Challenge to Symantec from Comodo CEO!

I think it only applies to antivirus, no firewall or HIPS or proactive defense. Correct? So just don't compare signature detection and you should be free to discuss

 

Melih sounds childish as usual.. and although he's blaming Symantec for attacking free products I've read several times on Comodo forums how he has attacked all other products than Comodo (especially AVs).

Reading the forum a bit I can see Melih posting the following:

Well, most likely Insight and/or SONAR will block it.. Apparently he doesn't know much about NIS.

 

Then, if I were to Symantec, if they're smart enough, I'd challenge COMODO (Melih) for a truly Independent testing: Using real-life people, randomly picked in the streets, to test both products.

Which one do you truly believe would better protect users?

Note, I'm not defending Symantec. They say free products don't protect users, while it is not true. It depends on which products we're talking about. But, they do have a business, and I do understand them. I'd do the same exact thing, in their place.

 

When he said Norton he means the full Norton not just AV, I dont know how did you arrive to this conclusion.
So, what happens if Norton (AV, Sonar, Insight...) does not detect a malware? you get a infection.

 

If the person is a complete "noob" all the unknown files will be executed inside the sandbox, so even if norton detection rates are better than Comodo, Comodo will protect you better. I explained to my mother in 10 minutes how works Comodo, she is a complete noob and she is using Comodo now, is not that hard.

 

But a testing review, the tester responds to a pop-up/alert, usually by selecting deny.

In the real-world, your average user rarely sees an alert, maybe one a month or ever several months, and when that time comes, they usually select 'accept', and possible malware gets through, or deny, and possible critical system service is denied and screws their system.

Either way, have to test for the average user.

 

Here's the full quote.

I think he's thinking that Norton has only one layer (AV).

And, what happens if Comodo doesn't detect something that can get past D+ and it's sandbox? Well, you get infected. Same thing really, both products have multiple layers, it just seems to me that Melih is saying that Comodo has more of them (which is not true).

Then I guess they'll wonder "where are the files I just saved"?

Not really defending Symantec, but I think Comodo is thinking their products as stronger (comparing both protection and usability) than they really are. Both products are almost unpenetrable on the right hands anyway.

 

How will COMODO protect you better? Does she know how to answer Defense+ popups?
Also, for what I could see, since I last installed COMODO in a virtual machine, you need to add whatever you want to the sandbox, right?

I'm talking about randomly picked people from the streets, then put them in front of different PCs with COMODO and Norton. Let them browse everything they want, looking for all kinds of stuff, including porn, cracks, etc.

Out-of-the-box, Norton will do a better job. That's it. Requires no extra configuration. It comes suitable for the noob. COMODO doesn't, like many others with these sort of protection don't either.

Forget about yourself. Have in mind millions of people who have no one to explain them stuff.

 

If you can read the Melih mind I dont have nothing to say. But this is what Melih just said:
http://forums.comodo.com/general-di...-comodo-ceo-t62041.0.html;msg437659#msg437659

It's much harder bypass the sandbox and HIPS than technologies based on detection.
Do you know what a sandbox and HIPS are?
I have ran hundreds of 0day malware and the sandbox has keep the computer clean, I used the same malware over Norton 2010 and Norton didn't detect some of the files.

Per example the famous sandboxie have been unbeatable for years against any malware.

 

Regarding the magical test which will never happen, you'd have to test full suite with full suite.

I think what MB is saying, sandbox etc aside, your regular user won't even know how to setup those (additional features, sandbox etc) in the first place, or benefit from its protection. Out of the box, I say Norton would be better for regular users.

For example, sandboxie is so easy to use, but most users I've shown and setup sandboxie for, most don't want to even recover files they've saved. People can be stubborn to learn anything, let alone employ it on a daily basis.

 

With CIS 5 you will almost dont see any popup from D+, even with malware. I haven't seen a single alert from D+ since I installed CIS 5 when it was release, thanks to the whitelist and the sandbox.

No you dont need to add nothing.
If the file is whitelisted (cloud/local) automatically run out of the sandbox.
If the file is unknown runs inside the sandbox automatically, a temporal popup will alert you and you will have the option to click "do not isolate this file again", so the file will be added to trusted files.
Right now the whitelist is quite large, maybe only the 10% of the programs installed in your computer will no be recognize. You can choose upload this unknown files to be analyzed by Comodo, there is also a thread in Comodo forums, if you want to whitelist some apps, you can post it there and they will add it in a few days. I did it and now all the software in my system is recognize as safe by Comodo.
Try CIS 5 again and you will see how much have changed.

 

I white listed a program to not run inside the sandbox anymore but every time it starts up, it still runs in the sandbox. Maybe a reboot is needed for Comodo to make the adjustment?

 

It seems that you don't know much about Norton and how it operates (new versions of Norton and Symantec company) . You still "hate" Symantec just for being Symantec .

And by the way Norton Internet Security does includes HIPS part which is by default disabled . You only need to enable it and you'll start getting pop-ups very often for various things if you that kind of guy

Screenshot where you can enable that setting => Disable Automatic program control

 

You dont need to reboot.
If the app is sandboxed you can click on "do not isolate this app again", so if you close and open again the app, the app will run out of the sandbox, and will appear in Defense+ -> Trusted Files, you can also add it manually.

Is the app portable?

If you are still having problems ask here: https://www.wilderssecurity.com/showthread.php?t=281989 so we can help you without be offtopic.

 

I dont hate Symantec, sorry this is in your imagination, in fact I always recommend it to some people, and I recognize IMO that is the AV with the best detection rate. If you hate Comodo is not my problem.

Why I would want popups? If I want popups I can put CIS in paranoid mode, and have a more detailed and configurable HIPS than with Norton.

 

You haven't proved that yet.

Obviously it does not have the best detection rate because in all on-demand tests it does miss malware based on the pure detection . However , Norton does have the best protection rate!

 

Please dont cry, I will send a mail tomorrow to Enrique Salem telling him how much I love Norton and he will sign it. jajaja

Due to this seems to be something normal for you please tell me how the fans of Norton proves that they dont hate Norton? do you have a photo kissing their logo or something similar? A tatoo in your arm?


Is this enough?

 

As far as I know Sonar is a behaviour blocker, which afaik count to the "prevention" layer.

Yes, I've been using HIPSes since 2008, I'm a KIS beta tester and I've run a hundred malware samples against KIS' HIPS and Sandbox without any of them getting through. I know well what they are.

While these approaches are hard to bypass, these technologies are hard to use for normal users, I've already read complaints of CIS automatic sandbox causing confusion for users.

Also HIPSes and Sandboxes are generally weaker on 64-bit operating systems.

I think that Norton does better for the normal user on default settings. Comodo is great as long as you know how it works though.

 

Comodo has CIMA (behaviour blocker in the cloud). http://camas.comodo.com/ you can upload files there but this is integrated in CIS, so everything is done automatically. They said that will include a local behaviour blocker soon.

Of course if somebody have never heard the word sandbox (in a computer security context) before probably they will need to spend 10 minutes reading a little bit.
One good thing is that COmodo is very well documented: http://help.comodo.com/topic-72-1-155-1074-Introduction-to-Comodo-Internet-Security.html like all the AV's.

Probably some people with a very basic knowledge about computer doesnt like Comodo and they preffer just an AV free or not, because they dont want to lose time (10 or 20 min) understanding how to use it. I understand it.

 

This depends greatly on the user/PC it is installed on. I installed it on a machine with games, and everyone of them caused popups, sandboxing, firewall alerts, etc.. Some of the games wouldn't run the first couple times until I got everything allowed, and unsandboxed, etc... And then when there are updates to the game, start from scratch. Very annoying for most PC users.

 

Right Click on the Comodo icon, Game Mode. perfect for any gamer.

 

Didn't work for me, games still got sandboxed.

 

http://help.comodo.com/topic-72-1-155-1147-Starting-Comodo-Internet-Security.html

When you see the notification of the game being sandboxed, click on "do not isolate this app again" close the game and open it again. If you dont want to do this you can add the .exe of the game to the trusted files before play the first time so you will not get any popup.

 

I know how to get the games to work. I am just saying it is a PITA. I spent 20min+ going through my different games trying to get everything unblocked and working right yesterday. And then like I said, when they update the popups and sandboxing start over. No other AV program causes as many annoyances as CIS does.

I am glad it is working out for you, but not everyone will be happy with CIS.