Detection rate of this AV prog?

Is there any independed test which examinated this prog on it’s effectiveness ?

Because of the methodology of CAVS I believe conventional testing is difficult in order to get a true rating of it’s capabilities.The normal method of testing AV programmes is to install it on a test set-up (via a VM or otherwise) and then attempt to run a pre-defined range of malware in order to gain a percentage of detection.CAVS,I believe works slightly differently in that rather than scan for malware once it reaches the hard drive,it’s prevented from getting there in the first place.

Since the testing methods don’t allow for the machine being online during testing,this will block CAVS’ whitelisting verification.PrevX1 suffers with a similar dilemma.This can make it look like CAVS is less effective than it actually is during normal usage.

Melih can explain this far better than me,but I believe that the full version of CAVS will offer a higher actual level of protection than any competitor.

Hi YANKEE,

You may find it nigh impossible to find any independent reviews of Comodo CAVS 2 beta - yet. When searching around the Net, one can find several reviews of CAV 1.x Beta, but none for version CAVS 2. And of course now having said that, others may refer you to one or more. :slight_smile:

The big feature which Comodo itself is playing up (and a VG feature it is) is the inclusion of HIPS in CAVS version 2. However as to CAVS 2’s ability to scan, find, and clean . . . well the verdict hasn’t come in yet. The jury is still out. :wink:

Hey, but lets wait and see. We may be pleasantly surprised by CAVS 2’s capability in not only it’s HIPS protection, but also in finding and cleaning those pesky malware which still find their way onto one’s computer as well.

Oh, and YANKEE, when the time comes, I too look forward to well known and widely recognized independent reviewers’ take on CAVS 2.

Laurence

Hi Laurence (a beautiful name BTW) and Andyman !!

HIPS … I use that already with the app Spyware Terminator and I’m not impressed by it… What I’m interested in is whether the Comodo engine is as effective as let’s say the Kaspersky or NOD32 one! Detection rate is linked IMO directly with this engine.Virusses are the most dangerous ones and need to be stopped at any price so I also wonder what the heuristic scanner rate is for Comodo ?

Melih ? Is it possible to give me more info ?

“Melih can explain this far better than me,but I believe that the full version of CAVS will offer a higher actual level of protection than any competitor.”

Good question…

I have an sugestion: Melih! Come to us!

I can understand you asking this,but CAVS is working toward prevention rather than mere detection.After all malware can’t do any harm if it isn’t able to get on your system.I’m sure when Melih pops in here he’ll be able to fill you in on detection rates and the likes. (:KWL)

Melih, looks like YANKEE wants you to set the record straight. :slight_smile:

Fair question YANKEE. I bet there are others who are also curious, and if not many yet, there will be when CAVS is finally released and ends up on more machines.

So, in spite of HIPS best attempts to prevent malware from getting onto a person’s system, at its present state of development what is CAVS’s detection and cure rate of malware (in approximate comparison with a couple of other popular AV’s) which nonetheless has managed to find it’s way onto a user’s system?

Laurence

seems to me I stepped on a few toes here …

Well, I remember going thru this in some other topic in the forum… but here it is again :slight_smile:

1)Is there any independent tests?

There is one that i have seen that shows detection rate on a greek site somewhere.

2)Why is detection low currently?

Because we have yet to concentrate fully on improving detection, because we want to Prevent Malware first!

Let me explain

I believe in
1)Prevention : a door in your house
2)Detection : Burglar alarm in your house
3)Cure: Home insurance in your house

as the order above.

So for me, the first line of defence should be “preventing” the malware coming in to your system in the first place! Imagine if your PC currently was a Night club and it had a doorman (AV), the way this doorman lets people in is, by first letting everyone in, then going into the night club and checking who should not be in by “identifying their signatures” and then kick them out. I want to stop people coming in if they are not allowed in the first place. Another analogy is if your PC was a house, it has no doors but burglar alarms!!! Let burglars in, and then sound the alarm!!! Now we have the technology to put “doors” in our PCs… called HIPS. So I decided to concentrate CAVS team to build HIPS functionality first. Of course we also improved the detection rate as we go along and we will continue to do so. However the focus is to prevent malware coming into your machine in the first place. Of course detection should be the “2nd line of defense” (not 1st!) and we should improve our detection to match the best possible out there (and that we will ;)) .

So the question I would ask is: How many % of the malware (known or uknown) out there could CAVS “prevent”? The answer is a huge majority. And this is the key!

And is there a test to validate that anybody does today? no I am afraid not. However I would welcome it.

So, as you can see, I have been doing, what I think is right : “Protect the user” as the priority, rather than just look nice in the tests, however, I also like looking nice so we will do that too :wink:

Melih

PS: No you haven’t Yankee, this is a well discussed issue from months ago in the forums…

THX Melih for the info! (:CLP) One remark though … with HIPS you rely on the intelligence of its user no ? If I am dumb or distracted or ignorant and I say “allow” instead of “deny” with HIPS … Bingo : the burgelar is in the house and than I have to rely on the alarmsystem ! So this first line of defense is linked to the awareness/experience/smartness of its user.
I really believe you and your crew are doing the best they can : let there be NO DOUBT about it but I stay where I am now for the moment and that is with AVAST! Home and the wonderfull COMODO firewall !!!

Well not quite. Let me explain.

HIPS use a “Safelist”, as long as the applications are in the safelist the HIPS does not disturb the user and it allows the app. Only if its not in the safelist will it ask the question to the end user. So the success of CAVS HIPS is dependent on the number of application we have on the safelist. As of today there are 127,347 application in our safelist and its growing around 2000 a day. These are all comodo vetted applications. So HIPS will be less noisy everyday and less reliant on the user every day :wink:

thanks
Melih

A Blacklist maybe can help to prevent some alerts too. With the largest safelist in the world! (L)

Some file names are known malware samples…

of course, thats the malware database we have and growing in size…

Melih

The greek test you speak about is this one (at least I think so)

http://www.virus.gr/english/fullxml/default.asp?id=82&mnu=82

Comodo’s result:
46. Comodo version 1.0.0.4 - 41.02%

So for now a stay with my trusted NOD32, but I hope that I can rely on Comodo in the near future. (S)

Sure it would save me some money. (V)

with beta v2… the emphasis is on “prevention” rather than detection… even though detection will also be drastically improved… But lets all realise that “prevention” is the future! With prevention you can stop Day Zero attacks, with detection you can’t!

Melih