Allow Infection or Prevent it? which is it?

In this day and age, is this an acceptable paradigm?

or is it ok to answer few security alerts in order to stay infection free?

what is your view on this pls?



Hardly anyone is going to say that they would rather get a PC infection than answer a few alerts. In reality all users have an annoyance threshold which if exceeded will cause them to reduce the security level of their security product (or change to another product) to get rid of the alerts.

You need to improve CIS image to ordinary users. You can rave all you like about detection rate not being important and how CIS provides superior protection, but most users are going to believe the majority of comparative reviews which show CIS as a product with mediocre detection rates and annoying alerts which non-technical users have insufficient knowledge to answer correctly.

The solution is for CIS detection rates to be as good as other top AVs and to provide default settings which give good protection with bare minimum alerts that non-technical users can understand (maybe another Defense+ Security Level setting). Better protection can still be available to more advanced users by changing settings as at present.

but our detection is very good. Look at what AV-Comparatives said about our detection: " Furthermore, your ~90% is higher than what some few other products scored and similar to what other well-known products reached. You will see " (this is in my blog)

Don’t forget about false positives they are GREAT MINUS to protection (even not detection).

Yes, i liked my antivirus programs which never gave false positives to me. Strangely, one which i used the longest time, gets sometimes statements from people, to have false positives often. I can not agree to that from experiences.
I dont care about questions, but if a question pops up, i want to be “sure to a point” that this question is about something “real”.

When i used comodo lately, the false positives which it found here were reduced. But packers for demos are still a red flag for comodo :smiley:

False positives can be more worse than real malware detections.
a) a valid file gets deleted (maybe, or automatically), …i dont warm up one old story.
b) a real malware could pass through, if the user is conditioned to expect false positives
(just two points for example).

The most recent (Aug 2011) AV-Comparatives test shows the top 4 AVs with >99% detection. 90% detection would have put CIS in 14th place. So although CIS is improving it still has a long way to go before it its detection rate is seen as competitive.

Anyone who thinks FPs are just a nuisance should be reminded of at least 2 occasions where large numbers of business PCs crashed after their AV mistakenly detected a Windows file as malware! FPs are also a bigger problem to ordinary users who usually won’t have any idea of how to verify whether they have a real infection.

They key here is:“FP on what?”…
FP on a popular file is a no no…
FP on an obscure file that not many have is a different issue…

I assume that you refer to this test

So lets take a closer look at the results of Comodo ![](upload://bpqqqMV6ILHBsSl0zDuqzzMyn6o.png) There is a huge difference between these tests: In the "In-demand Detection of Malicious Software" there were used 206.043 samples, in the test of Comodo 404.783. So you cant compare them.

Just another case, that you did not mention in the poll.

What if the user is an ordinary computer user (who just uses paint/photoshop) and is very less knowledged compared to the heuristic/artificial intelligence level of the security product.

I have seen many cases of my friends infecting their systems even with CIS installed, just because they could not understand the alerts had no understanding and simply clicked “yes” to everything (the “no” would simply not run the app & the app won’t run in Sandbox either, which is clearly not what they want, it does not even say whether the “app” in concern is a malware or not. They do not have an other choice.

They have always complained of getting infected with CIS and they always preferred other products to CIS, since they were infected with CIS more times compared to other AVs.

+1 to the previous post
that’s why CIS fails in AV-test: sometimes CIS demands the user to make decisions that weakens the protection as it depends on correct user decision.

+1 many of my less knowledgeable friends too have the same problem
I guess a rating system for alerts would be much more helpful and appericiated

I agree that a direct comparison is not possible because the tests were run at different times on different malware samples. I would however point out that in the last 4 tests published by AV-Comparatives only the bottom 1 or 2 AVs scored under 90% detection and this was on sample sizes between 0.2 million and 1.2 million. Most comparative AV tests I have seen show the top products scoring well above 90%. So claiming that ~90% detection is good isn’t likely to convince many people.

Don’t forget about trusted malware…that is also MINUS to protection. :wink:

How’s that? Malware in the trusted list? How it can get there?

you can see malware thats whitelisted being reported almost everday here

I see: there exist trusted progs whitelist and trusted vendors list and any malware which is whitested or signed by a trusted company can bypass CIS security layers. Am I right?