Hi,
Just informing you people that the thread on the Symantec forum has been closed!
Regards
They lock this thread:
What to tell about locking the thread? Nothing, they afraid to of competition’s!
Oh don’t worry, I’m sure Norton will soon sponsor another Denis Labs test to prove who is the best 
There is no malware that Sandbox misses as of now…(I would recommend to read about how our system works, cos you wouldn’t ask this question otherwise)
So in your opinion “as of now” means that CIS will protect against 100%. English is not my native language, but you should re-read it again, slowly.
I would like to see this malware that you say is able to bypass the sanbox. I mean it. So if is true they can fix it.
If all this is true it’s quite relevant that you know that there is a security hole in different security software and you keep in secret. Why somebody would do that?
[at]Melih: Bash Comodo? Love Symantec? I don’t love or bash, full stop. If you think that I’m here to troll or bash Comodo, you are sadly wrong. Have a look at the history of my posts on this forum. I have no gripe with your product whatsoever, and I will be the first one to congratulate you and it should it succeed the way you say it will. There are (some) things that I agree with you on the nature of the security market (anyone who has studied economics and game theory will know about bad Nash equilibrium).
What I do have a gripe with, however, is unsubstantiated claims. You say there is no malware that currently sandbox does not catch - this is not true. Of course, you couldn’t know this at the time, so probably “to my knowledge, there is no malware that sandbox misses” would have been the right phrase to use. But your comment was said as a fact, not as an opinion. A fact that is, in this case, false.
[at] Lordraiden: No, in my opinion “there is no malware that sandbox misses” means Comodo will protect against 100%, what Melih said. I will link you to the person who has the samples just as soon as Melih will honour his “guarantee” that CIS will have the “world’s best detection” if he’ll stake all of his possessions and money on it 
(Yes that’s right, another unsubstantiated claim).
Don’t hold your breath! 88)
Everybody is still waiting to see where Melih said that about the 100%. Have you invented it?
If all this is true it’s quite relevant that you know that there is a security hole in different security software and you keep in secret. Why somebody would do that?
You say that you are a professional tester, I didn’t know that the people that supposedly have to find problems and report them, also keep security holes in secret.
So what are you? a malware writer, a troll…?
Yes, that is relevant. I’m not the one who has the samples - good luck getting them out of the author. There are plenty of cases where whitehats don’t disclose vulnerabilities for free. Just look at EP_X0FF, or even media favorites such as Charlie Miller. After all, do you go and put your hard work in for other people for free? Altruism in security exists, but it is limited.
I don’t have it anymore but i have seen a malicious file get past download insight. I knew it was malicious because i got it of of malware domain list.
Why do you avoid the important questions?
You can report the problem without having the samples (linking the forum), of course if Melih accept your stupid challenge you will give as the samples… ;D
Which kind of professional tester hide security holes? a malware writer, a troll…?
I have samples like that too - I was one of the ones that helped to identify an early bug with Norton’s download insight. No product is 100%. What matters not only protection, but deployability, useability, and scalability.
BTW, before the accusations kick in - I have never worked for Symantec (permanently, contract or otherwise).
That is below the belt and you know it. CIS does more than that. Please read Unknown Files: The Sand-boxing and Scanning Processes in the online help file.
It is very hard to build a product like Norton that has the confidence to automatically remove a piece of malware without prompting the user.Since you are so well informed. How much exactly? I will take percentages of total R&D budget but prefer absolute figures.
Jajaj so funny, you will not do it for free but of course this hole exists since weeks ago.
Why haven’t offered your help for money during all this time to the security products involved if this is your job? Why do you need to hide a security hole for weeks?
Why if you can make money with this you have been hiding it?
Quite a large proportion of security researchers, unless you pay them. Don’t you know how the system works yet?
By the way, what in my posts do you see as trolling? Melih said that as of now, sandbox catches all malware. I pointed out that this is not the case. You say that I have to disclose the vulnerability - no I don’t, I didn’t discover it. Where is there trolling going on? You agree that no product is 100% inpenetrable, but when someone else claims this too, you get flustered and acuse me of trolling.
You keep asking me where I see that Melih says Comodo protects 100%? Melih’s words: “There is no malware that Sandbox misses as of now”. This directly implies the Comodo sandbox catches 100% of malware. Ie Comodo catches 100% of malware. If Comodo catches 100% of the malware, it offers 100% protection. Correct?
Please do explain how I will make money with this. Like I said many times before, I did not write the samples. I do not posses them.
“Why do you avoid the important questions?”
Ask them clearly, number them, and I’ll always be happy to answer if you have any queries.
Yes, you are a super professional ;D Could you tell as at least where Comodo can find to this person?
If Comodo pays you, you will tell him who is? this is how it works?
You keep asking me where I see that Melih says Comodo protects 100%? Melih's words: "There is [b]no[/b] malware that Sandbox misses as of now". This directly implies the Comodo sandbox catches 100% of malware. Ie Comodo catches 100% of malware. If Comodo catches 100% of the malware, it offers 100% protection. Correct?This is your interpretation
No, like I have stated, I will link to the author as soon as Melih honours his guarantee. That is not payment (unless you think Melih will lose the challenge, in which case you don’t believe him). Remember, if he wins, I don’t get any money. This is how a guarantee works. I’m not here to get any financial gain, just to see someone back their words up. Melih made the guarantee promise, so the burden of proof is on him.
It is logic.
So you are hidding the information because the stupid challenge bla bla blab,…, that’s all I need to know, good night, and good luck with the challenge.
Remember that you can’t use this hole in the challenge because you dont have the malware files. Don’t forget it ;D
All I have seen is a bit of hot air about people you say to know and places you like to frequent.
Until you come up with a malware that can be tested you are just making a lot of needless noise.
Consider yourself warned.
No problem! Bear in mind when you say that the challenge is stupid, you are saying that Melih’s guarantee isn’t valid. Hope you realise this.
Again this is your interpretation, must be a deficiency in your english, or another problem that you hide 