Comodo DACS (Distributed and Collaborative Scanning)

@FuzzFas

I agree and I doubt it will take long for the bigger vendors to start acting upon this.

It would be different if Comodo went to all the vendors and licensed just an on-demand scanner and got all these different vendors on-board.

 

Sorry sometimes I just see the information in Comodo forum and I just post it here, if I have to make a new post for every new quote will be a mess.

As I told you guys before If you are expecting an official answer go to Comodo forums, you can say whatever here but do not expect the perfect answer because I dont have all the information.

I'm doing this effort of bringing the relevant information from comodo forums to wilders but seing this..., and all the unfounded critics expecting my unfounded answers I'm not going to answer anything else, if you want official answers or more info go to Comodo forums.

I will try to keep the 1st post updated if anything relevant appears.

http://forums.comodo.com/comodo-cle...ntials-1117429427-beta-released-t66867.0.html

I Wish you all a marry xmas!!!

 

Yes, being "better" than the other, is a competitive advantage. Because, rhetotic aside, this is a BUSINESS who must pay wages to their employees so that they can feed their families. Of course Melih remembers this only when it suits himself. Like the time that he sold the certificates to the bad guys and he justified his decision by "someone would have sold it to them anyway, so at this point, why shouldn't i take the money by selling them first"? Talk about "ethics"...

I bet if Melih was at the place of Symantec, he wouldn't talk about "witholding evidence of crime", but he would say something like "we are top dogs because of our hard work, to give the best protection to our clients. This is a competitive business and if we want to be able to provide the best we can to our clients, we can't share the fruits of our research with all the others. The best companies always prevail, competition is good, makes all work harder to provide better products. If they want to beat us, i advice them to work harder. Hard work is never unethical".

1) The problem is he wants to give HIS end users better protection, by using OTHER's vendors products' capabilities... I think the "other" vendors may have an objection to that.

2) Melih may not have noticed, but the AV companies are NOT charity institutions, they are a BUSINESS. As EVERY business, their aim, is to beat the others by providing a superior product. Whether they charge for this service or not, is each company's choice, so Melih can rip his clothes for that, but as long as he is CEO of Comodo and not of the "United Nations of AV vendors", that's how the reality will be.

3) I guess no other vendor will have the MINIMUM objection if Melih FINALLY (after trying with D+, Threatcast, Sandbox, antivirus, the RollbackRx clone and i don't know what else i missed) got a new home made super-technology that would "more security" to his users. But if i were a vendor, i would certainly react if he wanted to use my resources for his products.

Of course the usual "save the internet, save the world" populism speech never misses to find a crowd.

 

Exactly. Why do all other AV vendors go and pay a royalty to include other vendor's engines in multi-engine products that don't necessarily use all engines in real time either? Are they morons? They can all make a "DACS" module to accompany their main crappy engine and pay nothing. Will the vendors that give engines accept that? I think not.

I think Melih has a chance to get away with this only if DACS' userbase proves to be low, so the vendors won't bother to lose their time with it. But if the userbase becomes big or if other starts imitating the tactic of Melih, we will see some major dragging in courts.

 

just dont worry about it, he'll never give u a full response in full context so i stopped bothering to comment on his posts

 

If you ask me things that I dont know 100% I think is better try to answer with the information that I have than ignore you, is about education.

If you ask me again the same thing obviously I can not tell you anything new.

If you dont like my answer I'm s sorry, and as I said if you still want your answer go to Comodo Forum and probably Melih or a Dev will help you.

It's your problem if you expect the perfect answer from a person with the same information than you, at least I was bringing all the relevant info on this post so you don't need to imagine how CCE works.

 

Ah finally the excitement is back!!!

DON'T PANIC people, DACS will not ruin the AV which you are currently using. Remember the other AV companies will continue to flourish as average users, companies and fanboys will continue to pay for them. So we can enjoy our DACS(best detection) for free. If people were thinking properly, how do you think that Mcafee would still be in business.

However I wish to point out that I'm a bit concerned with the privacy issues!Sending unknown files to an AV company is one thing, but sending theses files to volunteers is a bit risky.

Merry Xmas

 

People here ask guest like he's the official spokesperson for comodo. He's not so don't get upset at him he's just letting users know there's a new product out and to give it a shot if you like if you don't like it don't use it. If you want official answers just go to comodo forums, that's the logical thing to do.

As for me I think its pretty cool and worth trying to clean infected machines on. I'm all for trying new things. Doesn't seem all that revolutionary like Melih said. But that's his job to market his product and hype it up. We just have to wait and see how it turns out. Another thing its free so I'm all for it.

 

Fuzzas


I guest, I'm being an intermediary here, so don't get mad with me


This is what Melih says:

Fuzzas said: "can't share the fruits of our research with all the others"
A malware found in a user's computer by an AV company is NOT the Fruits of their Research. Is it?

"The problem is he wants to give HIS end users better protection, by using OTHER's vendors products' capabilities... I think the "other" vendors may have an objection to that."

We are more than happy to give all respectable AV companies the DACS. So its not just Comodo users who benefit from it, but everyone!


"Why do all other AV vendors go and pay a royalty to include other vendor's engines in multi-engine products that don't necessarily use all engines in real time either"

The only AV vendors who let their engines used in a Multi-AV fashion are the small ones. Do you see Norton, Mcafee, Kaspersky, AVG in HitmanPro list? No....

1st post updated

 

And the point to be remembered is, its just First version of CCE that too first version of beta. So, lets wait and see how it turns out. And it is capable of dealing with MBR cleaning kinda stuff in future versions...Lets wish it gets succesfull.

-Harsha

 

It's ok, i am not in the av business either.

No, the malware isn't. But the inclusion of a malware sample in the database, is part of their research and companies even pay money to get samples. After all, this is how a product (along with the engine) beats another, right? And this is what brings $, right? So why should they share it? If it's nobody's harm, why does Melih wants to use other engines to do the job? Because he can't get the malware samples of the other, right? And why should the others share their samples? Because... Melih want to?

It is very generous of Melih to give to all vendors the detection capabilities of their products. Do they want it What if they don't want it? Does the fact that Melih is willing to share DACS with the others somehow morally or legally forces the AV vendors to allow their engines to be used like that? I think each company has the right to allow the use of their products' capabilities to their liking, not to Melih's likings. This is what i am trying to say. I can make also "Fuzzfas Security suite" and include my own DACS application for my users. If i say to Norton "you can take my DACS", does Norton have any obbligation to say "ooh, how nice you are Fuzzfas, we 've no use for your DACS because we believe in competition, but since you are willing to give it to us, we won't react to your policy"? I don't think so.

I didn't get this. The point isn't whether one is small or not. The point is that they pay royalties to boost their own detection rate. And again, NOBODY can FORCE any vendor to give his business resources to anyone. It's an individual business CHOICE. So i don't see the point. Melih may want to give his house to the poor. This doesn't mean that all other AV CEOs have some obbligation to follow Melih's policy. Each is master of his own self.

 

The thing is what is better for the world not what is better for Norton, Comodo or any other Company.
I dont want to discuss too much but this is how I see it.


This is what Melih says:

Fuzzas: After all, this is how a product (along with the engine) beats another, right? And this is what brings $, right? So why should they share it?

Obviously Fuzzas has not read the blog...here is the relevant "excerpt"

“Moreover, the practice of not sharing the samples of a virus or malware file creates a dangerous condition for the general public as it compromises public safety for the benefit antivirus industry profit and marketing motives. Similarly, a criminal can compromises public safety by hiding an instrument of a crime, for example a gun or knife, from public safety officials.

It is typically considered a crime of the obstruction of justice to alter, destroy or hide physical evidence of a crime. This can be true even if an individual was under no obligation to produce the evidence.

A computer virus represents the physical evidence of a cyber or computer crime and should not be maintained in secret by an antivirus company in order to further their own profit or marketing goals. This is especially true when failing to disclose or share the existence of the virus places the public security in danger.

For example, if a person found a gun that was used in the commission of a crime, that person could not take that gun home and keep it from the relevant authorities, as doing so could be considered the obstruction of justice.”

 

This is what Iobit was also saying initially. But as soon as MBAM decided to bombard the download sites with copyright infringement notices and Iobit's downloads started being removed, suddenly the signatures inside Iobit disappeared...

If other AV companies do decide to move legally, i wish Melih good luck. Sometimes it's not how large your legal department is, but how strong your legal position is. And i wouldn't bet a cent on Melih's legal victory if this should go to court. Just my humble opinion from the few stuff i hear now and there from a relative of mine.

 

My opinion here is that DACS is not a super ultra new technology , DACS is the pandora box, the wikileaks of the AV industry, and at the end, all the benefits will be with the users.

I hope that in a future the idea of DACS will win and all the AV companies will adopt it so we will have less problems with the malware, and that's all this is why this forum is here, this is why the AV industry exist, because the people has problems with the malware, and DACS is here to reduce the problems, for free and with all the wisdom of the AV industry.

 

Killswitch seems to be very powertool. It gives plethora of information about running processes. Guess i would replace this with my task manager once it comes out of beta...see the attached images of egui.exe (eset GUI) property window....
http://img148.imageshack.us/img148/4999/6token.png
http://img545.imageshack.us/img545/5672/7modules.png
http://img153.imageshack.us/img153/5223/8memory.png
http://img20.imageshack.us/img20/2558/9evironment.png
http://img69.imageshack.us/img69/9342/10handles.png

Thanks,
Harsha.

 

But this is a PHILOSOPHICAL argument, not a legal one and the main problem is that you can't ask to take Norton's capabilities WITHOUT his permission! Melih has a DIFFERENT business model, in which he earns money from other services (including selling certificates) in order to finance his freeware products. Fine. He feeds his employees with the money that earns from elsewhere. ANOTHER company though, may have another model, where the only source to feed her employees and make profit that will keep her going, is payware products that need to compete. You CAN'T expect them FORCEFULLY to accept Melih's proposal if they don't want to...

And you know why it's not happening? Because again, each company, including pharmaceuticals, is a for-profit company in a capitalistic economy. In order to compete and take profit to survive and thrive, they need to beat some other and get the exclusivity on patents for some years. This is why also their patents are internationally recognized and respected. No country can FORCE a company to share epidemic data or virus samples or research or drug patent if they don't WANT to for as long as their patent stands. That's why VOLUNTEERS exist (like Medicines Sans Frontiers), who are composed of personnel that does work non profit, because has enough money from other sources and they ASK for SPONSORSHIP from pharmaceutical companies. They don't FORCE them to sponsor them.

It would be also a good idea if USA would share its technological know-how with Africa, wouldn't it? If Africa says that she is ready to share its own with USA's is there something compelling USA to accept? No...

This is about REALITY, not UTOPIA or a philosophical issue. It would be nice if all AVs would be free, same for firewalls right? And how would the employees feed their families? Melih doesn't have this problem, because he sells certificates (to anyone). But what about the others?

I admit that.

Melih says that same as i am. The problem is that he implies that all others should adopt HIS business model (i earn from elsewhere, so i don't care about money from AV business) or that there is some... law (?) that forces the others to do what's "morally" right. There are others that make a LIVING (unlike Melih) out of their AV products, WHY should they share part of what makes their competitive advantage with anyone else? When he sold certificates to the bad guys, he also did it for PROFIT, compromising security, but that doesn't count i guess... Others do their PROFIT with selling AVs, not certificates. Just likes he wants to profit from certificates to keep going, others want to profit from their AVs. Different business model, but it all comes down that both want to pay their wages.

His crime example, i think is deeply flawed. The AV companies are not "criminals". And there is no "PUBLIC OFFICIALS" in the AV industry. There are PRIVATE COMPANIES, that most work FOR PROFIT. And that's why NO LAW obligates them to work together for the "common safety". AV industry is not a STATE service. It is a PRIVATE service. What Melih says would be true, if it was a STATE service given to the citizens.



It is typically considered a crime of the obstruction of justice to alter, destroy or hide physical evidence of a crime. This can be true even if an individual was under no obligation to produce the evidence. [/quote]

JUSTICE is a STATE business. It's part for what the taxpayer PAYS for (See, even there in reality you pay for). Malware security IS NOT.

Again, apples and oranges. And he should think again about why he sold certificates to the bad guys before all this moral bombardment. At least they AV companies don't sell to the bad guys something that can be used against unaware users.

 

Anyway, since it's Xmas Eve here and i 've better things to do in a while, i wish Melih Merry Xmas and good luck.

Because, after all, i am happy Avast Free user, haven't seen a malware for months, i keep Avast simply because it's ultralight. Otherwise i would move entirely to virtualization. It's not ME that he has to convince or from whom he may risk legan action. I may as well say that i agree with him so that we won't have to go on repeating our thesis forever. Philosophically i do agree with him. But just like in many other aspects of life, the reality is different.

It's the other vendors that he should be convicing of his thesis and potentially have to defend his company from...

P.S.: If i were Melih, i 'd do it another way. I would contact all vendors and ask their permission to make this software. Include the relevant EULA, share the glory with the other vendors and all fine. Some may actually want to partecipate if they think that it would be good pubblicity. But i wouldn't do it without asking them. But then again, Melih can rely on a large legal department, i can't. So it's his right to decide the way he likes it...

 

It's not 40, it's a bit less.
The number of utilized exploited engines doesn't matter, just by increasing their numbers you don't necessarily increase precision. Read what virustotal says about its service:

It's like saying a car with more horsepower is always better than one with less.
Examples are Hitman Pro and Wuzzup/Bugbopper (spelling?) of the top of my head. Both utilize multiple AV engines in the cloud.

No wonder Killswitch GUI seemed familiar, it's based on ProcessHacker. It is GNU/GPL, but it's another thing borrowed from 3rd parties.

 

Since when did not sharing samples start, yes its not like vendor x is going to go to vendor y and say "You detection rates are low let me go give you our whole malware database" but I don't see vendors not sharing at all. Lets go back through some Wilders Threads and see what we can find from other experts:

From NickHSunbelt

from this post: https://www.wilderssecurity.com/showpost.php?p=1604575&postcount=122

From an ESET Mod:

from this thread: https://www.wilderssecurity.com/showthread.php?t=118760

From what I think is a Dr.Web Staff:

from this thread: https://www.wilderssecurity.com/showpost.php?p=1237572&postcount=131

Finally Pbust:

from this post: https://www.wilderssecurity.com/showpost.php?p=1671965&postcount=201

 

First, let me say I don't use a real time AV. I use Bufferzone, with MBAM and Hitman Pro on demand.

But, regarding DACS, isn't something similar to that often done right here and on a lot of other forums? Somebody finds/gets/needs to know about a possible malware. The thing is PM'd to others here who ask for it, and I suppose the results returned. I'm sure a number of different av's are used.

To me, it's sort of what Comodo will be doing, except that in some way, comodo, as a business, will be sending the file to various participants (volunteers, if I read right) who will run and analyze the file.

Good business practice? I'm not sure, and I don't know about ramifications. I do know if somebody protested and contacted me wanting to know what antivirus I ran because I 'might' be violating some law, I'd be quick to tell them where to go, how to get there and what mode of transportation to take.

From what I've read on the comodo forums, DACS sounds like a good idea, and they've got a lot of people wanting to participate. If it works, fantastic. If not, no harm in trying. Better yet, it promises to be a free thing if it works.

If comodo wanted to charge for it, and I was a volunteer, I'd be looking for compensation.

I'm not a big fan of Comodo, although I do use their backup, and it worked perfectly the one time I needed it. Nothing else comodo sits on my computers.

 

Melih says:

Fuzzas: And that's why NO LAW obligates them to work together for the "common safety". AV industry is not a STATE service. It is a PRIVATE service

If there is NO LAW obligating them to share malware sample (evidence of a crime)...then using the same argument...there is NO LAW against what DACS is doing

You can't have it both ways

"There are others that make a LIVING (unlike Melih) out of their AV products, WHY should they share part of what makes their competitive advantage with anyone else?"

Because its a moral issue: Public health must come before profits! Thats how it is in the physical world! and AV companies are exploiting the lack of regulations in the digital world.

Ibrad: "Since when did not sharing samples start"

Excerpt:
What to do?

How can end users be better protected by not being vulnerable to malware that their AV doesn’t detect?

Solution 1 (Share Samples in realtime): Get AV companies to share samples in realtime. By creating a clearing house of some sort, just like we have in the physical world…(relies on AV companies to do something)

Solution 2 (Share Detection):Get the users to use ALL AntiVirus product at the same time in their Computers. (relies on end users to do something)

The issue is: Sharing in realtime. Sharing malware 2 weeks later is too late. In this day and age, malware infestation is faster than ever.

 

Well if you prefer less engines you can use less engines, CCE is an informative tool with the results of 40 engines, if after the scan you want to consider the same engines that hitman pro has you can do it for free.
If you don't like the multi engine idea don't use this kind of tools.

 

VirusTotal is licensed to use all of the applications in the manner it does, for example. If I set up "Eds VirusScan" and offer to scan all files sent to me through Norton for those who can't afford Norton, will Symantec applaud? Stay tuned, but I won't be doing it. I don't have a big legal staff. But I think I have defined a network with NAV residing at one node and being shared by the computers at all the other nodes in violation of the license: "use the Software on a network, provided that You have a licensed copy of the Software for each computer that can access the Software over that network";I don't speak weasel so Comodo lawyers will have to make their pitch. DACS sure looks like a network violating the license agreements multiple times for each product. However, IANAL; just an engineer.
But getting to the point of being able to do this on access and handle the timeliness and network issues is quite a challenge independent of TOS for the ISP and license for the software. Way beyond Threatcast and Comodo Cloud.

 

DACS will replace AV's soon because Melih intent to implement a realtime version of it in a while.

 

I still don't get the point of this whole "Christmas surprise"....

What happens when we, today, send a completely genuine process (windows process file) to Virustotal and other multi-scanning engines ? They all come back being at least detected as malware by 4 even 6 engines, while they're perfectly safe....

To me, it' all coming back to the usual Comodo way of "handling security" : Let other companies do the work, and we'll draw the conclusion and get the hoorays....

I always thought P2P stuff is for those dustributing illegal movies and games, but suddenly there's also a market for bubbeling up false-positive detections.

I suspect a perfectly safe user sending all his windows files to the cloud and suddenly he ends up with 146 malwares, Oh My, and I always thought my Avira did close to perfect detection.