after using comodo 2.4 for a long time I would perhaps like to update to 3.0. One of the new features is malware-detection (even a heuristics module is included according to some people ).
But does the comodo firewall access the harddisk extensively like a “real” antivirus (“On Access-Scanner”) or does commodo only protect your “data-streams” (Ingoing or outgoing).
I hope it’s the second one because for harddisk-scanning on access I use a good antivirus. The performance impact would be a little to much for my ol’ PC when there search 2 Engines for file-virusses on my harddisk.
Imagine you are surfing the web and all of a sudden your machine becomes sluggish and starts doing strange things…
You are infected…
then you get your av, try to update your signature definitions… still no luck… cos this is a new malware…
so the question what happened?
Well, malware injected itself into your machine using many vulnerabilites…
v3 on the other hand would have picked this instantly and alerted you to a strange activity and you would have known before it happened!
Its a prevention rather than detection! that is the paradigm shift with v3!
I think the answer is yes. What the point to allow antivirus’ resident monitor instantly scanning file system if it cannot detect new malware anyway? On the opposite HIPS doesn’t scan file system at all and it is able to detect and prevent even new malware when it will try to do it’s harmful job (I mean good HIPS like Defense+ in CFP).
So your system is faster and better protected with HIPS. It is like win/win situation.
But I also think that it is useful to scan for viruses removable drives, downloaded unknown files. And whole system once for one/two weeks (just in case).
Thanks. I am impressed with what CFP3 does… certainly it is the best of it’s type I’ve seen. But I guess it doesn’t really answer the question of whether it can replace a standard AV, or act as a second layer of security. Browsing the forum doesn’t seem to answer this… maybe it can’t be answered.
For the average home user, I suspect multi layers of security is overkill, & it does slow a PC down significantly. Nothing is 100%, but I think many users would be interested in whether or not CFP3 can be thought of as an antivirus replacement. The PC certainly runs faster with CFP3 alone.
Actually cfp should be the first layer of security. My opinion is that you don’t need an on-access virus scanner but using one on-demand wouldn’t slow your computer and you will have a backup layer of security. This way you can right click a file and click “scan with …” before you allow it in cfp to execute if you are not sure about it containing malware or not.This is not 100% though because if it is something your av doesn’t know then its up to you to decide. Thanks to cfp you will have the choice. But the best thing is to use your mind and surf the net responsibly. Anyway If one wants to run questionable programs they are probably aware of the potential risks involved.
The real question is... can Comodo replace the need for an antivirus program, especially real time monitoring?
Let me give you an example of how (IMHO) it can’t.
I’m running Comodo in Train with Safe mode. Only applications in Comodo’s safe list should be allowed to run without notice in that mode. One day I plugged somebody’s flash drive into my PC. The flash drive had the autorun enabled. So after I plugged it in, the rundll32.exe was executed (no alert from Comodo since both the launching and the launched processes are safe) and instructed to run a viral DLL from the flash drive (again, no alert from Comodo since rundll32.exe is safe and the dll is not considered an executable). The only thing that saved me from being infected that day was the antivirus, which caught the dll being launched and deleted it (I then got an error from rundll32.exe not being able to locate the dll).
Another example: when you run a VBS script in Windows, any script actions are carried out by wscript.exe, which is considered safe by Comodo. Place something like “wscript.exe D:\Virus.vbs” in the removable drive’s autorun.inf and Comodo will just let it do it’s business next time you put it in. And there is no way you can tell Comodo to allow wsctipt.exe to launch A.vbs but block B.vbs, even if you’re in Paranoid mode.
actually A-VSMART ™ is the name of the technology for v3. its not just the basic heuristic algorithm. also this basic heuristic part of A-VSMART can detect 60% of “unknown malware” (which is pretty damn good for a simple heuristic, considering that majority of AVs miss new malware cos they don’t have the signature, do check www.virustotal.com stats to see what is being caught of the new ones). Its very difficult to further quantify these stats simply because any test is limited to the malware it possesses in its database (known or unknown). That is why we have V3 with A-VSMART where Prevention is the key. Of course we will continue improving detection technologies as we believe in the layered security architecture. However it would not be prudent to rely on detection as your first line of defense. Prevention should be your first line of defense!
Hence A-VSMART is not just the “detection” engine, its the New Platform for V3 that will prevent malware infiltrating in. Hence I would go and say: A-VSMART will Prevent ~100% of known and unknown malware! Now thats hard to beat! (:NRD)
60% on your test set. Malware is designed to defeat the current heuristic detections, so the actual results for unknown malware are lower.
Also some antivirus (e.g. Antivir, NOD32) have very good heuristics with very few false positives.
However it would not be prudent to rely on detection as your first line of defense. Prevention should be your first line of defense!
detection is prevention
Hence A-VSMART is not just the "detection" engine, its the New Platform for V3 that will prevent malware infiltrating in. Hence I would go and say: A-VSMART will Prevent ~100% of known and unknown malware! Now thats hard to beat! (:NRD)
HIPS cannot prevent ~100% of known and unknown malware because that assumes that the user always make perfect decisions.