Thanks :-TU
What?! Reversing the damage isn’t particularly difficult. Many good programs can do this nearly perfectly for a vast majority of cases (restoring MBR, repairing hosts, restoring registry). Just one example (not perfect but very decent) - Prevx. I suggest you do some reading about removal - the techniques are really interesting (and often effective). No false sense of security what so ever. Please don’t tell us about “reality” if you don’t understand it.
What Comodo has to gain is pretty obvious - customers. Ask yourself this question - Comodo suddenly grows, and has lots of customers. What do you say to those who are already infected. Reformat?
If just testing AV component of CIS, probably would not achieve great result in detection rate and also susceptible to many false positives (Just look at the number of Heur.Suspicious and Unclassifed.Malware every day); this may be the reason why CIS is still not seen as an entry to those independent tests with large samples involved. Given the age of CAV (I read somewhere only two years old) probably not wise to test it right now and still a lot of work to be done to improve the detection, disinfection, and cleaning engines. What I deeply concern is that it seems Comodo doesn’t have enough human resources to manually verify large number of unknown files/malwares uploaded every day and therefore so many of them are not classified yet. It seems the current solution is to just put them in Heur.Suspicious and Unclassifed.Malware categories for now.
+1
I imagine the situation if someone steals money from my payment systems or some personal information, and then my Security Suite stated - “Relax guy, this will not happen again, now I know why it happened. This happens it’s just not possible to prevent… bla bla bla”. ;D It reminds doctors who did not know how to diagnose, but begin healing. I will not let him heal itself in such a case.
Alex
So what would you ask a consumer to do, reformat?
Heur.Suspicious is an heuristic detection, may be a virus or not.
Unclassified.Malware seems to be a verified virus, with no name yet (maybe detected from the cloud?).
heur.Susp = heuristic
heur.packed = heuristic
Unclassifiedmalware = real signatures.
Thanks for the clarifications, Syl and MOVEAX. It seems that Comodo has no time and enough human resources to classify and allocate those categories into virus, trojan, application.unsafe, worm, adware, etc. It just makes me having the impression that many identified Heur.Suspicious and Unclassifed.Malware might be false positives in the end.
Unclassifed.Malware is certainly not a FP.
Heur.* on the other hand may be, but they’re improving their engine.
FP will appear in the final note on av-comparatives, CIS may lose some points here…
Not when CIS is so complicated that an average user my accept a flag rather than deny it, thereby allowing malware on to his system inadvertantly. That’s why a great AV is needed as a safety net, as well as cleaning up infected systems.
So the whole of CIS needs to be tested for sure, but also seperately we need to know how just the AV works. And yes, I am concerned about the apparent low level of resourcing put onto creating a high quality AV database, as well as the methodology of accepting trusted files from users on to the whitelist (exactly what checks are made to ensure it is malware free and no backdoors for example?)
Melih might be better off and applying a stop-loss to this AV database situation, i.e. stop pouring in more money and not making enough progress. Instead they could buy someone elses database and then adding their own unique stuff on to it for example, or do what GData does - they use 2 scanning engines, one provided by Bitdefender and the second by Avast ! So for the free version of CIS it could be their own scanning engine but for the Plus and Professional versions of CIS it could be 2 scanning engines, e.g. from Kaspersky who already do this for other companies, and one other good engine. Makes alot of sense and allows Comodo to focus on the core expertise which is prevention technology rather than detection.
Of course yes, while in CTM will not be added some features, if they do not want to remain infected with the same probability, with which all …IS, putting the basis of signature analysis, passed the threat. And next time I recommend them to be “healthy”, instead of being “cured”.
Alex
Good luck making your security product. You’ve just lost millions of customers with that suggestion. Most fall into the category: do not know how to reformat, or don’t have the capability, or don’t want to, or don’t have the time. Removal is an essential part of a security suite if it is to appeal to mass consumers, unfortunate as this may be.
Amen, security genios.
Alex
@cavehomme: while your solution is interesting, I don’t really agree with that.
After including another AV engine, why should they improve their own?
They chose to go with their AV, they should stick to it and improve it, or else completely drop it.
But their AV seems ok, so they should stick with it. And that’s why it may be interesting to see some test, I’d like to say “their AV is good” instead of ok, because I don’t know for the moment, but I trust them.
how do u know that u found and removed all the infection? you never can be sure!
You’re right. This is the problem… 99.9% of the users that see the test results aren’t interested in the methodology. So, starts posting their opinions.
Just FUD. You’re trying to bash the tests.
+1
No, I agree entirely with you that you can never be sure, and that a clean install beats everything. That’s what I’d do, and that’s what I keep advocating to anyone who I talk to.
However, you must realise that a LOT of people won’t reformat their PCs just to install a new security product, or if they are infected. Most fall into the category: do not know how to reformat, or don’t have the capability, or don’t want to, or don’t have the time. Removal is an essential part of a security suite if it is to appeal to mass consumers, unfortunate as this may be.
You can’t aim to beat a mass product by alienating a huge proportion of your market. Painful as it is, removal is needed for all those “idiots” who can’t be bothered to reformat. You really need this if you are to take on the giants of Symantec and Kaspersky. This is very serious advice - if you follow it, you have a chance to make one of the best products.
Originally Posted by IBK btw, as I am getting some emails asking about this: "We may test also other products which are not part of the main test-series, but only separately and for a limited time-period." -> this means that we are testing also some few other products in parallel, but those are internal tests for the respective vendor(s) and it is up to them if they let us publish their results or not. I can not even disclose which vendors are tested separately, as that is under NDA.
+1
I agree, many won’t do it and stay infected…
We focussed on treating the cause rather than symptom…
We focussed on “keeping a clean pc clean”…the more machines that has CIS less infected PC there will be.
We are now working on also creating a product for “infected PCs” so that we can rescue them from “misinformation” and “scaremongering” that likes of Symantec is spreading.
Melih
From AVComparatives says that they are testing other producst and the report will be published at the end.
They can not tell us if Comodo is being tested but Comodo can tell us if Comodo is being tested.
So the question is, Is Comodo being tested?