It seems to me, from observing the daily detections added to CIS, that most of the detections are Unclassified Malware. This detection does not give any information about the threat. I understand that these detections result from automatic analysis by a machine. I would assume that other AV companies operate the same way, but most of the signatures added by other well known AV companies are already sorted into the correct families. I’m not sure what needs to be done, but a better classification system needs to be implemented before Comodo can enter into the same league as Avira, Avast, Kaspersky, etc… Unclassified Malware should be a small fraction of what is added to the virus database. Whether you agree or disagree with what I have written, please post your views below. I merely want Comodo to reach its true potential.
I’m of the opinion that it’s irrelevant what they call it…
However, they do have an AI now that is slogging through and classifying things.
While I do disagree with you that it’s irrelevant what they call the detections, I am glad to hear that there is an AI classifying things. Most of the false positives being reported are either Heuristics or Unclassified Malware. There are very few detections that have been already classified being reported. Would I be right in assuming that this AI will soon be assisting in the instant classification of submitted samples. By this I mean that the number of Unclassified Malware being added into the database will be reduced as well. I appreciate the response. Please correct me if I have misunderstood anything.
In the light of an online Virus Encyclopedia you promote in the other topic I think giving things a proper name needs to be done.
On the other hand there is so much malware released these days that getting out a definition is the first priority. Giving it a name and trying to put it in a family signature would be the next steps.
Since Comodo has started with family signatures I think in the middle long term of things the amount of Unclassified Malware will be reduced. But it will stick around because it is more important to get definitions out there.
What I do still worry about though is the relatively large number of false positives associated with Unclassified Malware. I do completely agree with you that getting the definition to the users quickly is the top priority. What I would propose is that maybe it is possible to not release the Unclassified Malware updates that are not obviously malware. Maybe hold off on the suspicious files until they can be classified for sure as malware or not. I don’t know if that is possible or not, but I believe that it would be better to hold off releasing some of the detections until it has been clarified that they are not FP’s. Please note that I am speaking only of a small fraction of the Unclassified Malware and not all.
With a very short turn-around time, suspicious files can be verified and added if found to be malicious, very quickly. We are already getting multiple signature updates each day.
Comodo should entered some antivirus test to know how much FP that’s should reduce when compare with others.
For my opinion AVG detect more FP than Comodo.
Unclassified malware are no less dangerous than the popular big-name viruses and Trojans. They simply just don’t have a name.
Essentially what I am saying is that most of the Unclassified Malware should either be classified before it is released or classified soon after. For one thing there is much less chance of a detection being a FP if the detection has already been classified. Also, it is very useful to know what type of infection has just been detected on your computer. Unclassified Malware can range from unwanted applications to downloaders. If these detections have not been classified then the user has less knowledge about the current state of their computers security.