3.9 Review coming

I am also on the remove-malware site and I know that Matt (the owner of the site) right now is doing a review of the new CIS 3.9. This should be the first fairly official review. I have been keeping an eye on his tweets, they are as follows:

@nico_V I was surprised too…never seen anything get past comodo yet

about 3 hours ago from Tweetie in reply to nico_V

Working with comodo 3.9 tonight and tomorrow…I actually have to take notes since there are so many things to talk about with CIS

about 3 hours ago from Tweetie

@nico_V it was tested with d+ on safe mode.

about 3 hours ago from Tweetie in reply to nico_V

I’m submitting this virut sample to the comodo team. Heads up guys… It’s called mail.exe

about 5 hours ago from Tweetie

Virut goes right through comodo…

about 6 hours ago from Tweetie

Testing comodo 3.9

about 6 hours ago from Tweetie

I can’t wait to see the official review. :slight_smile:

Matt like to review… ;D :-TU

Any link to his site exactly where he comment the ongoing/planned testing? =O

Nothing yet on his site, it has all been through twitter. http://twitter.com/removemalware

kk, thanks for the link anyway. =)

I wonder if using Proactive Security (all monitor settings checked and image execution set to Normal) would have prevented Virut from bypassing D+. It makes me doubt the effectiveness of the default Internet Security settings (Window Messages, DNS/RPC Client Service, Computer Monitor, Disks, and Keyboard are unchecked and image execution is Disabled). Matt should review CIS using Proactive Security.

It has been suggested previously by me to have Proactive as default. But this does cause additional popups, so this may be seen in a future version.

if you check out the link to the twitter page he later says that the heuristics actually got the virut after all.


CIS 3.9 is now blocking that sample of Virut. The Comodo Heuristics engine caught it. Yipee!

about 19 hours ago from web

CIS D+ needs simple alerts for simple users.

about 19 hours ago from web

Alerts options may do the trick. Allow people to choose detailed alerts or simple alerts.

about 19 hours ago from web

Simple alerts could be something like…“This item is not recognized as safe” Click here to research this item.

about 18 hours ago from web

Once the users clicks “here” a query is sent to google containing the name and file properties or…

about 18 hours ago from web

…they are sent to a page that shows them how to research an item before clicking allow. It’s not near perfect, but it’s a start.

about 18 hours ago from web

Wow…CIS 3.9 only using 11.5 MB of RAM!

about 18 hours ago from web

CIS pre-review updates. Cis will be tested in proactive security mode. 10 zero-day threats will be used.

about 2 hours ago from Tweetie

here it is

As always very nice. ;D

Defs of 4.0 GUI TAKE NOTICE.

The only thing I would like to see added was like he said, alert that maybe would stand out better and that submit to comodo button, how would you do that. You would have to save the file, go under misc tab and submit it. A button on the alert would be best. But I am happy that the antivirus is doing so well, it found what, half of the links just by itself.

I was somewhat disappointed by the review. Not the results but the way it was done. I also would like to see the same sort of test done with the default settings you get when you first install.

I think there should be like on the antivirus pop ups a move to quarantine. then you could submit it from there. Or a single button with quarantine and submit to comodo.

Rather one more annoying popup than a infection deleting all my documents!! ;D :slight_smile:

Fix bugs in a week? 88)

I found it odd that the guy who does these reviews of all the security products doesn’t use any of them. He stated that he uses a free AV and the Windows firewall and called using a software firewall paranoid. I am not impressed.

He stated in the review he also relies on a Cisco hardware firewall. There are some more than decent AV programs out there. Think Antivir and AVG.

in a lot of his other videos he mentions he uses programs like Defence Wall Hips, and before that spyware doctor with antivirus.

does switching to proactive defence turn on image execution control??

Yes, switching to Proactive Security turns on image execution control, setting it to Normal. IMHO it’s a way to have a free anti-executable.

The most inportant thing this video pointed out is that there is difference as to what Internet security and Proactive setting can prevent… =/

Maby the default Internet security settings should be raised just a little in coming versions to prevent drive by downloads better…
No need for the default to monitor keyboard and stuff, but execution prevention in class with proactive settings by default wouldn’t hurt… =]