after using comodo 2.4 for a long time I would perhaps like to update to 3.0. One of the new features is malware-detection (even a heuristics module is included according to some people ).
But does the comodo firewall access the harddisk extensively like a ārealā antivirus (āOn Access-Scannerā) or does commodo only protect your ādata-streamsā (Ingoing or outgoing).
I hope itās the second one because for harddisk-scanning on access I use a good antivirus. The performance impact would be a little to much for my olā PC when there search 2 Engines for file-virusses on my harddisk.
Imagine you are surfing the web and all of a sudden your machine becomes sluggish and starts doing strange thingsā¦
You are infectedā¦
then you get your av, try to update your signature definitionsā¦ still no luckā¦ cos this is a new malwareā¦
so the question what happened?
Well, malware injected itself into your machine using many vulnerabilitesā¦
v3 on the other hand would have picked this instantly and alerted you to a strange activity and you would have known before it happened!
Its a prevention rather than detection! that is the paradigm shift with v3!
I like the fact that Comodo & other HIPS donāt require signatures. The real question isā¦ can Comodo replace the need for an antivirus program, especially real time monitoring?
I think the answer is yes. What the point to allow antivirusā resident monitor instantly scanning file system if it cannot detect new malware anyway? On the opposite HIPS doesnāt scan file system at all and it is able to detect and prevent even new malware when it will try to do itās harmful job (I mean good HIPS like Defense+ in CFP).
So your system is faster and better protected with HIPS. It is like win/win situation.
But I also think that it is useful to scan for viruses removable drives, downloaded unknown files. And whole system once for one/two weeks (just in case).
[quote author=ganda link=topic=15194.msg121466#msg121466 date=1199094974]
hereās a good explanation about Prevention==>detection==>cure 8)
Thanksā¦ itās a nice albeit ācute & fuzzyā explanation. Iām a little more interested in some real factsā¦ ieā¦ effectiveness of CPF3 in keeping my PC safe c/w an antivirus like NOD32 or Kav. Many thanks.
real facts? hmmm, how about this, CFP3 got A-VSMART technology,it can detects 60% of UNKNOWN MALWARE, sounds effective huh. if you browse thoroughly in this forum, youāll see some posts about it.
Thanks. I am impressed with what CFP3 doesā¦ certainly it is the best of itās type Iāve seen. But I guess it doesnāt really answer the question of whether it can replace a standard AV, or act as a second layer of security. Browsing the forum doesnāt seem to answer thisā¦ maybe it canāt be answered.
For the average home user, I suspect multi layers of security is overkill, & it does slow a PC down significantly. Nothing is 100%, but I think many users would be interested in whether or not CFP3 can be thought of as an antivirus replacement. The PC certainly runs faster with CFP3 alone.
Actually cfp should be the first layer of security. My opinion is that you donāt need an on-access virus scanner but using one on-demand wouldnāt slow your computer and you will have a backup layer of security. This way you can right click a file and click āscan with ā¦ā before you allow it in cfp to execute if you are not sure about it containing malware or not.This is not 100% though because if it is something your av doesnāt know then its up to you to decide. Thanks to cfp you will have the choice. But the best thing is to use your mind and surf the net responsibly. Anyway If one wants to run questionable programs they are probably aware of the potential risks involved.
I 2nd that!
As a newbie I also find it difficult to know wheather CPF3 is alerting me of an actual safe process or somthing that is pretending, burying, cloning itās self as one
The real question is... can Comodo replace the need for an antivirus program, especially real time monitoring?
Let me give you an example of how (IMHO) it canāt.
Iām running Comodo in Train with Safe mode. Only applications in Comodoās safe list should be allowed to run without notice in that mode. One day I plugged somebodyās flash drive into my PC. The flash drive had the autorun enabled. So after I plugged it in, the rundll32.exe was executed (no alert from Comodo since both the launching and the launched processes are safe) and instructed to run a viral DLL from the flash drive (again, no alert from Comodo since rundll32.exe is safe and the dll is not considered an executable). The only thing that saved me from being infected that day was the antivirus, which caught the dll being launched and deleted it (I then got an error from rundll32.exe not being able to locate the dll).
Another example: when you run a VBS script in Windows, any script actions are carried out by wscript.exe, which is considered safe by Comodo. Place something like āwscript.exe D:\Virus.vbsā in the removable driveās autorun.inf and Comodo will just let it do itās business next time you put it in. And there is no way you can tell Comodo to allow wsctipt.exe to launch A.vbs but block B.vbs, even if youāre in Paranoid mode.
This sounds impressive because you are assuming it can detect 100% known malware and 60% of unknown ones.
If this was an antivirus, it would detect most of the known ones, and to see how it scores against unknown ones we would do a retrospective test.
The top AVs like NOD32 will typically detect 95-99% of known malware (the most common ones) and say 60-70% of unknown ones based on heuristics. Not too badā¦
The trouble is CFP3 does not know any āknownā malware, so effectively this means that if i toss 100 of the most common malware at it, the āVsmartā will miss 40 of them!!!
While an antivirus will likely catch most of them if they are well knownā¦
actually A-VSMART ā¢ is the name of the technology for v3. its not just the basic heuristic algorithm. also this basic heuristic part of A-VSMART can detect 60% of āunknown malwareā (which is pretty ā ā ā ā good for a simple heuristic, considering that majority of AVs miss new malware cos they donāt have the signature, do check www.virustotal.com stats to see what is being caught of the new ones). Its very difficult to further quantify these stats simply because any test is limited to the malware it possesses in its database (known or unknown). That is why we have V3 with A-VSMART where Prevention is the key. Of course we will continue improving detection technologies as we believe in the layered security architecture. However it would not be prudent to rely on detection as your first line of defense. Prevention should be your first line of defense!
Hence A-VSMART is not just the ādetectionā engine, its the New Platform for V3 that will prevent malware infiltrating in. Hence I would go and say: A-VSMART will Prevent ~100% of known and unknown malware! Now thats hard to beat! (:NRD)
60% on your test set. Malware is designed to defeat the current heuristic detections, so the actual results for unknown malware are lower.
Also some antivirus (e.g. Antivir, NOD32) have very good heuristics with very few false positives.
However it would not be prudent to rely on detection as your first line of defense. Prevention should be your first line of defense!
detection is prevention
Hence A-VSMART is not just the "detection" engine, its the New Platform for V3 that will prevent malware infiltrating in. Hence I would go and say: A-VSMART will Prevent ~100% of known and unknown malware! Now thats hard to beat! (:NRD)
HIPS cannot prevent ~100% of known and unknown malware because that assumes that the user always make perfect decisions.
).
