Comodo Cleaning Essentials 1.xx Thread

No, In the half time that you wrote all this nonsense you could check it by yourself that this is not how it works, but this would be ask you too much maybe. It's easier make up something.

___

If I remember well Immunet also uses data mining, at least I remember to read something about this during the early beta stage.

EDIT:

From Comodo forums:

 

Lord Raiden, if you have something to say that will help us understand what Comodo is really doing, please let us know. Or provide a reference. Maybe we missed it. Data mining technology was a hot item several years ago (my company spent some R&D on it) but this sounds like a new application. "This is a "Static Analysis" of a file based on "Data mining" techniques." is just technobabble.

 

It's using data mining techniques to detect malware, where is the problem?
Nobody said that it's something new in the industry, immunet already uses it and probably others, nobody said that will be something revolutionary it's just a new thing for Comodo made in order to improve CIS in a near future.

If you are familiarize with data mining because of your job I dont see where the problem is, what do you need to understand? the malware files can be "decompiled", there are dozens of ways to extract information from a file without executing it, then you analyze those results with data mining and AI using some rules trying to find repeated patterns in the malware files and then you can start to make new engines using those rules/patterns in order to detect new malware. If you really know what is datamining you should know the work flow to use it.

 

Lord Raiden,
Since you have supplied your explanation,could you tell us where to find it at Comodo? Again, must have missed it on their site. Data mining is usually used to find hidden patterns in very large databases, and I guess the correlation here is not so apparent. The part about how you "analyze those results with data mining and AI" in particular. I don't use data mining, just have reviewed some results from it, but have used AI in the past. And I believe that Comodo did point to it as revolutionary, better than DACS, when they introduced Valkyrie. Reference to a technical discussion or even a blog would be very helpful. Or we can simply wait for more information to come from Comodo.
Thanks;
Ed
BTW, if you seriously believe the Immunet crap you quoted, why aren't you using it? Why isn't the whole world using it?

 

Where they said that? revolutionary? they don't even compare it with DACS...
There is nothing like that in the presentation:
http://forums.comodo.com/news-annou...eased-today-t70977.0.html;msg504082#msg504082
Why do you make up all this?


If you are so interested in how data mining is used to find malware try this, is not a secret as I told you:
http://www.google.es/search?q=datam...&aq=f&aqi=&aql=&oq=&pbx=1&fp=7a027991ed21ee0a

If you dont see the obvious correlation try this:
PHD. Data Mining Methods for Malware Detection http://etd.fcla.edu/CF/CFE0002303/Siddiqui_Muazzam_A_200808_PhD.pdf
Detecting InternetWorms Using Data Mining Techniques http://www.iiisci.org/journal/CV$/sci/pdfs/QI505RM.pdf
Artificial Intelligence Methods in Virus Detection & Recognition http://www.slideshare.net/wpodgorsk...troduction-to-heuristic-scanning-presentation
Read it and you will now how comodo or any other vendor is using data mining to detect malware.

Why should I use it? what do you think that data mining is?

 

I believe if you look at the actual thread on CCE including https://forums.comodo.com/comodo-cl...en-released-t70957.0.html;msg504015#msg504015 you will see Melih assert "do you want me to apologize for constant innovation? " re Valkyrie, as well as throwing in a few "amazing"s and such and discussing it along with DACS. But I was still just looking for a description of what Comodo was actually doing, not Data Mining possibilities for malware detection in general which I can find with Google also. And it looks like the announcement thread you mention is it. And a late breaking new Mehli-ism there: "people do not appreciate the power of Valkyrie in detecting Zero Day malware which is MUCH more valuable than DACS and hence our decision to bring Valkyrie to you guys asap." So thank you again. BTW, the reference to Immunet was just meant to be a comment on their dense packed marketing in your quote.

 

What Comodo is doing is using the Data mining possibilities for malware detection using similar methods that you can find on google or using other approaches that are not public because are intellectual property of Comodo

If you want to know how Comodo implemented DM and AI ask to Melih or the devs, although obviously they are not going to tell you all the details.

Yes is an innovation not a revolution like you said, could you tell me where I can find a similar service to scann files with data mining or AI?
And again yes is an innovation for Comodo, something new that will be added to the CIS cloud.

And about the effectiveness of course Valkyrie can be better to detect 0day malware is this so hard to understand? also can produce FP's.
DACS uses engines on demand that depend on databases, signatures or heuristics that are not very effective against 0day malware, like a dynamic scan or BB. Anyway DACS or VT does not give you a final veredict like Valkyrie do, DACS as VT are just informative tools, and then you have to consider if the file is good or bad.

Now, what "innovation" means for everybody except for you:
Every year all the vendors release new features/innovations and I dont see you crying all over the forum about it. Innovation does not mean that has to be the first in the world or something completely new for the entire world. A new feature or a new product is an innovation.
http://oxforddictionaries.com/view/entry/m_en_gb0412660#m_en_gb0412660
http://dictionary.reference.com/browse/innovation

You are criticizing Melih for being fanatic, and as everybody can see you are even worst.

About Immunet I just copied and pasted the whole paragraph

 

well said guest.

I too think we won't be getting much details about how its implemented.

And i don't understand properly the meaning of "uninfected pe files" support. And it is able to detect zero day malware efficiently...

 

The limitation of "uninfected pe files" is temporary, they are developing it now, it's like a beta.
PE means "Portable Executable" but I'm not sure what means the whole sentence "uninfected pe files". I have uploaded malware without any problem.

A MOD told this to somebody how asked about the AI.
http://forums.comodo.com/news-annou...eased-today-t70977.0.html;msg504520#msg504520
In fact, our combination scheme of all the AI engines can be regarded as correlation-based integration. It is different from simple voting. It is a weighted voting where the votes are determined by the pair-wise relationships among the base AI engines. When all the base AI engines are uncorrelated, then the combination scheme reduces to simple voting strategy.

 

yeah thats what i thought.
probably it is yet to full range of support for pe infected files.

 

"morphiusz" in Comodo forums has been testing Valkyriea, here are the results.

First he scanned a malware collection with different AV's
https://forums.comodo.com/news-anno...lts-reviews-t61263.0.html;msg505376#msg505376

And then he scanned the undetected files by Comodo with Valkyriea
https://forums.comodo.com/news-anno...lts-reviews-t61263.0.html;msg505411#msg505411

Valkyriea is still on beta and is being optimized to produce better results.

 

Thank you!
Very impressive results

 

Any idea on an official release date?

Thanks in Advance.

 

Yeah 23-03-2011, 04:02:17

http://forums.comodo.com/comodo-cle...ls-1618353973-has-been-released-t70957.0.html

 

Thank you.

When is Comodo going to list it as a product on Comodo's main website?

Is it "bug free" enough for some to use it as a tool to assist with getting rid of a variant of the TDSS Rootkit Trojan?

Someone I know is trying to get rid of a variant of the TDSS Rootkit Trojan. He said that Dr.Web Cureit identifies and cleans it but it comes back later.

Thanks in Advance.

 

@TheKid7: The release version doesn't contain DACS by the way.

 

I really like KillSwitch. It has this verdict feature which determines Safe and Unsafe files.

 

How much of a "negative" is not having DACS?

Thanks in Advance.

 

DACS is the multi-AV scanner portion of CCE. Without it, detection rates will be reduced.

 

Are there plans to eventually include DACS?

Thanks in Advance.

 

It was included in RC2, but removed in release version, because it's still in beta stage.

 

Neah, was dropped (for now) because of that new born Valkyrie.

 

And what is that then?

 

This.

 

Interesting. After reading in that thread it seems it still needs quite much improvement, but it has the capability to become something good I think.