Symantec has gone this same route and in my estimation it is the wrong way to go. They have a boot tool that is only good for some things and has to access the internet to install the latest definitions, which are much the same as Norton itself. It can identify TDL3/4 infections but is not allowed to remove them.
The Norton Power eraser is the same, and while quite effective for fake AV’s, it is quite dangerous for rootkit infections.
TDL3 infects system files such as atapi.sys (hard drive controller) or may report that atapi.sys is infected when it is actually another system driver that is infected. If these files are deleted or quarantined, the computer will not boot.
If winlogon is reported as infected and deleted by a remediation tool, the machine can’t load. There are so many ways to turn a machine into a paperweight by using tools that are inadequate or improper for the purpose, that installing such a tool as part of my security suite gives me chills.
I would not like to see Comodo go the same way.
There is no one size fits all infection cleaner that quarantees a cleanup without risk to the machine. Some things are best left to experienced virologists.
If an important file like atapi.sys would be deleted or quarantined because it has been identified as infected (regardless if it’s really infected or not), then your system indeed becomes unbootable. A virologist would most probably copy a clean version of atapi.sys for your specific OS into it’s proper folder by using a bootcd tool (i.e. Hiren’s Boot CD).
How Comodo could automate this is by combining Comodo Time Machine with CIS. If an important file gets infected, it would replace that file with the previous uninfected version. However, I do believe that Time Machine needs some major work as it is currently still unstable with raid disk systems.
that would be a good idea except that CTM has to be installed and has to be installed when the system is in a clean state. the point of cce is to be portable and only be used wehn the system is infected so this in my opinion would work with CTM
Oh no please, no CTM automatically integrated with CIS. For disk images users it’ll be a terrible mess as CTM and disk imaging software don’t go along; they won’t be able to use CIS anymore.
1st, I’m not a fan of overbloated installer asking you if you want to install x, y, z while installing a or b.
2d , lots of people will install CTM alongside with CIS not even kowing what it is exactly. And if they already have a back image sotf, they are heading right for problems.
3d, why CTM and not CB?
I’d rather that after install of CIS, CAV or FW there was a popup with a link to Comodo site where the users could see other Comodo products which will help them to keep their computers clean. And with good explanation of these products.
Back images softs save you the hassle to desinfect, uninstall softwares, clean registry,…and you can come back in time at the date of your choice with a perfectly functionning system. You can save your images on the support of your choice. I’m not at ease with Time Machine technology, be it Comodo or not. The snaspshots eat up the capacity of your active partition, there could some messing up with the MBR, you can’t save the snapshots where you want, old snapshots are erased by new ones so you couln’t restore at the date you wish…
So inform users and let them choice which software CTM or CB is best suited for them to keep their computers healthy. And explain them also that it is one or the other and not both at the same time.
You’re right. But it could be a possibility as CTM could be used as a security tool.
Make it an opt-in (you need to check if you want it installed). It’s not forced. It’s up to the user (and requires his/her interaction). The default could be not install it.
Because you can iron CTM to use it as a security tool and restore the computer to a non-infected situation. With CB (or any other backup tool or even image/partition tool) there will always be the possibility of reinfection through MBR rootkits.
Yeah, it’s an option, it’s a personal choice, it’s a possibility.
No, CTM does not work like this: use the free space of the protected disk and you can manage the space used. Old snapshots are only deleted if you set so.
Neither CTM nor CB cannot be taken seriously as any image/backup solutions
My own experience after testing both for a long time:
CB in the past was a very good simple solution - not anymore.
Use as many free backup solutions as you can and you’ll be better off
CTM ??? - out of the question completely - hopeless unneeded stuff.
Find free image Software out there (that was discussed many times here & “there”) and use it
CTM is just a pathetic joke
No! … by any means
What do you mean by “you”? … the user ??? That’s’ not funny at all, man.
Who will “iron” it? It cannot be ironed. It has to be either dismissed completely or re-developed from scratch …
… but why would one spend any time doing that , when we have perfectly working solutions in place?
That is True! (add CTM to that) & especially x64 “lovers” have to be aware of that.
Always, have a spare hard drive in order to replace the old one when you will get that “special” RootKit
Yeah! … other things are basically !ot! so I’ll not go there
Hi Valentin,
By buying HDD “without any big costs” … did you mean what I was trying to convey (see “have a spare hard drive” ?) - CTM and CB are useless?
If so - congratulations! … finally we have something incommon
Hmm…from what I can understand here, there is no way to make an AV bootCD that can automagically recover a non-infected system file? This means if Comodo or any other bootCD quarantines / deletes an infected system file, you will have to manually restore it somehow?
What about this solution: After installing Comodo, you will be asked to create a backup CD / DVD with important system files in case you need to recover from an infection that spread through the system files. This backup has to be made while your system is still clean though, and as an extra layer of security all system files copied to cd are scanned with Comodo Cleaning Essentials engine. Then when you need the AV bootCD (which you can also make using CIS) and you boot from that CD, it will ask you to insert the backup CD if it needs to replace an infected system file. CIS will also remind you to make a new backup CD every month or so to keep the system files up-to-date (and will tell you NOT to dispose of your old backup CD and rather label them with a date, just in case an infected system file slips by Comodo Cleaning Essentials scans).
I agree that the best solution is to make consistent drive images to another disk (I use Acronis for this and schedule it to update my image every week, excellent product!) However, if your system is infected but you can still boot from it, you would rather just take a few minutes to clean that infection rather than take an hour to restore your 20Gb+ partition (in case you have Win7).
I’m not shure how "AV bootCD " relates to the issue,
but anyway the point was if you have that "special RootKit installed (Comodo will not help you to avoid it) neither reformatting nor “bootCD” will ever help you
the thing will always “sitting above” both processes
I don’t think CTM is a joke or useless; I think CTM will give comodo a good rep because it’s innovative and that’s what comodo needs if they want to stick out. CB is good but nothing new on the market; there are others that have more experience than comodo regarding backing-up.
On the VM machine I have made test and it did what it’s suppose to do. CB needs to improve by making it almost bug free and very accurate.
Could you tell me throug a PM why you’re so against comodo? Comodo is spreading itself on all fields which is not good; it’s better to do what Avast and AVG do… spending the energy on something that they’re good at and in this case that would be CIS, CTM and CDE for instance.
ctm will give comodo a good rep?by making computers unbootable(have you seen all the problems with it) and being in beta forever without a word of whats going on with it,i dont think thats good at all.
I do think that ctm will give comodo a good rep. It up to comodo to decide what’s in focus or not I have seen some of the problem and I agree that it’s not good that’s in beta for a long time. CTM 2.9beta is working as it should if you compare to CTM 2.8.
I wish myself that CTM and CDE would have bigger focus.
Guys, for an infected system, Comodo should develop something like this:
Prevention, cleaning, cure
Prevention: D+, Sandbox
Detection: AV, DACS, Valkyre, CIMA, Daisy
Cure: CTM or Comodo version of ReImage
Simple, replace infected Windows system files and/or registry with clean ones!
That would solve many problems and there would be no need for reinstall.
Also, best to make sure it’s working under Safe-with-networking conditions.
