Author Topic: Is The Anti-Virus Even Necessary ?  (Read 19756 times)

Offline The Zodiac

  • Comodo Member
  • **
  • Posts: 42
Is The Anti-Virus Even Necessary ?
« on: October 03, 2010, 01:27:05 PM »
Ok, I know this may seem a stupid question but here me out.

First, all Anti-Virus software is signature based in essence & some have built in "zero-day" capabilities, & heuristic analysis.

Now I did a test yesterday. I downloaded a key generator, which we all know 99.9% of the time is infected. I know can hear you say, "wtf would you risk it for"? But I had no fear thanks to the CIS sandbox feature, which is one of my points.

Now I scanned the keygen with Comodo Virus Scan. The scan came back clean. Wtf? I then scanned the keygen with the Hitman Pro cloud scanner, which flagged the keygen.exe as "malware". Hmm. So to prove a point I ran the keygen.exe & Comodo (as I figured) sandboxed it, which is good. No harm, no foul.

My question here is this. With Comodo's Sandbox feature, even without an anti-virus, you are protected from harm from the infected file. So why do we even need the anti-virus at all ? I love my CIS software & wouldn't want to be without it, but the anti-virus portion seems to be a little "useless". Especially when it didn't recognize what should of been an "easy mark" for most AVs.

I am no security guru, so perhaps I am missing something here, which is why I am posting this thread --- to be perhaps enlightened on why the AV in CIS is needed. The obvious response (i would think) is that even though CIS sandboxed the "malware".exe, you are not made aware that it is indeed "malware", so the potential for someone with less security experience to think the .exe is safe & to run it outside the sandbox is fairly high ---- which could be dangerous. But if the Comodo AV didn't recognize in the first place it doesn't seem to matter much.

Again, I am not bashing CIS, as I use it, & love it. I would just like to hear some informative responses that could set me straight on why the Comodo AV is a part of CIS, if it seems to be a little ineffective in "catching" malware in the "act".

Thanks

Offline Syl

  • Comodo's Hero
  • *****
  • Posts: 531
Re: Is The Anti-Virus Even Necessary ?
« Reply #1 on: October 03, 2010, 02:02:10 PM »
The AV reduces the amount of popups.

Offline Tech

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 3027
Re: Is The Anti-Virus Even Necessary ?
« Reply #2 on: October 03, 2010, 02:22:29 PM »
My question here is this. With Comodo's Sandbox feature, even without an anti-virus, you are protected from harm from the infected file. So why do we even need the anti-virus at all ?
1. Usability: reduces popups.
2. The decision is taken by experts (and not by the user).
3. Reduce the probability of the user to allow running it.
4. Cleaning operations in an infected computer.

But if the Comodo AV didn't recognize in the first place it doesn't seem to matter much.
Improve the AV part of the suite then...
avast! team member
Save freeware snapshot technology of Comodo Time Machine. Vote!

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 13584
    • Video Blog
Re: Is The Anti-Virus Even Necessary ?
« Reply #3 on: October 03, 2010, 02:39:45 PM »
for security...no..
for usability...yes..

Offline JamesFrance

  • Comodo's Hero
  • *****
  • Posts: 1270
Re: Is The Anti-Virus Even Necessary ?
« Reply #4 on: October 03, 2010, 02:45:57 PM »
Many of us would run the Comodo firewall with defense+ without any antivirus in the past and never got infected.   You just needed to check out the many alerts carefully before allowing something.

Since CIS was launched about 2 years ago the pop-ups have been steadily reducing as the av and now the sandbox make alerts less needed.   If you were to use another av than Comodo av you would probably be alerted by both that and Defense+, so not really a good idea if you are interested in usability.
James

Offline knk2006

  • Comodo's Hero
  • *****
  • Posts: 540
Re: Is The Anti-Virus Even Necessary ?
« Reply #5 on: October 03, 2010, 05:12:21 PM »
for security...no..
for usability...yes..

+1   :-TU

I like the posts of this guy  ;D he's awesome  ;)

Offline John Buchanan

  • The greatest victory comes from the battle within.
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5690
  • Personal Dragons can be defeated. Improve yourself
Re: Is The Anti-Virus Even Necessary ?
« Reply #6 on: October 03, 2010, 06:51:28 PM »
I tested this.  Some were flagged by the AV, some were stopped by the sandbox or D+.
So maybe the signature just needs to be added to the database?
I deleted the files so I cannot send them myself.
Please follow Comodo Forum Policy

Offline SG65

  • Comodo's Hero
  • *****
  • Posts: 408
Re: Is The Anti-Virus Even Necessary ?
« Reply #7 on: October 03, 2010, 07:07:36 PM »
  If you were to use another av than Comodo av you would probably be alerted by both that and Defense+, so not really a good idea if you are interested in usability.

From my experience MSE jumps before D+ (and only MSE, no D+ as well).
I wouldn't use Comodo's AV; I just don't trust it.
« Last Edit: October 03, 2010, 07:09:49 PM by SG65 »

Offline The Zodiac

  • Comodo Member
  • **
  • Posts: 42
Re: Is The Anti-Virus Even Necessary ?
« Reply #8 on: October 03, 2010, 07:55:56 PM »
I still am not sure how the AV reduces pop ups. The reason I say this is that I have yet to see the AV in Comodo flag a single malware. Which also leads me to wonder, how could it remove an infection if it doesn't find one.

Personally I don't really care about the AV, since Defense + is my "bodyguard" against malware. I was just curious to hear what others had to say on this subject.

Offline languy99

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 3940
Re: Is The Anti-Virus Even Necessary ?
« Reply #9 on: October 03, 2010, 08:02:21 PM »
it reduced pop ups by stopping the malware before it gets to D+, instead of having to answer 5 questions about the program in D+ you only answer one with the AV.

Also I don't know how much research you do concerning CAV detection ratios, but I find malware everyday and it does find a significant amount of malware, maybe you have just not checked enough of them.
http://www.youtube.com/languy99

Software Reviews for all.

Follow me on Twitter http://twitter.com/#!/languy99

Offline Josh™

  • Retired Moderator
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1010
Re: Is The Anti-Virus Even Necessary ?
« Reply #10 on: October 03, 2010, 10:55:40 PM »
AV for Usability...

Like others have said already, the AV Updates both blacklist and whitelist so the number of Alerts or sandboxed notifications you need to see are minimal. :)

The security/protection aspect is obviously Defense+ and Sandbox. AV is there for usability.

Josh
Learn from the past, live in the present, prepare for the future.

Online Siketa

  • Comodo's Hero
  • *****
  • Posts: 4778
  • ZIG ZAG
Re: Is The Anti-Virus Even Necessary ?
« Reply #11 on: October 04, 2010, 12:55:55 AM »
it reduced pop ups by stopping the malware before it gets to D+, instead of having to answer 5 questions about the program in D+ you only answer one with the AV.

Languy,

I agree with you but also there are lots of cases when I get three pop-ups while testing CIS against malware.
First the sandbox appears then CAV with its delayed detection and Defense+ with Buffer Overflow warning at the end.

Offline The Zodiac

  • Comodo Member
  • **
  • Posts: 42
Re: Is The Anti-Virus Even Necessary ?
« Reply #12 on: October 04, 2010, 02:37:48 AM »
.....maybe you have just not checked enough of them.

Perhaps you are right. I guess it could also mean that I simply do not run into any malware during my daily usage. The first time I went looking for malware to test, CAV didn't recognize it, so it was a little presumptuous of me to "rate" the CAV on that single instance.

Offline SiberLynx

  • Comodo's Hero
  • *****
  • Posts: 2193
Re: Is The Anti-Virus Even Necessary ?
« Reply #13 on: October 04, 2010, 03:27:26 AM »
Hi  The Zodiac,

It was discussed before here & in other places few (if not many) times
Having AV in place I haven't used  full scan for about 4 years ever
(only for testing purposes sometimes)

Comodo's AV was created for a “convenience”/ “usability”,  as Melih said,  for  having a Suite
Whatever “usability” means... For me – it means nothing – use other AV that has much better detection rate & less FPs, or don't use any

Having decent  Behavioral Blocker is more efficient anyway

But in this case Comodo was most likely correct – not a malware

According to my research more than 80- (90%?) of “keygens” are never malware
a bit less % , but the same with cracks – many are as clean as well filtered water!
As it was pointed  - the vendors just go into P2P sites;  gathering them  and adding to the signatures

I'm not saying that you cannot catch the bad one” - risky stuff ! It is your choice whether you wanna research

The contributors are not only hackers/crackers, but the major players – the big companies that are protecting their Software.
They are substituting downloads of perfectly made cracks. Believe me – they have special forces / agencies for doing that.

That doesn't mean that  I am supporting piracy … do not get me wrong, but just collecting anything out there and adding to the signatures doesn't do any good as well

Sure languy99 is right
...Also I don't know how much research you do concerning CAV detection ratios, but I find malware everyday and it does find a significant amount of malware, maybe you have just not checked enough of them.
Please check if you want … but check thoroughly
If you are advantageous  enough... :) you will find out that what was flagged by many security as a malware (especially keygens) will work perfectly after you would a set up the Software.
Password protect cracks/keygens & test the System & Software after the installation... how may “Trojans” and nasties  you will find ?
 
From my experience MSE jumps before D+ (and only MSE, no D+ as well).
I wouldn't use Comodo's AV; I just don't trust it.
Well ... I am not using neither MSE nor Comodos AV ... but if you are talking abut trust - I would rather use Comodo's Av than MSE

Cheers!

p.s. using  abbreviations like"WTF" is not nice thing to post...
anyway... recently here in the forum the "decision" was made that WTF stands for "Wondershare Time Freeze" virtualization Software   :D
« Last Edit: October 04, 2010, 03:34:23 AM by SiberLynx »
Main OS - Ubuntu
XP Pro, SP3 (32bit), Admin; Comodo Firewall 3.14.130099.587; Proactive with Defense+; Emsisoft Anti-Malware v9; Sandboxie
Win 7 x64, Admin (UAC off); Win7 advanced FW +TinyWall; Emsisoft Anti-Malware v9; Sandboxie
Win 7 Ultimate 32bit (UAC off); Emsisoft Internet Security v9 beta

Offline Tech

  • Usability Study Member
  • Comodo's Hero
  • *****
  • Posts: 3027
Re: Is The Anti-Virus Even Necessary ?
« Reply #14 on: October 04, 2010, 06:28:13 AM »
Comodo's AV was created for a “convenience”/ “usability”,  as Melih said,  for  having a Suite
Whatever “usability” means... For me – it means nothing – use other AV that has much better detection rate & less FPs, or don't use any

Having decent  Behavioral Blocker is more efficient anyway
avast is going for that.
http://forum.avast.com/index.php?topic=64382.msg546016#msg546016
avast! team member
Save freeware snapshot technology of Comodo Time Machine. Vote!

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek