Comodo DACS (Distributed and Collaborative Scanning)

Discussion in 'other anti-malware software' started by guest, Dec 23, 2010.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    I don't? ok, lets open the dictionary:

    http://oxforddictionaries.com/view/entry/m_en_gb0933120#m_en_gb0933120

    Please tell me where it said that they can not have a contract?
    Please tell me where it said that they have to spend his own money in the cost of the volunteer task?

    You can be a doctor for an ONG, and you have to sign a contract before travel, also the ONG pays you the cost of the travel, residence and food you help people but at the end of the month you dont get a salary. This is a volunteer, with a contract that works for an ONG.

    So I dont guess, now is a fact that you don't know the meaning of the word.

    You should try to ask all your questions in Comodo forums instead do this superfluous posts all the time.
     
    Last edited by a moderator: Dec 30, 2010
  2. guest

    guest Guest

    Melih tightening the rope: http://forums.comodo.com/news-annou...ve-scanning-t66827.0.html;msg473641#msg473641

     
    Last edited by a moderator: Dec 30, 2010
  3. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Don't you get it? If you don't want to pay royalties, you exploit a legal grey zone and invent "volunteers". In this way, other companies can't say that you use their products without license. The volunteers do!

    If memory serves me, Melih about a year ago, had stated something like that "within a year, CAV will be in top 5 detection rates". Since this doesn't seem so easy to do, he invented "plan B", which is a variation of "if you can't beat them, join them". In this case, it's "if you can't beat them, force them to join you". But, it's probably less easy to be legally attacked if he has volunteers. Otherwise, can you find a good reason of why a company wouldn't use its own resources to support a product of hers instead of relying to "volunteers"? Actually, the volunteers will be the first to be "burnt" in case of EULA change of the other AV vendors. It's a bit like p2p. Melih gives the program and will later incorporate it to his own product line. The "volunteers", will be doing the work of "p2p servers", using the AV vendor software. At the end, his product will benefit from it, but, the "foot work" will be done outside the official Comodo enterprise structure.

    Finding a legal loophole is the only good reason i can think of for using "volunteers".

    Hitman Pro or VirusTotal that pay royalties don't need to resort to "volunteers"... It's more or less the same concept of torrent trackers that all start saying in their disclaimer "no file is hosted by us, we only provide links to files of users".
     
  4. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Much of the hard word in producing an AV product is in gathering the malware. If you are just given the samples then you can run an automated system to generate signatures - that's the easy part. Frankly, I can only think that Melih is trying to wind-up his competitors and have a laugh. If he's not then perhaps he should take the lead and make available all of Comodo's malware samples to the entire AV industry as a first step...and we can then look forward to the day where every AV scores exactly the same in the tests.
     
  5. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Translated in cynical english: "We 've done our best, but we can't obtain enough samples quickly enough, to arrive to the top detection places. So, we magnanimously are ready to exchange our samples with those of the top AVs and even make free definitions for them, as long as we can get our hands to their samples, so that we can beat their detection rates.

    I am sure that Avira, Kaspersky, Norton and the rest, will be soon ringing all Melih's phones saying "Yes, Melih, please, do take our samples and make signatures for us, because all thise time that we were beating your CAV in detection, our main problem was how to make the signatures. Thank God that you came to save us". :argh:
     
  6. guest

    guest Guest

    I hope the day that all the AV's scores a 99.9% in the on demand tests, unfortunately the real time protection (dynamic tests) requires something else than a good database.
     
  7. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    The samples is the MAIN competitive advantage in the AV industry! Which company sane in its mind, will give away its samples or exchange them with Comodo's? Certainly not those that have better detection than Comodo! I mean, this is raping of logic.

    It's like having an emerging car company, asking the top car manufacturers to share their data about car manufacturing "for the sake of the safety of the people and for reducing car accidents". :D "No more blood on the roads! Save humanity from car accidents!"
     
  8. guest

    guest Guest

    This is the other side of the history, I don't know which one is more sad.

    Translated in cynical english: Avira, Kaspersky, Norton and the rest dont want to protect their users, they want to get as much money as possible, so they will be continue making the same effort, with the same files, for the same purpose in parallel (each company doing the same thing in separated) to be most inefficients possible against malware, because of goal is beat the other AV's so we can get more money.

    They have all the rights of making money but it's sad how they are doing it.

    Anyway if all the AV's use DACS someday or something similar this will not mean 100% protection but will be much much higher than the actual system.
     
  9. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    I know, it's farcical. Comodo can only say this because they have nothing to lose. Let's see Melih share his HIPS and Sandbox technology with all other AV vendors first along with his malware samples, then he can start taking the moral high ground. Just when I thought Comodo could sink no lower....
     
  10. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Yes, they are in for the PROFIT. Just like Melih is in the certificate business FOR PROFIT, even if he says that he doesn't like how it works.

    As as i said before, Melih can open source his Comodo firewall and AV, if he really wants to benefit the world to the best he can.

    For profit companies are... everywhere. It's legal and if you find a price of a product unethically high, you can skip it and buy something else. It's called real world. You must make profit from somewhere. Just because Melih makes his profit from elsewhere, doesn't mean that all vendors must adopt to Melih's business model. Someone may like to be only in the AV business, it's his free choice. It may not suit Melih's model, but that's life.

    Whoever thought that Norton or Kaspersky or Hitman Pro or Avira are charity institutions, was wrong. I don't think they claim that themselves either.
     
  11. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    It's even simpler. If you are in for the IDEOLOGY, OPEN SOURCE your programs. That's what ideologists do all the time in sourcefourge so that more programers can benefit from a project and more similar programs can be put at the disposal of everyone and benefit the world. This still wouldn't force the others to do the same, but at least, to me he would be more credible.
     
  12. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Welcome to the world of business. The strongest survive, the weakest die. And PC magazines regularly review AVs and tell their readers which are good and which are bad. The consumer then makes their decision on what to use.

    Like I said, once Melih has open-sourced CIS and it's technology, then he can start making demands of his competitors.
     
  13. guest

    guest Guest

    Comodo does not need to share his HIPS or Sandbox to anybody because will be faster for this companies make his own than adapt another project totally different.

    All I can tell you is that if Norton would want a sandbox and a HIPS they could do it in less than a year, if they dont do it is because they dont want.
    Any Company is free to copy the scheme of Comodo, Sandbox, HIPS, trusted files, whitelist... if they dont do it, is because they dont want, or maybe they think that they have a better idea, but the economical interest says that is better make the users believe all that they need an AV with an excellent database to be protected.

    Would be the oil companies interested in a revolutionary car that works with electricity? no they would prefer make you believe that this does not work and you need to stay with the oil car, because they dont sell electricity.
    http://en.wikipedia.org/wiki/Who_Killed_the_Electric_Car?



    Lets see who survives now. ;)
     
    Last edited by a moderator: Dec 30, 2010
  14. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    With the same mentality, sourceforge wouldn't exist. This is purely a hypothesis. Maybe a part of the code would be useful to other programmers with existing programs, you can never know! Why do you suppose that one would like to build a "2nd Comodo"? Maybe ClamAV would find useful simply part of the sandbox code. Another could use the code to make a simple HIPS. That's the spirit behind open source and not who will do the best application.


    These are not exactly Comodo's inventions. Trusted files and whitelist exist since the times of Antiexecutable and Process guard. Sandbox exists since Sandboxie, etc. Comodo simply put all these previous ideas into a multimodular program. If anything, all are copied ideas from others.

    Would the major electricy car producers share they know how with a new, still lagging behind electric company? No, not likely. Would the new company want to share its know how with the big producers? Sure, why not?

    Yes, the consumer is the loser, be it a car or an airplane or a television that is lower quality, etc. It's called capitalism.
     
  15. guest

    guest Guest

    I didn't say that Comodo invented all of them, I say that they can copy the scheme, they way all this things works together, this is what Comodo "invented" at least is the only software with this scheme.

    Well here we have several levels of know-how, you reached until the end with this example.
    In this case you can share the database and make a Global one but still you can mantain your product, because just the database is not enough to be protected.

    But all this is a bad dream... because we mostly enjoy the capitalism :D

    You see, somebody though the same than I did: http://forums.comodo.com/news-annou...ve-scanning-t66827.0.html;msg473676#msg473676
     
    Last edited by a moderator: Dec 30, 2010
  16. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Yes, you 're right. I wanted to say that the ideas were pre-existing in other programs.

    The problem is, that the samples make probably the biggest difference in this sector. Iobit, using MBAM's database, had managed to beat MBAM's own detection rate. That's a characteristical example. For Melih, who doesn't earn on his product, a common database, doesn't matter. For MBAM who's making its earning out this business, it obviously mattered. That's the point.

    I don't know how much we enjoy capitalism, there are many things that i don't enjoy about it, but it does make the global economy go on for now. The more "comunist" approach was also tested and failed.
     
  17. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    What about those AV companies that don't have the resource to develop their own HIPS/Sandbox? Seems like Melih doesn't want to share his own toys but wants to play with everybody elses. Hmmmm
     
  18. guest

    guest Guest

    Like what company? any example? or is just a casual idea?
    I think that any AV company that appears in DACS has enough resources to do it, if they dont do it is because they dont see it as a business.
    If they are able to make an AV, a sandbox and a HIPS is not something from other world.
    Kaspersky includes sandbox and hips but they use it in a different way I think, Avast PRO has sandbox.

    Spyshelter is develop by 1 person as far as I know, it's around 1 year old (more or less) and is one of the best HIPS/antilogers out there.
     
    Last edited by a moderator: Dec 30, 2010
  19. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,113
    Location:
    Sofa (left side)
    Sorry, but Melih is being hypocritical. Even if you don't agree about the HIPS/Sandbox he should be making available his malware samples. If he's not prepared to do that he should keep his mouth shut.
     
  20. Fabian Wosar

    Fabian Wosar Developer

    Joined:
    Aug 26, 2010
    Posts:
    838
    Location:
    Germany
    Please be aware that these are my personal thoughts and not necessarily representative for Emsisoft as a company.

    Unless they have reversed the AV's engine API and access the engine directly the data has to exist in form of a file at one point or another. Use Process Monitor to find out where, remove DELETE rights for the user running DACS in that folder and have fun with the files you are collecting. Takes less than 30 seconds.

    I can't speak for all AV vendors but VT does have an arrangement with us and so has Surfright, VirScan.org, Jotti and essentially every other page that uses our scan technology somehow. We even added certain features specifically for these kind of services. Loading and scanning from a service (thereby avoiding having to load signatures for every new file that should be scanned), scanning files by using a file handle or even scanning a buffer are supported and were added with VT etc. in mind. So arguing that they won't get sued because VT doesn't get sued is plain and simply wrong.

    You know who can get sued though? The user. There are quite a few (specialized) software vendors out there that use "private builds" and watermarking as some kind of copy protection. FRAPS does this and if I remember correctly IDA does this as well.

    Instead of a key file or serial code you get personalized installers and sometimes even binaries that have your name or other watermarks in them. Those files and installers will always be unique to you so they will always be unknown. Therefore they will get uploaded to DACS and can be captured by "the volunteers".

    I can't even begin to imagine how you possibly could explain to a software vendor how your software build with your name on it ended up on Pirate Bay.
     
    Last edited: Dec 30, 2010
  21. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,538
    Location:
    Sweden
    I tested DACS today with 10 active infections on my virtual machine. I was amazed by Killswitch. It identified all infections and was able to terminate the processes and delete them. Of course, using MBAM to remove the registry entries et cetera is necessary at the moment.
     
  22. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    im typically not a corporate minded person but Comodo has become so outragously brazen with recent actions that i really hope other AV vendors take immediate legal action against Comodo in some way and avoid having to punish the Comodo volunteers, because if this program goes thru, i hope you realize that it will be those volunteers that are gunna be facing the legal problems in the end...
     
  23. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    hmm i have something else that should be considered:

    this whole idea behind "trusted volunteers" running all the scanning seems a bit suspicious to me, u could look at it as a legal smokescreen because having real computer users with their AV's being the scanners just doesnt make sense and heres why.

    Say for example that you are the volunteer and ur using Norton as ur AV. so someone submits a file to be scanned and thru the P2P network it gets written to ur disk (it has to, ther wuld be no other way to scan it). Let's say the file recieved by ur computer is actual malware, that means Norton would popup alerts at u letting u know in realtime, multiply this by however many potential hundreds to thousands of users submitting files to be scanned through DACS, the volunteers computers would be completely unusable from constant AV alerts.

    Its simply impractical with the system Comodo is saying, thats why it feels like the idea of these "trusted volunteers" is simply a legal smokescreen for a bunch of machines Comodo has themselves which are simply scanning on-demand, not real volunteers who have AV's installed and running on their systems like implied by Comodo just to get past legal obligations. just sounds like one big coverup to me.

    I don't trust them, they are being very vague and using dishonest business practices. but i guess we will see how it unfolds in the end.
     
  24. guest

    guest Guest

    Do you have any proof that Comodo is doing somethig ilegal? I wonder why you have the solution and the lawyers of the other security companies are doing nothing. o_O
    Could you quote the law that Comodo is breaking?

    *

    Nice story, I'm going to tell you again, lets see if 3 or 4 times is enough so you can understand it:
    Amazon Cloud Service: http://aws.amazon.com/es/ec2/ The volunteers don't use their computers the service could cost thousands of dolars, (and can host almost any project in the web if you pay) hence the volunteers are not paying, hence they have a contract.
    Command line Scanner AV (No popups, but this does not matter since they are not using their computers)

    If they are doing something ilegal you or me or I would say nobody here have enough knowledge to talk about it. If nobody is doing nothing against them is because they can and is because they are doing something legal
     
    Last edited by a moderator: Dec 30, 2010
  25. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    And thus we close yet another great thread. Thank you all :)

    I'm sure we'll enjoy it again once it is out of beta and there is more to discuss
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.