Author Topic: Why Comodo's Antivirus security is different  (Read 9236 times)

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14690
    • Video Blog

Offline CommodoUser2019

  • Comodo's Hero
  • *****
  • Posts: 257
Re: Why Comodo's Antivirus security is different
« Reply #1 on: April 28, 2020, 09:50:11 PM »
Melih,

It's been a while. Good to see you back in town.  :-TU  8)

PS. Thanks to you and your team for the new release 7036.

Offline ReeceN

  • Comodo's Hero
  • *****
  • Posts: 625
  • Paranoid B#st#rd - CIA
Re: Why Comodo's Antivirus security is different
« Reply #2 on: April 28, 2020, 10:15:00 PM »
Welcome back to the forum lol.

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 1123
Re: Why Comodo's Antivirus security is different
« Reply #3 on: April 29, 2020, 02:39:08 AM »
https://www.youtube.com/watch?v=ScIyNihELko&feature=emb_logo
Melih, this message is really astonishing.
Your statement goes completely against the concept of containment... containment is like placing a virus into a cage (so, like the lockdown in your picture) so that it can't harm the PC, while traditional AVs are like killing an already spread virus (you can make a vaccine only after you discover something unknown is a virus)... but now you said Comodo is like a vaccine... ???
« Last Edit: April 29, 2020, 02:44:45 AM by Jon79 »

Offline ZorKas

  • Comodo's Hero
  • *****
  • Posts: 1950
Re: Why Comodo's Antivirus security is different
« Reply #4 on: April 29, 2020, 03:05:15 AM »
Hello Melih,
Happy with your return
Very good demonstration on containment  :-TU
Have a good day
ZorKas

Windows 10 Pro x64 Build 19043.1288 - Comodo CIS Pro v.12.2.2.8012 - Linux 20.2

Offline ubuysa

  • Comodo's Hero
  • *****
  • Posts: 451
Re: Why Comodo's Antivirus security is different
« Reply #5 on: April 29, 2020, 03:52:13 AM »
Melih, this message is really astonishing.
Your statement goes completely against the concept of containment... containment is like placing a virus into a cage (so, like the lockdown in your picture) so that it can't harm the PC, while traditional AVs are like killing an already spread virus (you can make a vaccine only after you discover something unknown is a virus)... but now you said Comodo is like a vaccine... ???
I think you're being too literal. :)

What Melih is rightly saying is that a vaccine is better than a lockdown because if you're vaccinated you don't care if you're exposed to the virus because it can't hurt you, but lockdown can fail letting the virus in - and then it can hurt you. The analogy Melih is using is that containment is better than detection; here containment is the vaccine so you don't care if you're exposed to the virus because containment won't let it hurt you, and detection is the lockdown, which can fail letting the virus in - and then it can hurt you.

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 1123
Re: Why Comodo's Antivirus security is different
« Reply #6 on: April 29, 2020, 04:00:32 AM »
I think you're being too literal. :)

What Melih is rightly saying is that a vaccine is better than a lockdown because if you're vaccinated you don't care if you're exposed to the virus because it can't hurt you, but lockdown can fail letting the virus in - and then it can hurt you. The analogy Melih is using is that containment is better than detection; here containment is the vaccine so you don't care if you're exposed to the virus because containment won't let it hurt you, and detection is the lockdown, which can fail letting the virus in - and then it can hurt you.

This is what Comodo has been advertising for years:
https://containment.comodo.com/why-comodo/how-we-do.php?af=7639
Quote
Default Deny with Auto-sandboxing
The Jail House Method of Containment

So lockdown = jail house = containment

At least it's a misleading message... that's just my opinion

Offline ZorKas

  • Comodo's Hero
  • *****
  • Posts: 1950
Re: Why Comodo's Antivirus security is different
« Reply #7 on: April 29, 2020, 04:15:30 AM »
In fact, Melih's demo confirms what's going on with the Covid-19
We must isolate the time to find a vaccine
Only containment prevents the spread of an unknown virus
Method cannot be ignored

Windows 10 Pro x64 Build 19043.1288 - Comodo CIS Pro v.12.2.2.8012 - Linux 20.2

Offline Jon79

  • Comodo's Hero
  • *****
  • Posts: 1123
Re: Why Comodo's Antivirus security is different
« Reply #8 on: April 29, 2020, 05:14:03 AM »
In fact, Melih's demo confirms what's going on with the Covid-19
We must isolate the time to find a vaccine
Only containment prevents the spread of an unknown virus
Method cannot be ignored
Exactly, so I would have understood if Melih had advertised Comodo containment as the lockdown, not as the vaccine...

Offline NDABBRU

  • Comodo's Hero
  • *****
  • Posts: 636
Re: Why Comodo's Antivirus security is different
« Reply #9 on: April 29, 2020, 08:16:40 AM »
In fact, Melih's demo confirms what's going on with the Covid-19
We must isolate the time to find a vaccine
Only containment prevents the spread of an unknown virus
Method cannot be ignored

Put this way it is clearer ...  ;)
The virus is put into containment, so it does no harm, waiting to find the vaccine to defeat it.
It is the concept that Comodo uses against computer viruses for systems that do not already have the vaccine and are therefore vulnerable.  :D
Bye!
Nunzio

Offline cruelsister

  • Comodo Loves me
  • ****
  • Posts: 135
Re: Why Comodo's Antivirus security is different
« Reply #10 on: April 29, 2020, 08:39:52 AM »
An excellent summary of the strength of Comodo's containment.

1). I'm glad that fileless malware was highlighted as Comodo provides lockdown protection against Scriptors of various types (wscript, vbs, powershell, python, etc) by means of the Script Analysis function (which works hand in hand with Containment). Most (all) other security solutions do not provide such a blanket protection.

(For any that would like to verify for themselves, let's consider a (very) simple loop script- one which will do nothing but open up a cascading series of Calculators:

ECHO off
:top
START %SystemRoot%\system32\calc.exe
GOTO top

Paste the above into notepad, and save as calc.bat

You can run it safely and see what gets plopped into Containment- flush Containment, and all is back to normal. You can try this also with your regular AV and see what happens).

2). In addition to fileless malware, Comodo will also protect quite well against things that malware authors use as replacements for Scripts- certutil, MpCmdRun, and BTSAdmin. Also it will stop very nasty things like malware utilizing Schtasks. I did a number of videos using malware coded around this to show how inadequate popular security products were at providing Boot Time protection.

In short, if you would like to be confident about being protected for malware, use Comodo. If you would rather worry, use something else.

M
« Last Edit: April 30, 2020, 02:35:23 PM by cruelsister »

Offline Melih

  • CEO - Comodo
  • Administrator
  • Comodo's Hero
  • *****
  • Posts: 14690
    • Video Blog
Re: Why Comodo's Antivirus security is different
« Reply #11 on: April 29, 2020, 08:54:51 AM »
Hey Guys,

Yep, been busy building few other companies :)

Its a marketing message..
I explain it full detail with how we virtualize the "write privileges" in the video in the post. So we have the video if you want to get more technical or a banner thingy for more of a marketing spiel with relevant context for whats happening in the world today.

btw: if you guys are into Home Automation and want a free home automation controller go ahead and sign up there and tell them I sent you guys there ;)
https://community.getvera.com/t/ezlo-controllers-beta-enrollment-starts-now/213274/147


Offline megaherz33

  • Comodo's Hero
  • *****
  • Posts: 1933
  • Long Live COMODO!
    • Comodo Group
Re: Why Comodo's Antivirus security is different
« Reply #12 on: April 29, 2020, 04:42:04 PM »
Hello,Melih!
Glad you return to the official forum.
Are you planning to introduce Valkyrie in the CIS, or at least in the CCE?

HP Compaq 6200 Pro Microtower
Canon I-SENSYS MF4140
Windows 11 Pro x64 Build 22478.1000
CIS Premium v.12.2.2.8012
MX Linux 19.4 KDE х64

Offline NDABBRU

  • Comodo's Hero
  • *****
  • Posts: 636
Re: Why Comodo's Antivirus security is different
« Reply #13 on: April 30, 2020, 11:05:22 AM »
(For any that would like to verify for themselves, let's consider a (very) simple loop script- one which will do nothing but open up a cascading series of Calculators:

[at]ECHO off
:top
START %SystemRoot%\system32\calc.exe
GOTO top

Paste the above into notepad, and save as calc.bat

You can run it safely and see what gets plopped into Containment- flush Containment, and all is back to normal. You can try this also with your regular AV and see what happens).


Hi cruelsister,
I tried to run the calc.bat script:
On a PC with Kaspersky Security Cloud Free and on a PC with Norton Security, in both cases the antiviruses seem to do nothing with any popup and only the DOS prompt screen appears with the script running but only a screen opens. explore resources. To stop it I manually close the DOS prompt.
On a PC with CIS the DOS screen opens with the script running and the CIS containment pop-up appears and repeated screens of resource explorers continue to open, bordered in green as they are in the container. Only with the zeroing of the container from the CIS console it stops and restores everything.

Why is the behavior different and in other cases always being less annoying but perhaps more dangerous (in the case of real malware) as it is not contained?

Thanks. ;)
« Last Edit: April 30, 2020, 11:08:12 AM by NDABBRU »
Bye!
Nunzio

Offline liosant

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1595
  • GOD cure me epilepsy and atrophy - Sou brasileiro!
Re: Why Comodo's Antivirus security is different
« Reply #14 on: April 30, 2020, 12:55:58 PM »

[at]ECHO off
:top
START %SystemRoot%\system32\calc.exe
GOTO top

Paste the above into notepad, and save as calc.bat


comodo internet security protected with containment
https://www.youtube.com/watch?v=OhueiPS8YVo (if malware exploit cmd, poweshell...)

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek