Anything else combined with Comodo Defense+

Miyasashi:

You have NO idea how Comodo Internet Security works mate. Let's look at what you said before, "If a user clicks on the wrong thing, etc and how HIPS is 50% protected and 50% common sense."

First of all, That user is letting the malware into the PC in the first place. Well the malware then might simply be deleting files and this is a legitimate action. With CIS, Comodo covered all the angles that a malware could get into PC in the first place…lets see YOU trying to get malware into the PC and see the alerts that CIS generate. Whats the point of you downloading the malware into the pc and executing knowingly? Also, HIPS on its own is only one layer of protection! For example, I told you above about the Heuristics Alert CIS Generates, CIS has that intelligence along with D+. For example its ok to launch a specific dll but its not ok to launch that specific dll if its coming from a usb auto run etc. These are all the intelligence that CIS have built in against infection, while keeping the popups to minimum.

So actually, Yes CIS prevents OVER 99% of the time. In majority of the time users choose the right answers, shown with ThreatCast in the beta. The issue is if you had AV majority of the viruses will simply waltz in.. with CIS it stops and users in majority make the right decision. Users who don’t run a new application every hour won’t see many popups and be protected automatically. . (look a the latest worm example where CIS simply said, look this is malware and the alert was Red).

The issue you reefer to with matousec is history in the latest release, .439 which they haven't tested yet.

So I say again, Users are protected with CIS. I hope you learn from this.

Cheers,
Josh

 

Do you understand most of the D+ pop ups?

 

Someone (the user ) made the most important question!

Do you understand Defense+ alerts?

To answer Defense+'s alerts the user has to have a great info background to know how to interpret each alert from Defense+.

And even if ThreatCast would somehow make things easier, the user would still have to know what he/she was answering, and not blindly allow an alert because 70% of users allowed it.

And those 70% may have allowed something based on their preferences, as well as the other 30% of users who blocked the action based on their preferences, and not because allowing would cause anything bad to the system, etc.

It could had been the 70% blocking and the 30% allowing. Same deal. What would an unknowledgeable user think of that? Should the user allow? Should the user block? Would the user think that the process that those 70% blocked, is a bad process? Could it happen that the blocked process was VLC blocked from connecting to the Internet. Just because the users didn't want it to.

Rather than ThreatCast, I'd rather see a strong behavior blocker mechanism implement into Defense+. But that's another talking and this thread is not the place for it.

Bottom line: If you have the knowledge to answer a classical HIPS alert, then go ahead. Otherwise, forget it.

My way of seeing it.

Regards

 

And how can Comodo know what's a right or wrong answer?

Same example I gave previously.

70% allow VLC to connect to the Internet and 30% block it. Or the other way around. Based on their preferences and nothing else. What's the right and what's the wrong? Who will decide it? What if the rate says 70% blocked the access to the Internet?

What if 99% block access of Opera browser to the DNS Client. And 1% allows. What's the wrong and the right answer?

Understand where I wish to go?

Regards

 

Thanks!

Great minds think alike.