AV-TEST certificate Windows 8 Jan/Feb 2013

CIS is not very quiet as you say. We must accept that. It is not too much but there are popup alerts.
I know how CIS works,but alerts make me crazy sometimes.
I installed Freemake Video Converter 1-2 days ago, i get 4-5 alerts. It sandbox some parts of program because it is not whitelisted yet. i sent previous version to comodo but after every update, same problem.

i think nontech user can use CIS -past- but i was wrong. Last 2-3 day i accept this. i give my laptop to my cousen. He can not install some business software and call me. We know how to use it but it is not for everyone.

Average user can use but they must know some technic terms. What is sandbox, BB, HIPS,... Nobady know that. Sory but reality. They must learn but They dont try to learn. They just want to install some software, CIS alert 2-3 times, They cannot instal/run apps. You know, I know. But everyone dont know.

When CIS will add Valkyrie, True BB,...etc other Vendors will add their own tech. So this is never ended story. There is no mean for today.

Avast autosandbox easy to use. It doesnt look CIS auto-sandbox. CIS sandbox looks like defensewall,Sandboxie. Need more knowledge.
Avast auto sandbox app, analyse and re-launch. All do itself. More suitable then CIS for average user.

 

Excellent point.
I wonder what sort of users these tests are aimed at.I personally dont need great detections as such as im a fairly safe user.Its all marketing crap.

 

is it just me who saw that almost only suites were tested? i see only three only-av in the list.

wether or not day-depending performance av-test has same privilegs as avc or other.

btw windows defender on win8 is vulnerable until this month
http://www.h-online.com/security/ne...o-plug-holes-in-Windows-Defender-1835839.html

and - removal is futile
https://www.wilderssecurity.com/showthread.php?t=344800

 

Where is a hint for the claim that they disable things?
In there methodology they write up that they test "default settings" and monitor and look for changes on the system (via their sunshine technology). So I don't see where they disable things or look only for detection popus. And I don't believe that they are so amateurish that they can't distinguish between changes to real system or changes that are f.e. only in sandbox environments. (btw. Comodo Sandbox atm is more a restriction thing than virtualisation...)

 

Why isn't anybody talking about trend-micro ?? Recently they are just flying almost in all major tests
Special congrats to Webroot; such a small program providing excellent protection with almost zero footprint !!! simply brilliant

 

Because this appears to be a comodo/avast fanboy forum. Irritating, I know.

I used Webroot at version 7 then was updated to Secure Anywhere Essentials which was a great program. Much better than v7. Plenty of configurations, nice GUI, great protection, and went unnoticed. I would recommend it to anyone.

 

No one is a fan of anything ...
You said avast! is bad, but you don't have any sources/links/tests that show us that statement ... So stop saying we are fanboy or anything else ...

 

You are ready to defend avast over something that you pulled out of thin air. Something that doesn't exist.

I never said avast was bad. Seriously, where did you come up with this?

 

Sorry,No fanboys here at all...atleast not me or spywar...I have seen spywar on many other places,if you know him personally,I have had long chats with him using PM function on avast forums and he was a active COMODO user and he was also their prime malware hunter and he also once came to avast during v7 and then went back to CIS because avast didnt get better atleast against undetected malware.He came back to avast and avast forums when new evo-gen and stuff came up that really got him impressed and so he is no fanboy,but just a normal user who really likes the improvements that avast is making.

Mind you,He doesnt do Malware Hunting for COMODO anymore but he does a lot of avast testing and currently he is doing malware hunting etc for avast and he has left CIS alone and also he has put in tons of effort in testing avast 8 new technologies as you can his tests divided into chunks of videos:
http://www.youtube.com/user/spywarosaurus/videos?view=0&flow=grid

btw and some things I never liked in avast v8 are:
ugly UI
addition of gadgets that user can download even from somewhere else.
rushed beta's and program update releases.

In my Opinion,Spywar is doing a excellent job in testing providing malware packs on some forums for testing and doing tests on avast on a large sample scale.He is awesome<<Just my opinion after chatting with him since past 2 months.

Everyone are owners of their personal opinion until they dont morph bashes into personal opinions and in that case I am cool with that and I respect that.If someone cant live with someone;s opinion or they get mad at his personally seen and intentionally non-offended opinion or personally seen difference between 2 products then they are the real "fanboys"

No this not a avast/comodo fanboy area,everyone is signifying their opinions/objections against these tests as this is what I realize now and I am gonna repect that without a second thought right now! Though,the sad truth that people fail to realize is that : A Test Is A Test and we have to accept the fact that A did well and B did bad even if we have our own objections.

So you owe another day
Wilders forum has always remained great in my opinion.

Thanks!

 

I am a long time avast and Comodo user/translator but only fanboy of NVT ERP!

 

Thought this thread was about AV testing and not solely avast and comodo.

 

I know what you mean. That's part of my point here. The Comodo/Avast rivalry, for me, has become more of an annoyance than anything else.


It appears that some people will defend their av to the bitter end and it seems to be the same products and the same people with the same arguments.

Neither Comodo or Avast would be in my top two for reasons other than protection. Let alone my top 5. My opinion, my choice, right? Not only is it the responsibility of an av to protect but it also needs to have all of it's features run correctly. <insert different configs argument here>

There is this need to come to the rescue of Comodo by it's users. And a need for others to bash the product. And not only in this topic. The product didn't perform as expected so there are excuses made as to why or why not and that the test must be flawed even though everyone took the same test.

What if Comodo took first place in this test? The arguments would be much different.

This is one test. Other tests show different leaders. It is a test of an antivirus product, not earth-shattering news.
The world is not going to end tomorrow because one did better or worse than the other.

What are the chances that you run into this quantity of malware anyway?

With normal internet use, any of these, included in the testing, would probably do just fine as long as a person uses common sense.

 

Wait...there is no avast or CIS fanboy or anything related to what you say.Everyone here including me is expressing their personal opinion or personally seen difference between 2 products and there is no intended pun.If you cant live with someone's opinion then you are the "fanboy" then this thread is not for you and you are wasting your sodding time.

Yet again...no one is arguing about anything.Everyone here is showing their personal opinion or personally seen objection.

Yes but a test is a test and yet again you lose the whole point of these test if you say "no one is going to come across that much malware" unlike it really matters to you...but for others a test is a test and if some product will do good and the other bad and then everyone here is showing what is their personal opinion or their view of looking at these tests and they have their own objections.What in the world! is so fanboyish about this and here is my final word: if you cant live with the big dogs,stay on the porch,simple as that!

 

That's strange, I didn't quote you on anything and I didn't mention fanboyism in this post. Shouldn't I be able to voice my opinion? That's all I am doing. You keep quoting me and defending yourself against being a fanboy. You have done this several times in this topic. If you aren't a fanboy then why do you feel like you need to continue to prove that you aren't? What's the obsession here? Instead of stalking me on this forum, you need to get yourself a life. Thanks for your opinion though, little puppy.

 

Is that assumption made in a perfect timing right there? I guess yes because I never said I was defending anything I mean why should I defend anything because I really dont care.Sorry,if some of my statements sounded sarcastic or sounded like I was stalking you or anything,I had no personal attack intended at all,I was just putting my point of view of what people are tying to voice up here.Everyone is entitled to their personal opinion and I am no way trying to force anything on anybody.I know sometimes I really sound rude in these type of discussions but I never had any reason for stalking anybody over here because I dont see a reason for why should I do that.

By the way,A little puppy cant write replies..so I am a Human.

Thanks.!

 

CIS with defaults?
As I mentioned with defaults there is only 1 type of popups i.e Unlimited Access Rights & you reply it with either default answer sandbox or allow or block it.
Can you tell me what were those 4-5 alerts? As I keep testing CIS defaults & have never got any other popups, only Unlimited Rights, so I am interested to know what those 4-5 alerts were? (if CIS is running with defaults)

 

Plus, Ellora Corp. is in Trusted Vendors List.
There should be no popups at all (except maybe for some unsigned temp file).

 

Ok, just tried the latest version of Freemake video converter from the official site.

CIS default settings & system XP SP3 32 Bits Eng

Downloaded Freemake signed by Ellora & appears in Comodo TVL.

I started the downloaded Freemake & it was an online download & downloaded & installed fine with no popups or autosandbox of any related files. I also checked D+ logs to see if it was scanned by Cloud Whitelists but not. So everythings fine.

But when I started Freemake it was autosandboxed & I checked Unrecognized Lists, there the company name is mentioned as Freemake & not Ellora.

So the download & installation went fine as the company name was Ellora & Ellora was in TVL.
And when Freemake was started it was autosandboxed as the company name showed by Unrecognized Lists is Freemake & not in TVL. So this may be the reason for autosandbox.
I also did cloud lookup & it was unknown.

I dont know if Freemake would have worked or not autosandboxed as it asked me to install .Net 4 & I cancelled.

 

1- CIS categorize FM's installer as unknown then it sandbox FM
2- i select dont sandbox it again. FM installer didnt run 1st time.
3- Then i run FM. it work but it sandboxed some unknown files again 2-3 times when installing.
3- I select for all files, dont sandbox again.
4- I re-install again FM

All alerts same: file is unknown and sandboxed. But many times...

Probably they added FM their whitelist database after my experience.
But situation is real and it will again some installers.
Example; i cannot install Adobe Lightrom 4.4. Adobe!!! Come on!
Because installer extracted itself and CIS BB auto-sandbox. I select dont isolate again but there is no way to install. Then i disabled CIS and install it.
I report this situation to comodo forum (April 03, 2013). They solve problem 5 day later(April 08, 2013). I didnt re-test because i already install it.

if you think everything ok, this is not problem, no problem.
But this is not acceptable for some user. I understand them. Sometimes i found HIPS more valuable than BB sandbox.
I run Cameyo, CIS sandbox it. Cameyo doesnt start. Then i select dont isolate again. I re-run Cameyo. Cameyo run fine but when adding new book, update their info, CIS sandbox Cameyo's part again...
I just want to use one of safe apps. sometimes need too much effort, especially if file is using multiple executable!

 

Your screenshot of AutoSandbox shows its set to UnTrusted.
Default is Partial & you changed it to UnTrusted. Every options in autosandbox level have different effects.
I only use default settings & can comment on it.

And you should mention if you have changed the default settings, the settings you are using. This is important so that the people trying to help know with what settings you have the probs.

About FM, I have mentioned in my previous post that with CIS default settings installation was without any popups or autosandbox & fine. And FM was not scanned by Cloud Whitelists. And I think TVL & Cloud Whitelists are different i.e both will not have same programs.

Currently I am not on my test system otherwise I would have test other programs you have mentioned having probs with. But I only test products default settings.

 

Try to add those app's executables to Trusted Files.

 

popup count is not releated with default/partially limited. if file is unknown it will be sandboxed. partially or untrusted.
default settings is not powerfull. Malware can capture your data and can send internet. If safe apps can run, malware can run.
i dont recommed "partially limited" to anybody

Again, BB autosandbox is default and you will see same amount alert. Your apps will be more system right but you will see same amount alert.
Many CIS user change their sandbox level to limited or lower. Because bypass. We talked about many times on this forum.

http://forums.comodo.com/news-annou...-privacy-and-the-sandbox-levels-t93329.0.html

i say i get popups, am i liar?
and this is not releated sandbox level! and my settings!
I am talking about Adobe. I can not install Adobe lightrom on my computer when CIS active. Maybe problem solved because I report problem. So you can test and you dont get popup. But i get.


http://forums.comodo.com/news-annou...listed-2013-t89867.0.html;msg672979#msg672979
http://forums.comodo.com/news-annou...listed-2013-t89867.0.html;msg674127#msg674127

Again you say default setting
problem was not settings based. It is releated how CIS works. it will alert all unknown software and sandbox them. If your setting is default (partially limited) and if PL rights enought for app, app will run.
They cant categorize all apps, they cant add same time when apps created. so we will get alert always in this system.

 

Comodo av and firewall do not work in their virtual environment either.
By design..?
Im not comfortable with that if it is by design.

 

With default settings, I didn't mean it will reduce popups. I meant the programs may run as partial is less restrictive & most of the programs run.

I meant was FM installed fine here. Dont know why you get popups.

OK, I read your previous post again & you have mentioned "All the same alerts, unknown & autosandboxed". So you are counting autosandboxed notification as alerts & I thought you are getting BB Alerts.
I dont count autosandbox notification as alerts so I got confused when you mentioned you get 4-5 alerts.

I know the merits & demerits of CIS defaults & different sandbox level protection. I still use defaults, thats my choice.

And the mention of the settings used is important coz you would say a program is not working & I would say its working fine. When infact you would be using like UnTrusted where programs may not run fine & I would be using Partial where most programs run.

 

you dont understand.
i get popup because i tested it before you. Maybe 5-6 days ago.
Because they didnt add it their TVL/Cloud. FM was unknown.
You are install it without alert now. Because it is whitelisted now.
You can test with Lightrom also. You can instal without problem/alert now. Because they add it their WL database. Because i report it to their forum.
5 days ago, Situation was different. Because they didnt add LR their database.
I dont know why didnt you accept that!
CIS will run every unknown software under BB auto-sandbox right. You can prefer "partially limited" to "blocked" This is your choice. But it will sandboxed!
And if software needs to more system rights than you have, it will not install correctly.
Can we install driver under Partially limited? If answer is no and software need to instal driver, You cant install correctly.

probably cameyo can run with Partially Limited. But malware can run with Partially limited. Partially limited doesnt give us strong security. It is weakest choice in the autosandbox dropdown.
under PL rights, malware can capture keystrokes, screen, clipboard. unknown but Safe apps work correct but some malware also work!
I can give example but no need, please look comodo own forum.
This is the answer why i am using "untrusted" option.

and subject is "AV-TEST certificate Windows 8 Jan/Feb 2013", not CIS. Maybe we must talk about CIS another post. Actually we (forum users) talked already.