Comodo Antivirus v2: what's new?

Safelist is not being used in the beta nor the firewall....
Always better to ask...

 

Of course no other AV can...
Comodo is lightyears behind from competitors

 

(First of all, i'm a beta tester at CAVS. I saw how much they worked on problems we've reported and i've tested many release.)
One of the few new features is that you can work with more AV scanners. While CAVS isn't as good as the old names, i guess you should give it a try to use it as another security layer.

The HIPS will only ask to run a file IF that's not a safe file. Under safe, they mean they got it in their safe database list. The big deal is where you can't imagine examples, like: run a schedulded task with a malware executable (earlier there were some weak point at the windows schedulder and you can use it at command prompt with the AT word), many AV applicatons won't say a word regarding this file if they don't have good HIPS or an excellen heuristic. So, by my opinion, HIPS is a very good feature.
It's not like just saying it's an executable file (whatever this means, but you can find a nice tool at Trojan Hunter's page).

Incremental scan useing the safe list is another good feature: (this is from the vendor's home, my English isn't perfect, yet) The incremental scan will skip over the files that are listed as ‘safe’ in Comodo’s internal safe list. This reduces total scan time and accelerates both the identification and disinfection of corrupted files. It will also greatly enhance system performance on older computers. Incremental scanning is available as an option in both On Demand Scans and On Access scans.

Mapped network drive scanning. While at some commercial applications you must pay a fee for scanning network drives, it's free in CAVS. Ex.:
1. you got your friends machine in the nearby;
2. both of you will set up your firewalls and discuss user rights/passwords;

(In our example we will scan our friends C: drive and we will use drive letter Z

3. type in "net use z: \\friend-pc\c$"
or with an IP
"net use z: \\192.168.123.123\c$"

4. from now on you can scan your friend's C: drive!


Manual quarantine possibility with your own description and it can stop e-mail worms.



On the other hand:

I don't think CAVS heuristic is too good but as i saw that BOClean news, i think they are on the way to create a much better one.
I don't think the av isn't resource hungry, many of us know AVs which need less memory (i think many people will belive that the "System Resource Friendly" text will lead to low resource usage which isn't 100% right, so read all the text there).
The detection rate is still below the big ones.


So, anyway, it's always good as another layer, you don't have to uninstall your current antivirus software (far as i know). Sorry for my English guys, but i'm always trying my best !

Arki

 

As far as I can tell, CAVS' so-called "HIPS" seems to be no more than a glorified whitelist, in the sense that it pops up an alert when you try to execute an unknown file, and doesn't appear to do much else. All it does is add an extra layer of annoyance for users - if it really does help in stopping malware, the digital signatures function in XP would've wiped out malware pandemics years ago.

 

You didn't read security issues related to scheduled security holes, did you? And it was only an example for a case the executable is running with SYSTEM rights (whatever named list we're speaking about).

 

I don't really understand what you said, but it seems like my interpretation of CAVS' "HIPS" wasn't too far off the mark.