Regarding computer slow down with scanning, are you having this issue? Can you tell me how much RAM it's running while scanning? But as always... Always improving things. Regarding Avira or Comodo, Well I'll give you an honest answer: With CIS, the AV is designed to work together with D+ & Firewall. You get an AV Alert, you will NOT get a D+ Alert for example. With Avira, A malware runs, You get a D+ Alert, and if Avira KNOWS its bad, you will also get that Alert from Avira. So using just CIS makes malware usability a whole lot easier. If your happy with CIS, stick with it. I have used Avira, AVG and NOD32 etc in the past. I personally, Like CIS and browse with Sandboxie - Only because I am use to recognizing malware from Defense+ Alerts. But people are different, v3.9 is a whole lot easier to use, Avira obviously is one of the top AV's and Comodo is not at the moment. But great progress is being made to the Comodo AV as I am sure some people would know. The choice is yours. :-)

Cheers,
Josh

-{ Quote: "Thanks for the feedback 3xist, it is much apprieciated.

Computer slow down while Comodo Antivirus is scanning is very much noticeable simply by perception. The RAM and CPU usage may be low, but try opening files and running simple programs while Comodo Antivirus is scanning - you will see that it is all very sluggish. From my experiences, NOD32 is the lightest antivirus while doing an on-demand scan. I find only slight slow down with opening files and running programs while scanning with NOD32. It is a pity version 4.0 has become a bit of a resource hog in other areas.

The scanning speed is indeed fairly fast as I stated, but can always be improved I guess haha.

I also really like Defense+ and am also used to recognising malware from its alerts. Comodo Antivirus is certainly the lightest antivirus (excluding while doing on-demand scan) out there also. A bold claim, but I am fairly sure of this. Anyone can feel free to challenge me though haha." }-

Well why your computer is doing any malware scan your suppose to leave it alone. ::)

Anyway. Maybe you can post this in the feedback board in the CIS Board about improvements regarding this. CIS usability won't stop here by the way. ;) There will be a version before v4.0 is out that will cut Alerts down even further, If not NONE!

Cheers,
Josh

-{ Quote: "CIS usability won't stop here by the way. ;) There will be a version before v4.0 is out that will cut Alerts down even further, If not NONE!

Cheers,
Josh" }-

This among other things sounds very cool. So, apart from D+, CIS will also feature BB? Will this feature be available even if I don't run D+ in CIS, and can you compare it to ThreatFire or something in how it operates?

Does most FPs even get fixed automatically? Might even test CIS with AV only earlier... will run it in conjunction with TF to name one, so I'll probably have D+ disabled - not the HIPS type of user. Will the new release (the new beta that's) be available publically with its download link - public beta?

-{ Quote: "This among other things sounds very cool. So, apart from D+, CIS will also feature BB? Will this feature be available even if I don't run D+ in CIS, and can you compare it to ThreatFire or something in how it operates?

Does most FPs even get fixed automatically? Might even test CIS with AV only earlier... will run it in conjunction with TF to name one, so I'll probably have D+ disabled - not the HIPS type of user. Will the new release (the new beta that's) be available publically with its download link - public beta?" }-

BB And Sandboxing is what is Scheduled for v4. All reported FP's get fixed under a day, Manually by the AV Analysts, Check the forums. I am not sure if BB will be separate from D+ yet, And not sure how it operates yet either.

Currently the beta is only available for Comodo Forum users. However, I can send you a link. But I'll send you BETA 2 tomorrow, Beta 2 is due out in a number of hours... Let me know if you want it and I'll send it to your Wilders acct.

Cheers,
Josh

Comodo will made a Behavioral Blocker!?

Finally good news...! :)

-{ Quote: "Comodo will made a Behavioral Blocker!?

Finally good news...! :)" }-
Yes although details are scarce at the moment.I really hope it's a Mamutu clone personally.

-{ Quote: "Yes although details are scarce at the moment.I really hope it's a Mamutu clone personally." }-
Yep, maybe we can have more details soon...

They also say that version 4.0 will have a new GUI and fix other issues, so maybe this will a new age for Comodo...

Well, it took 3 days for my FP's and it took so long to add new samples i just gave up checking anymore. They are probably detected now but thats like almost 2 weeks ago. Toooooo slooooooow.

-{ Quote: "Well, it took 3 days for my FP's and it took so long to add new samples i just gave up checking anymore. They are probably detected now but thats like almost 2 weeks ago. Toooooo slooooooow." }-
They want to make everything, but they didn't try to make them well, so...

-{ Quote: "BB And Sandboxing is what is Scheduled for v4. All reported FP's get fixed under a day, Manually by the AV Analysts, Check the forums. I am not sure if BB will be separate from D+ yet, And not sure how it operates yet either.

Currently the beta is only available for Comodo Forum users. However, I can send you a link. But I'll send you BETA 2 tomorrow, Beta 2 is due out in a number of hours... Let me know if you want it and I'll send it to your Wilders acct.

Cheers,
Josh" }-

Okay, hope I don't run into any FPs then, just like you, since I don't post on the COMODO forums. :)

Yes, it would be great to receive that new beta version.


Thanks.

-{ Quote: "Yes although details are scarce at the moment.I really hope it's a Mamutu clone personally." }-
Hmmm... i don,t think it will be a standalone application. Probably something integrated in to CIS only.

I just finished testing the CIS latest package for free, it look like it can detect and denied access but one problem with it. Seems to show dirty malware as images of icons needed for WinRAR shows up on all 3 systems I had install the software on. 24 threats were detected and all the threats were Bmp and Jpeg images of icons. Something is wrong there! AV scanner and the malware or are they one in the same repeated the process over and over again saying 24 for threats were all the same on all 3 PCs. That's some sort of bug there.. CIS never found the rouge spyware nor bad tracker cookies.

Out of 3 systems I had installed the CIS one had 342 intrusions (couldn't connect to my network) the other two were okay. I did check the settings and they're the same. Go figure.

-{ Quote: "Hmmm... i don,t think it will be a standalone application. Probably something integrated in to CIS only." }-
Yes given the way Comodo has stopped development on the standalone BOClean and CMF it's a fair assumption that this'll be integrated within CIS rather than a separate app.

-{ Quote: "Okay, hope I don't run into any FPs then, just like you, since I don't post on the COMODO forums. :)

Yes, it would be great to receive that new beta version.


Thanks." }-

Check your PM's.

Cheers,
Josh

-{ Quote: "Hmmm... i don,t think it will be a standalone application. Probably something integrated in to CIS only." }-

We will see how things go. No coding has started yet. :)

Cheers,
Josh

-{ Quote: "Just ran an on-demand scan with Heuristics on high with Comodo Antivirus. Completed scan in just over 27 minutes. This is about 1 minute faster than NOD32 and Avira on my system! Well done Comodo!" }-

It's fast but detection isn't by far comparable with AVIRA and NOD32.
Current heuristics are as good as none.

I probably won't have any "issues" using it either as long as it continues to improve (then I mainly mean the AV), simply because I run it in a layered approach where other parts are the main proactive defense. Who doesn't run a layered approach simply because of that fact anyway; different software can take care of different fronts? :)

BTW, thx for the PM, Josh. ;)

Cheers! :)

-{ Quote: "But it's lighter than Avira and NOD32. Also you don't really need an AV as Defense+ pretty much covers everything if you know how to use it. Amazing how light a security setup can be and yet be so powerful." }-
Forget the D+!

This is only about the AV.

For normal users the D+ is just an annoying feature and won't protect them.

-{ Quote: "But it's lighter than Avira and NOD32. Also you don't really need an AV as Defense+ pretty much covers everything if you know how to use it. Amazing how light a security setup can be and yet be so powerful." }-

hmm looks like ur system is unique then :-\

-{ Quote: "Forget the D+!

This is only about the AV.

For normal users the D+ is just an annoying feature and won't protect them." }-

I think Comodo continues to make forward strides in the av and the suite itself.

Why do you feel D+ is an annoying feature?
I have no problems with it and I have it set to proactive security.

It seems there is no middle ground here.
Love it or hate it.
Very little constructive criticism as with other av's or suites.

-{ Quote: "I think Comodo continues to make forward strides in the av and the suite itself.

Why do you feel D+ is an annoying feature?
I have no problems with it and I have it set to proactive security.

It seems there is no middle ground here.
Love it or hate it.
Very little constructive criticism as with other av's or suites." }-
No other product has such a love hate relationship among users as CIS,they should rename it marmite.;)

-{ Quote: "hmm looks like ur system is unique then :-\" }-
Maybe you should first think about yours :wacko:
My brother uses an Athlon 64 3200+ and AntiVir and NOD32 make the whole system much more slow than CIS AV.
Also on my X2 5400+ I can confirm my observation :isay:

I was using AVIRA and avast! on my Aspire One (1,6GHz Atom, 1GB DDR2 and 160GB HDD). And to be honest, i couldn't really tell a difference except that Comodo needed quite long to scan folder full of executables and installers when open. avast! had a similar problem but not as noticeable. Talking in miliseconds though. So basically no real difference. And hardware is under anything mentioned here so far.

-{ Quote: "I think Comodo continues to make forward strides in the av and the suite itself.

Why do you feel D+ is an annoying feature?
I have no problems with it and I have it set to proactive security.

It seems there is no middle ground here.
Love it or hate it.
Very little constructive criticism as with other av's or suites." }-
I don't have nothing against D+.

But here we are talking about the AV!

Honestly I can't hold as a sure av an av as Comodo which accomplishes a full scan of my system in 17 minutes, whereas Kaspersky, Avira, Zone Alarm av employ 37 minutes for the same system, and so A-Squared does. I wonder how deep and sure is the Comodo av scan.

-{ Quote: "Honestly I can't hold as a sure av an av as Comodo which accomplishes a full scan of my system in 17 minutes, whereas Kaspersky, Avira, Zone Alarm av employ 37 minutes for the same system, and so A-Squared does. I wonder how deep and sure is the Comodo av scan." }-

Longer scanning doesn't mean it's catching everything. The kernel or the why the program was coding should be able to scan/detect/report at a good normal speed using some of the RAM as a buffer or use API-32-bit mode. Avira is slow, and sat there and watch it do my C where it only had the OS a few programs still took over 37 minutes if I use PC Tools SDAV on Intelli-Scan is quicker. If I use a full it will take 5-20 minutes to do a deep scan.

Comodo Internet Security Pro Free didn't let know class files to get started or launch. Other software if coded for the same class files types would do the same. ThreatFire compared to Defense+ still has false positive. ThreatFire found the threat prior and I was able to block it..

Comodo Anti-virus can be as light as it wants, but with very little testing ...I wouldn't even consider replacing my current Anti-virus.

Interesting Test: http://malwareresearchgroup.com/?page_id=2

Cheers,
Josh

I'm not sure how good this test site really is. I'd prefer seeing Comodo on AV-Comparatives. If it scores 96% there, it's actually good...

-{ Quote: "I'm not sure how good this test site really is. I'd prefer seeing Comodo on AV-Comparatives. If it scores 96% there, it's actually good..." }-
When Melih says he refuses to let his product be tested, rest assured he was only referring to reputable organizations that will uncover what CIS really is. He doesn't have any compunction against being tested by poky little sites like these, of course.

Rather than just immediately denigrating the site and it's results,perhaps some evidence of it's flawed methodology would be more constructive.::)

The results show Avira,A-Squared and GData at the top,the same as on pretty much every other test I've seen them take part in.On that basis this particular test appears representative of their general efficacy.I'd like to know solid reasons why the test has exagerrated Comodo's capability while seemingly following the normal trend for other vendors?

I see now that the Comodo strategy is to avoid the reputable testing organizations under the pretext that they're unreliable and their testing reveals nothing, while on the other hand advocating the small testers whom nobody has ever heard of before, but grades Comodo well, as accurate and legitimate.

Genius, I say. Sheer genius.

-{ Quote: "I'm not sure how good this test site really is. I'd prefer seeing Comodo on AV-Comparatives. If it scores 96% there, it's actually good..." }-

I'd prefer to see this too

Any AV company that hides its software away from somewhere like AV-Comparatives...doesn't gain my confidence.

Even if this small test has any indication of what it could do on a bigger test....It still shows Comodo to be behind the competition.

I'd use Avast or Avira over Comodos ropey solution anyday.

-{ Quote: "Longer scanning doesn't mean it's catching everything. " }-

Ya, but my doubt is how deeply and fully Comodo av scans every file and the system in all his parts. I like Comodo HIPS, is on the of the best, but I can't accept the idea, often read in this forum, that his HIPS can solve the eventual lacks of the av: it's true, but I would want be sure about the av performances as av and not as component of a suite. And I think that must be a reason for Software Houses as Kaspersky or Avira have such scanning times: we are not talking about F-Secure or Norman, which always had long time to scan.

There seems to be a huge lack of objectivity (on both sides) with anything pertaining to Comodo.The other day some test on an obscure Chinese forum was posted ,showing Comodo AV doing poorly and this was immediately accepted by some as empirical evidence,here a test shows a decent result and that means automatically the testing is rubbish!
Comodo don't help themselves by not submitting to the established AV tests for certain;but they have submitted to this one and simply dismissing it out of hand without providing any valid reason is hardly an objective viewpoint.

-{ Quote: "The other day some test on an obscure Chinese forum was posted ,showing Comodo AV doing poorly and this was immediately accepted by some as empirical evidence,here a test shows a decent result and that means automatically the testing is rubbish!" }-
Exactly.

Any test that can place Comodo at anything above 60-70% (and even that's being generous) is utter rubbish. This has nothing to do with lack of objectivity on my part. This has to do with facts. I posted that "obscure" Chinese test not because the results showed what I wanted, but because they were reasonably accurate as far as Comodo was concerned. Besides, they're not all that "obscure" - from what I can tell, they're pretty well-known on the Chinese side of the Internet, and PCSL probably even has some affiliations with them. The kicker is that they even publish their test samples, and anyone unhappy with the outcomes can download the samples and verify the results for themselves.

-{ Quote: " Comodo don't help themselves by not submitting to the established AV tests for certain;but they have submitted to this one and simply dismissing it out of hand without providing any valid reason is hardly an objective viewpoint." }-
If Comodo's hypocrisy regarding AV testing isn't obvious by now and doesn't count as a valid reason to you, I really have nothing further to say. If they don't want to be tested, then don't. But if they're willing to flip-flop on the issue and selectively allow themselves to be tested anyway, it's quite telling they go for a site nobody has heard of before when there are so many reputable testers around; Comodo can even aim for VB100% first, if they're worried about bad results.

-{ Quote: "Exactly.

Any test that can place Comodo at anything above 60-70% (and even that's being generous) is utter rubbish. This has nothing to do with lack of objectivity on my part. This has to do with facts. I posted that "obscure" Chinese test not because the results showed what I wanted, but because they were reasonably accurate as far as Comodo was concerned. Besides, they're not all that "obscure" - from what I can tell, they're pretty well-known on the Chinese side of the Internet, and PCSL probably even has some affiliations with them. The kicker is that they even publish their test samples, and anyone unhappy with the outcomes can download the samples and verify the results for themselves.


If Comodo's hypocrisy regarding AV testing isn't obvious by now and doesn't count as a valid reason to you, I really have nothing further to say. If they don't want to be tested, then don't. But if they're willing to flip-flop on the issue and selectively allow themselves to be tested anyway, it's quite telling they go for a site nobody has heard of before when there are so many reputable testers around; Comodo can even aim for VB100% first, if they're worried about bad results." }-

Your evidence for that statement is?

My point is that Comodo AV may or may not be any good but simply saying it isn't does not qualify as a statement of fact.What's it based upon,a feeling in your water? You still haven't given any valid reason why that test isn't accurate.Comodo's reluctance to be widely tested,while somewhat counter-productive is a separate issue entirely.

-{ Quote: "Your evidence for that statement is?" }-
How do you prove to someone that fire is hot?

I don't mean to brag, but you apparently don't know as much about your favorite product as I do. Tell me what would constitute as reasonable proof for you, and I'll do it if it's reasonably within my power.

The test I posted before is a good one, I think. They publish their samples, though not to new, unregistered users at their forums. People are publicly invited to scrutinize and correct their testing.

-{ Quote: "My point is that Comodo AV may or may not be any good but simply saying it isn't does not qualify as a statement of fact." }-
You're missing the point. It's not bad just because I say so. It's because it IS bad, that I'm saying it's bad. My statement is not evidence of Comodo's quality - that's ridiculous, and I never intended it to be. But it is a reflection of a fact.

-{ Quote: "You still haven't given any valid reason why that test isn't accurate." }-
It isn't accurate because it presents a vastly exaggerated report of Comodo's detection abilities. Which part of that do you not understand? It's like you challenging me to prove to you that the Earth is round.

-{ Quote: "How do you prove to someone that fire is hot?

I don't mean to brag, but you apparently don't know as much about your favorite product as I do. Tell me what would constitute as reasonable proof for you, and I'll do it if it's reasonably within my power.

The test I posted before is a good one, I think. They publish their samples, though not to new, unregistered users at their forums. People are publicly invited to scrutinize and correct their testing.


You're missing the point. It's not bad just because I say so. It's because it IS bad, that I'm saying it's bad. My statement is not evidence of Comodo's quality - that's ridiculous, and I never intended it to be. But it is a reflection of a fact.

It isn't accurate because it presents a vastly exaggerated report of Comodo's detection abilities. Which part of that do you not understand? It's like you challenging me to prove to you that the Earth is round." }-
Clearly you have no evidence beyond personal opinion thanks for clearing that up.Facts are able to be backed up with evidence that's a fact for you.

Since it 'clearly exagerrates' the detection rate of Comodo,yet doesn't do so for Avira,A2,GData etc your assertion must be that somehow Comodo have sponsored this test.(odd how they didn't come top in that case).That could be the only logical motivation for them to skew the Comodo results.

P.S. As for my favourite product,I've used Avira AV for years.

-{ Quote: "Clearly you have no evidence beyond personal opinion thanks for clearing that up." }-
Clearly you aren't willing to take me up on my offer. Tell me what would constitute as proof, and I'll show it to you if reasonably within my power.

A reasonable level of proof that Comodo AV is substandard would be a mean average from maybe 10 independent tests.

Now please accept my challenge and offer proof that the test in question deliberately manipulated their results to favour Comodo.It must be deliberate since by your figures 60-70% (lets say 65%) those results show a 31% discrepancy,far above any standard margin of error.

-{ Quote: "A reasonable level of proof that Comodo AV is substandard would be a mean average from maybe 10 independent tests." }-
I doubt there are even 10 reputable independent tests in this field, let alone 10 of them that Comodo has dared to participate in.

-{ Quote: "Now please accept my challenge and offer proof that the test in question deliberately manipulated their results to favour Comodo.It must be deliberate since by your figures 60-70% (lets say 65%) those results show a 31% discrepancy,far above any standard margin of error." }-
Why should I argue your claim for you? That's your own responsibility.

I never said the results were deliberately manipulated; those were your words. I also never tried to pretend I knew why the results were so wrong; but when it comes to AV testing, incompetence often plays a very big factor in skewed results as well.

-{ Quote: "I doubt there are even 10 reputable independent tests in this field, let alone 10 of them that Comodo has dared to participate in.


Why should I argue your claim for you? That's your own responsibility.

I never said the results were deliberately manipulated; those were your words. I also never tried to pretend I knew why the results were so wrong; but when it comes to AV testing, incompetence often plays a very big factor in skewed results as well." }-
My claim? You're getting forgetful,Ive made no claims about how good Comodo AV is at all.You're the one making the claims and therefore the burden of proof is upon you.

Also that's a complete non-answer regarding those test results.Since all the other results fall into a similar detection level to those in other separate tests then such an anomaly for one single product must be deliberate deception.How is it that they were competent in testing everything else but not Comodo? You did try and pretend you knew why the results were so wrong simply by stating it as a fact,which is a demonstrable proof .

Like I said, 561 posts ago, the AV seems to me that its getting better only because recognizes a small sample of malware that I have now with this latest version. So their detection rate, I believe is getting better. They are adding some features to its AV engine also. But until Comodo participates in all these legit AV testing sites, people will always say its not good enough or it is good enough. I think we need to wait and see the results when and if Comodo participates. I really wish them the best because it will only make the internet a safer place. Also, other AV vendors will step it up with their products. The end-users have a win win situation.

Just my .02cents
Ice

-{ Quote: "Like I said, 561 posts ago, the AV seems to me that its getting better only because recognizes a small sample of malware that I have now with this latest version. So their detection rate, I believe is getting better. They are adding some features to its AV engine also. But until Comodo participates in all these legit AV testing sites, people will always say its not good enough or it is good enough. I think we need to wait and see the results when and if Comodo participates. I really wish them the best because it will only make the internet a safer place. Also, other AV vendors will step it up with their products. The end-users have a win win situation.

Just my .02cents
Ice" }-
The point has been made to Melih by numerous people that avoiding these tests for whatever reason is counter productive.

-{ Quote: "Since all the other results fall into a similar detection level to those in other separate tests then such an anomaly for one single product must be deliberate deception.How is it that they were competent in testing everything else but not Comodo? You did try and pretend you knew why the results were so wrong simply by stating it as a fact,which is a demonstrable proof" }-
Just because I said the test results are wrong, means I am accusing them of being deceptive? Come on, now. Is it really necessary for you to be so rampantly dishonest?

Here's an analogy for you: I know things fall down when you let go of them. Does that necessarily mean I know about gravitons, that gravity is a second-rank tensor field, the gravity inverse-square law, etc.? No.

Similarly, though it's easy to see that the test results for Comodo are way off the mark, does it necessarily mean I know all about how and why that mistake came to be? Have I ever claimed or even implied that? No. As far as I'm concerned, they may simply be well-meaning yet incompetent testers. For all I know the mistake was due to a typo. On the contrary, it was you who started off the whole chain of conspiracist theories in an effort to discredit me.

Do you really have to resort to such lies and incredulous leaps of logic, and defend Comodo even at the price of your own integrity? A hint just in case the answer escapes you: the answer is not yes.

-{ Quote: "My claim? You're getting forgetful,Ive made no claims about how good Comodo AV is at all.You're the one making the claims and therefore the burden of proof is upon you." }-
I'm not telling you to prove Comodo's excellence. I'm telling you I don't need to prove that the test was deliberately deceptive, since I never made that claim. So if you really feel so strongly about burden of proof, may I suggest you take your own advice.

I really dont get why all this hate for comodo, to everyone who doubts comodo's detection, why not just check matt rizos' review of it on youtube, even if it wont tell perfectly what the product is capable of, it would give a general idea of the detction.

From that test, comodo did quite well, and i am sure it would be better, i have seen superb improvement in 3.9 release, and with the 4.0 release they would reach quite a standard.

Oh yeah, Matt's tests are really something to take on. Not that they aren't interesting to watch and they nicely show how products work, but thats pretty much it. He tested CIS by scanning the files and killing the remainings with D+ part by hand (by terminating and blocking processes). Sure he can do it, but i'm not sure average joe can. Maybe blocking explorer.exe/winlogon.exe and efficiently locking himself out and rendering PC useless even more than it was.
You can't test one product by just scanning files and other one by scanning files and cleaning the rest by hand just because the program offers that functionality. So AVIRA or avast! can also add terminate and block feature and expect to get perfect score just because it'll have it and because reviewer will be able to use it. If you perform tests, they have to be consistent.
Because comparing apples with oranges makes no sense.

-{ Quote: "Just because I said the test results are wrong, means I am accusing them of being deceptive? Come on, now. Is it really necessary for you to be so rampantly dishonest?

No. As far as I'm concerned, they may simply be well-meaning yet incompetent testers. For all I know the mistake was due to a typo. On the contrary, it was you who started off the whole chain of conspiracist theories in an effort to discredit me.

Do you really have to resort to such lies and incredulous leaps of logic, and defend Comodo even at the price of your own integrity? A hint just in case the answer escapes you: the answer is not yes.


I'm not telling you to prove Comodo's excellence. I'm telling you I don't need to prove that the test was deliberately deceptive, since I never made that claim. So if you really feel so strongly about burden of proof, may I suggest you take your own advice." }-

Again you're totally failing to provide any evidence for your assertions other than some kind of mystical feeling that the tests must be wrong.Also you failed to answer my question as to how these well meaning incompetents managed to test all the other products and gain results that fit in with normal patterns yet fell to pieces when testing Comodo.Evidence that's what I want.Just one relevant corroboration that doesn't rely upon obscure references to Gravity or the sun.
If you know those results were wrong that means you can demonstrate how and why they're wrong,so please provide that proof and stop evading the question.If you can't answer then fair enough that'll just show your "fact" was in reality personal opinion.

Comodo has increased it's signature base from 1 million in January to 3.3 million now,that must surely have increased it's detection rate from tests performed months ago.Anyway that's my final word on that particular test until I see any tangible evidence of it's catastrophic failure.

-{ Quote: "If you know those results were wrong that means you can demonstrate how and why they're wrong,so please provide that proof and stop evading the question.If you can't answer then fair enough that'll just show your "fact" was in reality personal opinion." }-
You still don't get it.

Just because I don't understand the physics behind gravity, doesn't mean I'm wrong when I say things fall down if I let go of them. If I don't understand gravitons, does that mean things falling down is merely my opinion?

Similarly, I don't need to know how and why the guys behind this test farked up so badly, to observe the simple fact that Comodo's results are way off-course. Your conspiracy of deliberate deception certainly is one possibility, but I wouldn't go so far as to accuse them of that yet.

-{ Quote: "Comodo has increased it's signature base from 1 million in January to 3.3 million now,that must surely have increased it's detection rate from tests performed months ago." }-
You're making the assumption that the rest of the world, including the bad guys, is hanging around waiting for Comodo to catch up. That is a very flawed assumption.

Besides, no offence meant, but... if your knowledge of antivirus technology is still at the stage where you believe that signature count means anything, I think that pretty much sums up how educated your opinion is.