Design philosophy for Comodo Antivirus

I’m not providing details that should be self evident.

I’ll give you the reason why I made this thread. On the forums of another AV product, CAV was being attacked as being useless and terrible because it doesn’t scan things like email and web pages. I defended CAV by saying that in my opinion, CAV didn’t need to do those things within the framework of the entire suite and that it’s main function was to enhance the usability of CIS while providing basic AV protection which is all that is needed when coupled with the firewall and D+. I said that it functioned very well within the suite and it seemed to me that was the direction the developers were going with it. I got jumped on and called a Comodo drone and things like that. They said I was making excuses for the terrible product that CAV was. I made this thread to ask the developers if I was right or if they had bigger plans. So far, they have not fully answered my question but I have seen some indications that I was right in my impression of where CAV is headed and I fully support that if it is the case.

I was only looking for ammunition to defend Comodo with, not to fire at them.

What is being self evident is that you are not willing to provide details.

Though it looks that asking about what you heard on the forum of another AV would probably have you to provide some more details.

Let be it.

Nevertheless, by acting as a speech-person for other people from the beginning till now, it now appear that appropriate answer was actually something unlikely to wait for.

Hearsay can be only spread around, nobody can actually answer them even more if not detailed in a unambiguous and clear way.

IMHO It is not about ammunitions but about characteristics that can be met or not.

Once the characteristics are known/detailed the substance of the argument is defined.

I suppose you might have heard in other forum, for example, that x standalone AV got Instant messaging scanner and they see it as an important feature.

CAV has no IM scanner. That indeed is self evident. Once stated/pointed out, anybody can see if such criteria is met or not at any time (without waiting for anybody else to check that for them and rephrase it in other ways)

Indeed it is likely that those who deem an IM scanner useful would ask if CAV is going to support it. Though obviously not everybody would.

Whereas as long a person on another forum think that an IM scanner is something s/he need, s/he won’t deem any AV without it able to stand on his/her PC.

Is there something else you heard that could be detailed as unambiguous and verifiable criteria and it is not vague as the likes of “not enough” and thus address the aspects left pending?

Woah! Gentlemen please. Keep it friendly, posts featuring nothing but a personal remark are not proper conduct. Let’s not get personal. Besides, I’ve got a bad cold & I’m not in a very good mood. Don’t make me come here again please. Thanks. It would be be really nice, if these types of comments “disappeared”. :slight_smile:

Dch48 said:

“If the promised improvements to CAV come to fruition, i.e. greatly enhanced removal abilities for one, I will be very pleased, but I doubt that my position about it being used outside of the suite will change. I guess you could say my preference for it’s direction is NOT to become a standalone solution. I want it to stay as streamlined and lightweight as possible.”

I thank you are right,especially the streamlined and lightweight part.

Off topic,but the same vein,a light-virtualization software,that I considered best of breed,announced they planed to integrate a “small” Av competent into their next release,simply to check any files being committed to the disk,from within a a virtual session.

I thought,WOW!! that sounds good,I foresaw a kind “automatic right click scan”,that would go along way to solve the “all bets are off when you commit to the real system” problems of virtualization.
What really showed up? Basically the whole F-Prot program,heavy
(comparative) memory use,dodgy servers,and for me,system slow down
and Random BSOD’s.
Lightweight and streamlined is the ticket.

Not sure If I’m entitled to comment such rude attack but it doesn’t look that asking you to extend and further define your viewpoint “serve no purpose but obfuscation” whereas I acknowledge the rest as your intention of evading those aspects you left pending and that asking you about them made you upset.

Asking you to detail what criteria you felt CAV did not meet would have served no purpose but having you actually explain them in your own words.
As such it supposedly appear that the “purpose of obfuscation” would have been coherently fulfilled only by your relevant answers.

Whereas just moments ago (as well) it almost looked like you was relaying something heard elsewhere (of course) searching for a reply, I even asked if there was something else you heard that could have been (at least) detailed as unambiguous and verifiable criteria and thus (finally) address the aspects you left pending.

Although it should be obvious that the questions I made and left repeatedly unanswered could only have been replied by the person who thought, felt (by now there is no doubt it was you) and created this topic.

I didn’t even ask you to explain why those criteria appeared to change later whereas MSE (or avira free) which didn’t get IM, email, webpage scanners…

…would have been used as an example in an earlier post, though I asked you if they were still a valid example to confirm such sliding category.

Whereas the original question was among the lines of if the “Design philosophy” for Comodo Antivirus is to make it “able to stand alone” or not.

…there would have been obviously no need to clarify what criteria an AV had to meet to “be able to stand alone” if you asked something the likes of “is CAV Design philosophy to reach x% or higher detection, get an IM scanner, etc, etc.?”

Sure “be rated higher” by far did not describe how much (other than “not enough”) and thus I asked how much as well (obfuscation you said)…

Sure you repeatedly claimed the “question” to be unanswered…

…no wonder as without detailing such criteria the answer you have been “waiting for” can be replied only by you yourself on each version (“self evident” I read).

And it really looks you’ll be kind enough to coherently get everybody updated without question asked and (of course) also relay relevant “hearsay” from other AV forums where you tried your best (now “well known” fact).

I will repeat this again straight from the horse’s mouth:

Where the addition of the AV may have started to lessen the amount of D+ pop ups the plans surely have changed. The change of plan makes sense because people who will use the Clean PC policy and have their computer scanned during the installation need to be sure the AV does a proper job. And according to Melih it will.

This much we know for sure.

Actually definition based solutions are falling short since a couple of years. So, none of them are good enough anyway. Hence why behaviour blocking and HIPS surfaced in the ever continuing battle against malware.

At least scanning Emails adds nothing to your security. Useless junk future… (there was a debate if this is good for protecting OTHERS, but for your security it adds nothing…)

As for scanning web pages I have no opinion/comments… O0 :-TU Since I don’t fully know what the web scanners being refereed to is looking for in order to prevent infections…

I know all that, but try to explain all that to the dedicated Comodo bashers and you get called a “Melih Drone” or something similar. They’re pretty much Wilder’s drones it seems.

I support Comodo’s philosophy of not scanning emails in real-time to keep CIS lightweight (without reducing security). Emails are treated like archive files – Comodo’s real-time AV does not scan archives either.

However, Comodo’s philosophy is not consistent because their manual AV does scan archive files. If the manual AV is a separate executable from the real-time AV (I don’t know if Comodo does this today), then the manual AV can scan archives/emails without affecting the performance of the real-time AV.

I would like to see Comodo support email scanning with the manual AV. I am referring to the email archive, not emails as they arrive. In particular, the Thunderbird email format. The reason I favor this feature is that it allows me, as the administrator, to scan a PC weekly to make sure there aren’t any time bombs for the inexperienced user later. Also, I would rather see false positives during my scan instead of burdening the inexperienced user with them (as much as possible).

I use the Avira free AV for manual scanning instead of CIS because Avira fully supports Thunderbird email archives. When it detects, it shows the archive name, date and subject of the email with the detection. This gives me enough info to open the exact email in Thunderbird to delete it.

It’s even less consistent than you think because it doesn’t scan all archive files, only certain types. I believe .7z files are still not scanned, and this is a pretty common archive type.

The real-time engine isn’t consistent either, because as I mentioned earlier, certain file types do appear to be scanned on download, not on-access. In particular, the Eicar test files.

Note that this information is from testing I did several months ago. I’m only assuming it is still current because I haven’t seen anything stating otherwise.

+1 I would also like to see this, maybe something called complete scan that scans every file on the computer and even breaks open archives to scan inside and everything. Call it a complete scan and show a pop up that it might take a very long time to do, so the person scanning knows this and are not surprised it could take hours. That way comodo does not have to build too much into the realtime scanner to slow down the system.

Archive scanning looks more a matter of file format support than consistency. What specific formats should be supported?

Since 7z files are currently scanned it does look that adding support to new archive formats is possible (thus also for Thunderbird MFT or, if not yet, Outlook PST files ).

As for the real-time scanner it looks detection hasn’t changed even in case a threat is downloaded the browser itself would still need to access them.

I did not know It is so hard to answer a simple question. The question is simple and will not change, the answers in this 8 pages growing topic are constant evasive to the question. After reading all these pages I can only conclude that Comodo has no philosophy for it’s AV because thats what is show to the readers by not answering straight forward.

The Comodo IS product seems great, the answers from Comodo staff unfortunately do not. Personally I would not run around the bush, I would stand for my product.

Answer have been provided even though it wasn’t a matter of philosophy as it appeared.

But sure it looks that this topic provided also a way to post negative comments on Comodo first-hand or from hearsay.

Real time vs On demand have two very different models…

In Realtime model, as i have mentioned many times before, we try to protect the RAM and HD… Whats the point of reading emails in that model? If its malware it will be caught either at RAM or HD level and these are the only 2 places that any code can live on (bar bios etc etc)…So in real time mode you want to keep things very minimal otherwise u will cause the system to lag…


I just tried scanning a .7z and they are scanned now. That must have been added without notification in one of the last updates.

I don’t see how pointing out what people feel are the program’s shortcomings is bad. I would think the developers would be interested in the input.
I myself know that email scanning is usually a waste of time and resources, but try telling that to people who don’t understand that and use AV programs that do have that feature.

Since Melih has said that the goal for CAV is for it to be one of the best, I guess that is as close to an answer as I will get to my question. It’s just that from the way it currently works, it seems that it is designed as a component of the complete package.

“I myself know that email scanning is usually a waste of time and resources, but try telling that to people who don’t understand that and use AV programs that do have that feature.”

Even more than that,and I cant cite a reference,pure hearsay,I have heard the majority of corrupt email
accounts,occur on a system with a e-mail scanning anti-virus.

But I only use web mail anyway.

I think the most telling argument against the impotance of e-mail scanning is provided by the tech support people of companies whose products have that feature. If it seems to be causing a problem they tell you to turn it off while stating “You don;t really need it”.

What about starting to detail what would have been needed to have you claim that CAV seemed designed to “be able to stand alone”, for a change?

Indeed those would be the criteria that will have you post that CAV would not be seemingly designed to be “able to stand alone” for the time being until eventually fulfilled by a new release (if those qualifying specifics did not change meanwhile).

Since you mentioned MSE as an example of AV “able to stand alone”, by now you could have focused in detail on what you think CAV falls short compared to it.

Nevertheless you continue to make mention about what “other people” would think

…whereas you should be aware there is no way to answer such ambivalence.

LOL…this is a very telling point…

You see, paid for providers have to justify what you pay for. So the more they charge, the more features they have to put in and tell you that you need those to justify you forking out those monies… We have the luxury of not having to “market or sell” by creating stuff that you don’t need. We provide pure top notch security!