Ive been roaming around the forums and ive been seeing alot of stats thrown around about how Comodo is comparing to other AVs when it comes down to it how does one determine what information to consider good and which to consider bad. Ive been to sites like AV-TEST, cant remember if its .com or .org, but it rates Comodo CIS kinda low.
I will continue to use comodo but why is the information so varying from one lab to another? I never really understood that
Most of these tests are strictly detection tests. Comodo’s stance has always been that prevention is more important than detection. If nothing can get in, there is nothing to detect.
Comodo does well in dynamic type testing which are designed to test prevention, but they don’t do as well on the tests that focus on detection.
The AV industry has put a lot of stock in detection tests, and most users also feel this is of greatest importance. Comodo has long been trying to teach people that a high detection score is really no indication of how well a security suite actually protects your system.
does this mean, when i use only comodo antivirus, firewall and defense+,
and dont use additional the “full features” like sandbox and cloud,
that i am not as much protected as when i would use it with another antivirus?
as far as i see, i have to choose all features to be protected, as the “possible bad” detection rate is accepted as existend but unimportant,
or i should use another antivirus for better detection.
i recently decided again to use comodos antivirus with defense+. i dont like the autosandbox (dont want to have things run without question), and i dont like the cloud.
now i am not sure if it was the right choice when i read how the detection rate is put in the background. in my described comodo installation, nothing protects me against an undetected virus which i allow to start unfortunately. so i need detection at this point, which would protect me from starting it at all.
I watched a video by a fellow member of the forums and he made a video about the security of CIS. I think instead of showing us the results of the test they do they should show videos and how they came to the results.
I think in end that will be a better system to help people decide what AV to go with if the testers show what the systems are capable of doing with video to back up.
Detection rate IS important because it is the minimum automatic protection provided by a security suite for a totally computer-ignorant user. Protection above the detection rate is only provided by sensible user responses to warnings from behavior monitoring using HIPS and/or sandbox.
Unfortunately, using HIPS and Sandbox has some disadvantages:-
Sandboxing is an excellent form of protection but it can’t be used for all software.
Any program alerted by its behaviour is already executing on the computer and if not sandboxed might have already performed malicious activities before the alert.
Even with valid warnings a user can allow an action that should have been blocked, or re-run a program identified as suspicious outside the sandbox, causing an infection.
Some legitimate programs can generate “false positive” warnings.
It therefore follows that a higher detection rate means fewer warnings from HIPS or Sandbox which reduces the number of chances for the user to make incorrect decisions. In theory this would not affect the protection provided to a very knowledgeable user, but to everyone else the protection would be lower.
Im sorry to say but I will have to disagree with your last post.
If software cannot run because of sandboxing, you only have to posibilities: add the software to the whitelist or the blacklist. Making a decision its really hard when you dont know the software. If you know the software, then its easy right? Thats the virtue of AUTOMATIC sandbox technology. If you dont know what to answer, you will receive an automatic response and the software automatically be moved to whitelist or removed if its malware. Plus, now its really weird (in my case) to find a software running in sandbox. And I install CIS in many machines monthly. Whitelist its pretty mature.
If never seen a computer getting infected when you block the malware, once HIPS alerts you. Thats the purpose of it, prevention.
Human error will always be there, as we operate the computers. So, no software will ever prevent/protect if user allows the malware actions. CIS will reduce this error by making decisions for the user.
Also in detection, there are LOTS of FP. Comodo works with blacklisting and whitelisting, thus reducing considerably the FP (of course there always will be some).
In other words, detection rate its important for known malware. Of course its good to have the best possible blacklisting in the world.
But what are you going to do about unknown files that are malware, being allowed and executed in your PC even with the best possible blacklisting in the world? Blacklisting wont stop them for you at all.
In the current stable CIS i.e 5.5, the Autosandboxing is good. In my system whatever I have tried, Autosandboxing never created any prob for me i.e all the programs opened. Sometimes there are Global Hook & COM popups with Autosandbox. These the Devs are trying to eliminate in CIS V6.
The default settings of CIS i.e Internet Security
Firewall gives no popups.
Antivirus can be set to autoquarantine so no popups. False Positives have reduced a lot. It will be further reduced when Valkyrie will be introduced to CIS.
Autosandboxing is good with mostly 2 popups i.e Global Hook & COM which will be eliminated in V6.
So CIS with V6 will be kind of no-popup or automatic in default settings for average users if FW, AV & SB is used.
The only little prob remain will be Unlimited Rights popup & few other D+ popups. I guess atleast this will remain in V6. Further versions may find any solutions to eliminate these or making it more easy so that average users may also deal with these popups easily.
When Valkyrie will be added to CIS it will make CAV very strong. I wish when Valkyrie is introduced to CIS, one could be able to use FW, AV & Autosandbox keeping the D+ disabled. In 5.8 this can be achieved through D+ settings, Dont give Popup Alerts, by setting this option to allow, but still you get Unlimited Rights popup. I think Unlimited Rights popup should also be allowed automatically with this setting or an option should be there in D+ settings, Unlimited Rights Popup - Dont Give This Alert - Allow/Block.
I don’t know specific details about the changes with v6 but it should get rid off (most of) them. Version 6 will be a big change so it will have public beta releases so you that will allow you to follow the topics about it and the chances it will bring.