An interesting comparison (stats are from 7/17/10):
Program # of Signatures/Definitions Size of signature folder*
For a-squared, this is the “signatures” folder. For CIS, this is the “scanners” folder.
As for detection rates and false positive rates, we’ll have to wait for a head-to-head comparison (hopefully coming soon).this post and this post ).
[attachment deleted by admin]
Hi,
the size of the last DB (5455) is 93 151 971 bytes (and growing rather fast)
I remember this (old) message :
Now it seems quite… optimistic, no ?
But what is the current target of the Comodo team ?
clocks
July 17, 2010, 2:23pm
4
I asked this a few weeks back and got a wise ■■■ answer of “as small as possible”, or something along those lines.
There is another thread tracking the amount of defs, but wouldn’t it be better to track the size(in terms of mb) instead? I would think that of more interest.
See attachments of the first post in this thread. A graph showing the size of the signature database in Mb is posted already!
clocks
July 17, 2010, 4:28pm
6
I know, I was referring to the ongoing “Comodo AV Database update page” thread.
Bump - first post in this thread was updated today!
Tech
July 18, 2010, 6:44pm
8
Why does the number of definitions is being reduced as time goes by?
Tech
July 18, 2010, 7:50pm
10
Thanks. Make sense.
This “number” is always object of discussion…
There are a marketing issue involved. Companies estimate the number of viruses by high.
There are different counts possible: variants, etc.
There is not an international rule for virus naming, so same virus could be consider one or more by other company.
Scanning settings are very important.
Active viruses (ITW) are really more important then the whole number.
Generic signatures and heuristic detections cannot be really counted as ‘virus detection’.
See answer below:
The reason why the definition count is decreasing : Comodo is making each definition more efficient at detecting malware; therefore, less definitions are needed to detect each malware variant. Comodo is adding new detections regularly (see update page ), so Comodo’s ability to detect malware is increasing
Note: When applied to malware, the terms “definition” and “signature” mean the same thing: a rule that detects one or more malware items. The number of definitions does NOT correlate with the number of detections. A single definition may detect hundreds or thousands of malware variants.
I would define efficiency as “performing with the least waste of time and effort.” Having fewer malware definitions (each of which detects more malware) allows Comodo to use less resources (i.e. it applies fewer definitions to catch a given malware; thus, it uses less time and “effort”).
False positives have little to do with efficiency and more to do with accuracy. I define accuracy as “absence of errors.” So, a signature may be very efficient at detecting a given malware (e.g. it detects 95 of the 100 known variants), but it may not be accurate if it also detects 100 false positives.
I do not know the false positive rate for Comodo. My experience is that there are few false positives (although the number of false positives seems to increase when heuristics is set to high). Comodo is working on increasing true positive detections, minimizing false positive detections, and improving efficiency. Submitting false positives will help Comodo continue to improve their antimalware definitions.
Some additional information is posted here .
Tech
July 19, 2010, 1:13am
12
Thanks Whoop-dee-doo, makes sense.
