CAV Wishlist Rev 1


Melih asked me to start this thread and asks that you all post your wishes on what you would like to see in future Comodo Antivirus versions. I’m sure Melih can’t wait to read what your wishes are. I know I can’t :smiley:

Happy posting and I hope all of your wishes come true :smiley:

I hope CAV has a virus scan scheduler.
Also hope that cav will have options on what to do with an infected file, so it can handle things on its own. :slight_smile: example-repair file if file can’t be repaired-quarantine.

Taking a deep breath …

  1. A pinned notice at the top of this forum listing the most pertinent suggestions and the developers comments on those suggestions. This can save the developers responding to the same postings over and over, and help other posters focus their suggestions.

  2. Incremental, separate updates for signatures, engines, false positives (?) and other components.

  3. On line submission of suspicious files

  4. Ability to pause and resume scanning

  5. Ability to clean/remove from within archive files, not just detect

  6. Email scanning

  7. Make sure email scanning works with Comodo Personal Firewall. (Unlike AVG - LOL! :wink:

  8. If used with CPF, allow CAV to load as a process within the CPF launch (to ensure AV engine is in place and intact prior to any other object launch)

  9. Use the same UI designers that worked on CPF - really cool design guys!

  10. Distribute “false positives” list as part of the update process

  11. Allow end user submission for false positive testing.

  12. High priority updates executed with elevated priveleges if run in conjunction with CPF (i.e. CPF temporarily suspend all traffic other than updates)

  13. Time and target definable scheduler

I realise that this is a looong list (probably too long), but you asked for them. :smiley:

Some might think it odd that I’ve made some suggestions for CAV that are dependant upon being run in conjunction with CPF, but I believe that there are definite advantages to co-operatively developing both the firewall and the AV products, and the strengths of one can be leveraged to the advantage of the other application.

Hope all this helps,
Ewen :slight_smile:

A web scanner module.

What about having CAV perform scans on commonly infected areas when the screensaver kicks in - somewhat similar to SETI’s approach to distributed computing? This would allow for more regular scans to be done without impacting the users experience.

what think?
ewen :slight_smile:

  1. Heurystics - but, when something is found by this you can send it for analysis to see whether it is a new threat or false positive.

  2. I also like timcan’s idea of the web scanner module

Wow nice ideas so far ;D

I’ll second that. If these ideas are implemented it will be another great product from Comodo to rival all others.

I don’t know what you will think of this, but, what if you could scan a link on a web page before downloading or opening (like Dr Web scanner). I only know of Dr Web which does this so I don’t know if there are any patents / copywrights protecting this.

Maybe obvious but.
Along the lines of scanning email, the ability to add comment lines to inbound and outbound mail that has been checked. :wink:

Did you mean something like Panda’s ActiveScan which can be accessed from their web site, or did you mean something like Mikes suggestion (see below)?

If you did mean something like Pandas web based ActiveScan, this may have merit IF your locally installed copy of CAV is corrupted and not performing as expected, but other than that, what benefit does this deliver over and above a locally installed and run version of the app?

Just thinking further on that, what about the idea of an online integrity check that is done when the app updates its signatures and definitions? This could be as simple as dynamically generating a hash against the installed executable and libraries and comparing this to the checksums of the corresponding executable and libraries on the server.

If you meant something like Mikes suggestion (which I think is something like pre-scanning the pages nominated by the links on a web page), I can’t see a real benefit here. To scan the objects referenced by a link on a web page, the referenced objects have to be downloaded to the local PC to be scanned. Isn’t this the same process that happens when you click on the link anyway (assuming that you have real-time monitoring and scanning enabled)? Is this just adding an unnecessary layer?

What do you all think?
Ewen :slight_smile:

I said some of this in my previous posts in the comodo forums.

I used Norton Antivirus but since 2004 the antivirus start becoming so bloated that with norton 2006 I felt like my machine was only meant to run NAV 2006 !!!

So I heard about NOD32, used the trial and deciced to purchase 1 year licence cuz I found it FAR FAR better than Norton and any other antivirus… specially because as the developers states: the AV with the samallest footprint and resources usage…

So If CAV could use as less resources as possible AND very effective AV engine. then It will be a hard challenger for many other AV, specially the bloated ones like MCaffe, Norton, Panda, etc.

As a final comment, NOD32 now also scans for spyware, malware, etc… doesn’t eat my system resources at all !!!

I really noticed a system boost when NAV 2006 was uninstalled and then NOD32 was installed. That’s the way real-scanning applications should be !!! not ANY lag to the system or internet performance

Oh I forgot to mention this feature:

To make CAV and other comodo desktop productos locale, to let the user choose among different languages… I found this usefull for users that are not so familiar with english language and so they could understand and properly use the software.

BTW I live in Mexico and would be glad to help you translating Comodo Desktop products into latinamerican spanish if you need it :wink:

Hello Ewen, I was thinking of http scanner while surfing the web.Nod32 & avast! are at least 2 on the market that have this feature. thanks, tim

Hey again,

What about adding rootkit detection to the non-realtime scanning mode? I think it would impose too high a burden to include it in real-time scanning, but would be of benefit to include it in any scheduled scans.

ewen :slight_smile:


On review of what I said I see that there would no point in scanning the links if there was a scanner that scanned the http traffic coming from the internet, like what timcan said.
I like this feature as it could detect a virus before it even enters your pc.


Hi Tim,

I had a look at the NOD site re. their IMON module, which is the http scanning module. Its operates on the winsock layer, rather than the file system layer, but the potentially infected object is still downloaded to your PC.

I know that NOD is bloody quick, but how does the http scanning module benefit a user over and above a conventional file system/memory space based scanner? Does it impact overall internet throughput?

Please understand that I’m not saying don’t have a http scanning module - I’m just trying to work out in my own head if introducing a scanning stream on a layer (winsock) other than the file system/memory space layer (conventional AV scanning) is going to deliver sufficient benefit when weighed against any potential decrease in performance or increase in application complexity.

For example, if I’m running AVG and I go to a web page that has an infected object on it, the infected object is downloaded to my PC as part of the http request. The object, once written to the file system or to the memory space is then detected by AVG’s resident monitor and stopped from activating. Comparing this to NOD’s IMON, the infected object would be downloaded to the local PC as part of the http request, but IMON would detect it at the winsock layer and stop it activating.

How much benefit have we achieved for the sake of each http packeted data object being scanned on receipt at the winsock layer and then being scanned again at the file system/memory space layer? Or, if the two scanning modules inter-communicate (sort of like IMON telling the resident engine “it’s OK I’ve checked this stuff”), how much CPU time and throughput are lost to this inter-communication?

Again, I’m not trying to shoot down the idea of a http scanning module, I’m merely trying to understand the concepts behind the idea. Personally, I’d rather have a product that has a smaller number of features that REALLY work, rather than one that has a bajillion features that aren’t really necessary, don’t work properly and seriously impact system throughput (not naming names, Mr. Norton, but we know who you are!) :wink:

What are your thoughts?

ewen :slight_smile:

Hi Mike,

Unfortunately, for a scanning application (running in the local memory space) to be able to scan anything, regardless of how it got there, the object to be scanned has to exist in the same memory space. No scanner can scan something that hasn’t arrived at your PC yet, it’s just a queston of how deeply it gets in before it’s scanned.

HTTP scanners work at the winsock layer and conventional scanners operate at the file system/memory space layer. I’d query how much advantage we would gain by adding an additional layer to the scanning process. I’d love to be proven wrong, but IMHO this might be a little bit of unneeded bloat, providing the resident monitoring is up to scratch.

Please understand I’m not saying http scanning is bad, I just don’t understand whether it would add sufficient security.

ewen :slight_smile:

Just been looking at the antivirus on the comodo website and must say it looks very good. I can’t wait until it’s released.

Ewen, thank you for your reply. I see that this appears unnecessary and from experience this http scanner does slow down my internet load times somewhat - so yes this could affect performance. Therefore, I see that this will not bring any extra security just a performance drain. Thanks for clearing that up.


Hey Mike,

No worries. I wasn’t actually trying to “clear anything up” I was just trying to understand things better.

Also just had a look at the CAV info pages - looks good so far - but the proof of the pudding is in the eating - Nortons LOOKS nice, too. LOL!!!

ewen :slight_smile: