Hi there I am currently running Spyware Terminator, Avira Anti Virus free edition and COMODOs BOClean. I have my antispyware set up to smart scan my system everyday and today it found 1 high risk trojan and some adware. The trojan was an exe in my C:\WINDOWS folder so just out of curiosity I scanned it with my Avira Anti Vir and it said it was clean but an anti spyware was picking it up which I found odd but then wondered why the Comodo BOClean didn’t pick it up either. Anyway I let it remove the files and I decided it was time I need to up the secuirty ladder which is why I came here ;D I was going to get the anti virus soon anyway I just didnt know when the new one came out of testing. Then I had a look at the firewall and it says it protects against viruses and trojans also but I thought Firewalls were to stop hackers so if they both do the same do I only need one? Or do Comodo have an all in one protection package too?
And how come there isn’t an anti spyware package not that I want it at this time just out of curiosity?
Many questions, here’s some kind of answer: Comodo Firewall Pro is so much more than just a firewall. Its leak protection is supported by something called Defense+ which verifies every file that is executed on your system. Whatever you do (or whatever malware do), Defense+ will notice and warn you if the application is unknown.
There is no all in one suite at this point, but Comodo is step by step building up an arsenal of security layers. The latest thing is that if you execute something that is unknown to Defense+, there is a built in malware scanner that increases your chances to determine whether something nasty has sneaked in to your system or not.
If you don’t use Comodo Firewall Pro I recommend you try it, because it’ll take your security to another level. I use it as my only security program (I know, 99% of all people in the world would say it’s stupid and probably 80% of the people at this forum ^_^).
Antispyware should be included in CAVS 2. Now we’re waiting for CAVS 3 - things will only get better. :-TU
Here’s why: whenever an unknown executable is executed, Defense+ warns me. Now, no alerts are really unexpected by me (not counting the specific details of particular alerts). I only execute what I believe (strongly believe) is safe, like downloaded setup files to update programs on my system. If malware by any chance is hidden in the files I execute, I’m willing to take the risk because I consider it as minimal. I suppose I will have to eat those words up, but for the last month I’ve scanned my system with Avira (excellent detection), with ClamWin, AVG Antiroot-kit and now recently with the CFP built in malware scanner. Detected files: zero. 8)
I also don’t think I will get malware by just surfing the internet, since I use Firefox with NoScript. This means I only allow trusted websites to run scripts. Highly recommended!
My philosophy, which I’ve learned from Comodo, is to refuse all uninvited “guests”. Refuse as in actually stop. Only trusted guests are welcome in my system.
This is pretty much something that Comodo tries to implement in people’s computer protection.
Currently Avira has a better detection rate than Comodo, we’ll see how Comodo improves when the old signatures of BOClean get integrated with CAVS.
As for your second question, I’m not sure what you mean. Are you asking if Comodo not only uses a white list, but also works heuristically? CFP allow everything on the white list, if a program is not on that list, CFP alerts you. The alerts do not tell only that a program is being executed, but also what the execution intends to do. Like; “explorer.exe tries to execute firefox.exe” followed by “firefox.exe tries to access the keyboard”. In that matter, CFP may have “a mind of its own”…?
I’m not entirely sure whether it will or not. I do know that the CPF Self Defense blocks any program from even accessing the memory of CPF. I found out that AOL (waol.exe) was trying to access the memory of CPF for some strange reason, thankfully it was blocked.
Comodo Memory Firewall exposes any shoddy programming and block any drive by Buffer Overflow attacks. Comodo Memory Firewall is soon due to be integrated with CPF3.
It’s best to run a decent AV along side CPF3. There are some out there which includes behaviour analysis.
In short, it’s best to have a full arsenal of protection. Once I’ve had the chance to play around more with the Newest Version of CPF3 which now includes an On-Demand Virus Scanner I’ll be able to answer your question better.
Whether CFP stops something is up to you, what CFP does is that it alerts you - also for things that should never happen no matter the circumstance. Like malware behavior.
Sometimes, or even often, you don’t really know what to answer. Comodo is about to release a new feature to help you there, it’s called ThreatCast (TC). Read about it in a thread here. In short, you will receive statistics of what other people have answered for the very specific file CFP alerts you for! For example, xyz.exe is executed and you don’t know if you should allow or block. With TC, you’ll see that 89% (or whatever) answered “allow”.
Comodo does have a decent AV with version 2.0, but currently I think the closest competitors (like Avira and avast) may be better, at least in terms of detection rate. And in the end, antivirus is quite a lot about detection rate. Many people at the forum expect the detection rate to be improved with CAVS 3, which should be released sometime this spring (on the northern hemisphere ;))!
Ok cheers. Bit of criticism here, if the functions of the CAVS and CPF are to pop up every now and again to tell you its found something not on the list of your used and approved applications and all it does is let u decide then cant anyone make something do that lol?