Comodo Antivirus v2: what's new?

Well, after I read that the excellence is in leak protection only I scrolled down a little further to read this:

Talking about hooks, not filter drivers, this is total nonsense. How would anyone be able to prevent anything from any other entity in kernel mode? Maybe the kernel designers can to a certain extent (see PatchGuard), normal vendors just can't do it. Oh and mind you, the "funny" implementation of some of the products are risky, to say the least. Yes, I have seen more than one during debugging sessions and in a disassembler (and I mean specifically the kernel mode parts). As a kernel mode developer I hate the problems these freak-drivers cause anyone else!

And even if unhooking fails for some reason, the bluescreen will point at the hooking module, not at the one attempting to unhook it!

... not to comment ignorance of freely available OpenSource implementations, that, if being worked on, would likely perform very good in comparison to those commercial products.

And development has to be quick as well to keep pace with progress of malware ...

Full ack!

Hmm, and what about the statement by "the boss" of Comodo? No proof needed there?

// Oliver

 

Yes, exactly. I don't bother with them either.

[Probably dumb question:] Why are these (leak) tests not performed using actual known malware samples, like when you test AVs?

 

Most of these tests are done with specific software that apparently leaks. I've yet to come across software like that in my day to day use of the computer as I don't just go downloading everything in sight.

 

Regarding Comodo FW I want to quote the frequently referred matousec page, which also ranked comodo 1st in matters of leak tests:

Read http://www.matousec.com/projects/wi...l-analysis/Comodo-Personal-Firewall-2.3.6.81/ for the full review. It also features a quite impressive list of critical bugs. While certainly important, leak tests are very much overrated recently and comodo is a prime example here.

 

Off topic post removed. Please let's remain focused on Comodo Antivirus v2. Many thanks.

Menorcaman

 

Anyone see the latest post on that thread?


By Melih

http://forums.comodo.com/index.php/topic,6272.90.html


So is it more of a HIPS application?

 

i don't know if what they are using isn't basic execution control, which is very easy to achieve but annoying as hell and of course dependent on the "meat" component in front of the keyboard.

BTW other avs also have hips/behaviour blocking capabilities: norton 2007 - if you tweak it correctly, kaspersky has it, f-secure so they should lay down a bit on the "the only AV that has it" part.

 

quote "Because CAVS v2 simply denied the ability to execute due to its HIPS functionality which no other AV has"
kaspersky PDM?
it im not mistaken pdm in kaspersky is a HIPS and was implumented in kav6.0/kis6.0 months before comodo put HIPS in to there av. so the HIPS which no other av has is simply incorrect.
lodore

 

That's what I'm thinking... Or what about other HIPS programs with AV's like Online Armor Antivirus+ or Safe'n'Sec Personal+Anti-Virus.

 

thats a very good point also
great minds think a like=D
lodore

 

comodo antivirus...

well, i dont care much for results but id rather use MS ONE CARE than comodos AV.

think that stamps my thoughts on the matter

 

So, besides KAV 6 and this new Comodo AV, what other AVs have HIPS?

 

Ahem...... try it with Antivirs AV, not the suite. My PC is as fast as I can ask and the 2 love each other.

Or try the latest Prevx1 by itself.

 

If you are not a company or organization you can get a good antivirus and a good HIPS for the same price (free) instead of the Comodo AV.

 

F-Secure has a type of HIPS I bleieve.

 

Thanks NAMOR.

 

For that matter, neither Comodo nor Microsoft is a "gold standard" for poor quality of AntiVirus. Yes they are both mediocre but not enough test results are available to truly measure their performance at this time....Besides, there *are* worse AVs out there. Hauri Virobot, AhnLab, etc.

So don't drop the duck on any product just yet, wait for the test results and see how it does, then conclude about its performance.

 

I'm not pretty sure how's that going...so I choose "not use"...

 

Use your common sense and stop program bashing.

I suggest reading this info:

1. http://www.markusjansson.net/exp.html

2. http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm

After you go through that security software it's an individual matter, like I prefer driving a Skyline over an Accord. Who cares both run well and fast.

 

Please explain: Why do I need a HIPS to stop me from running a executable, and how do I know if it's certified?

Thank you!

 

http://img217.imageshack.us/img217/7686/hipsalertml6.jpg

Well, at least you can't say it doesn't work

http://forums.comodo.com/index.php/topic,7343.0.html

(just kidding a bit )

 

omg

 

Well, they've got that special kind of humor

@EraserHW: Have you sent them the file for analysis?

 

Oh man, not yet....I'm too busy today to send the sample

 

Just read the comodo forums aswell, they are funny

Comodo dev. team must be working very hard these days because of the latest av-comparatives tests...