An interesting comparison (stats are from 7/17/10):
Program # of Signatures/Definitions Size of signature folder*
A-squared free 4576632 94.1 mb
CIS 4447336 95.5 mb
For a-squared, this is the “signatures” folder. For CIS, this is the “scanners” folder.
As for detection rates and false positive rates, we’ll have to wait for a head-to-head comparison (hopefully coming soon).
Recent data suggests that the detection rate of CIS Antivirus is better than most other top AV programs (for example, see this post and this post).
[attachment deleted by admin]
the size of the last DB (5455) is 93 151 971 bytes (and growing rather fast)
I remember this (old) message :
Now it seems quite… optimistic, no ?
But what is the current target of the Comodo team ?
I asked this a few weeks back and got a wise ■■■ answer of “as small as possible”, or something along those lines.
There is another thread tracking the amount of defs, but wouldn’t it be better to track the size(in terms of mb) instead? I would think that of more interest.
See attachments of the first post in this thread. A graph showing the size of the signature database in Mb is posted already!
I know, I was referring to the ongoing “Comodo AV Database update page” thread.
Bump - first post in this thread was updated today!
Why does the number of definitions is being reduced as time goes by?
Is it the way of counting?
Or it is the adding of generic signatures?
Thanks. Make sense.
This “number” is always object of discussion…
There are a marketing issue involved. Companies estimate the number of viruses by high.
There are different counts possible: variants, etc.
There is not an international rule for virus naming, so same virus could be consider one or more by other company.
Scanning settings are very important.
Active viruses (ITW) are really more important then the whole number.
Generic signatures and heuristic detections cannot be really counted as ‘virus detection’.
See answer below:
The reason why the definition count is decreasing: Comodo is making each definition more efficient at detecting malware; therefore, less definitions are needed to detect each malware variant. Comodo is adding new detections regularly (see update page), so Comodo’s ability to detect malware is even though the number of definitions is decreasing. increasing
Note: When applied to malware, the terms “definition” and “signature” mean the same thing: a rule that detects one or more malware items. The number of definitions does NOT correlate with the number of detections. A single definition may detect hundreds or thousands of malware variants.
I would define efficiency as “performing with the least waste of time and effort.” Having fewer malware definitions (each of which detects more malware) allows Comodo to use less resources (i.e. it applies fewer definitions to catch a given malware; thus, it uses less time and “effort”).
False positives have little to do with efficiency and more to do with accuracy. I define accuracy as “absence of errors.” So, a signature may be very efficient at detecting a given malware (e.g. it detects 95 of the 100 known variants), but it may not be accurate if it also detects 100 false positives.
I do not know the false positive rate for Comodo. My experience is that there are few false positives (although the number of false positives seems to increase when heuristics is set to high). Comodo is working on increasing true positive detections, minimizing false positive detections, and improving efficiency. Submitting false positives will help Comodo continue to improve their antimalware definitions.
Some additional information is posted
Thanks Whoop-dee-doo, makes sense.