Welcome to the Comodo Forum
Welcome,
Guest
. Please
login
or
register
.
February 09, 2010, 07:47:40 AM
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
359192
Posts
39707
Topics
90663
Members
Latest Member:
EnDi
more news...
Search:
Advanced search
|
Tag Cloud
Welcome to the Comodo Forum
Archived Boards
Comodo Firewall
Feedback/Comments/Announcements/News
If you have V3 why do you need an AV?
« previous
next »
Pages:
[
1
]
2
3
...
7
Author
Topic: If you have V3 why do you need an AV? (Read 27505 times)
Melih
Comodo's Hero
Administrator
Comodo's Hero
Offline
Posts: 8483
If you have V3 why do you need an AV?
«
on:
January 18, 2008, 08:13:43 PM »
If you have V3 and only execute Safe apps why would you need AV?
What other scenerios are there that having an AV on top of AV would be beneficial?
eg: A file that you feel you must execute but not in the safelist could be identified as a malware by an AV (if this file is a malware and the AV has the signature of this malware). (So in this scenerio we used AV for file identification)
What other scenerio if any, would having an AV on top of V3 would be beneficial?
Lets discuss this pls
thanks
Melih
Logged
Who is Melih? What is he trying to do?
--
Follow me on Twitter
Soyabeaner | Mr. Bean
Legendary
Global Moderator
Comodo's Hero
Offline
Posts: 7876
Re: If you have V3 why do you need an AV?
«
Reply #1 on:
January 18, 2008, 09:31:28 PM »
Even though I haven't used an AV in long time, it's there to decide for the non-experienced user that file is malware and may even automatically quarantine it. Whether it's accurate or not (false positive), is a different matter. With regards to V3's D+, there is a prompt and the user has decide, thereby risking the possibility that if (s)he clicked Allow on a malware file. Either way, there will always be risks associated with both solutions. So the other benefit of an AV is that if its detection is accurate, it will remove the malware in the background for the user rather than manually having to find the malware and then delete it.
An AV on top of AV would be counter-beneficial if they're both real-time scanners because of potential conflicts.
«
Last Edit: January 18, 2008, 09:34:25 PM by Soyabeaner
»
Logged
Manual
,
FAQs
, and
Search
.
Use them.
Josh123
Guest
Re: If you have V3 why do you need an AV?
«
Reply #2 on:
January 18, 2008, 09:31:57 PM »
I am thinking in Terms of Layered Security here, Melih:
Prevention-CFP 3
Detection-AV
Cure
Prevention comes first off course, and that is v3 to PREVENT. We then need Detection Technologies as backups, So your AV Detection.
This is why Melih... You will have CAVS 3 integrated into CFP 3, Because You already worked out the prevention (CFP 3), and now Detection (CAVS 3), and most are using Avast!, AVG, Avira, NOD32 etc as AV Detections :-)
We need our AV as a Burglar Alarm, I am only learning this from you Melih...
Prevention isn't enough "Why have AV when you have v3?" Because the AV is part of Layered Security as DETECTION, and EVERY COMPUTER NEEDS THAT LAYERED SECURITY: Prevention, Detection, Cure.
CFP 3 will be very good as soon as CAVS 3 is integrated, Because then you covered the DETECTION part.
Josh.
«
Last Edit: January 18, 2008, 09:35:12 PM by Josh123
»
Logged
Melih
Comodo's Hero
Administrator
Comodo's Hero
Offline
Posts: 8483
Re: If you have V3 why do you need an AV?
«
Reply #3 on:
January 18, 2008, 09:38:32 PM »
Thanks for that Josh
you learn well
but I am looking for scenerios..
thanks
melih
Logged
Who is Melih? What is he trying to do?
--
Follow me on Twitter
Josh123
Guest
Re: If you have V3 why do you need an AV?
«
Reply #4 on:
January 18, 2008, 09:44:39 PM »
Quote from: Melih on January 18, 2008, 09:38:32 PM
Thanks for that Josh
you learn well
but I am looking for scenerios..
thanks
melih
Oops!!
Sorry Melih...
Josh.
Logged
Melih
Comodo's Hero
Administrator
Comodo's Hero
Offline
Posts: 8483
Re: If you have V3 why do you need an AV?
«
Reply #5 on:
January 18, 2008, 09:48:27 PM »
NP.. go ahead an suggest a scenerio if you have one..
thanks
Melih
Logged
Who is Melih? What is he trying to do?
--
Follow me on Twitter
Stanr
Comodo Member
Offline
Posts: 48
Re: If you have V3 why do you need an AV?
«
Reply #6 on:
January 18, 2008, 11:10:32 PM »
Does stupidity count?
If I have for some reason or another disabled D+ and forgotten to turn it back on, shut the computer down and restarted the next day D+ will be still disabled.
If I should then go online, without remembering that I disabled D+ the night before I will have no protection from a virus or other bad things. Except, I have my AV in the background to protect me from myself. In addition I am not the most savvy computer person. It is possible that I can accidently make some sort of change in CFP3 that could put me in danger. ie: granting permission to something I shouldn't have.
So I guess just plain being an idiot can be a reason to have an AV with CFP3 - to cover your butt.
If only "safe applications" are run then more then likely not even I could mess it up. But, maybe I could and that is what worries me. Am I paranoid, no .. Am I forgetful, you betcha .. Am I an idiot at times, indeed.. so I'll keep the AV going for now.
MHO
s.
As an aside, thanks for CFP3 both to you and the Dev. Team... I do feel much safer with CFP3 on the job. Outstanding Software !!
Logged
XP-Home-sp2 ~ Nod32 v3.0.667.0 ~ CFP v3.5.54375.427
ganda claus
soya's rock
Global Moderator
Comodo's Hero
Offline
Posts: 5665
ho ho ho
Re: If you have V3 why do you need an AV?
«
Reply #7 on:
January 18, 2008, 11:50:43 PM »
forgive this stupid opinion
i am having an AV on top of V3. i think about it like this:
*if i visit some nasty/containing malware sites, V3's firewall will protect me.
*but what if the malware comes from email attachment or the file i downloaded?
that's what i need an AV for. if the file is "bad", my AV will warn me before the file's
excecuted(malware in zip folder or untouched .exe file).
*if the malware cannot be recognized by the AV and therefore i execute it, i still have Defense+ to
block the malicious attempt.
V3 firewall ==> AV/AS ==> V3 Defense+
Ganda
«
Last Edit: January 19, 2008, 12:51:13 AM by ganda
»
Logged
Júštiñ™
Global Moderator
Comodo's Hero
Offline
Posts: 2868
Re: If you have V3 why do you need an AV?
«
Reply #8 on:
January 19, 2008, 12:44:45 AM »
Well as Josh said, Prevention, Detection, Cure.
If a hacker discovers a vulnerability or a way to fool the firewall (no software is completely invulnerable) the antivirus must be present to detect a virus that the hacker may upload to the computer.
Hackers are always developing new techniques that we do not know of and as they develop new ways to compromise a computer system and the antivirus software is simply there as a backup.
This isn't exactly a scenario but it is a general idea.
Logged
When the power of love, overcomes the love of power, the world will know peace.
~Jimi Hendrix
Melih
Comodo's Hero
Administrator
Comodo's Hero
Offline
Posts: 8483
Re: If you have V3 why do you need an AV?
«
Reply #9 on:
January 19, 2008, 08:23:15 AM »
ok let me plays devils advocate to the scenerios so far
Stanr's post:
Well what you are saying is user might switch off our product and not the AV. Hence should have AV. Even though its a fair point, but that user might also forget to turn on AV.
Ganda's point
no matter how an executable comes to your pc, it can't cause harm without V3 being aware and giving you the option. Nothing happens without V3's consent! I think what you are saying is: you want to execute an uknown application no matter what, and you think AV might provide some information about it. Which is the scenerio i outlined above.
But then again you make a statement saying you still execute and rely on Defense+ for alerting you. If that is the case, why do you need AV? Just rely on Defense+.
Justin's post.
we are looking for scenerios where you would need AV on top of v3. We are trying to identify when and under which scenerio one would need an additional AV on top of V3 we have..
FYI: The argument is that: If you have V3 and do not execute anything not in the whitelist you don't need an AV. (there are many people who don't install 100s of applications a day and only stick to popular programs which are already in our safelist, for those people running V3 on its own without AV is sufficient IMO).
Another possible scenerio one could argue is: Somehow hackers finding a weakness in v3 and writing malware to exploit it.
Again this is a fair assumption, however this assumes that
1)A weakness in our own product will be observed by a 3rd party AV company before we do
2)a 3rd party AV company will do a fix by creating the sig, and we won't (actually comodo will do both create the sig for the inbuilt scanner in V3 (out shortly
) as well fix the weakness.
lets keep discussing this pls.. very useful point of views eminating from this.
thanks
Melih
Logged
Who is Melih? What is he trying to do?
--
Follow me on Twitter
DarthTrader
Comodo Member
Online
Posts: 44
Re: If you have V3 why do you need an AV?
«
Reply #10 on:
January 19, 2008, 09:01:06 AM »
Melih,
Please check this news article:
http://www.abcnews.go.com/Technology/story?id=3952400&page=1
Is this the sort of scenario you are looking for?
Logged
Melih
Comodo's Hero
Administrator
Comodo's Hero
Offline
Posts: 8483
Re: If you have V3 why do you need an AV?
«
Reply #11 on:
January 19, 2008, 09:58:21 AM »
interesting read. however the scenerio here is the person has physicall access to target machine.
so they can pretty much do anything they like. They were using legitimate programs, which wouldn't be raised as suspicious by AVs anyway..
Good scenerio Darth Trader: Insider Attacks
however, AV doesn't add any more in this scenerio.
thanks
Melih
Logged
Who is Melih? What is he trying to do?
--
Follow me on Twitter
DarthTrader
Comodo Member
Online
Posts: 44
Re: If you have V3 why do you need an AV?
«
Reply #12 on:
January 19, 2008, 10:07:39 AM »
Okay, here is another scenario. You install a game from Mattel for your children. Unbeknownst to you, the game comes bundled with an badware thingy called DSSAgent, which slows down your computer. This happened to a friend of mine!
Logged
SS26
Comodo's Hero
Offline
Posts: 1559
Re: If you have V3 why do you need an AV?
«
Reply #13 on:
January 19, 2008, 10:23:27 AM »
Maybe this can be possible scenario:
Quote from: MaratR on January 08, 2008, 01:36:08 AM
...
when you run a VBS script in Windows, any script actions are carried out by wscript.exe, which is considered safe by Comodo. Place something like "wscript.exe D:\Virus.vbs" in the removable drive's autorun.inf and Comodo will just let it do it's business next time you put it in. And there is no way you can tell Comodo to allow wsctipt.exe to launch A.vbs but block B.vbs, even if you're in Paranoid mode
.
Quote from: Melih on January 19, 2008, 08:23:15 AM
...the inbuilt scanner in V3 (out shortly
)...
Will it have "disable permanently" option for those who use other AV scanners?
Logged
Rafel
Product Translator
Comodo's Hero
Offline
Posts: 356
I use only the best, I use Comodo firewall
Re: If you have V3 why do you need an AV?
«
Reply #14 on:
January 19, 2008, 10:30:36 AM »
Another scenario.
- I have got my PC. I run safe and trusted programs, but my sister come home when i amb working, then, she starts my PC, asurf, download and install some programs. She don't know if it is save or not. She doesn't understand FW's and allow all, then if the file she downloaded and runned has got a virus my AV must detects it. Is a real scenario. I don't create an account for her because she is in my PC 2 or 3 times at month.
- My friend gave me a program. He says is trusted and safe, then i installor open the file, i allowand crash, but my AV is here and says me there is a virus.
I'm sorry Melih, but prevention isn't the only way. In home PC, when we run a lot of programs and files frome anywhere, we need preventtion, but too detection and cure.
Logged
Tags:
Pages:
[
1
]
2
3
...
7
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Want to Help Comodo?
-----------------------------
=> Help Spread the Word - Banners and Logos
=> How Can I Help Comodo? (Please We Need You!)
===> Help Spread the Word! (Please Read and Help)
===> Report Comodo Forum / Web Site Issues
=> Please Tell Us Your Views and Vote Here!
-----------------------------
General Category
-----------------------------
=> Melih's Corner - CEO Talk/Discussions/Blog
=> Comodo.TV - Our Internet Video Channel
===> Comodo.TV - News and Announcements
===> Comodo.TV - Program Lineup
===> Audience Feedback and Suggestions
=> Which Product do you want Comodo to develop next?
=> General Discussion (off topic) Anything and everything...
===> Member Confessions :-)
===> Funny Photos :-)
===> Cool Stuff
-----------------------------
Desktop Security Products
-----------------------------
=> Comodo Internet Security - CIS
===> Help - CIS
=====> AntiVirus Help
=====> Firewall Help
=====> Defense+ Help
=====> Install / Setup / Configuration Help
===> FAQ - CIS
=====> AntiVirus FAQ
=====> Firewall FAQ
=====> Defense+ FAQ
=====> Install / Setup / Configuration FAQ
===> Feedback/Comments/Announcements/News - CIS
===> Guides - CIS
=====> AntiVirus Guides
=====> Firewall Guides
=====> Defense+ Guides
=====> Install / Setup / Configuration Guides
=====> Video Guides
===> Wishlist - CIS
=====> AntiVirus Wishlist
=====> Firewall Wishlist
=====> Defense+ Wishlist
=====> Graphical User Interface (GUI) Wishlist
===> Bug Report - CIS
=====> AntiVirus Bugs
=====> Firewall Bugs
=====> Defense+ Bugs
=====> GUI / Miscellaneous / Other Bugs
=====> False Positive/Negative reporting - (Is this a malware that CIS has/not detected?)
===> Virus/Malware Removal Assistance
===> Leak Testing/Attacks/Vulnerability Research
=> Comodo Time Machine - CTM
===> Frequent Asked Questions (FAQ)
===> Help - CTM
===> Feedback/Comments/Announcements/News - CTM
===> Bug Reports - CTM
=> Comodo Dragon - CD
===> Feedback/Comments/Announcements/News - Comodo Dragon
===> FAQ - Comodo Dragon
===> Bug Reports - Comodo Dragon
===> Help
===> Wishlist
=> Comodo Instant Malware Analysis Online - CIMA
=> Comodo Disk Encryption - CDE
===> Help - CDE
===> FAQ - CDE
===> Feedback/Comments/Announcements/News - CDE
===> Wishlist - CDE
===> Beta Corner - CDE
===> BUG Reports - CDE
=> Comodo Secure Email - CSE
===> Frequently Asked Questions (FAQ)
===> Feedback/Comments/Announcements/News about CSE
===> Bug Reports
===> Help for Comodo SecureEmail
=> Comodo TrustConnect - Securing the Wireless World!
=> Comodo EasyVPN - CEVPN
===> Frequently Asked Questions (FAQ)
===> Feedback/Comments/Announcements/News about Comodo EasyVPN
===> Bug reports
===> Help for Comodo EasyVPN
=> HopSurf (Bringing Internet to You)
=> Comodo Online Backup - COB
=> Comodo Backup - CB
===> Comodo Backup - FAQ
===> Comodo Backup - Help
=> Verification Engine - CVE
=> Comodo Vulnerability Analyzer - CVA
=> Comodo AntiSpam - CAS
-----------------------------
Desktop Utilities
-----------------------------
=> Comodo System Cleaner - File/Registry/Privacy Cleaner
=> Comodo Cloud Scanner
=> Live PC Support (geeks ready to help 24/7/365)
-----------------------------
Enterprise Security
-----------------------------
=> Comodo Endpoint Security Manager
-----------------------------
Compliance
-----------------------------
=> PCI DSS Compliance
-----------------------------
Learn about Computer Security and Interact with Security Experts
-----------------------------
=> Other Security Products
=> Free Virus/Spyware/Trojan/Malware Removal by Comodo Experts
=> Digital Certificates, Encryption and Digital Signing
=> General Security Questions and Comments
-----------------------------
Free Services for End Users
-----------------------------
=> UserTrust - First Independent Website Rating - Empowering our users!
=> Hacker Guardian
=> Trustfax (free Trial) (online faxing)
-----------------------------
Free Products
-----------------------------
=> Link to Free Comodo Products
-----------------------------
International Comodo Forums
-----------------------------
=> International Comodo Forums
===> 汉语语言, 漢語語言 / Chinese Simplified, Traditional
===> Nederlands / Dutch
===> Francais / French
===> Deutsch / German
===> ελληνικά / Greek
===> Magyar / Hungarian
===> Italiano / Italian
===> Nihongo / Japanese
===> Norsk / Norwegian
===> Polski / Polish
===> Português/Portuguese
===> По-русски / Russian
===> Slovenský / Slovak
===> Slovenščina / Slovenian
===> Espanol / Spanish
===> Svenska / Swedish
===> Turkce / Turkish
===> Українська / Ukrainian
===> Việt / Vietnamese
-----------------------------
Digital Certificates
-----------------------------
=> Code Signing Certificate
=> Content Verification Certificate
=> Email Certificate
=> SSL Certificate
-----------------------------
Web Server Products
-----------------------------
=> Two Factor Authentication for Web Applications
=> Trustlogo
-----------------------------
Other
-----------------------------
=> Forum Policy Violation Board
-----------------------------
Archived Boards
-----------------------------
=> Comodo Diskshield
=> Comodo Firewall
===> Feedback/Comments/Announcements/News
===> Help for v3
===> Help for v2
===> Frequently Asked Questions (FAQ) for Comodo firewall
===> Comodo Firewall Translations
===> Bug Reports
=> Comodo Anti-Viruspyware (CAVS)
===> Help for Comodo AntiVirus
===> FAQ for Comodo Anti-ViruSpyware
===> Feedback/Comments/Announcements/News about CAVS
=> Launch Pad (Discontinued)
=> Trusttoolbar (Discontinued)
=> Comodo Meet (Web Conferencing Product) (Discontinued)
=> User Anywhere (Remote Access product) (Discontinued)
=> Trustix Enterprise Firewall
=> ZTL
=> Comodo BOClean Anti-Malware
===> Announcements
===> Comodo BOClean Anti-Malware FAQ
=> Comodo Memory Firewall(Buffer Overflow Protection)
===> Comodo Memory Firewall Beta Corner
===> Help
===> Frequently Asked Questions (Comodo Memory Firewall)
===> Feedback/Comments/Announcements/News
=> i-Vault
=> Safesurf
=> Other Firewalls
=> Host Intrusion Prevention Systems (HIPS)
=> AntiPhishing Solutions
Page created in 0.552 seconds with 19 queries.
Powered by SMF 1.1.11
|
SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks
Design by
7dana.com