Comodo Internet Security 2013?

Well, i wonder if anyone at Comodo has asked themselves what to do to improve that. The whole point of their sandbox system is that file gets sandboxed until system reclassifies it and potentially moves it out of the sandbox. Whats the point of such system if nothing happens after 2 years!? It's pointless and useless and completely defeats the purpose of their system as in the end users are so pissed with it that they either start using some other program or they simply move the sandboxed app into Trusted section. And we know what happens if you move something that is actually a malware into a trusted section of CIS. Their default deny approach all of the sudden doesn't seem all that smart after all...

 

Doesn't some companies have automated analysis and creation of signatures?

I thought companies like avast! already had this implemented
If so with such a high volume of submissions Comodo should implement automated analysis like this.

 

Every days : 100 000 new unknown files that Comodo receives
About 20 000 to 60 000 (or more, that depends) are automatically analysed by CIMA (of course the detection is automatically added to DB)
see: http://www.comodo.com/home/internet-security/updates/vdp/database.php

Now tons of the others are still pending forever ...

 

= Total Definitions:16656390

In desperate need of optimisation.

 

avast! lab is using automated analysis systems for ages. But now they have gone further by evolving it to sorting, classification and analysis systems. Evo-Gen and FileRepMalware are just part of this, soon Dyna-Gen will join and from the looks of it, analysis capacity in avast! labs matches the volume of input samples, because lately loads of spanking brand new samples are being detected straight away. Maybe Comodo should consider buying few extra racks to compensate the analysis delays. Waiting ages for file verdicts makes their security app useless for most of casual users which are in need for good security software to begin with.

 

It doesn't matter what I have, I may have nothing to hide yet I want it to remain private.

pretty much this.

 

Hi RejZoR, When can we expect Dyna-Gen any idea?

 

I asked the head of virus lab on twitter, he said "It's not ready yet, it'll be announced as soon as it goes to production.".

 

Someting I don't quite like in Comodo :
The whitelisting process team go and search new program updates throught SoftPedia/cnet and also users' submissions over the forum.
Now a non signed must be whitelisted on every updates ... (its SHA-1 value changes).
Or avast! FileRep automatically builds its whitelist 24/7 ...

 

Thanks Spywar.

 

What's the Shared Space folder for? I was never asked if I wanted to install such thing...

 

Basically when you wanna save files from your fully virtualized program, it will go to the real system.

 

So is it like comitting a file in Shadow Defender?

 

yes, the "Shared Space" is made by default for this purpose

if you want you can change it in "Advanced Settings - Security Settings - Defense+ - Sandbox - Don't virtualize access to the specific files/folders"

 

well,you just got a point out there rejzor comodo should seriously think of improving over time right now as since v5 nothing has changed from UI and if you exclude a malware from the sandbox or D+ BOOM you are infected they should like do something as a work around there and not allow a unknown file whether even if it is in the exclusion do any harm to the system and then that will be 'default deny'

By main sticking point with COMODO was I can never leave CIS with average dumb users who never know what they do and who play around with malware and they dont know how to classify what is good or bad or how should he answer to such alerts and when CIS isolates or asks about some file behaviour because in india most of the users are almost dumb and dont know what they do and they can go upto any heights of getting a file to run and that's the reason I never ever recommended CIS to any of my clients

 

For me CIS left all my systems because of the broken elevated rights popup (if you hide it entire trust chain gets messed up and sandboxing goes crazy on stuf that is actually on the TVL list) and because their AV is absolute garbage. Because they try to make it detect a lot of stuff they detect absolutely everything from No-CD patches, keygens, loaders, patchers and so on as malware with no option to enable/disable PUP's or other non malicious stuff. They just detect everything as malware and that was starting to piss me off as you end up adding half of the stuff to trusted list, whats the point of AV if i have to make all the decisions in the end!? They aren't some friggin moral police to tell me what i should use and what i shouldn't. Detect the stuff thats actually malware and leave me alone ffs. avast! is one of very rare vendors where they don't detect anything of the above as malware and even if they do, if it turns out its not really a malware, they'll fix it. And thats something me and many others appreciate a lot. They don't play moral police and they keep on fine tuning detection on actual malware only. It has been like this for ages and i hope they'll keep the same focus in the future. Comodo could learn a lot from them in this aspect.
Every idiot can detect everything, but only few have actual and true detection of malware. And if you follow such phylosophy you also have very little false positives. Something at which Comodo is still failing miserably.

I've reported Red faction and Carmageddon 2 game components as false positives many times and guess what, after a year, they still haven't fixed the. Always with an excuse that i should report them through forums. Well why the F do you have "Report False Positive" in the program itself if it does absolutely nothing!?

 

Melih has had many responses about this on their forums. His position is that would you rather answer a popup than get infected I don't know what to say.

 

Maybe they could solve that by actually analyzing things and not blindly flag friggin everything. If i'd want to be asked about every damn thing i'd use HIPS only...

 

In general, those HIPS are not obliged to be so troublesome. For example take DefenseWall, it's very silent.

 

Not much has changed in this area then, since my posts in this thread in 2010.
"It looks like Comodo is really good at blocking malware only because it is really good at blocking. "

 

Still, if i'd be the one in the end to make final decisions, whats the point?

 

you are right, this is the weak point of all these questioning security apps

that's why CIS got low grade and never was certified by AV-TEST as its security relies on decision of user

 

Rejzor,actually the COMODO AV isnt that bad as you say and in v6 its actually quite good right now.Now,lets not bash Comodo too badly here

I personally after fiddling with CIS v6 since yesterday night and I installed it in stock settings on 2 dumb risky clients machine as a test a week ago and after visiting them today I found that they are still clean.

Not to mention,I personally feel both COMODO and avast are well to do suites and I have began to love them for their work even though I recognize their flaws

 

Not speaking in Rejzor behalf, but I think he has the reasons to dislike comodo, I have seen how his and other comments about comodo problems are heavily bashed by the staff there lol

 

actually only rude and annoyingly repetitive comments are suppressed

that's true many long ago reported problems are not fixed yet