Comodo Antispyware

justin1278 · May 11, 2006, 4:36pm

Hi,

I would like to know if Comodo Antispyware will feature Real-Time protection.

Melih · May 11, 2006, 5:19pm

Justin

What do you mean by that?

thanks
Melih

justin1278 · May 11, 2006, 6:45pm

Melih,

For example in an antispyware product such as Spyware Doctor it features real time guard providers such as Cookie Guards and an Immunizer. The cookie guard deletes Spyware Cookies, and the Immunizer blocks threats from getting in. These are just two of the many providers.

Melih · May 11, 2006, 8:21pm

There is Sandboxing, if thats what you are talking about, the CPF will also have this ability and many more…

Melih

panic · May 12, 2006, 8:12am

Hey Melih,

How about a user-invoked sandpit? This could be used if a user has an unknown infection, they could invoke the sandpit, which could kill user-nominated processes and monitor its reinstallation, its source process or service, port access attemtps etc. for the purpose of logging and reporting. This theory could be extended to the AV as well.

What think?
ewen

Melih · May 12, 2006, 10:38am

and into a firewall

Ewen, you are a true Comodo thinker We are on the same page

Melih

panic · May 13, 2006, 8:37pm

Hey Melih,

How about making the sandpit application independant? Sort of like a layer that can be called by any of the Comodo security apps. This would keep the individual apps size and complexity down and allow a single sandpit model to be refined.

what think?
ewen

Melih · May 14, 2006, 5:49am

Possible, that is sort of how we are doing it, as a module that each application can turn on, on demand. So great idea

Melih

justin1278 · May 26, 2006, 10:53am

Does Comodo have a more accurate time frame of when Comodo Antispyware will be released (can’t wait :D)

Melih · May 26, 2006, 6:11pm

Well, in order to keep things optimized and fast, we might build the antispwyare feature into AV itself. We don’t have an exact timescale, but soon.

Melih

techpro · May 27, 2006, 2:52am

I think that’s the right approach. Only for historical reasons have these two types of anti-malware developed as separate applications.

justin1278 · May 27, 2006, 3:55pm

That may cause the antivirus app to become bloated, I was hoping for a seperate app.

Melih · May 27, 2006, 6:43pm

Well, nowadays, if should have both AV and spyware. So, using two different vendors for AV and Antispyware means, each file will be scanned twice by two different engine, you will have two on access scanners etc etc… Even though spyware is different (technically), if you put both into one, then the only extra time will be spent will be checking for extra signatures, and you will have all the gains from having a single, on access, scanner etc etc. My logic is, malware is a malware, whether its a virus, spyware, adaware, trojan etc, we should have just one application that detects all malware. I think traditionally companies have created different products so that they can sell more products for the new threats, but our intention is to secure people’s pcs most efficiently and by best technical solution.

I hope this clarifies why I think its best to detect all malware with one app.

thanks
Melih

panic · May 27, 2006, 8:41pm

In its broadest sense, both viruses and spyware share common traits

they are installed without user agreement
they perform actions without user intervention
they perform actions for the benefit or detriment of others
they take steps to ensure they are “alive”
they can propogate themselves
they can affect the normal operation of a users PC
they are bastards

As Melhi pointed out, the only real impact into integrating the two apps together is an increase in the signature base and the addition of new attack vectors that would need to be checked.

Besides, it should be possible to tell the aggregated application that you want to check for all, viruses alone or spyware alone.

By aggregating the apps, we reduce the memory resident load, enhance usability through a common interface and allow Comodo to focus development on a single app.

what do you think?
ewen

techpro · May 28, 2006, 2:52am

But a separate antivirus and antispyware will consume more resources than one program doing both jobs. So a separate app will actually increase resource wastage, except for those who choose to run only one of them. But most people will probably want to run both.

mike6688 · May 28, 2006, 6:35am

One app would make it easier for Comodo and their end users. It surely would be better to do an antispyware and antivirus scan at the same time instead of seperatley.

I think that it would be good though to have a choice in the app as to whether users want to just check for spyware or viruses etc to give control and flexibility to the end user.

Mike

Melih · May 28, 2006, 8:32am

Ok, pls to put this in AV wishlist.

thanks
Melih

mike6688 · May 28, 2006, 9:35am

Ok done.

Mike

system · December 29, 2006, 10:29pm

Sounds cool. Will it be closer to Sandboxie, Bufferzone , Defensewall or GESwall?

Melih · December 30, 2006, 2:29pm

very good question

we don’t envisage it be a sandbox kind of HIPS but more like SSM but has some other innovation (patent pending) built in. We might bring in Sandboxing at a later stage if needed. Also, we are concentrating building the biggest white list and now has over 130,000 executables verified. So this will help with the noise level of the hips.

cheers
Melih