Author Topic: [merged]Comodo vs. Avast vs. Avira vs. 10 000 malware(On-demand scan test)  (Read 48060 times)

Offline khanyash

  • Comodo's Hero
  • *****
  • Posts: 5253
Re: Comodo Av 10k samples test:)
« Reply #30 on: December 23, 2010, 06:05:30 AM »
i guess, the cloud had the time to make an online examination until the first long scan was finished.
BUT we cant know how short single examples of them needed to be detected. we only know that they were detected with the second run.
unluckily it wasnt able to detect all virus activities inside the uploaded data while "simulating" it online.

if its the case that the online lookup caused the better result from second running of the scan, then the scanner without enabled cloud feature would maybe had not gotten the good end result by itself.


i want to give an example, why one can not say easily "default deny helps allways against weak antivirus".

imagine this test would be virus data which is hidden in a program of choice. the user scans it with his antivirus, it says ok. maybe he uses a cloud, and would trust the "Ok" much more. then he launches the program. at first it runs in the automatic sandbox. but it doesnt work out in there. as this is a program of choice, and the antivirus said "ok", he starts the program outside the sandbox. defense+ is asking questions. to let the program run (which was said "clean", and which is choice), one has to answer these questions.
how could a "default deny" help against a weak antivirus detection in this case?


default deny is very usefull against automatic starter things. but for any situations where the users intentions signalize "i want to start that", an antivirus will stay very important for a normal user. the antivirus should not be "third line of defense", because it is not allways the case.

 


Very Good Point. I Totally Agree.

Offline Valentin N

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 2869
  • Usability Study Group
    • My homepage at the moment
Re: Comodo Av 10k samples test:)
« Reply #31 on: December 23, 2010, 06:45:09 AM »
I  don't agree there. As I have seen AV won't do much of protecting you if it doesn't have the signature for the malware. Which is surely also the reason why comodo has AV as a third line of defense and not as second or first.

Regards,
            Valentin
Skype: comodohelper (Personal)

CEVPN: Valentin N

CIS 6.3

Keep CTM alive by voting


Offline clockwork

  • Comodo's Hero
  • *****
  • Posts: 2220
  • Oxygen requires Chuck Norris to live
Re: Comodo Av 10k samples test:)
« Reply #32 on: December 23, 2010, 06:51:18 AM »
valentin,

when your antivirus doesnt have the signature, you will get INFECTED when you execute the program of your choice outside of a sandbox (because of compatibillity for example).
no matter if you have lines of direct "default deny" before that. YOU want to execute it.
in this scenario, the antivirus is your ONLY line of defense.

thats why the antivirus should be taken SERIOUSLY because it COULD protect you then.
« Last Edit: December 23, 2010, 09:54:32 PM by clockwork »
"If there is a problem, it`s something interesting. Try to circumvent or fix it.
In the old ages there has been no support. That`s why we got the brain we have today.
Otherwise we would only be able to call a number and listen.
But there was no phone...."

Offline khanyash

  • Comodo's Hero
  • *****
  • Posts: 5253
Re: Comodo Av 10k samples test:)
« Reply #33 on: December 23, 2010, 07:06:46 AM »
valentin,

when your antivirus doesnt have the signature, you will get INFECTED when you execute the program of your choice.
no matter if you have many lines of "default deny" before that. YOU want to execute it.
in this scenario, the antivirus is your ONLY line of defense.

thats why the antivirus should be taken SERIOUSLY because it COULD protect you then.

Again I Totally Agree. Very Good Point.

Offline salaficall

  • Comodo Loves me
  • ****
  • Posts: 192
    • Salafi Call Forums
Re: Comodo Av 10k samples test:)
« Reply #34 on: December 23, 2010, 07:13:10 AM »
valentin,

when your antivirus doesnt have the signature, you will get INFECTED when you execute the program of your choice.
no matter if you have many lines of "default deny" before that. YOU want to execute it.
in this scenario, the antivirus is your ONLY line of defense.

thats why the antivirus should be taken SERIOUSLY because it COULD protect you then.
I totally agree , if the user wants to run the program and the antivirus scan said it's ok he will run it outside the sandbox to let it work properly , and when the d + alerts comes out saying that "this might be dangerous but if it's one of your everyday programs allow it!" , the average user will definitely allow that.

so we can't just ignore the av improvements because it's very important to the average users.

can't wait to find out about DACS !
An ounce of prevention is better than a pound of cure

That's why I like Comodo !

Offline Valentin N

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 2869
  • Usability Study Group
    • My homepage at the moment
Re: Comodo Av 10k samples test:)
« Reply #35 on: December 23, 2010, 07:24:52 AM »
Hey there clock :)

How will AV as first line of defense protect you better? there is a reason why comodo has made a option where every unknown application get's automatically sandboxed.  

I am aware that even with HIPS you can get infected... if the user necessary want to run the malware application.

Not everything hangs on the security suit. If the user is, sorry, stupid, then it's his fault and not the security suit's fault.

Merry Christmas on you clock and salaficall

Regards,
            Valentin N
Skype: comodohelper (Personal)

CEVPN: Valentin N

CIS 6.3

Keep CTM alive by voting


Offline clockwork

  • Comodo's Hero
  • *****
  • Posts: 2220
  • Oxygen requires Chuck Norris to live
Re: Comodo Av 10k samples test:)
« Reply #36 on: December 23, 2010, 07:43:38 AM »
valentin,

one doesnt have to be stupid to get infected. he might just download a "mediaplayer.exe". and this mediaplayer doesnt work in the sandbox (just an EXAMPLE).

we were speaking about scenarios where the antivirus would be first line. we were not speaking about a dogma to define antivirus as a first line!

but an antivirus can not allways hide its MISTAKES behind a defense+ feature.
"If there is a problem, it`s something interesting. Try to circumvent or fix it.
In the old ages there has been no support. That`s why we got the brain we have today.
Otherwise we would only be able to call a number and listen.
But there was no phone...."

Offline Valentin N

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 2869
  • Usability Study Group
    • My homepage at the moment
Re: Comodo Av 10k samples test:)
« Reply #37 on: December 23, 2010, 07:54:44 AM »
I get what your saying.
Skype: comodohelper (Personal)

CEVPN: Valentin N

CIS 6.3

Keep CTM alive by voting


Offline acafacaa

  • Newbie
  • *
  • Posts: 16
Comodo vs. Avast vs. Avira vs. 10 000 malware(On-demand scan test)
« Reply #38 on: January 22, 2011, 12:41:58 PM »
People are saying Comodo AV is not that good,it has poot detection ratio.
Here is my test:Comodo vs.Avast vs. Avira,10 000 malware samples,couple mounths old:

PART 1 : http://www.youtube.com/watch?v=YRreh8G4bLw

PART 2 : http://www.youtube.com/watch?v=vbtdeIFcTfc&feature=related

EnJoY  :-TU


Offline Watasha

  • Comodo's Hero
  • *****
  • Posts: 820
Re: Comodo vs. Avast vs. Avira vs. 10 000 malware(On-demand scan test)
« Reply #39 on: January 22, 2011, 02:06:29 PM »
I enjoyed that, you have a new subscriber. :-TU
Resident: Comodo CIS
AVG Linkscanner

On Demand: MBAM & SAS
Hitman Pro

2010 National Champion Auburn Tigers!!!
WAR EAGLE!

Offline acafacaa

  • Newbie
  • *
  • Posts: 16
Re: Comodo vs. Avast vs. Avira vs. 10 000 malware(On-demand scan test)
« Reply #40 on: January 22, 2011, 07:04:09 PM »
Tnx  :a0

Offline savit

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 697
    • 4savit.blogspot.com
Re: Comodo vs. Avast vs. Avira vs. 10 000 malware(On-demand scan test)
« Reply #41 on: January 22, 2011, 08:49:21 PM »
Subscribed your video, thanks :) good luck to you~

Offline pykko

  • Computer Security Testing Group
  • Comodo's Hero
  • *****
  • Posts: 560
    • Intr-o lume plina de virusi, ai un prieten
Re: Comodo vs. Avast vs. Avira vs. 10 000 malware(On-demand scan test)
« Reply #42 on: January 23, 2011, 04:44:38 PM »
Where is that malware collected from?
In today's 10.000.000+ malwares, a test on 10.000 doesn't really tell a lot.

Offline acafacaa

  • Newbie
  • *
  • Posts: 16
Re: Comodo vs. Avast vs. Avira vs. 10 000 malware(On-demand scan test)
« Reply #43 on: January 23, 2011, 04:57:07 PM »
Where is that malware collected from?
In today's 10.000.000+ malwares, a test on 10.000 doesn't really tell a lot.

Where did you see 10 000 000 malware test?
My test was not like a tests with 1 000 000 malware,but that's pretty much it.Results would not be very much different with 1 000 000 malware.

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14676
    • Video Blog
Re: Comodo vs. Avast vs. Avira vs. 10 000 malware(On-demand scan test)
« Reply #44 on: January 23, 2011, 05:01:51 PM »
see...end user's tests are most important tests! Afterall, you experience it all yourself.

and thats just detection....which has nothing to do with our "protection" capability. (just like you can't measure the speed of an airplane with a speedometer from a car...you can't measure the "protection" capability of CIS with "detection" tests).

So good test for checking "detection" capability...but this is not "protection" for Comodo..but it is "protection" in the main, for other AVs.  So not only has CAV done better at "protecting" the "Detection" way....it also has other layers of protection like "default deny with automatic sandboxing"....

thank you.

Melih

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek