Downadup/ Conficker worm and CFP Defence Plus

Discussion in 'other anti-malware software' started by aigle, Jan 25, 2009.

Thread Status:
Not open for further replies.
  1. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Ah, so it's just 10000 malware that the AV detects, I thought you meant in-the-wild malware. But if a user decides to use a HIPS, why can't they add a separate AV as well? It seems like you're comparing a HIPS+AV with a HIPS and saying the HIPS+AV is better?
     
  2. 3xist

    3xist Guest

    Totally! If a user allows a malware by HIPS Alert, It's totally legitimate. You're spot on!

    Cheers,
    Josh
     
  3. 3xist

    3xist Guest

    They can add a Seperate AV, I didn't say they couldn't? :)

    I'm just saying that, If people use the the entire CIS, They will have the usability Advantage for them. If a user chooses just Defense+, Which comes with firewall, They will have 3 choices on installation to suite there needs, And that user most likely will be an Intermediate/Adv user. No one is forced to install anything.... YUCK... :p If I told everyone to install CIS and let it be, I would be the biggest idiot here... lol I'm only giving facts about CIS and this worm issue. And btw ThreatCast will come with both Firewall & AV Seperate in CIS.

    Cheers,
    Josh
     
  4. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    It seems to me you're saying a HIPS+AV is more usable than a HIPS? Well of course, but that's comparing apples with oranges.
     
  5. 3xist

    3xist Guest

    You see.. that's the Advantage CIS has as a "Prevention as first line of Defense" security product, and AV follows as 2nd. That's natural for CIS as a security product.

    People who use Just Comodo Firewall & Defense+, And a separate AV... Then so be it! Both AV & Firewall will come with ThreatCast, and people can always tweak CIS, etc... :) But as the AV grows in CIS, and it's growing very fast, more users will switch over as they will see tests from VB100 And Av-Comparatives this year some time... And even so Avira, Kaspersky, etc have a higher detection rate then AV in CIS so it's also an Advantage.. Just extra pop ups from CIS HIPS but AV will detect it anyway!

    But really separate AV and Firewall/D+ for CIS they are not architected to work together and you don’t know whether you will get a popup from hips as well as from AV at the same time….

    Cheers,
    Josh
     
    Last edited by a moderator: Jan 25, 2009
  6. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    You don't like these kind of guys?

    Yours is better? ;)

    Cheers
     
  7. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    I don't see the advantage?

    Thanks
     
  8. Bad Frogger

    Bad Frogger Guest

    Joined:
    Jan 25, 2009
    Posts:
    0
    @subset
    LOL ya got me.

    It's not exactly what I meant. But a good catch nonetheless.

    I didn't mean mine is the flat out best. But as a generality there is
    a resistance by many.
    The security industry feeds on paranoia.
    The industry naturally would resist a better free solution as a matter of
    survival.
    If someone achieved perfection in security and gave it away, the
    hatred would be palpable and the resistance intense.
    Know what I mean.

    Later
     
  9. 3xist

    3xist Guest

    If AV in Comodo Detects something, D+ won't alert (No point).

    If Separate AV Detects something D+ will Alert. Because Separate AV and D+ are not designed to work together... they are not architected to work together and you don’t know whether you will get a popup from hips as well as from AV at the same time…. (As said above)...

    This is the beauty of CIS, it uses the AV to reduce the popups. It still is a HIPS, but a clever hips that uses it's own AV to reduce its popups, This is very rare.

    Cheers,
    Josh
     
  10. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    I guess I am still lost on why D+ HIPS is better than all other HIPS too o_O Doesn't everyone go FW-->AV-->HIPS-->BB more or less? And the AVs, for example, detect and quarantine/delete things so they never get to the HIPS ( at least Avast! and the others I have used do). And "Prevention as the first line of defense" still confuses, although it is a nice slogan. FW prevents, AV detects, HIPS (and user) prevents, BB prevents. I use Prevx Edge also, and it does a bit of both, using the "cloud" very carefully, as do some of the other vendors. If Comodo means that Prevention is the main line of defense (HIPS) vs their AV, that I can understand. But probably irrelevant, since Egeman said the subject is closed. ;)
     
  11. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    In this case it looks like it's normal users discussing how a product could improve, not intensely resisting a better solution with hatred.
     
  12. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    Gee, the OP and many of the other posters are Comodo users, trying to figure out whether they are happy with some of the Comodo decisions. I am happy with what OA did, consistent with Aigle's study, but there are lots of other solutions out there.
     
  13. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Like sded said, if a separate AV detects something and quarantines it D+ won't alert. Only if the AV scans on execution there might be a chance of conflicts, but I think most AV's scan when reading or writing.

    HIPS+AV is quite rare, but there are many behavioural blockers + AV, so it doesn't seem that unique.
     
  14. 3xist

    3xist Guest

    Can you prove that HIPS/Behavior Blocker/AV Combo's apart from CIS provide the kind of usability of not alerting if an AV Detects something? I would be interested.

    This usability is only one part of CIS. v3.8 is coming for more usability... ThreatCast for example you don't see in every day HIPS/Behavior Blockers.

    Cheers,
    Josh
     
  15. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Personally I always thought it confusing, IMHO "prevention" means not getting malware on your computer in the first place, e.g. with inbound firewall, site rating programs such as SiteAdvisor, MVPS Host File, etc.
     
  16. IceCube1010

    IceCube1010 Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    963
    Location:
    Earth
    I wouldn't say D+ is the end-all of hips. OA has a nice one as does, SSM etc etc. I think what 3xist is saying is that if you install the CIS package as a whole, the AV might pick up on some of the nasties and end it right there without any interference from D+. If it gets by the AV, then D+ will give some sort of a warning. I've played around with OA free with Avira Free and liked that combo also. I have to give Comodo credit, they are trying very hard to make CIS a superior product.

    Ice
     
  17. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    so how is the beta?is it fast?cpu?
     
  18. 3xist

    3xist Guest

    Whether you use OA or not, It doesn't matter to me. I am only here to give the true facts surrounding CIS, And I believe I have said enough IMO.

    This discussion is getting OT... I was only here for the worm (lol) but we kind of expanded... Anyway take care dudes. :)

    Cheers,
    Josh
     
  19. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    I'm not sure what's there to prove. Let's say a user downloads a file that is malware but he doesn't know it. Before he opens it, the AV detects it. It's quarantined. How can D+ alert about it?

    Threatcast is definitely unique in HIPS, not behavioural blockers.
     
  20. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    the CIS beta is amazingly light, just as light as the current release version, im using ti right now and its extremely stable.
     
  21. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    the good thing about the av part of comodo that it deteted the Qhost infection in a infected machine;) this is very impresive cause even people say is not mature i think it is more mature than other antivirus that i know:thumb:
     
  22. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    My point was just that if I install any good AV, it blocks and deletes everything known in its database-usually gives a single popup for each detection to do it. I hit a couple of sites today for research purposes with avast! that gave big "do not download this, dummy" signs and aborted the downloads so the OA HIPS never saw it. Similar stuff for email attachments. A malware prevention and detection system is a sieve: get as much crapware out at each step as you can without getting killed by the FPs. Nothing really unique about Comodo's approach; they just need to show that their sieve is as good or better than some other sieve. And that is where the "better ideas" come in. And they seem to be working the problem- but the rest of the world isn't standing still either.
     
  23. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    wen this beta is released and its heuristics is fine tuned i might give the whole package a shot :cool:
     
  24. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    cool:thumb:
     
  25. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,278
    Location:
    New England
    Some people like one product and some people like the other.

    This is, I believe, the fifth thread about exactly this same topic - one versus the other - and which ends the same way. No winner and closed.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.