why the wait for cavs 3 makes sense

[Guest]

[panic]

Yes I can't wait...

Comodo is the only brilliant company in the world that is doing whitelisting. If not for them there is no other product in the world that already does whitelisting....

Facetiousness genuinely becomes you. 

[Melih]

Sorry; must have missed something.  Whitelisting has been a colossal failure for email, and has not worked well for web browsing.  Just because most users deal with a lot of unknowns and don't tend to catch up very quickly.  I am not a CAVS user, so wonder what Comodo is doing differently for CAVS3.  Thanks; Ed.

Number of baddies out there is outnumbering the number of goodies.
Its much more difficult to find baddies (cos they hide until they start causing damage, in which case its too late), than goodies.
Its much safer only to allow safe apps to run than running everything then figuring out whats bad in there.

As to most users dealing with a lot of uknowns: Not sure I share the "most" aspect of that statement. Not sure how many new executables an average person introduces to their machines on daily basis, however I do suspect to be a low number. And in the case of businesses, they are doing everything to stop the employees from introducing any new executables to their PCs to save support issues.

Also there are additional benefits like: Drive by downloads will be caught red handed with a Whitelisting approach, whereas blacklisting will wait for the signature.

thanks
Melih

[giraffe]

No harm in having blacklisting as well.
No evidence of mal-intent does not equal evidence of no mal-intent.
If something is known to be bad it needs stopping, not ignoring.

[Melih]

No harm in having blacklisting as well.
No evidence of mal-intent does not equal evidence of no mal-intent.
If something is known to be bad it needs stopping, not ignoring.

of course..
hence why I wrote this article about future of computer security .

Its

1st - Prevention
2nd- Detection
3rd-  Cure

thanks
Melih

[sded]

Thanks for the info, Melih.  I was really wondering what it is that CAVS3 is whitelisting?  For AV/AS/Antispam it is usually things like email address consistency, correspondents, web page URLs, ... that do vary a lot and are difficult to maintain.  Are you whitelisting executables (CRCs?) and using a HIPS approach to prevent white programs from doiing black things or something entirely different?  Perhaps a reference where we can go read about the CAVS3 approach?  Thanks; Ed.

[aladinonl]

whitelist is good but blacklist is not bad either. u can't expect evryone, even most, to be able to operate sophisticated program.

[Melih]

Thanks for the info, Melih.  I was really wondering what it is that CAVS3 is whitelisting?  For AV/AS/Antispam it is usually things like email address consistency, correspondents, web page URLs, ... that do vary a lot and are difficult to maintain.  Are you whitelisting executables (CRCs?) and using a HIPS approach to prevent white programs from doiing black things or something entirely different?  Perhaps a reference where we can go read about the CAVS3 approach?  Thanks; Ed.

the hips and whitelisting approach for CAV will come from D+ in v3. We are whitelisting any file that can execute.

thanks
Melih

[BNAMack]

We have a Production Release Version scheduled for End of June! This means the beta will be before then.

thanks
Melih

  I will be very excited to help test the beta! Thanks for the update, Melih. 

[BNAMack]

   Yes, we have all been waiting for CAVS3.  Kind of like buying a car.

   Car 1:  is available sooner than promised, but because it was rushed through production some of the nuts and bolts were left off, but the salesman says "we can deal with that later in our garage."

   Car 2.  takes a little longer to build, all the parts were put on securely, might still require some tweaking (no car is perfect), will require you drive "ole betsy" just a little longer while waiting.

   Both cars cost the same (FREE!).

   Umm....I choose Car 2.

 

Except that 'ole betsy' doesn't run on Vista, either. *sigh* 

[grayhair]

Except that 'ole betsy' doesn't run on Vista, either. *sigh* 

   Yes, I am in the same boat with two Vistas.  I too am using "that mechanic across town" that I am not sure I fully trust--and their restroom is not the cleanest.  But, that is the choice I have to make.

 

[Agent24]

  I will be very excited to help test the beta! Thanks for the update, Melih. 

You guys make one awesome firewall and I can't see any reason why your Antivirus wouldn't be just as good
I'm all up for some beta testing too just as soon as you can release one!

[Melih]

You guys make one awesome firewall and I can't see any reason why your Antivirus wouldn't be just as good
I'm all up for some beta testing too just as soon as you can release one!

With the team that we have in place now, I am very confident that we will give the AV industry a good run for their money...first..

but soon after will lead it!

Melih

[Luketan]

Number of baddies out there is outnumbering the number of goodies.
 

Actually this is false. As much as the output of malware writters is increasing, there are still way more programmers producing legitimate programs and files obviously. Even if the malware writters produce more on average, they are still swamped by their small percentage (less than 5% - i'm being generous here).

Maybe less false is

1) The number of "goodies" used by EACH user is less than the number of baddies encountered by EACH user

or

2) The number of "goodies" used by the TYPICAL user is less ....


The problem with (1) is that while each user uses say 100 goodie programs, their 100 goodies are mostly different.

(2) is the strongest argument for whitelisting. But so far no centralized whitelist i know including comodo (which does not even include popular antivirus like antivir), is efficient enough.

 

[Luketan]

the hips and whitelisting approach for CAV will come from D+ in v3. We are whitelisting any file that can execute.

thanks
Melih

What's so exciting about whitelist in CAVS then? It's already in D+ (not to mention a zillion other hips before D+).

[eXPerience]

What's so exciting about whitelist in CAVS then? It's already in D+ (not to mention a zillion other hips before D+).

They're trying to add almost all good files so you get less pop-ups. I think in CAVS there will be far less pop-ups than in D+.

Xan

[Tags:]