COMODO Internet Security 3.9 BETA then RC Discussion

Re: COMODO Internet Security 3.9.73015.489 BETA Released

Sorry, I thought it was checked by me already. Now OK.

BTW they must had a separate alert saying Clipboard acess rather than keyboard acess alert. Seems strange.

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

It passes this interesting POC as well.

https://www.wilderssecurity.com/showthread.php?t=229609

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

If you use the standard Proactive configuration, all the Monitor Settings are ticked by default.

With previous releases Proactive produced very many Defense+ popups, however with this beta there are very few to answer except for installations of new software.
This is with Defense+ and firewall in Safe mode.

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

What about BOClean? Is it included in this version?

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

boclean is in the beta thats currently out

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

U mean 3.9.73525.491? Where i can find BOClean in it?

Thanks

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

Thanks.

But IMO they must give an option to configure it too.

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

Right, especially bearing in mind the fact that BOClean had quite some configuration options.

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

BOClean causes constant CPU spikes as it reads memory. I don,t know if same will be true of this integrated componenet or not?

Also will it,s detection pop ups wil be same as that of Comodo AV? How can we test it?

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

Thanks.

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

The only configuration option change for the anti virus seems to be a choice between On Access and Stateful for the Real Time scanning.

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

Those features, along with Buffer overflow protection, which was a part of the previous version's new features, are enabled by default, right? They're simply features "implemented" into the AV?

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

Yes. Stateful File Inspection is enabled by default and this increases the real time scanning speed by not duplicating work. Also the Memory Scanner is not optional, Because it acts as another Scanner with the Hard Drive Scanners since Malware either needs to hit the HD or RAM. Memory Scanners works with both CAV Signatures and BOClean signatures.

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

Sounds just great to me. So, even if just choosing to run the AV if installing CIS, the Memory Scanner would be a new component of the suite always running to protect you?

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

Yep. It's sweet. Installing full CIS or just AV you get the Memory Scanner, It's a need since some malware can't be detect at file level, Only at Memory level and this is where Memory Scanner proves useful. You may not detect a virus when it's downloaded but it will be caught when executed in memory. This is where BOClean proves it self, And along with CAV it's awesome!

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

I don't doubt that at all. Can it be the case that Norton is scanning memory too, cause Opera is not officially supported by it, but it still protected from malware just excellent in that browser (?).

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

Some general questions about the latest version(s):
1) If Comodo is default deny, why do all the pictures show that if a user just clicks on OK with no other action he gets an allow?
2) Whatever happened to Threatcast, which was advertised as the solution to user confusion in some discussions of the earlier releases?
3) Isn't stateful inspection pretty much the same thing that Norton/McAfee/ others did in the dark ages to speed up scanning? When they did virus scans they put a token in each folder with a checksum so you could tell if the files had been altered and needed to be scanned again. Or is there more to it?
4) Since the integrated BOClean is not configurable, how does it do the same functions?
5) Is the whitelist the only tool to maintain security with fewer popups, or are there other features added also?

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

I haven,t heard of any AV( including Norton) svcanning memory in real time. BOCLean was the ONLY malware scanner that used to scan memory in real time( infact not in real time but on very frquent intervals with consequent CPU spikes with each scan).

Even i am wondering how CIS can do it without CPU spike and I wonder if it is even possible.

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

#2 question-i been wandering about this too?in the new beta i dont have the threatcast option,but the thing never even worked anyhow?when i asked in the comodo forum all i got was i probably wasnt online when i installed it but i was im always connected online.a feature that never worked and never got fixed.

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

All I thought about was that Norton would still protect me just great even if using Opera which is not supported in any way. Guess it's simply the on-access scanner. Now, PC Tools latest AV version (v6) does have memory scanning, and previously this existed as a separate program - but I didn't find that stand-alone utility useful, though...

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

Personally I think that on #3, Kaspersky is probably the best, and it's used the same technique - though probably upgraded in new versions - for a long time.

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

If no action is taken by the user then the file gets blocked (with no rule save).

Clicking OK only means allow if allow is selected.. Clicking cancel will result in a block.
Its default deny since ALL files will get denied to run or to do "stuff" unless the user says "okey" first..
The only files that won't generate an alert is those white listed.

But if you want you could select paranoid mode and even get alerts for those files..

Most suites works differently, and chose to have a BLACKLIST, (av and similar) however comodos blacklist is EVERY FILE that has not been white listed, this is making CIS better than its opponents against zero day threats.. Since everything unknown gets blocked and alerted.

Its still there. 3.9 has also fixed a bug that made TC not work for all users.
TC needs internet to work thou.

stateful is something similar to what you describes.. Yes.

It scans memory, its now working with a bigger database. The reason for BOCLEAN interigation was to easier detect "packed/encrypted" malwares.

There is the white list, and the popups are now a bit simpler if you just want to allow the damn thing..

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

Thanks for the answers. I took a quick look at the Comodo forum, but answers are often hard to find there.
The reason for 1) is that all of the pictures show "allow" as already autoselected in the popups. Wouldn't it be more consistent to have the popups default to "block"? Wouldn't someone who just hit OK without changing the default get an allow currently? It looks like Comodo is recommending an allow the way it is now.
Does anyone actually know how Threatcast is working? I looked and found a few people who said it still doesn't provide data for them, a few who said it did, but Comodo seems to be silent on it and its performance/plans. Surely they must plan an evaluation or calibration or something. I am using Prevx Edge, which is a rather different approach to the use of Community data and wonder how their simpler approach fares.

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

Yes its true that "allow" are selected "by default". In 3.9 however you are asked to "block" or "allow" with no pre-selection's (unless you go advanced).

It's true that a user might by accident allow something, but usually CIS by default raises many alerts for one "unknown" application, so the user got "several" shots.. If he/she by "accident" hit allow to something.. Also there is the possibility to go in and change existing rules ofc.

CIS says: "don't let anything run unless we know its good". Its default deny.. Nothing run, unless user tells ok.

While most says: "let anything run unless we know its bad" Making most miss stuff since none knows every bad application..

I think TC is far from great as it is now.. And some still seems to have trouble with it.. If TC says something is bad and Prevx Edge says something is bad then I would probably trust the result of Prevx Edge more.. Especially if only a limited range of people has voted. Sometimes TC might give a "unclear" view also, what if 54% allowed while 46% blocked.. It makes the decision hard for some I believe.

TC should not be viewed as "this is the correct option". But rather something those "yes" clickers or users that are "unsure" can use together with the technical info presented to hopefully make a better judgement. I however look at the technical info only.

 

Re: COMODO Internet Security 3.9.73015.489 BETA Released

I will try and answer them:

1) V3.9 Beta has now Allow and Block Alerts. One Click Allow, One Click block is what it is.
2) I think there is still a bug in TC that does not show ratings. They are working on it.
3) I am not sure how others works... But Sateful File Inspection increases the Real Time scanning speed by not duplicating work. Similar to others? Yes. But Remember the AV in CIS is only 5 months old.
4) BOClean acts as a Memory Scanner (A Totally re-written one). The BOClean Memory Scanner is the LAST LINE OF DEFENSE in CIS and works with CAV Signatures. Anything that is not caught downloaded, Will be caught in Memory - Obviously no AV can detect anything, but this is how it works when it does catch a malware.
5) As I said in Question 1, V3.9 now has one click allow and one click block Alerts in order to encourage the use of it. There is also some Smart intelligent stuff that was put in v3.8 to make the Alerts more less, So there is Whitelisting, One Click/Block Allow Alerts and under-the-hood changes.

Hope this helps.