CIS and av-comparatives.org

Sorry if it was asked before, but why isn’t Comodo antivirus among the tested products of http://www.av-comparatives.org/ ???
Is there just because it’s a suite?
Where can we find a comparison between detection rates of the Comodo antivirus?

Melih said he asked to be included in this test but comodo was not, mostly because of time constraints but they will be included in the future. Right now you can check out this test to see how it did compared to others Comodo Forum

I have tested CIS against 0 day malware a few times, and the AV component catches a lot of stuff. I think it is vastly improved, and on par with other free AVs. :-TU

Thanks.
I know it will be difficult to get a good picture, as Defense+ and the firewall do their part in the job. The comparison is with CIS. As the same as avast fails in leak tests if you disable the antivirus while testing the firewall.
Hope we have it in the next av-comparatives.

During one of my tests, I installed only the AV, and disabled both sandbox & D+. Again, it didn’t seem to do any better/worse than Avast, AVG, MSE, etc… When I tested full CIS, it blocked everything. It was one of a small group of programs that did that.

clocks, with all respect to your test, but, indeed, everything will depend on how the test is conducted, which samples are being tested, etc.

I agree, I would just be careful how much emphasis you put on results from AVC. The results can be misleading, and don’t always portray how well an program will protect you.

Unknown what gets you!

Protect from the Unknown…that is the key!!

Detecting known viruses does not protect you from unknown malware…

Melih

Yes indeed. Starting to do some testing on my own opened my eyes a bit. Programs that I thought would protect me, failed pretty bad. I only found a small handful of programs that inspired confidence.

I won’t say the result is misleading as they already stated what protection feature(s) they are tested. I’ll only say people may misinterpret the result themselves.

Sure. Each test, each result… all must be weighed. When we get a good grade, it’s ok. When we get a E-, well, not so good. Each test puts the emphasis in one point, not necessarily the “right” ones :wink:

Yeah… We’re champions on that :wink:

Melih, some antivirus does not say “we block everything”, “we protect 100%”. We can’t expect a serious company says that. But, also the contrary, saying that “every” antivirus says that is not true. Don’t you think?

Unknown files could be sandboxed, not necessarily get into the computer, also in legacy antivirus.

What about a file that is malware but it is taken as being clean? Will you MD5 each file? (even that could be bypassed…). Do you really think that it is possible to do a “whitelist of all known applications”? Signed files can be also detected by legacy antivirus, so they are not the problem. How to build a secure “whitelist of all known applications”? At the end, an user click could do all the mess…
Or, you could committe a mistake into your labs, can’t you? Returning a problematic file to the user…

Upload the files from sandbox is how cloud technology works. Some people concern about uploading their files (of course, if it is public, that won’t be a problem).

I’m not bashing the deny architecture. I really enjoy it. But I go to layered defense and approach, so you do with the antivirus and the suite…

Very clever discussion Tech I like to hear Melih feedback about this too, Tech may I ask you how did you came up with this idea ???

Which idea?

Sorry Tech how did you work this out below this discussion

I just watch the Melih video and heard his arguments, compare the pros and cons of “allow all” technology and “deny all” technology. I just put the shoes of a legacy antivirus programmer ;D

why do you need to build a whitelist of "ALL’ safe files for default deny to work?

Melih

Oooh now I understand :wink: sorry I couldn’t watch Melih video as he keep moving his head while I’m trying to lipread (as I’m deaf) and I’ve lost about 60% of the whole conversation which I have no idea what Melih is talking about.

You said so :wink:
If a file is not on the whitelist, it should be uploaded (and analyzed) or the user can’t know about it.
If a popup appears meanwhile… the user won’t wait for the analysts and the infection is on.
You can’t sandbox an installation… Well, you can if you use CTM and load an old snapshot (or similar programs). Am I wrong?