Create an Online Virus Encyclopedia

What I would like to see is for Comodo to create an Online Virus Encyclopedia. This way when a window pops up saying that such and such has been quarantined they can access information about that particular malware. This can be beneficial as it allows people to determine where the infection came from and if that infection is related to other infections that they should be aware of. For example if the information identifies a particular infection as a downloader (and proceeds to explain exactly what that particular downloader often downloads) then the user knows to perform a full scan of the computer immediately and what to be looking for. A Virus Encyclopedia would be beneficial for both tech’s and ordinary users. There could be a link to the encyclopedia through the quarantine window. What do you guys think of this idea.

+1

If it will be there it will be in due time I guess as the AV of Comodo is still young.

There may be no need.

[ See here ]

I understand what you mean by prevention being more important than detection, but if the user accidentally clicks allow for the malware it can install itself. It will then become difficult (if not impossible) to remove it manually. This is particularly important with trojans. Because they masquerade as legitimate applications many users will even be tempted to go into install mode while “installing” them. Detection is still very important. I do not believe that detection and removal will cease to be an integral part of computer security in the near future. Prevention is the most important aspect, but detection is here to stay. Still that is not the topic being considered here. If Comodo antivirus does continue to exist then would an Online Virus Encyclopedia be beneficial.

+1.
But it’s doesn’t matter much. :-[
Just update the Encyclopedia monthly or weekly.

Not for everyday with few information like some small vendors.

If the Trojan was Designed to masquerade as a Legitimate Application, I think the Malware Creator would unavoidably and unintentionally break the Digital Signature of that of the Legitimate Application. This would make the Illegitimate Application unable to Match the Digital Signature of that of the Legitimate Application; and thus it would no longer be ‘White Listed’: Access Denied.

So I’m not sure whether an Online Virus Encyclopedia would be beneficial in this case, but maybe an Online Bad Company Encyclopedia would be?

… This is of course assuming that only ‘Signed’ and ‘White Listed’ Applications are allowed to Run on the Machine.

I think the only time Unsigned Application’s would need to Run on a Machine, would be when the Machine is owned by a Programmer who Writes and Runs his own Programs.


Currently, New Malware is constantly be written. Which means that the Online Virus Encyclopedia would constantly need to be ‘written to’ to keep up with the thousands of New Malware created every day. I think we have already reached the stage where this would be impossible to accomplish, I could be wrong though.

I think the Rate at which New Malware is being created is increasing too, as more and more people learn how to write the stuff.

Maybe someone else could shed some light on this subject. My knowledge of Malware is quite Grey.

I apologize to J2897, that was bad wording on my part. What I really meant is that Trojans pretend to be a useful program in order to trick you into downloading them and running them. I was not speaking about programs that attempt to mimic white-listed applications.

Also, I like the idea that Petit had about updating the encyclopedia weekly or monthly. I completely agree that it would be a waste of time to update it continuously.

No need. I understood you. :slight_smile:

This is the ‘White List’ I was referring to: [ My Trusted Software Vendors ]

CIS can be configured to Allow only ‘Trusted Software Vendors’. This could be how your CIS operates in the Future. Everything else would be Denied.

I think the Technology already exists to protect End Users from all Malware. I think that the problems is, not everyone knows about it (or how to use it) yet.

Anyone have an idea if something like this is in the works?

I’m hoping that with the release of CIS V4 there may be other things added as well.

Bump

Maybe with all of the new generic signatures being added it’s time for this to be implemented.