Author Topic: Which AV product...One simple question to know the answer.......  (Read 8361 times)

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14648
    • Video Blog
Which AV product...One simple question to know the answer.......
« on: September 26, 2017, 02:38:59 PM »
One simple question you should be asking, to see if your Anti virus product will protect you or not:

Do you allow an unknown file the write privileges to Hard Drive, registry or the COM interface?

If the answer is yes...run for the hills..
« Last Edit: September 29, 2017, 01:35:46 PM by Melih »

Offline Dustyn

  • Comodo Loves me
  • ****
  • Posts: 189
Re: Which AV product...One simple question.......
« Reply #1 on: September 26, 2017, 04:58:34 PM »
Never.  ;)

Offline kenhall5551

  • Newbie
  • *
  • Posts: 17
Re: Which AV product...One simple question to know the answer.......
« Reply #2 on: October 02, 2017, 02:45:50 AM »
And if you don't know what any of those terms mean, run even faster. :)

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 1103
Re: Which AV product...One simple question to know the answer.......
« Reply #3 on: October 05, 2017, 02:48:46 AM »
One simple question you should be asking, to see if your Anti virus product will protect you or not:

Do you allow an unknown file the write privileges to Hard Drive, registry or the COM interface?

If the answer is yes...run for the hills..

So, we should "run for the hills" with CCAV, since it doesn't have COM/Service virtualization?

Actually, I liked the idea behind CCAV, especially the option to block outgoing connections for sandboxed apps, which makes nearly unnecessary a two-way firewall (even CIS FW in safe mode automatically allows outgoing connections for trusted apps).
I just didn't like the poor performance of Valkyrie (unknown files take ages to get a verdict) as well as the slow boot time (even if it might be related to my PC only)

Offline khanyash

  • Comodo's Hero
  • *****
  • Posts: 5246
Re: Which AV product...One simple question to know the answer.......
« Reply #4 on: October 05, 2017, 01:36:16 PM »
So, we should "run for the hills" with CCAV, since it doesn't have COM/Service virtualization?
How does these missing protection mechanism affect CCAV?

And CCAV protect against fileless malware?
« Last Edit: October 05, 2017, 01:39:22 PM by Ya5h Kh4n »

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14648
    • Video Blog
Re: Which AV product...One simple question to know the answer.......
« Reply #5 on: October 06, 2017, 09:35:18 AM »
So, we should "run for the hills" with CCAV, since it doesn't have COM/Service virtualization?

Actually, I liked the idea behind CCAV, especially the option to block outgoing connections for sandboxed apps, which makes nearly unnecessary a two-way firewall (even CIS FW in safe mode automatically allows outgoing connections for trusted apps).
I just didn't like the poor performance of Valkyrie (unknown files take ages to get a verdict) as well as the slow boot time (even if it might be related to my PC only)

Why do you say CCAV does not have the COM interface virtualization?

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 1103
Re: Which AV product...One simple question to know the answer.......
« Reply #6 on: October 06, 2017, 10:00:39 AM »
Why do you say CCAV does not have the COM interface virtualization?
It's not me, it's Comodo website to say so
https://antivirus.comodo.com/cloud-antivirus.php

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4589
Re: Which AV product...One simple question to know the answer.......
« Reply #7 on: October 06, 2017, 10:34:39 AM »
It's not me, it's Comodo website to say so
https://antivirus.comodo.com/cloud-antivirus.php
That's not the case anymore, CCAV now uses the same sandbox technology as CIS since CCAV v1.8.405758.403 The website probably hasn't been updated to reflect the change.

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 1103
Re: Which AV product...One simple question to know the answer.......
« Reply #8 on: October 06, 2017, 10:48:24 AM »
That's not the case anymore, CCAV now uses the same sandbox technology as CIS since CCAV v1.8.405758.403 The website probably hasn't been updated to reflect the change.
OK, thanks for clarifying this :)
What about fileless malware?
And CCAV protect against fileless malware?

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4589
Re: Which AV product...One simple question to know the answer.......
« Reply #9 on: October 06, 2017, 11:03:03 AM »
If by fileless malware protection like the one you get with CIS then I don't think they have implemented it yet. e.g. when a trusted application running outside the sandbox is exploited to run commands passed to interpreters such as command-prompt or powershell.

Offline Umesh

  • Comodo Alumni
  • Comodo's Hero
  • *****
  • Posts: 3421
  • Comodo Alumni
    • COMODO
Re: Which AV product...One simple question to know the answer.......
« Reply #10 on: October 06, 2017, 11:29:30 AM »
Yes, changes in website are due.
Should be done within next week.
That's not the case anymore, CCAV now uses the same sandbox technology as CIS since CCAV v1.8.405758.403 The website probably hasn't been updated to reflect the change.
We can't stop malware entering user's PC but we render them use-less when they enter PC: Welcome to Comodo's Default Deny innovation

Offline BlueTesta

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 482
Re: Which AV product...One simple question to know the answer.......
« Reply #11 on: October 06, 2017, 11:30:52 AM »
I have reported about the wrong FAQ decription to Umesh a few days ago and its: Pending with Help (web dev) team.
« Last Edit: October 06, 2017, 11:33:00 AM by BlueTesta »
"Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid."

Offline BlueTesta

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 482
Re: Which AV product...One simple question to know the answer.......
« Reply #12 on: October 10, 2017, 12:38:14 PM »
Btw, FAQ for CCAV website have been updated.
"Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid."

Offline Umesh

  • Comodo Alumni
  • Comodo's Hero
  • *****
  • Posts: 3421
  • Comodo Alumni
    • COMODO
Re: Which AV product...One simple question to know the answer.......
« Reply #13 on: October 27, 2017, 10:55:22 AM »
What about fileless malware?

It is has been introduced in CCAV now, you can try v586 BETA.

Thanks
-umesh
We can't stop malware entering user's PC but we render them use-less when they enter PC: Welcome to Comodo's Default Deny innovation

Offline vitim

  • Comodo's Hero
  • *****
  • Posts: 464
Re: Which AV product...One simple question to know the answer.......
« Reply #14 on: October 27, 2017, 12:21:13 PM »
the only thing i think is necessary, atleast for me, to use ccav instead cis is ccav using less ram and cpu.. like cis.

cis has more options, more modules, etc., and still uses less to nothing of ram and cpu cycles on my machine.. insanely slow system resources, compared to any other av products..


 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek