Some Comodo delusions regarding virus/spywares

[Guest]

[AudiA3]

Hi Comodo Community,
I hope that you will take this thread as a constructive critic because it is what it's meant to be.
I was proud to run CPF and CAVS, I would like to say that CAVS was perfectly updated (almost everyday it automatically downloaded its updates); well, during the navigation I have seen some strange pop up windows appearing ( I was using firefox and the pop up were opened with IEXPLORE) and I suspected it was a spyware. So I ran CAVS, telling it to perform a full scan, 0 entries were found. I ran also adaware2007, nothing else except some stupid tracking cookies. I ran also spybot S&D, nothing.
So, just to be sure I ran again CAVS, but the system seemed to be clean.

But in task manager I saw some strange processes (IEXPLORE.EXE) running in background without any notification and I ran Norton Antivirus 2007.
Well, it scanned my computer and found this :

Adware.Lop
Downloader.Lop
Trojan.Anicmoo ( !!! )
Trojan.Linkoptimizer.B (!!!)

All of them "infected" around 100/200 registry entries each and some of them infected more than one exe-file in my HD.
I can only say that they were "taken" not with my account but with the account of my sister so all my files were ok, but hers were infected.

So, why comodo didn't detect ANY of them and Norton yes ? Actually my computer is working perfectly without those malwarez but I have been deluded by comodo's behaviour because nothing was noticed (and , yes, CAVS was enabled since the first installation). So, is it a lack of virus database knowledge or this problem is related to an incorrect installation/use of CAVS ?

Can u take a look if those virus are included in your virus list ?


Many thanks !

[ganda]

hi AudiA3 
i think CAVS detection rate ain't the best yet (and i think the "S" part of CAVS isn't working for now ), so maybe you should use another AV and wait for the next CAVS 3 (i've heard that CBOClean signature will be added to CAVS3 virus database).
what about CBOClean? have you try it? i think it's more suitable for catching spyware,adware, trojan than CAVS. i haven't been infected lately ( and i'm not asking for it  ), so i can't tell how good CBO is.

welcome to the forum 


Ganda

[N.T.T.W.]

As ganda says, CAVS detection rate is still being continually updated.

ganda, the program does detect and remove Spyware, I removed several trojan downloaders last week using CAVS.

I think it is just that the database is not yet quite as large as it could be. Having said that, not all antivirus software will detect all malware, there is no antivirus (yet?)that will detect everything.
CAVS is still a beta product so we will have to wait for CAVS 3 to be finalized before we start comparing it with other fully fledged antivirus software.

 

[ganda]

ganda, the program does detect and remove Spyware, I removed several trojan downloaders last week using CAVS.

oops, sorry for that. i thought CAVS 2 only take care of viruses/worms, and the other malwares are CBO job to handle.

ganda

[AudiA3]

OK, it was my fault in using a beta version for my PC security, before making any other observations I should wait for a definitive version of CAVS (3.0 ??).
So, my 2 cents, I really really really really hope that comodo staff will enforce the virus's database: it is essential.

Congratulations anyway for the product: when it will be officially released I will use it again

[yeiazel]

Hi AudiA,

I think if you want help CAVS grow you can submit this malware with CAVS quarantine option (writing malware name and antivirus name that pointed out it).

When I find a new virus-malware not in database CAVS, always send it to lab. 

Greetings 

[AudiA3]

Yes, I had to do that but since those malwares were "pretty well known", so I didn't send them. Normally I think that it's an operation that should performed over "suspicious files" and not over those well known threats.

[yeiazel]

so I didn't send them

It seems to me not a selfless attitude.

It does not exist in the world any software that guarantees a full covering from all existing malware and if it is "pretty well known" from one, does not mean that's for another one.

This is a free product (beyond that Beta) and seems me that minimum that does for repay is give a hand in the development of database malware, signalling the malware known or suspect that is!

[AudiA3]

It seems to me not a selfless attitude.

It does not exist in the world any software that guarantees a full covering from all existing malware and if it is "pretty well known" from one, does not mean that's for another one.

Building a good database starting from zero and using users's signalation is a suicide: you will get a vaguely decent antivirus in 10 years, hopefully. So I really hope that Comodo is able to build an archive from its knowledge.
Anyway I have exactly reported the NAMES of the viruses that CAVS didn't detect.

[zvaragabor]

"Building a good database starting from zero and using users's signalation is a suicide:..."

If everybody would think the same way as you, it would really be a suicide. But fortunately no. The more people send the samples(even if only one sample per head), the bigger database is.

"Anyway I have exactly reported the NAMES of the viruses that CAVS didn't detect."

And where to get the sample from? Other vendors won't give it to Comodo. Only a name is not enough. Please submit the file(s) to the Comodo lab, so they will be in the database in a few days.

Greetings

[N.T.T.W.]

Comodo do not just rely on files submitted by users, I am sure they use many sources. However, it all helps and the more files submitted the better the antivirus will become. This will benefit everyone in the long run, both users and Comodo.

 

[Tags:]