Comodo AV better now?

I've been warning over that for a long time and as always they disregarded my expert opinion that D+ is only good when expert is selecting allow/deny. But from what i know, the number of expert users is rather small in general. Yesterday i performed a quick proactive test of new 3.9 beta by throwing my massive archive of various junk at it.
It was actually doing really well, up to a point where i apparently executed a Sality sample and even though i know plenty about everything, i have at some point selected Allow where VirtualPC service requested access to some other program that by all characteristics appeared a legit activity. It was just one wrong action and whole system was infected beyond repairability (typical for Sality/Virut). Well it could be cleaned but most of the time it's just not worth it.
So only 1 wrong action and all the "100%" security goes down like a building after scheduled demolition. It's better in 3.9 than it was in 3.8 but still it depends on user's knowledge so much it can either have near 100% protection or near zero protection.

 

I think aigle has already proved that quite well with Conficker. It's you who needs to stop your ridiculous "COMODO CATCHES 100%!" trolling claims.

You still don't get it. Who needs to fool D+? It's not the one doing the catching at all! The malware just needs to fool the user, that's it.

Comodo's been claiming that since day one, the next version will be better/more usable, blablabla, they've started building up the hype even before CIS 3 was released, but each and every time it's nothing but the same old. I haven't tried the latest beta (I will when the final ver is released, though), but frankly I don't see anything in the changelog that even remotely suggests that this might be true.

 

Iam getting SICK and TIERD to tell this to everyone here at wilders..
Agie had added 4 various ALLOW RULES in CIS, yet it popped..

It even says MALWARE BEHAVIOUR and you get at least 11 popups in proactive, not one as reported. Its far from not catching it..

Read the COMODO thread about it instead, ALL FACTS ARE THERE..
And if you login you can see what really happens and how the popups look if CIS is started in normal or proactive.


https://forums.comodo.com/leak_test...ficker_worm_versus_defence_plus-t33410.0.html

WITHOUT THE FOLLOWING CRIPPLING RULES THAT AIGLE DID:

Sure you can fool a silly girl to even disable norton or avira.. But its not like that is needed. With CIS the user has to do fault.. With most products you don't even have to fool the user.. The user is totally unprotected, Just use a UD sample. Or acctually you have both options, Fool the user or the product.

CIS is improving, at what I think A great speed.
All product needs time to develop, I think some has too high expectations.

But that don't mean they don't deliver as "promised".
I thought it was sad CIMA did not make it to this release, but well..

 

Sure. And to get those popups you can't even trust Windows system files. You can't even allow .tmp files that Windows creates and deletes like crazy by the thousands. You have to tell CIS to prompt you for every single frigging action performed by the OS, even for COM actions that force you to click "Allow" 4-5 times just to start a program, with a whole crapload more coming your way when the program actually tries to do anything. That's how you get your so-called "100% protection" - not to mention an unusable system.

At best that's called poor design, at worst it's just sheer stupidity. It's just a ploy by Comodo to push all security to become the responsibility of the user, yet take all the credit for "stopping" attacks. I can't believe there are actually people who buy this poop.

Again, you still don't get it.

With other products, the malware first has to trick the user into going against common sense, and running or clicking on something they don't know to be safe. THEN it has to bypass the security software. With CIS, the user is the first, only, and last line of defense. CIS contributes nothing, because everything is up to the user. That's why fooling CIS isn't needed.

Perhaps expecting a company to deliver more than empty promises is considered as "too high expectations" for you. It's the same with every CIS release, next version will be better! More usable! And then... poof. Same old.

But like I said, to each his own.

 

You really like discussing how bad CIS is in every thread? the enjoyment of the day..? Why not pick on something else once in a while.. I saw a PC Tools Antivirus v. 6 thread just below, maby go in and bash it for not being up to avira is a great idea?

Actually if you just tried CIS latest you would realise that it don't pop for every safe application at all.. Thanks to the White list..
But if you like it to still pop for "safe" applications then you can still do that thanks to paranoid settings. Or if you like it to just pop for applications that got onto your computer after CIS then Clean PC mode is great!

I can't believe people actually pay for products that got worse or no better protection than all the free alternatives.

Bah, it got a AV, and it got a memmory scanner now as well, and D+ can remove threats when they are running just fine and makes sure not too much damage can be coursed. + common sense is all that is needed to understand when a program is bad, especially with CIS.

What do you mean.? Not improved usability eh? I think you simply overlook all improvements that has and are being made, CIS 3.8 had a huge impact on CIS usability, thanks to introducing a whitelist, 3.9 has not made any promises to be more user-friendly, yet it has.

But its really version 4 that they said usability will come, thanks to a new GUI.

 

So users get alerts for everything and it's all their fault when they allow the malware? Also, there are other technologies other than D+ and AV. And according to AV-comparatives AVs detects around 40-70%, not 20-40%.

 

D+ only has great security when it is used by an advanced users, which is the minority, and therefore not suitable for average users. Those other products have better usability which in practical terms equals to better security for average users.

 

Users don't "get alerted for everything". But it gets alerts for every bad one, + it gives alerts for "some" safe applications.

Its a default deny approach and might not suite some.. But it sure as hell works.

Sure might be the case.. 40-70% that's great.
All 100% are stopped with CIS default deny approach however.

 

Its suitable for avrege users yes. But wow do we define "works". In my experience it dosn't. I have installed CIS on many users computers, they all stayed clean.. After I gave them some instructions.

And I also installed and visited people with other various well known brands, usually their computer are slow + infected but the av says "Green light your computer is clean no virus found".. But its really not when you do some on demand scans, and manual checking.

They never even realise "hey I was hacked"

They just get "green light, system clean".. with no chance whatsoever to prevent the infection since detection just wasn't and still isn't there.

 

Uhh. I don't wanna be a part in all this CIS flameing anymore thats not why I joined, to defend CIS from unfair critic based on false facts (as the example with conflicker). This topic is not about the AV any more and Iam sorry about that.

I declare myself out of the discussion. And hope one day, we can have CIS discussions without all the flame, just as we can have PrevX threads, spybot, avira or OA threads with little/no irrelevant offtopic "got to bash the product posts" made by the same users on a regular basis.

As we know no product are perfected this apply to CIS as well.
Now you guys can post and get the last word as usual.

Claiming that Iam stupid or whatever.. or maby that I got no insight in nothing, or go into technical details or make up users that would all fail to use D+. Or refer to one more wrongly preformed test.. Or why not go to personal assault as I experienced before where claims are made that Iam silly.

 

It's funny that when you complain, they don't like that. But when you expect them to fix the things you complain about, they are not interested in fixing them either. And we complain again and they again don't like that.
This never seems to end.

 

Well, the only thing that you have proved is that to get D+ to defend against Conficker, one has to be willing to suffer a bombardment of popups 24/7 and an unusable PC.

 

My 0.02€ about this whole conversation: you simply can not rely upon D+ to do the blocking.

In the end, it's the user that selects the action, and frankly we all know how confusing prompts can be (especially to a non-technical user). This simply will not work. This is great for power users though

It's good that Comodo keeps going with development.

 

Yeah, thats what I've been saying for sometime too about Defence + , it's only providing protection, if the user understands what each of the hundreds of Pop-ups mean. Lets not forget Malware can be really sneaky and appear to be something legitimate when infact it's not.

The testing is unfair, because the testers download malware and they know that the pop-up appearing will allow them to deny it, because they know for sure what it is. That's why comodo does so well in prevention tests, but forget tests and think about real life situations where the user has already been bombarded with tons of pop-ups, how can they know for sure what's malware and what's not? unless it's obvious.

Comodo can gloat about their bullet proof protection, but what they really offer is a very flawed sercurity solution coupled with a flaky Anti-virus.

 

Not being a fanboy here so please no flames. I've been using CIS on/off since its inception. I can say they expanded their white list with each version so the popups are minimal. The trusted Software vendors list seems to work now. The problem that I see with this product and you guys have hit on it already is the fact there are so many options to choose from. Sure you can take the defaults but I'm not sure this is the best security with the product. Right now I'm running it on (FW=Safe mode, D+=Clean PC mode and Stateful=AV). I have modified some of the options in D+ to get more security. Will a average user know to do this? I have tried running many apps and on my machine and I have had 1 or 2 popups. The Treatcast thing is a nice touch similar to DriveSentrys with how many users allowed/denied. I still feel they need some polish to make it bullet proof but I like it.

Just my .02 cents
Ice

 

While I'm an admirer of CIS it's misleading to state that it catches 100% of threats.I can give you a simple scenario now.

A user finds this great new anti-spyware application whilst surfing,lets call it XPAntispyware Gold.Having read the awesome reviews on the site they decide to supplement CIS and install it.They then pop D+ into installation mode to prevent all the pop-ups which after all are quite normal when installing a security product,clicking Allow on any that do arise of course.

There you have it,system compromised without any requirement to circumvent D+ because the user did the job for them! Yes D+ is very good at notifying unauthorised activity,but offers zero protection against the user himself.

 

It seems like their argument is that then it is the user's fault and Comodo did not fail at all.

 

This is where a very good white list might come in handy and prevent the user from installing the rogue app. DriveSentry does this very well. Hopefully Comodo's white list can be as powerful as that.

Ice

Ice

 

With all due respect to COMODO and Defense+ (I used to have in one system, before I was told a bug totally blocking access to the Desktop wasn't a top priority to be fixed.), pretty much everything is unknown.

The fact is that it lacks a great database of well-known and digitally signed applications (whilelisting), which would make everything so much easier. Even unknowledgeable users would be able to run it in full power, and only get alerts for everything, which would be the unknown processes/applications.

This is just to state my view as a former user, and someone who still tests it, to see how it evolves.

COMODO claims that each version reduces alerts.... Heck, why shouldn't it? Pretty much all advanced settings are off, with default installation, which is what most people would use.

Yes, sure, keylogger protection is provided by their AV. Sure... Until it isn't... Like everything else, uh?

 

Since the actualy CIMA heuristics aren't coming until v4, how will integrated BOClean affect detection rates, if any? Should it improve the amount of malware caught, or why is COMODO integrating it?

Also, how good are the CIMA heuristics? Do you guys think they're a giant leap forward, a small one, or (heaven forbid ) not a step forward at all?

The reason I ask both questions is because I have used neither BOClean or CIMA online. Now, it's obvious to me from reading this thread that we have a few people who dislike CIS for whatever reason. All I ask is that if you are going to be kind enough to answer my questions, please answer them honestly. There's a reason I asked my question here and not at the COMODO forums, but there is no reason to start throwing out more comparisons with other security products, especially for my second question.

 

Well, current heuristics are worthless crap. It's just detecting packers and thats it. CIMA however works similar to Norman Sandbox (since most are familiar with it). So yeah, that will be a significant upgrade.
Memory scanner, well, Melih is placing huge bets on it, but i think it'll only catch something here and there and will not make a huge difference. It'll benefit from BOClean signatures though since they are now merged in CIS.

 

TBH I've never been impressed with BOClean. Due to how it works it cannot stop threats before they activate, it only scans memory every few seconds and shuts down detected threats. Of course, if the threat is found in memory god knows what it's done already.

Until Comodo can raise the AV module from the poopy heap, CIS's biggest feature continues to be D+.

 

Actually the memory scaning is performed on execution and not on fixed intervals (even though thats also the case).

 

Given the complexity of some packers today, that's a very unreliable mechanism AFAIK, simply because you cannot determine which instruction eventually causes the executable to be unpacked to memory.

Do you have any further details on this?

 

With all due respect the only defence against rogue applications is blacklistin.Heuristics(CIMA or otherwise) won't help at all simply because there's little to differentiate a rogue AM from a legitimate one in terms of code structure.All CIMA might say is "suspicious because this program is attempting to perform action A,B.or C" all of which a genuine security utility could do also.Most rogues are not malware in the traditional sense of the word,just in the end result.