OA had a bug too and it also skewed it results. Fortunately they fixed it soon enough and IIRC applied for a paid test again.
Bugs may happen and whatever the new OA beta has a new feature I guess doesn’t actually mean that all OA users so far paid for a bugged product.
Now I guess you just forgot to mention about that in your opening post and to include it in the zip files containing your test.
Maybe because that program isn’t really like any other regular program? Maybe in that case an user should consider that alert more important that any else?
Maybe you can guess what you will do in that situation rather than guessing what anybody else will do?
Or you are going to create a scenario where a fictional user will act accordingly to prove your point?
Just to give you some more information on how threatcast works AFAIK
- Users run a program and it gets asked
- you vote when clicking allow/block
- you’re vote is submitted into the clouds
- when for example 20 votes are allow and no blocks, it will be analyzed by Comodo and if found a valid it will be allowed automaticly and the other way around
Result : way less pop-ups and Comodo get’s a bigger Whitelist/Blacklist DB
Beware : this is what I understood from it, it could be wrong though, but it would surprise me…
Xan
I see. Though I wonder if there may be people you don’t know.
Regarding TC please ask egemen, as CIS lead developer he is well suited to address any doubts you could be willing to spread around.
TC is still ongoing development and I would rather wait before jumping to any conclusion.
As now you noticed this paradox I guess you should reasonably be aware that likewise the people you previously claimed to know don’t prove any point.
I guess it is more about pointing a finger and stating it doesn’t look right.
I see. So stating that people you know may misinterpret alerts was a suggertion? A criticizm perhaps? About alerts? All of them? Even if they got an heuristic rating?
Nope the people you claimed to know say it all…
To be honest, lets say D+ alerts are good, comodo should however not settle with that.
It can and should improve, so its good that you usability guys comes up with suggestions!
Since the usability can never be too good. you never hate a product for being userfriendly, being simple can make you hate it but userfriendly is something different.
I think some popup that makes it easier for the user to make a good choice is always good! :-TU
Thats what gibran was trying to say, that comodo already does some pointing to suspicious activities when saying
“Maybe because that program isn’t really like any other regular program? Maybe in that case an user should consider that alert more important that any else?” Pointing out that comodo already label extra suspicious activity in a different manner so the user has a less risk to click yes as usual.
As to if gibrian is happy with the current D+ alarms noone exept maby gibrian knows! =)
And m00nbl00d is right about some users have a hard time with the warnings, I know a few myself.
Comodos goal should be to be easy to the newbies and also providing data to the more advanced.
Maby add some extra stuff to the popup would not be a bad idea.
Anyway, I leave it to you guys, this is flame flame and more flame, will still read it thou. 88)
Couldn’t help posting one more time… ;D
I think this thread is kinda wierd, who the heck is “alfa1” he joins the forum and posts 3 times and thats all he posts and its all attacks about comodo being flawed, while in fact its not.
I guess there are some fanboys of OA here or similar that youst cant help themselves from criticizing comodo for doing what they pay for, only better, and for free, I would be jealous to. 
I think there has been a lot of unnecessary critic of comodo lately.
And its kinda annoying, CIS interpreted this among the best if not best.
:comodorocks: :ilovecomodo:
I PMed Egemen (Lead Comodo Internet Security Developer and incharge of it) to look at this…
Cheers,
Josh
I do find easier to tell that something can be improved and stopping at that, than actually explaining how a specific thoroughly described alternative would be an improvement and let everybody acknowledge that.
It may be counterintuitive but an HIPS is not an antivirus so if the user is supposed to approach an HIPS the first time he may as well feel uneasy if he does assume to be able to use it fully from the beginning.
If a supposed wording that could fill the inevitable gaps as soon is displayed may look reasonable, If it boils down to something among the lines of Click here you cannot be wrong it won’t be a HIPS anymore nor any alert would be needed too.
You implied you actually provided a suggestion but what you actually stated was the previously mentioned claim. Was it lame?
The rest is seemingly related to D+ and your views about it but not really about this ongoing topic.
Will be an user posting OT feedback along the lines of This doesn’t look right (but I’ll know when I see it) likely sound more reasonable?
Fear not I’m sure you will post your uncertain points and sensible doubts even tomorrow.
That may as well worth it for you.
Although the conjectures about D+heuristic were more focused on the ongoing topic I hope you’ll consider to post your wished implementations in the appropriate boards.
As for the shouting alerts there should be already a related suggestion in the wishlist boards.
Thanks a lot for this. :-TU
I think the thread is going too much far from the original topic. I appreciate the discussion but how to redesign CFP alerts etc, all of it must be discussed in a separate thread please. I feel lost.
Yes, my initial analysis was not so complete. I missed those pop ups probably as I must have made an allow rule for rundll32 accessing svchost.exe in memory, due to similar pop ups in the past with some legit applications. That,s the whole weak point in this interception.
BTW, heuristics of CFP are so nice but you will agree that these don,t count much due to so many false alarms. I get these heuristic alerts with so many utilities on my system. I will prefer less aggressive heuristics with far less false positives. I read somewhere that CFP heuristics are based largely upon packers detection, if so then it,s not good and may be the reason for so many false alarms as well.
The AV Detects this worm in CIS. Hence I am unable to send it to Egemen because the AV in CIS watches all of @comodo.com Email’s… :o
See Screen Shot.
Cheers,
Josh
[attachment deleted by admin]
You still forgot to update your opening post though. :-
BTW you previously stated you used also an unaltered D+ proactive profile in paranoid mode. ???
I don’t know if you noticed but apart form the inconsistencies in the testing methodology this topic has been a collection of criticism toward CIS, every aspect of it even if not strictly related to this test.
It is not unlikely this topic will continue to gather similar feedbacks from members eager to improve CIS.
Hi gibran, it was not a professional testing, you must consider this and thread is NOT against CIS, it,s to improve CIS. There is no offence against CIS, It does intercepts the threat but interception can be improved much and that,s all I want9 just like oA people implememnted it promptly without thinking that it is againt OA).
And I did not write that I use default proactive config. I just tried that config with the malware.