The Good, The Bad and The UGLY (ugly because its unknown!!)

[lordraiden]

1)Again, pls show me a malware that bypasses CIS... not theoretical PoC
2)we do give $500 warranty if CIS fails to protect the end user

Any more points you care to raise

Melih

Have you ever test CIS against malware? I dont thing so xD
If you are going to pay 500$ for each piece of malware able to bypass CIS you are insane.
But if you are sure please make a official anouncement in the website and in your blog, and start to prepare some millons of dolars.

[Kyle]

Yeh, I want to know the T&C, that 500$ could buy me a new I7 that i've been wanting

[panic]

Melih, Are you saying if I write malware to exploit the vulnerability you'll give me $500 USD?

AFAIK, the guarantee is only available to purchasers of CIS Complete (the retail product) in the USA. If you move to the USA and buy CIS Complete, the $500 (maximum) guarantee is paid to an authorised service centre that will remove the infection.

Your i7 might have to wait.

[Ovidiu G.]

Have you ever test CIS against malware? I dont thing so xD
If you are going to pay 500$ for each piece of malware able to bypass CIS you are insane.
But if you are sure please make a official anouncement in the website and in your blog, and start to prepare some millons of dolars.

I honestly do not understand: is there a problem or someone wants to be a problem?  
I do not know on what basis are some statements on this forum, but what I will say beyond
is behind on my experience with CIS 4.0.

I have tested CIS 4.0 (Sandbox enabled   )with several hundred NEW malwares (many were
not in any AV database and at least 140 were reported to Comodo for analysis) and NONE has
infected my computer. When I say the system was not affected, I have not relied on the fact
that I scanned the system with an AV vendor (I just said that many were not in ANY AV
database ) but because I checked running processes, services, etc.. etc.. and found NOTHING!
If I had found a new malware that would have jumped out of the sandox and my system was
affected, I would have been the first that I have reported this problem here on the forum
to be analyzed. But SO FAR I have not found!

I think it is very important for those who read these things, to understand if indeed there
were problems and what are these problems with examples!
A new user should understand what can offer a product like Comodo (protection against
completely new malware - I can say that after I tested with several hundred new malwares)
and what the issues are (and there must be substantiated with specific examples).

Ovidiu

[pc_pete]

1. This thread is great entertainment.
2. I'm a COMODO user and I agree with lordraiden.
3. "Legacy" AV as described here is what, 1990s VET?
None of the serious AV companies are making that kind of thing anymore. (Not even CA ) 
4. "Default Deny" with CIS4 is more like "Default Don't Work". I have to turn off so much of CIS just so be able to live with it that I'm probably less protected than if I was using the dreaded, "legacy" AV.

[burebista]

I have to turn off so much of CIS just so be able to live with it that I'm probably less protected than if I was using the dreaded, "legacy" AV.

It's your call, I'm running CIS full (without AV) enabled at home on Seven x64 and at work whole suite enabled on XP x32 SP3 and I live in peace with CIS both at home and at work.

Ovidiu point on the right G. spot.

[Maxxwire]

I'm running CIS full (without AV) enabled and I live in peace with CIS both at home and at work.

Same here with no Malware detected in over a year...not even so much as a tracking cookie using 3 different highly comprehensive on demand scanners and I spend at least 8 hours a day surfing the murky Malware laden waters of the internet!

~Maxx~

[Kyle]

Code: [Select]

import os #This module is used for deleting after the file has been created\written and read.

#---------------------------------------------------------------------#
text = "Some random text to write in the test file" #txt that will be written
#---------------------------------------------------------------------#
txtfile = open("\\txtfile.txt", "w") #Creates a new file for writting
txtfile.write(text) #write the txt
#---------------------------------------------------------------------#
txtfile=open('\\txtfile.txt','r') #open the file for reading
print txtfile.readlines()#read lines and output on screen.
txtfile.close() #close the file
#---------------------------------------------------------------------#
os.remove('\\txtfile.txt') #This deletes the file
#----------------------------------End--------------------------------## and ---- are just comments or separators to make it a bit easier to read for you guys.
In English...
File creation,File Writing, File Reading and lastly File Deletion.
No alerts from CIS at all.

[Endymion]

Code: (omygosh.py) [Select]

import os

text = "X5O!P%[at]AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"
txtfile = open("\\omygosh.com", "w")
txtfile.write(text)
txtfile=open('\\omygosh.com','r')
print txtfile.readlines()
txtfile.close()
os.remove('\\omygosh.com')


[Kyle]

What is the point your trying to prove Endymion ?

[Endymion]

What is the point your trying to prove Endymion ?

Yes I didn't add the comments.
Neither in the code nor after it.

Didn't think that was enough to get you confused

[Kyle]

Flame bait.. I see.
Better delete your posts before a mod see's it

[Endymion]

Flame bait.. I see

Yes might looks so (to you) but please feel free to explain the difference between your version and mine.

Afterall you are the programmer. 

[Kyle]

My point? it's explained in the first post i made.

File creation,File Writing, File Reading and lastly File Deletion.

The difference? There is no difference between the FileCreation\Reading\writting etc etc.  Defense+ still doesn't alert.

Only difference with yours and mine is that your showing a recognized string from eicar, It by passes defense+ and is picked up by the AV. Not D+. Relying on pure detection only from the AV.

[Endymion]

Only difference with yours and mine is that your showing a recognized string from eicar, It by passes defense+ and is picked up by the AV. Not D+. Relying on pure detection only from the AV.

Kyle are you sure?