How does the AV reduce the popups in D+? ???
The only thing that reduces the popups is your settings. Not the AV…
With a HIPS product you will have popups. That is how they work.
AV will only reduce the pop ups of bad applications. and lets face it, Users generally come across 100x more safe files than they do bad. Isn’t it only logical to increase the whitelist?
first of all let me tell all my frds here that i too love CIS and according to me its the NO.1 security suite. but try to understand that comodo firewall changed into CIS coz of us, melih and team and all the appreciation and criticism by all of us. so if CIS is appreciated its good for all of us, melih and team. And criticism are always better than appreciation coz through criticism we get to know the things to improve and become better.
the query here is simple but you guys are making it puzzled. some are giving the definition of what layered security is?? some dont want to read anything bad about comodo and some think that standalone antivirus is not so important. just give a simple answer to a simple question Or better take a poll regarding this and see whats the result??
as a user of CIS my opinion is that comodo antivirus is not weak but not that strong. i m using the full suite so i am confident. i am confident coz i know that comodo antivirus is not that strong but no need to worry coz defence plus is there. what i want to say is that-----------
comodo firewall + defence plus + comodo antivirus — i am confident
pctools firewall + comodo antivirus — i am not that confident
pctools firewall + avira antivirus ---- i am confident.
so the reputation or effectiveness of antivirus changes one’s what we say layered security. everyone wants best layered security today.
so the conclusion is that CIS as a whole is the toughest but people may not use the antivirus part with other firewalls coz its not worthy as a standalone antivirus.
i dont say that comodo antivirus is just an accessory to comodo firewall and defence plus or its in the suite just to reduce popups but still its not effective as a standalone antivirus.
just check out the video reviews in any site about antivirus protection. you will see that where all the malwares are detected by the other antiviruses, comodo antivirus detected only few and the rest were detected by the defence plus that is the hips part.
so atleast for now comodo antivirus is not worthy as a standalone antivirus.
so take a poll and my vote goes for comodo antivirus is not worthy as a standalone antivirus.
thanxx
naren
Good post naren.
Ever since I moved from CIS full to MSE/Comodo FW and D+, all the malware pop-ups (I got quite a few from USB pens) are from MSE.
D+ only talks to me about legitim applications.
And the rest is FW.
So…Dch48’s original post in this topic is quite pertinent.
Jose.
Despite the initial confusion there is no doubt this topic was a chance for anyone to post appreciated criticism to their hearts content.
Sure… Indeed if criticism is appreciated by everybody it’s good for all of us whenever criticism’s criticism is always better because we get to improve criticism…
I would hardly see how the opening post of a topic could not have been pertinent to the topic itself.
After all it looks this topic was actually about reputation, confidence and users self-provided (implied or otherwise) criticism/answers.
-sigh-
You are correct… The AV didn’t catch much because D+ did… That is the whole idea! D+ is there to stop things before they get in your machine. 88)
Something needs to get in your machine before the AV can get a ■■■■■ at it. Only if the HIPS fails does the AV com into play! The simple fact that D+ caught most of the stuff means that it’s doing its job well.
I think the problem here is that people don’t really understand what a HIPS is. A HIPS will always act before the AV! That is their purpose!
Edit: Added missing quote bracket…
From a blacklist perspective I would agree with you. Nowadays AVs are just more than blacklisting; you have to take into consideration the heuristic component of an AV as well. In conclusion, and within a heuristic context I could say that yes a standalone AV can detect malware that its blacklist does not have, yet. You know that already Melih.
Peace.
By asking the question do you want to make an antivirus that will stand up on its own and compete on detection rates with the likes of Avira, is basically saying " Do you want to make a good antivirus?". Of course they want to make a good antivirus, Its brings aboard more users and makes CIS a better application. But even if Comodo’s sole plan for there antivirus was to just reduce defense + pop ups it also means that there sole goal would be to improve AV’s detection rate. Which therefore improves the AV’s viability as a standalone product. So like someone already said its all just swings and roundabouts.
oh come on yaa!! we just wanna know from melih or the devs (coz only these guys can tell us the fact) whether comodo antivirus is being developed simply as an addition into cis to improve usability or it is being developed as a standalone. so no need to show the intelligence here instead go and serve the nation with your intelligence. people post here to get help and not to argue and show how you can argue over a simple query.
thanxx
naren
Host-basedA host-based IPS (HIPS) is where the intrusion-prevention application is resident on that specific IP address, usually on a single computer. HIPS complements traditional finger-print-based and heuristic antivirus detection methods, since it does not need continuous updates to stay ahead of new malware. As ill-intended code needs to modify the system or other software residing on the machine to achieve its evil aims, a truly comprehensive HIPS system will notice some of the resulting changes and prevent the action by default or notify the user for permission.
The quote is from Wikipedia, the bolds are mine. A HIPS only moves when something tries to modify something; wich means that something, the modifier, already is on the machine and has access to something, the modified. If the AV would have donne its job poor something, the modified, wouldn’t had been modified by something, the modifier.
We are still waiting for an answer from Melih or the devs. (devs means devils doesn’t it?)
No it means developers. 
Surely you jest, Sir.
How could I have been that much misguided by my own reason.
My deepest apologies to that brave race of present times, the software developers.
Whenever AV are involved is usually looks like people are waiting for an epochal shift toward a 103++% detection rate granted by an appropriate blend of heuristic and generic signatures able to detect even an additional percentage of forthcoming threats the tester has yet to get.
That or self-evolving digital AV analyst able to examine on the fly any unknown samples hitting the enduser machine and output its unwavering verdict (either :-TU or :-TD) and additionally adapt to user-made criteria and take completely autonomous decisions.
Sure there would be no need of firewalls, sandboxing, virtualization, restriction policies and rollback systems as there would be no match for such type of default-allow approach.
The AV will give it’s own popup (if there is a signature for the malware), which would be more familiar in structure to average users. The AV popup would come before any D+ popup and if the virus was quarantined or removed by the AV, then there never would be a D+ popup which only occur when something tries to execute. When you try to access the Eicar test file what pops up first? The CAV window flagging it as malware. You never see a D+ popup because CAV took care of it. This enhances usability for the average user who is familiar with AV alerts but who might find a D+ popup confusing.
To clarify, standalone means out of the structure of CIS. The whole question is whether CAV is meant to be strictly a component of CIS or a full fledged AV that can compete with others when not coupled with the rest of the package. Whatever else might be used with it is irrelevant. Certainly in this day and age, nobody would be on the web without some kind of firewall, even if only the Windows one. Therefore my question is still unanswered.
This also has absolutely nothing to do with any products I used in the past. I am not criticizing CIS in any way here, I’m simply asking a question about CAV. It is the part of CIS that is most often criticized elsewhere and usually it’s because it is not as full featured as other AV’s. I personally feel that ,within the stucture of the whole CIS package, it does it’s job very well and doesn’t have to do a lot of the things that other AV’s do. I’m just wondering if the intent of the developers is to make it competitive with other offerings when not coupled with D+ and the firewall, or just to keep it as part of the full package where it doesn’t need to have the extra features.
Melih seems to have big plans for the AV as well that could make it a powerful standalone AV as well I assume.
G’day,
The following is just my personal opinion.
CAV + CFP + Defense+ = Very satisfied
CAV + Any good firewall + Any good HIPS = Satisfied
Any good AV + Any good firewall + Any good HIPS = Satisfied
CAV + CFP (but with no HIPS) = Unstaisfied
CAV + Any good firewall (but with no HIPS) = Unsatisfied
CAV + Defense+ (but no firewall) = Unsatisfied
CAV + Any good HIPS (but no firewall) = Unsatisfied
CAV on its own = Unsatisfied
Any AV on its own = Unsatisfied
I think you need to use all three aspects - a firewall to control data ingress and egress, a HIPS to control internal execution and an AV to do any mopping up.
Secure the perimeter - firewall
Control the internal - HIPS
Mopping up - AV
Removing one of the three lowers the overall effectiveness. Relying on just one just isn’t enough.
Please note that my comments, while they concern CAV’s abilities as a standalone AV, are equally applicable to any AV used in isolation. Yes, some AV may be slightly better than CAV at detection, but no AV knows everything. This is where the perimeter and internal control mechanisms come into play. These two additional controls also filter “junk” before the AV even gets a chance to do it’s stuff.
Again, just MHO. 
Cheers,
Ewen
Here is something that Egemen posted when they first added the AV to CIS v3.5:
Our philosophy, as you well know, is about “Prevention” being your first line of defense. CIS now has an AV component however this AV component is there to make Prevention more usable. We believe in a Layered Security Architecture where Prevention - Detection - Cure (in that order) is the components needed for a good security. Of course Prevention being the first line of defense, CIS does not compromise on this philosophy and continues to prevent malware from infecting the PC in the first place. And with the help of the detection technology (AV) built in CIS we can now offer easier to use security technology that has “prevention” as its first line of defense.
He is basically saying that the AV is there to enchant usability and not to offer some superb protection on its own (even tho Iam sure Melih wants the AV to be as good as it can, hence adding a lot of stuff to it in version 4)… As it is now a user may chose to run the AV alone and combine it with something, but comodos approatch is (according to Melihs blog) “Use layers, default deny” the other won’t work that well, at least not according to pages such as www.virustotal.com where they have statistic that shows how almost every piece of malwares is missed by one or more scanners… Also this is something interesting for those who think their AV is super and will eat every piece of baddie…
The question is:
What do you want to do with a malware that noone detects when it hits your computer?
choices are:
1)Keep your AV, nice and silent and no popups (no popup cos it doesn’t recognise the malware )
2)Pretend your AV catches 100% of all known or uknown malware and continue to use your slowly dying pc, while whistling My AV catches it all song
3)Use prevention/CIS so that at least you get a chance at answering a popup with a yes/no
Melih