Comodo DACS (Distributed and Collaborative Scanning)

COMODO Cleaning Essentials 1.1.174294.27 BETA Released!

http://forums.comodo.com/comodo-cle...ntials-1117429427-beta-released-t66867.0.html
Remember that it's a BETA http://en.wikipedia.org/wiki/Development_stage#Beta
BUGS: http://forums.comodo.com/comodo-cle...als-1117429427-beta-bug-reports-t66866.0.html

http://www.melih.com/2010/12/23/ant...tecting-criminals-not-anymore-thanks-to-dacs/

Will be added to Comodo Internet Security in future versions but first will be avaliable on-demand as a standalone app.
Comodo IS and DACS will be FREE as always.
The beta will be available soon (I would say in a few days)

Please read this quotes that explains better how it works:

Sources: http://forums.comodo.com/news-annou...uted-and-collaborative-scanning-t66827.0.html
http://forums.comodo.com/news-annou...dacs-and-what-does-it-stand-for-t65415.0.html

 

So, who will volunteer their server/PC's - will it be some sort of "Folding ·@ Home"?

Or will it drain all resources from your computer? Lol.

Also, this will bring up a lot of FP's like all the normal troubles with multi AV scanning.

This is no more than running a cloud where you have all the antiviruses enabled in the cloud. - Just you are putting the costs onto the users instead of on the company.

 

Still is free, and nobody force you to do it.

I guess you will be able to control how many files you want to accept or only accept files when the screensaver is active, you can enable/disable when you want, things like that.

You also get the benefit of scan your own files in multiple AV's don't forget that, and only the unknown files will be sent.

I wouldn't mind left the computer helping while I'm off during an hour, IMO Microsoft should have done something like this a long time ago and include it on windows by default.

 

no... this is kind of trash IMO, its a multi AV cloud solution thats been sugar coated as a great service "they" provide us when really were just providing it to ourselves and Comodo's takin the credit... ill stick with hitman pro thanks.

that is if i interpreted its function correctly, let me know if thats not its function.

and the last thing id want is for MS to put somethin like this into windows itself...

 

In fact using DACS and Comodo AV at the same time doesn't make sense, they will lose users for their AV product.

If you prefer to pay for something is your choice, but there are some people that dont want to pay and want to help and get the benefits of this help, a solution like Hitman Pro with 40 engines for free. A "P2P" av scanner, I think is one of the best ideas in a long time for the users, maybe not for the AV companies.

Could you tell me please how I can get this service without using DACS? I want this "P2P" cloud scanner I don't care who is behind.
I don't care if Comodo did it or if Norton did it, or microsoft, I care about get the best detection for free.

Hitman Pro takes the credit of the detection of other av's... , the same with wuzzup.
Kaspersky demonstrated that almost all the av's copy their signatures each other and nothing happens

And let me tell you that this idea is not totally new, there are plenty of websites to share malware to test and research, you can collaborate with any AV company sending undetected files, in fact with the cloud av's you send unknown files to their server.

Ok, this is the same but also the most efficient way to do it, the new thing is that you also get many benefits.

Why do you think that VirusTotal never did something like Hitman Pro? are they fools?

 

I clicked on the link and was all set to read this, until I saw it was 5000 words.

 

Just read after "Solution 2", the last 7 paragrahps anyway in my first post you can find more information.

 

It's either:

a) A stroke of genius; or
b) the stupidest AV concept of 2010

I'm betting on b. The concept appears to be entirely dependent on large numbers of non-Comodo users enrolling in the 'service'. Let's see how that works out. A poor mans Hitman Pro imo.

 

Who wouldn't want to have installed in his computer a scanner with the best detection?

It's a simple idea an ingenious.

I order to make the service works maybe there will be some kind of ratios like any P2P community, I mean If you upload 50 Mb in files to be scanned, you will have to download 50 Mb to be scanned with your engine/s, that can be an av engine or engines like malwarebytes, superantispyware...

But as you said this can be a fiasco or the best idea ever...

 

I think my bet would for for a)

Wouldn't this approach also help improve, a lot, COMODO's AV detections? Then again, maybe I misinterpreted...

 

Let me see if I understand this. DACS hits the net with 40 copies or so of the unknown file to 40 or so destinations, and lets the computer idle until all the results come in? And like Virus Total, the user sits and scratches himself while waiting and if different results come back from different scanners because of the usual FP (synch) problems? Or will there be rules about which and how many need hits to call it a virus. Hope nobody on dialup signs up. Sounds like a distributed Hitman with time delays and data dropout. And how is the network managed, since lots of the computers will likely be down at any given time? Just negotiated on the fly like P2P-a bit more complicated because of the simultaneous connections of separate types required? Maybe this will work better than Threatcast eventually? I think I read that the Comodo AV isn't even used as a part of this, or am I mistaken? Oh well; have fun. The calibration and debugging should keep everyone busy. I'll pass.

 

removed off topic posts. Stay on subject please

 

Sorry you didnt understand how it works.

About the FP's they are working in a solution to fix it, but this does not affect to DACS only to Comodo database, still no more information.
They said that they dont need more people/resources to scan so you will only upload files 1 time.
DACS works like Hitman, you scan your computer, the suspicious files are uploaded and a few minutes later you get the results from 40 AV's.

Dont worry, any P2P program is much more complicated, they share biggers files and is not a problem, anyway as I said before they already have the resources to do it fast.

About the legal issues:

 

And you know that $30 you spent on your top-notch AV? Well you don't need to spend it next year, you can just use DACS alongside a cheap AV and let everybody else's top-notch scanners do the hard work. But then the year after, even fewer are using that top-notch scanner, and its performance starts to slip because the income just isn't there to keep up. See the problem yet guest? DACS is potentially highly disruptive to the AV industry's business model. And not in a good way. It feeds off other AV scanners without licensing their software and diminishes the value of the leading performers and the investment those companies put into their products. That's why the lawyers will be interested in this.

 

Still I understand you but does not make any sense since is not a real time scanner, good luck.
Think it again. Anyway there is plenty of free real time scanner (free AV's) and all the AV's are getting better every year.

If I'm a Norton user, Avira, kaspersky... I'm not going to change it for an on demand scanner with 10000 engines because I want real time protection, dynamic protection, browser protection, antiphishing, antispam, password protection, encryption, sandbox..., not just an on-demand scanner.

If Hitman PRO would include 40 engines will be your only protection?

I updated the first post with all the relevant information

 

Maybe you can explain a little more about how it works then. Where do you ftp (http) the file to then? Don't you eventually need to distribute it to the 40 destinations? I don't use Hitman, but don't they have a data center instead? Prevx, for example, has acres of servers and links to pass data around, even though there are only a few nodes outside of the users. I guess everyone can just wait and see about latency, overload, etc.

 

uve quite easily mis interpreted my comment, if u actually read what i said in full context and not as individual sentences ud see that i first stated that Comodo is taking credit for the work the users are doing while the solutions u mentioned like hitman pro do the work themselves then display the results to the user. i made no comment about them taking credit away from the AV engines.

 

Well seems that now they dont even need your/me help to do it. Take a look to the quotes of the first post. And as I told you I dont care if Comodo did it, I just want the best on demand detection, soon other companies will do the same so you will be able to use any scanner you think is not taking credit according to your standards

Read the quotes in the first post I have just updated it

 

There will always be the anti-Comodo guys (especially on Wilders) who criticize each and every single attempt by the company to introduce a "new" (depending on how you see it) concept/feature.

Too much hate is visible as of now when things have not yet been seen/tested for real. Too much talk over nothing. If a person simply doesn't like the idea, well there's something called "choice" - you can simply opt not to use it in the 1st place.

People don't complain when they use VirusTotal or Hitman Pro service because the multi-AV scanning is done on the company's servers, not theirs. But with DACS, there's a trade-off somewhere for whatever benefits you gain. That's where people start complaining...because most simply want to be 'leechers' and not 'seeders'.

People see it as if DACS has the possibility of screwing up AV companies. They've got a valid point there.

However, why not be a bit optimistic and view it this way: DACS may indirectly help AV companies. Rather than getting users complaining that his/her AV of choice is missing a particular threat, there might be a probable chance that 'missed' threat is 'handled' by DACS. Less complains - more 'happy' users, and better customer loyalty.

Competition still exists no doubts. Users would still have the choice of whichever brand they wish to go with (Comodo isn't asking you to ditch your AV - they know that they can't possibly compete with all other AV companies and conquer all the share market - so instead the let users run whichever AV they want) but the detection samples, signatures are all 'shared' among the DACS participants.

Worry about user using DACS alongside a 'free' or 'cheap' AV? That's a weak argument. As the case it is right now, there are already users using free/cheap AVs without DACS existence. It's not going to affect how a person choose an AV. Ultimately most of us here favor an AV (or be it any software) for a couple of reasons apart from just detection such as performance impact, technology used (cloud scanning, file reputation, sandbox, etc). I'm pretty sure most would stick to their favorite brand despite having DACS installed - users go with what they think is the best for them. They would pick the AV they trust most as their 1st (or whatever no.) layer of defense on their system. DACS is simply a supplement, not a replacement.

Do you like the concept behind it? Then get DACS. You don't like it? Then avoid it like the plague. What's so difficult about that?

P.S. Before anyone accuse me: I'm NOT a Comodo fanboy. I do have certain personal negative views on the company, Melih and its fanboys and I have had bad experiences with some of their software but unlike others, I don't go around slamming my feet on their heads every time there's a thread about their service.

 

I agree with you on everything but not on this for the reasons that I explained here:

DACS or any other product with the same idea would be the perfect on demand scanner that everybody will have installed, but this does not mean that you dont need any other protection because DACS does not provide real time protection so it can not replace any AV.
So what I see with DACS is an app that will provide a tremendous benefit for the end-users, thanks to Comodo for make this idea once and for all.
You can be sure that this is not the holly grail of protection (in fact it does not protect, just detect) neither is going to be the app that kills the AV industry.

1st post UPDATED with more relevant information

 

Yet again - what about zero days threats? You WON'T be protected against those with this solution anyway as it has a 0 detection rate?

One of the AV's needs to detect it first - then I would prefer that all the samples was thrown at their service CIMA and analyzed there too within a couple of minutes.

Also, I am wondering - no one is considering the FP amounts of this service? Look at Hitman Pro how they have been having a hard fight to bring down their FP levels and they are using respected and well established companies only.

 

Nothing is perfect but I guess that they will also use CIMA, anyway take into account (i'm no sure about this) that probably the files are scanned with the complete AV, behavior blocker, heuristics... so still can detect a lot 0 day malware.

They are working in a solution for the FP's still I dont know how will work, anyway like with hitman or any other AV is your choice delete the file or not, if only 1 AV detects it or the 100% will help you to do so.

 

I may have missed the answer, but how will DACS "know" if a 3rd party av detected a threat on a users machine or not?
DACS cannot control what a 3rd party av does or what its results are on a file unless they (DACS) install drivers and "hack-and-slash" trough Self-defense mechanisms of AV applications and decode proprietary encoding/obfuscating mechanisms on AVs' resources/files (all 40+ of them, separately).

 

I don't know the answer but I'm sure that there are easiest ways to get the output without hacking anything.

OCR software, automation scripts...

 

As far as i understand there are a couple of selected users in de community with other av's then comodo and they get the file and can send back if its safe or not. DACS will not see if that av detects it. Its just up to the user to give feedback "Is it safe? Yes No?