COMODO Internet Security 4.0.135239.742 Released

I gotta admit. The Comodo AV Engine and Detection has really improved over the last 12 months.

Testing latest links of Malware Domain List, Out of 20 links or so, Comodo can get a detection rate of 60-65% for this subset of new malware. Comparing this so Avast! and Micrsoft Security Essentials, it looks like Comodo has the same detection rate as these 2 AV's. I'm impressed from my own personal tests, and also seeing these:

http://www.youtube.com/watch?v=fo69WyrzCkw - Matts CIS 4 Review

http://www.youtube.com/user/languy99#p/u/0/PqlVvqjvggs - Languy99's Review

General Feedback:

http://forums.comodo.com/news-annou...f-sandboxed-t52483.0.html;msg377207#msg377207

http://forums.comodo.com/news-annou.../cis-4-security-efficiency-test-t53509.0.html

So AV Detection really has improved, Well done Comodo.

 

Have you ever thought about how useless testing against the URLs listed on Malware Domain List and similar sites is?

I mean, it's extremely trivial for any AV vendor to blacklist these URLs as soon as they appear on MDL (or similar sites, there's a few more sites like this). However, this doesn't say anything about the real detection/protection capabilities of the product...

 

Thought about that many times too. I just use it to see how my software acts against the new malware, whether it detects it with signatures or not.

 

Unfortunately seems AV companies are not capable to do even that simple thing well.

 

Very true!

 

Such as...?

 

Take a look on the Malwarebytes forum,there's links and samples aplenty there.

 

Very true. When I try Avast against these url's, it blocks all of them either with the Web Shield or Network Shield.

Ice

 

Hmm... thought about something... I tested CIS against a new trojan, and it did put it in the sandbox with all the settings on, but... there's still this Proactive Security preset which gives more warnings from D+.

The question is, if a program is in the sandbox, and is not a fake AV so that it's not affected by the bug - should I be completely safe from what it might try to do? Would D+ on Proactive Security-preset give me more protection if something is already sandboxed?

 

Matt just posted here part 2 video on Comodo D+ and sandbox.


http://www.youtube.com/mrizos

 

Nope.

All I know is: Detection, traditional Antivirus, is useless. It's useless when it's used alone. In CIS 4, the ROLE of the AV has changed, Where If a malware is not detected, it will be sandboxed.

PS - When are you guys (AV-Comparatives) going to change your testing methodologies, instead of testing detection of a product? You test a subset a malware, which means nothing with all the 40K new malware every month. Have you considered ATMSO?

PROTECTION (Prevention) is the key protection for end users now. Not Detection (But Detection, like CIS, can be used for usability purposes and work with sandbox).

 

@ Dragons Forever

When I use OpenDNS, Google Search and IE8'smartscreen or Chrome's SiteAdvisior plug-in I will get equal or better detection rates than CIS 4 (three blacklists with a fair chance one of them has copied the URL into his blacklist, which is the point VLK is making).

See the little experiment Aigle did where Smartscreen of IE alone was able to block 65%. Following the line of your arguments, I am better of with IE8 on a Vista or Windows 7 machine than latest CIS4.

Reason1: Smartscreen has a higher prevention rate than CIS

Reason2: I can tell IE8 to download only signed executables (same criteria CIS allows programs out of the sandbox, IE8 intercepts, prevents earlier than CIS4, again IE8 outperforms CIS4)

Reason3: IE runs in protected mode, that means lower rights and less posisbility to do harm than in CIS 4 sandbox running in AV mode with medium rights (remember I still get the native UAC WIndows virtualisation with it also protecting HKLM and Program Files)

Yep, this little 'test' above clearly shows that Microsoft has improved. IE8 is now one of the best AV's around at least it beats a top notch AV like CIS4 in prevention (download URL's) and intercepts earlier in the flow of events (not even allowed to download non-signed exectables: prevention is better than the cure).


Note
The moon is round, the moon is yellow, so it must a gigantic Gouda Cheese, see attached image, clearly showing the resemblance

 

@kees

Seriously, I agree with you: VLK has a point.

LOL : the Comodo fan boys will problably curse you for ridiculising their prevention argumentation

 

Why care about that kind of testing since it misses the most important point, which is: IF you stumble upon a new malware, say from a smart developer, who makes it signed, and it's not detected, you're toast. Yes, I tested myself so I know that the combo you mentioned is indeed very strong, but it's not gonna do enough someday where you get to that "if", at least not for a novice user, and it's ALWAYS been about those when it comes to infections - not the advanced users at these forums. That's where the magic comes in of CIS; its DDP. No other prevention method will beat that to be honest.

My two cents.

 

All very valid points and it's difficult to fault your logic.However you fall into the trap of many advanced users in presuming that everyone else is as careful and computer savvy as yourself.Alas the World is full of careless folk that download willy nilly from P2P sites,install new 'codecs' and can't wait to view the latest Jessica Alba nude video.A lot of people need protecting against the biggest threat to their security...themselves.

 

new comodo review
http://www.youtube.com/mrizos

 

Aha, Comodo Sandbox lets signed executables through: with default CIS AV setting you are toasted also. So where is the CIS magic? But raven see comment at Andyman, that was really not my point.

 

Sorry guys, my point was that Dragons forever arguments against VLK statement are as valid as my argiments that IE8 is a better AV than CIS

 

it seems that the sandbox has some isues

 

Yeo, but very knowledgeable MATT thinks that the DEFAULT VISTA/WINDOWS virtualization (the location of the first file MBAM detects, Data Roaming etc) is the COMODO SANDBOX

So this video shows CIS SAndbox - Default Windows Virtualisation 1 : 1

So maybe my tease the fanboys phony argumentation IE8 on Vista with UAC is a better AV than CIS4 really could be true? KEES: stop this is to easy

 

Good luck if the AV does not come from a website.

 

You shouldn't have taken it personal to start with, second, I've now turned that option off (trusted vendors) so where is the problem?

 

No problem for you now, I am good also (see: I have Comodo Sandbox mentioned just in one sentence with DefenseWall and Online Armor in a favourable manner https://www.wilderssecurity.com/showpost.php?p=1640164&postcount=12), just trying to get things into perspective (VLK did not even reply)

 

When you have got two machines. Try downloading one fake AV from one machine without the download protection. Put it on a USB stick. Connect it on the other PC with the download protection registry tweak. You will notice the download ADS info is copied with the file. It won't execute

Try it again with the block removed on the other machine: now I am raided (so your are right)

 

Just finished running comodo through some links on malwaredomainlist and 1 got through even though it said it had sandboxed it. I believe its the one that is fid.exe on todays links. It loaded up antispyware 7 and went to view active process list and chose terminate and block. But thing is it had already messed up my exe file associations. Restarted computer and comodo wouldnt run because of the exe file association. So that definitely needs to be fixed in comodo.