AV Database Progress - 3/7/10

This post has been updated…the update is located here.

=====================================================

The reason why the definition count is decreasing: Comodo is making each definition more efficient at detecting malware; therefore, less definitions are needed to detect each malware variant. Comodo is adding new detections regularly (see update page), so Comodo’s ability to detect malware is increasing even though the number of definitions is decreasing.

Note: When applied to malware, the terms “definition” and “signature” mean the same thing: a rule that detects one or more malware items. The number of definitions does NOT correlate with the number of detections. A single definition may detect hundreds or thousands of malware variants.

I would define efficiency as “performing with the least waste of time and effort.” Having fewer malware definitions (each of which detects more malware) allows Comodo to use less resources (i.e. it applies fewer definitions to catch a given malware; thus, it uses less time and “effort”).

False positives have little to do with efficiency and more to do with accuracy. I define accuracy as “absence of errors.” So, a signature may be very efficient at detecting a given malware (e.g. it detects 95 of the 100 known variants), but it may not be accurate if it also detects 100 false positives.

I do not know the false positive rate for Comodo. My experience is that there are few false positives (although the number of false positives seems to increase when heuristics is set to high). Comodo is working on increasing true positive detections, minimizing false positive detections, and improving efficiency. Submitting false positives will help Comodo continue to improve their antimalware definitions.

Size of the Definition File: You can find the definition file (bases.cav) in the following folder: “C:\Program Files\COMODO\COMODO Internet Security\scanners”. Right-click on “bases.cav” and select “properties” to see the file size in megabytes. As the number of definitons decline, the size of the bases.cav should slowly decrease.

Definition of Malware: The term malware (short for malicious software) usually refers to any file that intentionally alters your computer (usually without your permission) in order to impair functionality, control your system, breach your privacy, advertise, or produce some other unwanted behavior. Malware is a general term that encompasses many types of malicious programs, including viruses, trojan horses (“trojans”), rogues, spyware, keyloggers, worms, rootkits, dialers, backdoors, etc. There is a good explanation of malware on wikipedia.

Does Comodo Scan for All Types of Malware? - Yes.
Currently, most scanning programs check for all types of malware regardless of the term used their name. For example, Comodo antivirus scans for all types of malware, even though its name is “antivirus”. Superantispyware checks for trojans, rootkits, rogues, keyloggers, spyware, etc. even though its name is “antispyware”.

[attachment deleted by admin]

Progress on shrinking the database has been slow over the past 4 weeks. Hopefully the signature database will start to shrink again. I’ll be back with another update in 1-2 weeks.

Whoop

Thanks for tracking these stats :-TU, so that we don’t have to. ;D

thanks whoop

P.S. I like your name :slight_smile:

Thanks Whoop-dee-doo, the db is shrinking more slowly now :(, seems that there are bad news for slow connection users.