If you have V3 why do you need an AV?

[Guest]

[Melih]

If you have V3 and only execute Safe apps why would you need AV?

What other scenerios are there that having an AV on top of AV would be beneficial?

eg: A file that you feel you must execute but not in the safelist could be identified as a malware by an AV (if this file is a malware and the AV has the signature of this malware). (So in this scenerio we used AV for file identification)

What other scenerio if any, would having an AV on top of V3 would be beneficial?

Lets discuss this pls

thanks
Melih

[Soyabeaner | Mr. Bean]

Even though I haven't used an AV in long time, it's there to decide for the non-experienced user that file is malware and may even automatically quarantine it.  Whether it's accurate or not (false positive), is a different matter.  With regards to V3's D+, there is a prompt and the user has decide, thereby risking the possibility that if (s)he clicked Allow on a malware file.  Either way, there will always be risks associated with both solutions.  So the other benefit of an AV is that if its detection is accurate, it will remove the malware in the background for the user rather than manually having to find the malware and then delete it.

An AV on top of AV would be counter-beneficial if they're both real-time scanners because of potential conflicts.

[Josh123]

I am thinking in Terms of Layered Security here, Melih:

Prevention-CFP 3
Detection-AV
Cure

Prevention comes first off course, and that is v3 to PREVENT. We then need Detection Technologies as backups, So your AV Detection.

This is why Melih... You will have CAVS 3 integrated into CFP 3, Because You already worked out the prevention (CFP 3), and now Detection (CAVS 3), and most are using Avast!, AVG, Avira, NOD32 etc as AV Detections :-)

We need our AV as a Burglar Alarm, I am only learning this from you Melih...

Prevention isn't enough "Why have AV when you have v3?" Because the AV is part of Layered Security as DETECTION, and EVERY COMPUTER NEEDS THAT LAYERED SECURITY: Prevention, Detection, Cure.

CFP 3 will be very good as soon as CAVS 3 is integrated, Because then you covered the DETECTION part.

Josh.

[Melih]

Thanks for that Josh you learn well

but I am looking for scenerios..

thanks
melih

[Josh123]

Thanks for that Josh you learn well

but I am looking for scenerios..

thanks
melih

Oops!!

Sorry Melih...

Josh.

[Melih]

NP.. go ahead an suggest a scenerio if you have one..
thanks
Melih

[Stanr]

Does stupidity count?

If I have for some reason or another disabled D+ and forgotten to turn it back on, shut the computer down and restarted the next day D+ will be still disabled.

If I should then go online, without remembering that I disabled D+ the night before I will have no protection from a virus or other bad things. Except, I have my AV in the background to protect me from myself. In addition I am not the most savvy computer person. It is possible that I can accidently make some sort of change in CFP3 that could put me in danger. ie: granting permission to something I shouldn't have.

So I guess just plain being an idiot can be a reason to have an AV with CFP3 - to cover your butt.

If only "safe applications" are run then more then likely not even I could mess it up. But, maybe I could and that is what worries me. Am I paranoid, no .. Am I forgetful, you betcha .. Am I an idiot at times, indeed.. so I'll keep the AV going for now.

MHO
s.

As an aside, thanks for CFP3 both to you and the Dev. Team... I do feel much safer with CFP3 on the job. Outstanding Software !!

[ganda claus]

forgive this stupid opinion 
i am having an AV on top of V3. i think about it like this:
*if i visit some nasty/containing malware sites, V3's firewall will protect me.
*but what if the malware comes from email attachment or the file i downloaded?
  that's what i need an AV for. if the file is "bad", my AV will warn me before the file's
  excecuted(malware in zip folder or untouched .exe file).
*if the malware cannot be recognized by the AV and therefore i execute it, i still have Defense+ to
  block the malicious attempt.

  V3 firewall ==> AV/AS ==> V3 Defense+


Ganda

[Júštiñ™]

Well as Josh said, Prevention, Detection, Cure.

If a hacker discovers a vulnerability or a way to fool the firewall (no software is completely invulnerable) the antivirus must be present to detect a virus that the hacker may upload to the computer.

Hackers are always developing new techniques that we do not know of and as they develop new ways to compromise a computer system and the antivirus software is simply there as a backup.

This isn't exactly a scenario but it is a general idea.

[Melih]

ok let me plays devils advocate to the scenerios so far


Stanr's post:
Well what you are saying is user might switch off our product and not the AV. Hence should have AV. Even though its a fair point, but that user might also forget to turn on AV.

Ganda's point
no matter how an executable comes to your pc, it can't cause harm without V3 being aware and giving you the option. Nothing happens without V3's consent! I think what you are saying is: you want to execute an uknown application no matter what, and you think AV might provide some information about it.  Which is the scenerio i outlined above.
But then again you make a statement saying you still execute and rely on Defense+ for alerting you. If that is the case, why do you need AV? Just rely on Defense+.

Justin's post.
we are looking for scenerios where you would need AV on top of v3. We are trying to identify when and under which scenerio one would need an additional AV on top of V3 we have..

FYI: The argument is that: If you have V3 and do not execute anything not in the whitelist you don't need an AV.  (there are many people who don't install 100s of applications a day and only stick to popular programs which are already in our safelist, for those people running V3 on its own without AV is sufficient IMO).

Another possible scenerio one could argue is: Somehow hackers finding a weakness in v3 and writing malware to exploit it.

Again this is a fair assumption, however this assumes that
1)A weakness in our own product will be observed by a 3rd party AV company before we do
2)a 3rd party AV company will do a fix by creating the sig, and we won't (actually comodo will do both create the sig for the inbuilt scanner in V3 (out shortly ) as well fix the weakness.

lets keep discussing this pls.. very useful point of views eminating from this.
thanks
Melih

[DarthTrader]

Melih,
Please check this news article:
http://www.abcnews.go.com/Technology/story?id=3952400&page=1

Is this the sort of scenario you are looking for?

[Melih]

interesting read. however the scenerio here is the person has physicall access to target machine.
so they can pretty much do anything they like. They were using legitimate programs, which wouldn't be raised as suspicious by AVs anyway..

Good scenerio Darth Trader: Insider Attacks
however, AV doesn't add any more in this scenerio.

thanks
Melih

[DarthTrader]

Okay, here is another scenario.  You install a game from Mattel for your children.  Unbeknownst to you, the game comes bundled with an badware thingy called DSSAgent, which slows down your computer.  This happened to a friend of mine!   

[SS26]

Maybe this can be possible scenario:

...when you run a VBS script in Windows, any script actions are carried out by wscript.exe, which is considered safe by Comodo. Place something like "wscript.exe D:\Virus.vbs" in the removable drive's autorun.inf and Comodo will just let it do it's business next time you put it in. And there is no way you can tell Comodo to allow wsctipt.exe to launch A.vbs but block B.vbs, even if you're in Paranoid mode.

...the inbuilt scanner in V3 (out shortly )...

Will it have "disable permanently" option for those who use other AV scanners?

[Rafel]

Another scenario.
- I have got my PC. I run safe and trusted programs, but my sister come home when i amb working, then, she starts my PC, asurf, download and install some programs. She don't know if it is save or not. She doesn't understand FW's and allow all, then if the file she downloaded and runned has got a virus my AV must detects it. Is a real scenario. I don't create an account for her because she is in my PC 2 or 3 times at month.
- My friend gave me a program. He says is trusted and safe, then i installor open the file, i allowand crash, but my AV is here and says me there is a virus.

I'm sorry Melih, but prevention isn't the only way. In home PC, when we run a lot of programs and files frome anywhere, we need preventtion, but too detection and cure.

[Tags:]