3.9 Review coming

languy99 · May 19, 2009, 11:56pm

I am also on the remove-malware site and I know that Matt (the owner of the site) right now is doing a review of the new CIS 3.9. This should be the first fairly official review. I have been keeping an eye on his tweets, they are as follows:

@nico_V I was surprised too…never seen anything get past comodo yet

about 3 hours ago from Tweetie in reply to nico_V

Working with comodo 3.9 tonight and tomorrow…I actually have to take notes since there are so many things to talk about with CIS

about 3 hours ago from Tweetie

@nico_V it was tested with d+ on safe mode.

about 3 hours ago from Tweetie in reply to nico_V

I’m submitting this virut sample to the comodo team. Heads up guys… It’s called mail.exe

about 5 hours ago from Tweetie

Virut goes right through comodo…

about 6 hours ago from Tweetie

Testing comodo 3.9

about 6 hours ago from Tweetie

I can’t wait to see the official review.

who_te_fuc · May 20, 2009, 12:17am

Matt like to review… ;D :-TU

Any link to his site exactly where he comment the ongoing/planned testing? =O

languy99 · May 20, 2009, 12:34am

Nothing yet on his site, it has all been through twitter. http://twitter.com/removemalware

who_te_fuc · May 20, 2009, 12:40am

kk, thanks for the link anyway. =)

IBadget · May 20, 2009, 1:29pm

I wonder if using Proactive Security (all monitor settings checked and image execution set to Normal) would have prevented Virut from bypassing D+. It makes me doubt the effectiveness of the default Internet Security settings (Window Messages, DNS/RPC Client Service, Computer Monitor, Disks, and Keyboard are unchecked and image execution is Disabled). Matt should review CIS using Proactive Security.

jebuchanan · May 20, 2009, 1:32pm

It has been suggested previously by me to have Proactive as default. But this does cause additional popups, so this may be seen in a future version.

languy99 · May 20, 2009, 2:06pm

if you check out the link to the twitter page he later says that the heuristics actually got the virut after all.

languy99 · May 20, 2009, 9:01pm

update:

CIS 3.9 is now blocking that sample of Virut. The Comodo Heuristics engine caught it. Yipee!

about 19 hours ago from web

CIS D+ needs simple alerts for simple users.

about 19 hours ago from web

Alerts options may do the trick. Allow people to choose detailed alerts or simple alerts.

about 19 hours ago from web

Simple alerts could be something like…“This item is not recognized as safe” Click here to research this item.

about 18 hours ago from web

Once the users clicks “here” a query is sent to google containing the name and file properties or…

about 18 hours ago from web

…they are sent to a page that shows them how to research an item before clicking allow. It’s not near perfect, but it’s a start.

about 18 hours ago from web

Wow…CIS 3.9 only using 11.5 MB of RAM!

about 18 hours ago from web

CIS pre-review updates. Cis will be tested in proactive security mode. 10 zero-day threats will be used.

about 2 hours ago from Tweetie

languy99 · May 21, 2009, 4:52am

here it is

OmeletGuy · May 21, 2009, 5:32am

As always very nice. ;D

Defs of 4.0 GUI TAKE NOTICE.

languy99 · May 21, 2009, 5:34am

The only thing I would like to see added was like he said, alert that maybe would stand out better and that submit to comodo button, how would you do that. You would have to save the file, go under misc tab and submit it. A button on the alert would be best. But I am happy that the antivirus is doing so well, it found what, half of the links just by itself.

Dch48 · May 21, 2009, 5:54am

I was somewhat disappointed by the review. Not the results but the way it was done. I also would like to see the same sort of test done with the default settings you get when you first install.

MetalShaun · May 21, 2009, 3:00pm

I think there should be like on the antivirus pop ups a move to quarantine. then you could submit it from there. Or a single button with quarantine and submit to comodo.

who_te_fuc · May 21, 2009, 4:11pm

Rather one more annoying popup than a infection deleting all my documents!! ;D

HeffeD · May 21, 2009, 5:43pm

Fix bugs in a week? 88)

Dch48 · May 21, 2009, 5:53pm

I found it odd that the guy who does these reviews of all the security products doesn’t use any of them. He stated that he uses a free AV and the Windows firewall and called using a software firewall paranoid. I am not impressed.

Citizen_K · May 21, 2009, 8:43pm

He stated in the review he also relies on a Cisco hardware firewall. There are some more than decent AV programs out there. Think Antivir and AVG.

MetalShaun · May 21, 2009, 9:22pm

in a lot of his other videos he mentions he uses programs like Defence Wall Hips, and before that spyware doctor with antivirus.

does switching to proactive defence turn on image execution control??

IBadget · May 21, 2009, 9:27pm

Yes, switching to Proactive Security turns on image execution control, setting it to Normal. IMHO it’s a way to have a free anti-executable.

who_te_fuc · May 22, 2009, 3:44pm

The most inportant thing this video pointed out is that there is difference as to what Internet security and Proactive setting can prevent… =/

Maby the default Internet security settings should be raised just a little in coming versions to prevent drive by downloads better…
No need for the default to monitor keyboard and stuff, but execution prevention in class with proactive settings by default wouldn’t hurt… =]