mbam + comodo fw & d+.. do i still need an av?

to be honest.. i think the same :S

I just did a test with 22x 0-day malware links. Altough the webshield/script shield of Avast is just awesome (it blocked way more links than mbam pro) it never had the chance to actually dedect something when i disabled those shield to let the malware get onto the system.

First comodo d+ dedect all the malware + blocked the rest of the unknown files. Then I ran the blocked files again but didn't block them with comodo. MBAM Pro now dedected everything that was left.

Either avast just didn't dedect anything or simply never had to chance to even start scanning

However, the webshield/script shield of avast was very nice.. it blocked 99% of those links so that the malware-site wouldn't even load. So I really don't know if i should go for an AV or not :S

@edit: avast didn't dedect any of the malware files while mbam pro dedected all of them :/

 

No, you don't need an AV.

 

Emsisoft antimalware free or emergency kit can be added as an on demand scanner to check removable drives and for occasional system scans

 

Well the results from my malware test yesterday were surprising:

Avast AV didn't detect any of the malware i executed (or maybe there was one file it deleted) on the local computer. Comodo AV detected everything except one file.

MBAM Pro & Comodo D+ have blocked everything I executed on the local computer

At this test I didn't downloaded the malware (while disabling all protection) and then executed the files (with enabled protection) but simply tried to open the links with my browser (with protection enabled)
MBAM Pro web protection + Avast Webshield have blocked pretty much all links (so they wouldn't even get on the system / load in the browser

So all in all.. Avast Webshield is nice.. but then I also have NortonDNS which blocked most links. Besides that I''m more afraid of malware that I download via torrents,usenext or get from other devices such as usb sticks. For detection rate, comodo av was A LOT better.. which is surprised me as in most other tests/reviews avast is way better at detecting.

However, mbam pro & comodo d+ have detect everything already.. so comodo av was kinda useless.

I guess the decision between avast av, comodo av, mbam pro came down to:

CIS (with AV) + MBAM Pro
or
CIS (without AV) + MBAM Pro

And I still dont know which setup would better (security wise the one with the AV.. but I wonder if that wouldn't be just a was of system resources).

Will post videos & exact scores of each test somewhen this day.

 

You have already given an answer:

Two more (2) Posts (Here and Here) claimed the same...

 

FYI.

About Avast's WebShield see this post:https://www.wilderssecurity.com/showpost.php?p=1919519&postcount=14

And this:https://www.wilderssecurity.com/showpost.php?p=1920135&postcount=30

 

In any case your config still lack of a full AV, and I don't think that MBAM is gonna be any better than any AV. Probably adding CIS AV will be lighter than installing Avast.

But all depends on "how do you feel" or how much knowledge you have about windows, security...

Take a look to VT uploader, http://www.virustotal.com/advanced.html may be an interesting tool for you.

And I still think that you need something like trusteer rapport.

PD: I don't use any AV or antimalware despite my signature

 

It is MR.PC vs guest here !

Well my security setup is/will be:
UAC at max level
Applocker (with the ruleset of some guy that posted it here.. mr.brain or smth?)
DEP,SEHOP
EMET at max protection (all internet facing apps added, pdf reader, openoffice,...)
NortonDNS
Comodo Firewall & D+
MBAM Pro
(I hope I didn't forget anything)

From my testings this would already be a very secure (blocked all 22x 0-day malware links & files) & lightweight setup.

Adding an AV would be another security layer (and needs more ressources).
Why exactly would an AV still offer more security when I already have Comodo D+ with tis cloud scanning and MBAM Pro wil real time protection & scanning ?

Comodo AV vs. Avast free AV is some other topic.. right now I still can't really decide which one I should take. From online reviews/tests Avast looks more lightweight & secure.. but comodo av might be more lightweight in combination with the whole comodo suite. Comodo AV also had better results in my own malware test.

And for Trusteer Rapport: I currently have it installed. I'm not sure yet if I#m going to keep it. Is there a way to enable the protection automatically on all websites? I will also try out Prevx to see which one I prefer more (and hope that webroot will offer a free version as well )

Thanks

 

There is not VS I told you do what you feel comfortable
I don't think you need UAC with an HIPS installed.
I probably would install Comodo Fw + D+ +Cloud, some other things and no AV or antimalware product
Read this about EMET http://rationallyparanoid.com/articles/microsoft-emet-2.html

Comodo CLoud will tell you that there is an infection and it will try to block it, and not always will be able unless you have an AV.
Although once you know you are infected you will do whatever you need to clean the pc.

I can't find it now but there are some on demand test where an AV is much much better and just having MBAM. I mean MBAM is meant to be a complement of an AV. If you understand that and you want to run MBAM go for it.

Trusteer offers some protection by default and a more advanced on for the sites you add, check the advanced options and tune up them. I mean you don't need a super protection if you are searching in google... bank, gmail... is other thing.

 

I know, i was just joking around
I got used to UAC and it isn't an annoying thing at all. It is build in as well so I guess deactivating it won't increase the systems performance. But leaving it activated maybe increases the security.

So you say that Comodo Cloud will detect the malware but sometimes it might not be able to block/remove it. Thats where I would run on-demand scans. Altough AV's might be better at on-demand tests, I don't even want to let it come down to an on-demand test Everything should be removed/blocked instantly. So an AV would be what I want. But before finalizing that decision (as I would give up so easy HAH ! ) I have another question:
Shouldn't the comodo cloud scanner have the same (or newer) database than the comodo av? And then D+ / HIPS would simply block it before it can even execute?

Ah you are totally right !

Thanks

 

The cloud has a delay, that means that you can execute the file, allow the popup, and 2 seconds later the cloud can tell you that the file is infected.
Also D+ (it's an HIPS) is not that strong to hold, quarantine or disinfect your computer like it would be an AV, since you have already accepted the popup D+ can only add the file to the BLOCK list.

Anyway you will disinfected later

 

So I guess now it comes down to my browsing behaviour and what kind of security I prefer ?

lightweight which sometimes can infect me but still block it (and then I use on demand scanners to remove the malware)

lightweight + av which won't infect me at all (or at least the chances are lower)

From my security/windows knowledge I feel experienced enough to choose the first setup.. also I would have MBAM Pro real time protection as somekind of AV ? But then I also thought that the comodo AV isn't using that much ressources but would increase the security. Ahh I simply can't decide

I guess I will go for full CIS + MBAM Pro (and some german saying "vorsicht ist besser als nachsicht".. so secure yourself from the beginning instead of doing the on-demand scans when already infected ). Why not avast? Well it has some nice features but the most important for me was webshield which MBAM Pro somehow has too? I'm sure Comodo AV would run more lightweight with its Comodo suite than the comodo suite + avast ? Also Comodo + MBAM would probably give less conflicts than Comodo + Avast + MBAM (thinking also of feature updates & product changes)

@edit: wow now I saw this and want avast av -.-
http://www.av-test.org/tests/testberichte/quartal-22011/

 

The protection module blocks any malicious application that attempts to execute - it doesn't automatically scan folders and files like an AV does (it's only one of the differences)

go for the combo

 

@zakazak CAV has improve a lot lately, but probably Avast is slightly better.

Also take into account that they count like a bypass if the malware is able to left any leftover even if the computer is not infected (is not affected in any way by the malware), so this make CIS score go down... (Dynamic Detection Testing) (Real-World Testing) but it's funny to see how they hide their methodology.

Anyway this little issue will be fixed with CISv6 and the full visualization sandbox.

http://www.av-test.org/no_cache/en/...ports/?tx_avtestreports_pi1[report_no]=112298 they are testing CIS 5.3 now we are almost in 5.8

 

Hmm I guess I will do another malware test with avast vs comodo..

still one thing i just thought about: the av & mbam will try to scan at a file execution? and this will not cause any conflict? Cause in the comodo forum they aren't really sure about it.. since both products try to do the same thing. In my testings i didn't get any conflicts tho.

 

---Yeah same here. Why not try the whole suite of CIS and add MBAM Pro. And do consider Trusteer Rapport(good for online banking). Imho Avast may have the better AV but the HIPS protection will be on Comodo. Wait for the ver6 full virtualization now that will be something!

Oh and do remember all AV miss something/sometime/somewhere and not all are perfect that's why a layer approach + good internet habits is sound.

 

Never had any problems with those.

 

av and mbam will try to scan an execution file but this will not cause any conflicts because the scanning method of mbam is different from that of an av. The developers of mbam have designed it specially to make it get along with an av.

 

alright thanks.. I now bought MBAM Pro and currently use it with the full CIS suite.. still have to think about if i should go for Comodo AV or Avast AV. But I guess I will keep Comodo.

 

Oh there is one more thing:

As I also use Trusteer Rapport, is there anything that could conflict with it (comodo/mbam) ? Will adding its files to the exclusion list improve performance? If yes which files?

For MBAM & Comodo:

MBAM Pro ignore list:

Comodo's AV & D+ Ignore list (and D+ Trusted Applications list):

 

Good for you. Just hang on to the suite and let it grow on you. I did just that in another pc. At first I have reservations as I know Avast was he better AV then(last year) but CIS's AV has been really improving.

Conflict about Comodo and MBAM. I have none whatsoever. In my set-up I did not have to exclude any folder/files for CIS in MBAM (using CIS beta now). You may wanna try not excluding CIS in MBAM first then observe. Or if you can, the other way around (not exclude MBAM files)then observe then narrow it down from the list of files you excluded.

Saw your post at the comodo forums and the exclusions that you posted there for MBAM are the ones that the MBAM forums suggests.

Bottom-line is you will be the one who will see what will jive with your system and using habits. Whatever will make you feel comfortable.

Some additional read.

Comodo and MBAM / MBAM forums

Exclusions in Avast and MBAM

avast! 6 free + comodo firewall 5 (without defense +) compatibility / exclusions


Goodluck!

 

Hi Zakazak,

I read all your posts. You mentioned Comodo AV did better than Avast whereas you have seen tests Avast doing well. Yes Comodo & Avast both are great free AV.

I have tested both few times with different ways & got different results.

Avast AV has main Realtime Protection & Web Protection i.e it has signature protection & URL protection. Now as you know adding URL is way easy than creating signatures. So Web Protection can be better than main protection i.e Realtime Protection.

Comodo AV has only main protection i.e Realtime Protection & No Web Protection i.e no URL Protection.

So in my tests I have observed that if you test both products with pasting the malware links in the browser than Avast performs better than Comodo coz Avast has additional protection i.e URL blocker.

And if you test both the products with already downloaded malware samples than Comodo AV detects better than Avast. In this test no additional protection is involved, only the main protection of AV's i.e OnAccess Scanner is involved.

This is the difference I found doing the tests in different ways.

So I found Comodo AV's main protection i.e OnAccess protection better than Avast AV's OnAccess Protection. And I think main protection i.e OnAccess protection of any AV is the most important part of any AV as it is an allround scanner i.e it detects malware coming from any channels. URL, Web Guard are additional specific protection but are useful & provide extra protection with their specific purpose.

Thanxx
Naren

 

I also tested Avast vs Comodo without the webshield.. iun any case.. comodo won.. but in most reviews avast still seems to be better.

However, I will stay with CIS suite + MBAM Pro + trusteer Rapport (so no avast).

Trusteer Rapport is kinda laggy for my feeling.. maybe I should add it to the exclusions?

The comodo guys (in the comodo forum) still tell me that mbam pro & comodo av could conflict when scanning a file on execution :/

MBAM Pro also seems to block some things in skype/utorrent.. it actually blocked a lot of things today which i think is nice

 

MBAM is designed to be compatible with any AV, so you will not have any problem running it with Comodo AV
If you want additional ip blocking protection take a look to this soft http://www.peerblock.com/
Anyway I think that most of the ip's blocked by MBAM must be harmless, specially if they come from skype.

Do you know from where MBAM get the ip block list? they may be using the same source than peerblock

 

nope no idea where mbam gets the iplist from :S

But comodo popped up some alert from time to time aswell.. now mbam seem to be blocking it. Maybe its some advertising ? And it seems to block some torrent connection as well but that no big deal

For trusteer rapport: I really think I have some freezes since I use that software :/