AV Database Progress - 2/7/10

This post has been updated. See the updated post here.

The reason why the definition count is decreasing: Comodo is making each definition more efficient at detecting malware; therefore, less definitions are needed to detect each malware variant. Comodo is adding new detections regularly (see update page), so Comodo’s ability to detect malware is increasing even though the number of definitions is decreasing.

Note: When applied to malware, the terms “definition” and “signature” mean the same thing: a rule that detects one or more malware items. The number of definitions does NOT correlate with the number of detections. A single definition may detect hundreds or thousands of malware variants.

I would define efficiency as “performing with the least waste of time and effort.” Having fewer malware definitions (each of which detects more malware) allows Comodo to use less resources (i.e. it applies fewer definitions to catch a given malware; thus, it uses less time and “effort”).

False positives have little to do with efficiency and more to do with accuracy. I define accuracy as “absence of errors.” So, a signature may be very efficient at detecting a given malware (e.g. it detects 95 of the 100 known variants), but it may not be accurate if it also detects 100 false positives.

I do not know the false positive rate for Comodo. My experience is that there are few false positives (although the number of false positives seems to increase when heuristics is set to high). Comodo is working on increasing true positive detections, minimizing false positive detections, and improving efficiency. Submitting false positives will help Comodo continue to improve their antimalware definitions.

Definition file size: you can find the definition file (bases.cav) in the following folder: “C:\Program Files\COMODO\COMODO Internet Security\scanners”. Right-click on “bases.cav” and select “properties” to see the file size in megabytes. As the number of definitons decreases, the size of the bases.cav should slowly decline.

[attachment deleted by admin]

Can you guys tell me how often the updates are sent. With Avast or KIS you can actually set the upate intervals up for what ever frequency you like. It woul be good if CIS had this but in say that it may not be necessary if the frequency is every couple of hours of so.
shadha ;D

Every half hour, I hope that helps.

I think the anti-malware team is trying to make a new antivirus update available every 30 minutes, but CIS does not appear to automatically download an update every 30 minutes.

Paraphrased from the CIS help file: Under the ‘real time scanning’ tab, selecting ‘Automatically update virus database before scanning’ will cause CIS to download the latest virus database updates on system start-up and subsequently thereafter at regular intervals.

I do not know how long the interval is; however, I believe that it is a lot longer than every 30 minutes…perhaps every 8 hours? Maybe a developer can answer this question.

Many users have suggested that CIS have more options for selecting when an anitvirus update occurs, including options for:

  1. Updating on system start up.
  2. Updating before a manual scan.
  3. Updating before a scheduled scan.
  4. Updating at an interval which can be set by the user.

I did a bit of calculation and according to that graph, in roughly 9 months Comodo will be down to 1 sig. :smiley: That would be cool to have one sig. hehe.

It does on mine now the question I want answered is are they dummy updates or real updates. You can check your yourself by bringing up CIS GUI and looking at the section the virus database has been updated on…every half hour you normally receive an update.

Idon’t understand that rush for updates. One second is more than enough for a virus to completely ruin your PC. So what’s the difference if I get updates every half an hour, an hour or two?

Well if you think about it, The faster the updates the less likely your computer will be victim to a zero day virus.

Strange…I’ll have to double check my logs. I checked the logs a few months ago and did not see every 30 minute update attempts. When I check the database number, it has not changed in 30 minutes.
Anyhow, I’ll check again…but it certainly would be nice to set the update interval.

Infected is not ruined and can be cured. If can not - it’s ruined :slight_smile: I got two trojan downloaders the other day. Well they didn’t tell me about that of course but I executed them in the sandboxie and they didn’t do the job they intended for. Along with the other indirect signs…
Tried to send them to Comodo but the service ain’t working. And the day after there was an update from Microsoft(Essential tools) and there it was!

Prevention is better then cure. Which is why CIS comes with Defence + It prevents so no need for cure which was what was said when CIS was first “born” so you could use it without a AV.

I’m using Comodo firewall with defence+ and think this is an amazing product. What I thought is that’s not so critical if you are infected an hour or two ago. Thank you for your reply Patrice.

Being infected is a different matter as it’s out of your control when any AV vendor has the updated database which has the fix for your problem. In some cases the only other cure is to delete the file and even worse with most viruses the longer the virus is left the worse it gets. Which is why default deny is such a great system.

Well in my case I think I just forgot how to be scared of a virus. May be because I understand how it works. Thanks Patrice.

Lol that’s a little condescending but seen your not scared why not run your computer without CIS and a AV? As you know how viruses work and how being infected is nothing to worry about? :-TU

Hmm… What’s so funny about? You may won’t believe but I’ve been running my computer without any antivirus and firewall for half a year since win7 beta has been released. The CF has been installed two days ago and Microsoft essential tools is installed a week ago for I planned a lot of testing. You can read my bug reports where i described my configuration.
I met some kind of malware all this time on flash drives, internet, even in a cell phone with autorun, when cured other PCs etc. I’m not infected and never been while I’m using win7.
As for me I think all this hysterical fuss about viruses is a big bubble. I think things are not so horrible.

Well I mean windows firewall and defence were on of course.

Then why install one now? Anyway are you running windows 7 64 or 32 bit?

As I said the AV was installed because I intended to test a number of programs. I don’t need protection - I need control and CF seems to me a very good tool for that. Win7 x32.
Anyway thanks a lot Patrice for a good discussion, you’ve helped me.

No problem, you have made me think that’s for sure. Stick around I hope to see you around on here. :slight_smile: