Comodo Antivirus 5.8 detection rate and heuristic test (by FaraVirusi.com Labs)

Discussion in 'other anti-virus software' started by pykko, Nov 6, 2011.

Thread Status:
Not open for further replies.
  1. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    As many are wondering about Comodo's total an heuristic detection rate, we, at FaraVirusi.com IT security blog decided to perform a complex test on 21.390 malwares.

    *
    The results:

    • Comodo 83.94% detection
      *

    For the heuristic detection rate, we've used 9150 infected files from 2 to 4 november 2011, while Comodo's definition were freezed on the 27th of October.

    Proactive detection rate was: 4274 (46.71%)

    Additional details are available here: http://www.faravirusi.com/2011/11/0...rus-2012-test-al-detectiei-by-faravirusi-com/
     
    Last edited by a moderator: Nov 6, 2011
  2. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Comodo is notoriously known for heuristic false positives so testing it on files that you know are malware will yeld incredible results. But if you push in clean files and deduct detection score with false positives, the result won't be so stellar. I mean, it's easy to make awesome heursitics if you don't care about false positives. You can pretty much make them 100%. But that just won't work in real world...
     
  3. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    RejZoR: You're right here, but given the fact they had no FP on the latest VirusBulletin test result, means they improved things.
     
  4. Narxis

    Narxis Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    477
    Yes, Comodo has high False Positive rates. I don't know why they need such a sensitive heuristic when they have Defense+ and autosandbox.
     
  5. Coccinelle

    Coccinelle Registered Member

    Joined:
    Jan 17, 2011
    Posts:
    211
    Location:
    France
    One Antivirus is not just fail scaner.
    One Antivirus is complex solution-black listing URL\fail,proactive.....
    To try detection for one Antivirus just on "right click context menu" is very bad idea!
    Wher you finde 9150 infected fails hust for 2 days?
    To realy make a virus competion it is very complicated.
    The processe of contamination is not just en .exe
    The processe of contamination is one complete feature.
    You go to site, there you click to something after you .....
    Is not just en .exe
    Many AV block just the page, or just the exe, or ....
    If you can understand me.

    *
     
    Last edited by a moderator: Nov 6, 2011
  6. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    It also depends on the settings used. VB100 uses default as far as i know, but we don't know what setting was used in this test.
     
  7. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    791
    Location:
    India
    Quote from faravirusi.com

     
  8. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Well then, that explains everything. AVIRA heuristics on High can still be used perfectly fine every day. Comodo heuristics on High are a complete no go as it detects pretty much every EXE with it.
     
  9. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    I use it with heuristics set on "High" and I received only one FP on a file where many other vendors had a FP.

    Things are not so bad as you describe them. I know Comodo has sometimes a higher number of FPs than an average antivirus, but this number is not so big.

    See the latest AV-Test.org evaluation where Comodo took part (Q2/2011).
    Industry average was 9 FPs on their 699,760 clean files set.
    Comodo had an average of 12 FPs taken into account the 3 months when it was tested.

    *
     
    Last edited by a moderator: Nov 6, 2011
  10. Narxis

    Narxis Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    477
    +1 It detected HD Sentinel, cFosSpeed and a couple of other programs as false positives on my machine. Not all files, just picked up 1 or 2 files in these programs.:doubt:
     
  11. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
  12. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    I have notice a lot of improvements in Comodo AV lately, still they need to add valkirie with CIS 6
     
  13. Narxis

    Narxis Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    477
  14. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Well i hate it when AV detects no-cd patches and similar stuff and they never bother to fix them because they consider them illegal. Even if they aren't malware. They are not here to judge that, you just have to decide if its malware or not, not if its legal or not.
     
  15. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    That's pretty much an industry-wide problem. I will say that Avast doesn't seem to be so bad about it, so when they detect a patch or something like it, I pause.
     
  16. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    avast! is the only one that actually removes false positives on files regardless of what they are. So if it's no-cd but not malware, they'll fix it. They really care only about what's really a malware and i really appreciate that. They are security company, not moral police. I wish others would work the same...
     
  17. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Same here, we have plenty of other people/organizations dictating what we should/shouldn't have and can/can't do. My AV should protect me, not get behind a pulpit.
     
  18. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    I don't exactly know what's Comodo's behaviour on this. *
     
    Last edited by a moderator: Nov 6, 2011
  19. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    actually along with avast eset for me at least is great about not detecting things like this. avast is a bit better but eset does not pick up most no cd type of things either (again at least from my testing)
     
  20. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Good deal :thumb: I haven't tested Eset in quite some time, so that's good to know.
     
  21. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    Comodo AV part wasn't the best part but lately its gaining quite ground. Regarding FPs well you know its FP so restore it:p or just add to trusted files and you are done. You can't ask more if you get something good stuff for free. And as such comodo AV part has come up from a really long way:)
     
  22. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Nice to see it continue improving :thumb:
     
Loading...
Thread Status:
Not open for further replies.