If you have V3 and only execute Safe apps why would you need AV?
What other scenerios are there that having an AV on top of AV would be beneficial?
eg: A file that you feel you must execute but not in the safelist could be identified as a malware by an AV (if this file is a malware and the AV has the signature of this malware). (So in this scenerio we used AV for file identification)
What other scenerio if any, would having an AV on top of V3 would be beneficial?
Even though I haven’t used an AV in long time, it’s there to decide for the non-experienced user that file is malware and may even automatically quarantine it. Whether it’s accurate or not (false positive), is a different matter. With regards to V3’s D+, there is a prompt and the user has decide, thereby risking the possibility that if (s)he clicked Allow on a malware file. Either way, there will always be risks associated with both solutions. So the other benefit of an AV is that if its detection is accurate, it will remove the malware in the background for the user rather than manually having to find the malware and then delete it.
An AV on top of AV would be counter-beneficial if they’re both real-time scanners because of potential conflicts.
I am thinking in Terms of Layered Security here, Melih:
Prevention-CFP 3
Detection-AV
Cure
Prevention comes first off course, and that is v3 to PREVENT. We then need Detection Technologies as backups, So your AV Detection.
This is why Melih… You will have CAVS 3 integrated into CFP 3, Because You already worked out the prevention (CFP 3), and now Detection (CAVS 3), and most are using Avast!, AVG, Avira, NOD32 etc as AV Detections
We need our AV as a Burglar Alarm, I am only learning this from you Melih…
Prevention isn’t enough “Why have AV when you have v3?” Because the AV is part of Layered Security as DETECTION, and EVERY COMPUTER NEEDS THAT LAYERED SECURITY: Prevention, Detection, Cure.
CFP 3 will be very good as soon as CAVS 3 is integrated, Because then you covered the DETECTION part.
If I have for some reason or another disabled D+ and forgotten to turn it back on, shut the computer down and restarted the next day D+ will be still disabled.
If I should then go online, without remembering that I disabled D+ the night before I will have no protection from a virus or other bad things. Except, I have my AV in the background to protect me from myself. In addition I am not the most savvy computer person. It is possible that I can accidently make some sort of change in CFP3 that could put me in danger. ie: granting permission to something I shouldn’t have.
So I guess just plain being an idiot can be a reason to have an AV with CFP3 - to cover your ■■■■.
If only “safe applications” are run then more then likely not even I could mess it up. But, maybe I could and that is what worries me. Am I paranoid, no … Am I forgetful, you betcha … Am I an idiot at times, indeed… so I’ll keep the AV going for now.
MHO
s.
As an aside, thanks for CFP3 both to you and the Dev. Team… I do feel much safer with CFP3 on the job. Outstanding Software !!
forgive this stupid opinion (:TNG)
i am having an AV on top of V3. i think about it like this:
*if i visit some nasty/containing malware sites, V3’s firewall will protect me.
*but what if the malware comes from email attachment or the file i downloaded?
that’s what i need an AV for. if the file is “bad”, my AV will warn me before the file’s
excecuted(malware in zip folder or untouched .exe file).
*if the malware cannot be recognized by the AV and therefore i execute it, i still have Defense+ to
block the malicious attempt.
If a hacker discovers a vulnerability or a way to fool the firewall (no software is completely invulnerable) the antivirus must be present to detect a virus that the hacker may upload to the computer.
Hackers are always developing new techniques that we do not know of and as they develop new ways to compromise a computer system and the antivirus software is simply there as a backup.
This isn’t exactly a scenario but it is a general idea.
ok let me plays devils advocate to the scenerios so far
Stanr’s post:
Well what you are saying is user might switch off our product and not the AV. Hence should have AV. Even though its a fair point, but that user might also forget to turn on AV.
Ganda’s point
no matter how an executable comes to your pc, it can’t cause harm without V3 being aware and giving you the option. Nothing happens without V3’s consent! I think what you are saying is: you want to execute an uknown application no matter what, and you think AV might provide some information about it. Which is the scenerio i outlined above.
But then again you make a statement saying you still execute and rely on Defense+ for alerting you. If that is the case, why do you need AV? Just rely on Defense+.
Justin’s post.
we are looking for scenerios where you would need AV on top of v3. We are trying to identify when and under which scenerio one would need an additional AV on top of V3 we have…
FYI: The argument is that: If you have V3 and do not execute anything not in the whitelist you don’t need an AV. (there are many people who don’t install 100s of applications a day and only stick to popular programs which are already in our safelist, for those people running V3 on its own without AV is sufficient IMO).
Another possible scenerio one could argue is: Somehow hackers finding a weakness in v3 and writing malware to exploit it.
Again this is a fair assumption, however this assumes that
1)A weakness in our own product will be observed by a 3rd party AV company before we do
2)a 3rd party AV company will do a fix by creating the sig, and we won’t (actually comodo will do both create the sig for the inbuilt scanner in V3 (out shortly ) as well fix the weakness.
lets keep discussing this pls… very useful point of views eminating from this.
thanks
Melih
interesting read. however the scenerio here is the person has physicall access to target machine.
so they can pretty much do anything they like. They were using legitimate programs, which wouldn’t be raised as suspicious by AVs anyway…
Good scenerio Darth Trader: Insider Attacks
however, AV doesn’t add any more in this scenerio.
Okay, here is another scenario. You install a game from Mattel for your children. Unbeknownst to you, the game comes bundled with an badware thingy called DSSAgent, which slows down your computer. This happened to a friend of mine!
I have got my PC. I run safe and trusted programs, but my sister come home when i amb working, then, she starts my PC, asurf, download and install some programs. She don’t know if it is save or not. She doesn’t understand FW’s and allow all, then if the file she downloaded and runned has got a virus my AV must detects it. Is a real scenario. I don’t create an account for her because she is in my PC 2 or 3 times at month.
My friend gave me a program. He says is trusted and safe, then i installor open the file, i allowand crash, but my AV is here and says me there is a virus.
I’m sorry Melih, but prevention isn’t the only way. In home PC, when we run a lot of programs and files frome anywhere, we need preventtion, but too detection and cure.
Here is a scenario which happened to me not more then 1 hour ago.
I went to download a product (superscan) so i switched to installation mode while downloading.
When the product was downloaded my av guard flaged it up as possible malware which then gave me the option to allow/quarantine or delete.This made me think allthough i knew this was from an ok source i still had the layered protection which allerted me to a possible bed egg?
We are after all only human and if we try to download something we think is from a legit source but may not be, we still have a back up which may alert us to a malware program.
I’m tired so I haven’t read all posts, but here’s “my” scenario:
I’m looking for a freeware program to convert media files. I find one on a site that distributes many freeware/shareware programs, and download it.
I run the file, with CFP in installation mode or with D+ disabled. All of a sudden, strange things happen to my system, and I find some unknown process running. I look it up on the net, and on PrevX’s website I see that this is MALWARE! And I did allow it because I thought it was a freeware media program installer. Instead of taking any risks I reinstall Windows.
This scenario is not only hypothetical, because it DID happen to me half a year ago, except that I had CFP 2.4 at that time. I actually don’t remember if I had any AV. If I had, I believe it was avast, and if so avast missed it.
Today I run without AV, I only have CFP 3, but this is ONLY because I ONLY download files that I’m at least 99% certain they are safe, and I surf with NoScript so nothing can get into my system via the browser (Firefox). I’m OK with taking the risk that even files from Filehippo (which is more or less the only site I download from except for authors’ own sites) are infected, because I think the risk is minimal.
So this again comes down to this application being in our whitelist or not. If this was in our whitelist, then our processes (in theory) should catch it before we put it in our whitelist that it has a malware in it. But you raise an important point that, Our safelist could be corrupt.
this discussion is not to prove a point but to invite discussion and exploration of scenerios as to when we would need an AV on top of V3. This discussion, hopefully, will help us visualise the scenerios where CAV3 and CFPv3 will work together in harmony. coming to your points
your point 1: Giving control to others: with V3 you can lock it so that other people can’t answer alerts and cause issues. Afterall, if they don’t know they can be dangerous and why are you making the assumption that the malware your sister will install will be recognised by AV products?
Your point 2: Again the issue of running apps not in the safelist.
So I would say you have a good point about allowing/disallowing control to the Protection software as a scenerio.
