Re: COMODO Anti-Malware Database may reach 3 Million this Weekend

Verified keygens and cracks are totally harmless (even though not legal but still harmless). Different small tweak tools and plain small tools also.

Avira detects builder for Remote Administration Tools (RAT, backdoors) too. They are harmless too. They are only used to create a trojan, not a trojan. If you are unhappy with Comodo’s efforts and classification of malware I do not know why you stick around on the Comodo forum.

Whoop’s Thoughts on # of Signatures

Number of signatures for a given product: From one update to another, malware is generally counted in the same fashion; thus, a higher signature count correlates directly with a greater detection rate. In this situation, an increase in the number of malware signatures for a given product is a good thing (assuming false positives are minimized). So, when comparing the signature count for a given product, I agree with LeoniAquila:

Comparing the number of signatures between products: This type of comparison is meaningless because of the differences in how companies count signatures (i.e. the malware is NOT counted the same way). So, comparing signature count between products does not provide accurate information regarding the relative detection rates of the products. In this situation, comparing the numbers means nothing. This may have been what RejZoR meant when he said:

The only way to know how Comodo Antivirus compares to other antivirus programs is to do testing, where each program (with a comparable configuration) is evaluated under identical circumstances. I know there is some controversy about what constitutes a valid comparison, but it seems that testing can be designed to minimize bias. These tests may provide more accurate information regarding the relative detection rates of various products.

As forum members, we have the luxury of criticizing or cheering from the sidelines while Comodo is putting in all the effort and labor. Whether I am criticizing or cheering, I always respect Comodo for their hard work. And I think some of that hard work is reflected in the rapidly rising signature count. :-TU

Whoop

My Dearest Educated RejZoR

With all my humility I can sincerely say that you still have not answered the question. What do you mean by “harmless” and “stuff” within the context of computer security. Please RejZoR, answer the question define “harmless” and “stuff”. Moreover, just between you and me, sort of, did CIS delete all of your keygens and cracks? You know, stuff. ;D

Peace. >:-D

Wtf? What ese should i say too you? Paint the whole thing in MS Paint?!?!?!

I strongly doubt that Comodo will be able to sustain that rate. Most likely it will level off to something like 1000 sigs or lower per day.

RejZoR is right. I can’t see how Keygens and cracks can be classified as malware unless they actually act maliciously. Just the fact that they happen to be that type of software doesn’t mean that they are bad.
If you give antivirus alerts for harmless programs, when who is to say the user will not ignore the alerts for actual harmful ones?

And I am sure you have some kind of proof to prove that?

Cheers,
Josh

He does make a valid point though.Lumping all this stuff,both good and bad,together does lead to a high rate of FPs which not only cause alarm for average users but also impact negatively upon system functionality.Yes on the whole with unknown files it’s better to be safe than sorry but some of these are in common useage.

In that case it must be just a coincidence that all the FPs I’ve come across have been in the unclassified malware category (none so far with 3.9 it should be said).

A signature created for a specific malware which is unnamed (aka Unclassified Malware) could be causing an FP. If you pls report these then we fix them asap.

yes majority of the issues with the FPs were fixed with 3.9.

thanks
Melih

+1

I have something else to say:

Since, and IF you have D+ and FW with restricted rules you can “ignore” those alerts. D+ and FW gives you more protection than any AV against this type of files. I’m not the only one saying this.

In my case, since both popular BlockList Manager and X-Setup were rated “as something not so understandable to me” (both reported as FP and they said: “harm application” or something like this - in “computish-short-language”, I just can’t care so much to the advices anymore… D+ and FW are here well tuned, and I feel safe. ;D In doubt, virustotal, SAS, MBAM or google. Included those little, very much popular and well known magic-executables…

What my grandma will think and do is another story… No worries, she doesn’t know how to play with these stuff anyway… :smiley:

relax…

:comodo110:

My Dearest Educated RejZoR

WTF is not an expression of an educated person, don’t you think? >:( I have asked you politely, twice I might add, to define “harmless” and “stuff” within the context of computer security and still you have not answered. My only conclusion is that you don’t know what you are talking about; you just shoot with your mouth aimlessly. The mirage of savoir faire that you are trying to project is futile with me. When face with facts illusion and deceit always crumble under the weight of reality, if you know what I mean ;D.

Like I told you before you keep your harmless stuff a.k.a keygens and cracks and I’ll keep them away from my own computer. Fair, isn’t it?

Peace. >:-D

Yep. I tried to get a macro recorder in the Scite editor for AutoIt added to the whitelist because it’s completely benign, but because it is ‘suspicious’ they won’t add it. Yes, it’s a keylogger… How else is it supposed to record your keypresses for the macro you are creating? It’s completely harmless (OK, I guess I could write a macro to steal my passwords… 88) ) but due to it’s behavior, it’s suspicious… :-TD

suspicious is different than the signatures as its generated by the heuristic engine.

Melih

Why don’t you just change it to Unnamed Malware or Uncategorized Malware? ;D :ilovecomodo: (V)

One thing is when such tools are detected as such with a describing name (so you knw it’s a RAT tool) and another when they are detected as “Unclassified Malware”.
So to Jaki, if you have problems understanding what “i shoot from my mouth”, maybe you should start actually understanding what i write instead shooting nonsense from your mouth.

Well then call my bluff, explain to me in layman terms what did you mean by “harmless” and “stuff”. Come on, I’m waiting. Prove me wrong, even if you used MS Paint like you put it ;D. I don’t care.

Peace. >:-D

!ot!

Guys, you’re kind of wasting your time. In layman terms, “harmless” is a completely relative term if you consider the multitude of network environments and the vast difference of user experience out there.
As an example, on my computer, I store a copy of sysinternals blue screen screen saver. No big deal so far, until CAV started to complain that it was some kid of nagging device (i forgot the exact wording as i put it on my exclude list). Well, to me it is harmless little stuff, if you like to call it that way. But nevertheless, I can imagine people who’ll get a heart attack (or contact a lawyer for whatever reason :P) if someone installs that screen saver without their knowledge and it surprisingly pops in with tons of open documents while they were getting a coffee.
It’s the same with other programs like key-generators or similar things. While on you’re private computer (or in your private network that is run under your responsibility) you’ll probably have them there for a reason, in a corporate network, things may look completely different.

Well, and “stuff” is just “stuff”. Like, in…well, “stuff”, you know?

So, if you’re annoyed that CIS flags things that you actually don’t consider dangerous, put them on your safe file list. They may be in the 3 million + signatures (have to get back to topic somehow… :wink: ) for reasons beyond our imagination. 8)

False positives might be just a minor inconvenience to technical users able to differentiate the bad from just what is flagged up as bad,but to an inexperienced or average user that tends to be cautious and block everything,they represent a major headache.

very much so. Hence why we worked very hard to mitigate all these FPs in ver 3.9.

thanks
Melih