Design philosophy for Comodo Antivirus

Comodo Internet Security - CIS News / Announcements / Feedback - CIS
41

The modifications are the malwares attempts to get into your system. The HIPS has prevented this. The malware is has not affected your system in any way at this point. Sure, the installer can be sitting in your temporary internet files inert. This is not a security risk. If the malware were to have to wait until the AV was able to detect it, this would not be the case. As likely by the time it is picked up by the AV, it has already done damage to your system. At this point, it is a cleanup effort instead of a simple modification denial…

The Eicar files aren’t a good case in point because they are special cases and aren’t treated as most files in CAV. The AV in CIS is an on demand scanner. By definition, this means a file is not scanned until it is accessed. This means that downloads in general aren’t scanned until the file is accessed. The Eicar files don’t follow this procedure however, and are scanned on download. Why this happens I can only assume is from all of the files of people screaming that Eicar isn’t detected when they download it.

So to recap, Eicar hasn’t actually tried to do anything on your machine, which would alert D+. Instead, Eicar seems to belong to a unique subset of file types that are in fact scanned on download instead of the normal on-access method.

42

I totally agree with that Melih but that was not my question. We all know how great CIS is at protecting us, and I personally feel that CAV, even in it’s present state, is good within the framework of CIS. I’m simply asking if the direction of CAV is to be an integral part of the suite and only a layer of protection or to become the best product at doing what AV’s do, even outside of the whole package of CIS and therefore be rated higher on testing sites that only test traditional AV technologies. When you visit other forums and people bring up Comodo they most often will say , “Great Firewall but the AV sucks”. My opinion is that you don’t need to install a different AV with Comodo’s Firewall because CAV works fine within the structure of the suite. Many people seem to think that CAV is not good enough, even as part of the package. My real intention here is to have something I can use in defending Comodo against the questions I get as to why I keep using it.

43
Our philosophy, as you well know, is about “Prevention” being your first line of defense. CIS now has an AV component however this AV component is there to [b]make Prevention more usable[/b]. We believe in a Layered Security Architecture where Prevention - Detection - Cure (in that order) is the components needed for a good security. Of course Prevention being the first line of defense, CIS does not compromise on this philosophy and continues to prevent malware from infecting the PC in the first place. And [b]with the help of the detection technology (AV) built in CIS we can now offer easier to use security technology [/b] that has “prevention” as its first line of defense.

I had never seen that before , but, it kind of validates the impression I had of what CAV was meant to do. It seems to say that the AV is there to make a default deny approach more palatable to the average or novice user.

44

Melih isn’t good at answering questions ;D
Maybe wait a few more pages… if at all.

45

It really looks like the that people who are not aware that a reply about “design philosophy” was provided since the beginning are beating the bush and “waiting”.

It doesn’t matter how many instances of such “Design philosophy” they came to read as it wasn’t what they are solely focused on.

By now it should be obvious, it wasn’t really matter of “design philosophy” whenever it looks years of AV marketing still take their toll and there are people who assume that x0-xn AV can be “self-standing” even without using them.

Some other have rephrased the original query in a way they can still look at protection the way they have come to believe (AV), even accounting multi layered approach.

As such, AV-centric comments don’t even look aware that Comodo Antivirus does include D+ (yep obviously they didn’t really mean “CAV”).

Nevertheless by most ongoing comments, isn’t much clear what a “self-standing” AV category would be actually technically defined though related comments do claim that CAV isn’t part of that “category” (thus somewhat vague about what are the criteria to fit into that “category”)

Probably this also mean the they will eventually let everybody know when CAV get to fit such “category” when it will be (if their undisclosed specification of such category didn’t change meanwhile) while keeping everybody updated in that regard for the time being.

Whenever polls the likes what’s AV you use are not uncommon, this topic “design” was meant solely focused on Comodo.

Indeed regardless of “design philosophies” or protection approaches it even looks few would like to brag about CAV whereas they let everybody know they feel ATM they can’t, while others skip anecdotal premises to rehash their criticism and tell everybody they are “waiting”…

46

Hi Melih

Could you define what you meant by standalone AV? I think such a definition is essential to our discussion.

Thanks.

Peace.

47

If anybody still wonders a layered protection philosophy acknowledge that protection is to be necessarily archived compounding different layers.

As such “standalone” would be something that all those members commenting on CAV ought to explain due to the peculiar use made in the context of this topic.

Because even if Comodo Antivirus endorse a layered protection approach it should still be clarified by what criteria the 3rd party AVs insofar mentioned match in order to fit that “standalone” category.

Once those criteria are unambiguously specified it will be possible to know when any AV does or will match them (and not that, for example, that only CAV does not)

48

nice one :wink: …as you’ve probably already figured out, the argument that a standalone AV is useless (yeah…detection…prevention etc…) is just there to avoid answering the OP’s question, and remain as quiet as possible about the “potential” of CAV, apart from granting it some sort of layered protection abilities (? >>>> less pop ups with Def + 88) ) when it’s basically just there to allow Comodo to rebrand CFP to CIS, and pretend there’s a full security solution there, which as everyone knows is not the case, the anti-virus component (again 88) ) being what I just said, a useless add-on to CFP.
Say you’d want to pick up a single component in CIS, and choose other providers for the rest. You could pick up Def+ and have a fantastic standalone HIPS, you could pick up the firewall and have a brilliant stand alone firewall. But you couldn’t pick up CAV…no need to elaborate there, the existence of this thread speaks for itself.

49

Before anybody get lured to have this topic take the shortcut of pro-CAV against-CAV oversimplification it would be obvious that there would be no meaningful purpose without clarifying the criteria to match the so far ambiguous “standalone” category.

That is as long comments are made under a constructive purpose and especially if supposedly meant to point out possible areas of improvement.

50

you’re welcome to start living up to your constructive ambitions and suggest “possible”…improvements, if any comes to mind ;D

51

It wouldn’t help adding other aspects before having the previously pending ones unclarified, this obviously would include you previous comment as well.

Do just tell what you implied CAV do not have when you classed it as “useless add-on”.

Will you actually do that or leave it pending like the others, leaving the “useless” remark as the fulfilling purpose of your comment? :-La

52

Rather then debate terms,lets analyze some text:

Quote from: Melih on September 11, 2008, 04:10:32 PM
“Detection will continually improve next 12 months to get us to be one of the best!”

Quote from: Melih on March 06, 2009, 04:35:21 PM
I did promise to give you guys one of the best AVs within 12 months of launch (i still got few months left). And as you can see we are making good progress.

Quote from: Melih on May 22, 2009, 10:51:27 PM
“My 12 month promise is yet to be fulfilled. I am running behind on few things due to circumstances beyond my control (like new hardware infrastructure was delayed by about 4 months) but I think we will still have one of the best AV products within 12 months of us launching it…(so time is ticking…tick, tock…)(rushes back to AV labs to continue his work)”

Quote from: Melih on September 05, 2008, 09:54:29 PM
“We still have around 12 months (maybe less…but who knows) before I can say we are one of the best AVs out there, but I am confident about our new engine and architecture!”

Quote from: Melih on February 14, 2009, 03:37:53 PM
And our AV… I said 12 months since launch… we made some amazing progress"

Quote from: Melih on January 16, 2009, 11:41:54 PM
“We said 12 months since launching that we will be one of the top AV guys if not the top, slowly but surely we are making our way towards there.”

Quote from: Melih on September 24, 2008, 10:31:30 PM
“Anyway, our job is to protect our users! We do a good job on that. AV is a secondary defense layer and within 12 months we will be one of the best.”

Quote from: Melih on August 13, 2008, 04:42:19 PM
“You will see a great improvement over next 12 months, then we are going for the top position for the AV market… so guys, at the top there… pls make us some room… WE ARE COMING!!!”

Quote from: Melih on August 23, 2008, 11:18:26 AM
“So, one thing I can promise you all is that I will do my best to deliver you a world beating AV!!! And with CAV3 we have the beginnings of a world beating AV!”

All of the above seem to refer to the Comodo Anti-virus itself.
“Stand Alone” if you will.
They seem to reflect the design goal,if not its philosophy.
Has the goal changed?

53

I will repeat this again:

Where the addition of the AV may have started to lessen the amount of D+ pop ups the plans surely have changed. The change of plan makes sense because people who will use the Clean PC policy and have their computer scanned during the installation need to be sure the AV does a proper job. And according to Melih it will.

As far as I understand things it is about layered protection. With the in v4 upcoming behaviour blocker and enhanced AV capabilities two purposes will be served: get less alerts and facilitate a more then decent AV. And as a consequence the AV would be a cool standalone product. O0

54

So now its about “goals”…

It looks like there won’t be any clarification about the peculiar way standalone was used so that everybody will get to know what criteria an AV have to match in order to fit that category.

55

I would think that in order for CAVS to be a good “standalone” antivirus it would have to be tested against other AV’s (not security packages). Thus a “standalone” antivirus should be one that can be used by a novice user and not incorporate default deny technology. That is what needs to be tested (hopefully soon), the AV portion of CAVS.

56

I used “goals” because you seemed to take umbrage at “Philosophy”.

“Stand Alone” is a pretty innocuous ,commonly used term, seems most often used in the context
of individual components of a suite,when used by themselves.

It does not implies quality or lack of.

Nod-32 is part of the ESET suite,but is also available as stand alone.
ClamWin is a part of the SpywareTerminator “suite”,but is also available as stand alone.

I seems unlikely the term, “stand alone” holds any hidden meaning,that will one day be dug out by
a bevy of paralegals,and change the course of Common Law.
It is precise enough as used.

We are not at The Hague here.
Full exegesis of every phrase is not needed.

57
Quote from: Melih on September 11, 2008, 04:10:32 PM "Detection will continually improve next 12 months to get us to be one of the best!"

Quote from: Melih on March 06, 2009, 04:35:21 PM
I did promise to give you guys one of the best AVs within 12 months of launch (i still got few months left). And as you can see we are making good progress.

Quote from: Melih on May 22, 2009, 10:51:27 PM
“My 12 month promise is yet to be fulfilled. I am running behind on few things due to circumstances beyond my control (like new hardware infrastructure was delayed by about 4 months) but I think we will still have one of the best AV products within 12 months of us launching it…(so time is ticking…tick, tock…)(rushes back to AV labs to continue his work)”

Quote from: Melih on September 05, 2008, 09:54:29 PM
“We still have around 12 months (maybe less…but who knows) before I can say we are one of the best AVs out there, but I am confident about our new engine and architecture!”

Quote from: Melih on February 14, 2009, 03:37:53 PM
And our AV… I said 12 months since launch… we made some amazing progress"

Quote from: Melih on January 16, 2009, 11:41:54 PM
“We said 12 months since launching that we will be one of the top AV guys if not the top, slowly but surely we are making our way towards there.”

Quote from: Melih on September 24, 2008, 10:31:30 PM
“Anyway, our job is to protect our users! We do a good job on that. AV is a secondary defense layer and within 12 months we will be one of the best.”

Quote from: Melih on August 13, 2008, 04:42:19 PM
“You will see a great improvement over next 12 months, then we are going for the top position for the AV market… so guys, at the top there… pls make us some room… WE ARE COMING!!!”

Quote from: Melih on August 23, 2008, 11:18:26 AM
“So, one thing I can promise you all is that I will do my best to deliver you a world beating AV!!! And with CAV3 we have the beginnings of a world beating AV!”

All of the above seem to refer to the Comodo Anti-virus itself.
“Stand Alone” if you will.
They seem to reflect the design goal,if not its philosophy.
Has the goal changed?


Dammm, why are you quoting him like it was the bible or something. ??? In 2008 anti-virus was weak, Now it is good, not great, but good and that’s WITHOUT the Heuristics and all that other good stuff that will be added

just by looking at the quotes you posted, in (specific the dates on them), I’m guessing you have way too much time on your hands AND if you look at the quotes LOOK AT THE DATES: why did you shuffle them around.

58

By your answer I bet you did not read the previous posts. Please read them first before having an opinion.

Peace.

59

Hammersmith

Do not fall into the trap of the word game. You expressed yourself well and carried your point across :-TU. It is too bad the simple minded, with all due respect, did not understand what you were saying.

Peace.

60

Obviously your posts are taking “umbrage” under this topic title as well along with a “Philosophy” related question of yours.

That was not the only use made of that word as some also used it to purport a “category” whose specifics/properties AFAIK were never described.

As such it didn’t look a matter of packaging/availability like your above quoted example implies though I now wonder if you previously meant it in such way in a previous post I was also confused by a sudden shift of your claimed argument.

Anyway as long nobody wish for such ambiguity it doesn’t look like the necessity of clarification of that category ought to be so easily neglected.

Because even if Comodo Antivirus endorse a layered protection approach it should still be clarified by what criteria the 3rd party AVs insofar mentioned match in order to fit that “standalone” category.

Once those criteria are unambiguously specified it will be possible to know when any AV does or will match them (and not that, for example, that only CAV does not)