Latest Test Results From

The latest results are online from

A bit worrying that despite all of the updates etc Cavs latest version was only marginally better than version 1 in the latest tests.


Yes, that amazing. Unless of course version 1.1 is still being updated simultaneously to the current version.Surely not. ???

Apart from that, rank 33 and 34…
I know about the HIPS component, but it would be nice (and necessary?) to have a more competitive detection rate as well.

Very worrying since, as far as I can tell, version 1 does not have the same number of definitions as the latest version.


I do not believe such “independent” tests (:AGY) That who pays more (support, support) receives the higher rank. Nothing is free - except Comodo (L) Producers of paid antivisues will do all they can to diminish the achievements of free products. Why should you use free antivirus if you could pay to Mr. Eugene Kaspersky? (:WIN)

You must also remember that these tests usually use really old viruses to test detection rates, unless they are looking at how the application will cope with a new virus.

As CAVS is a new antivirus, it does not have the older viruses, and as these are no longer in the wild there is no real danger of infection.

Also, as Comodo have recently purchased BOClean, they plan on implementing BOClean database (containg over 10 years of signatures) into CAVS. We should also take note of how CAVS will deal with an unknown virus, by preventing using HIPS and Heuristics and then submitting the file for analysis.


As with most tests, they are focussing on detection and removal on a pre-infected system. Just testing these aspects ignores one of CAVS main functions - prevention. If it can’t get in, there is no need to detect or remove.

One day, prevention will be seen as the logical first step in the fight against malware and tests will start with a clean system to accurately measure prevention as well as detection and removal.

I’m confident in CAVS prevention abilities and have it installed on over 40 PCs in a production environment. These 40 PCs just keep on working. The remainder of the LAN (another 225 PCs in this segment) are running other anti malware products and are prone to being infected. Admittedly, they are only infected (usually) until the next signature update, but the facts, as they exist on my LAN, clearly favour prevention as a primary tool in our defences.

Ewen :slight_smile:

Yes, but the disadvantage is that prevention relies\depends on the user to take the decision: malware or not. That can be difficult, if not impossible. I would rather have an AV do that for me. The higher the detection rate, the easier everything is for the user. Prevention+ excellent detection is the perfect combination.
HIPS does not justify (or correct, or whatever you want to call it) a poor detection rate.

I also believe in the CAVS strategy of preventing; it is a never ending - and impossible - job to detect every malware. However, what worries me a little, is that you sometimes really want to run an exe file that is unknown for CAVS’s HIPS. Now you can’t be completely sure that this exe file does not contain malware, e.g. if you download the program from any of those kind of sites, or you get a “funny” little postcard program (or whatever) from a friend - HIPS will warn you, you allow it and then BAM! some malware is executed. At that point there is only BOClean left to hope for. It has saved me once - so it really has a place in my heart - but will it always detect every kind of malware?

Don’t get me wrong - the detection rate must improve. Comodo are increasing the signature base and it is yet to have the definitions from BOClean added to CAVS. This will help enormously, as will the impending release of CFP V3 with its web based HIPS lookup.

Ewen :slight_smile:

Well, I/ve been using Comodo FW and CAVS on my 4 home computers (and three of them are used by my teenage children) plus BOClean on mine - the results are very satisfying. We have nothing on any of the computers except some tracking cookies discovered by SpyBot S&D. And that is why I believe in Comodo (B) (:LOV)

I have also had no real malware problems since using CAVS and CPF and I am a great believer in HIPS as the future - however, I do believe the detection rates will have to be improved. Even though many such antivirus tests are flawed and use ‘old’ virus samples I think CAVS must be capable of competing with the top few in these tests or it will be difficult to convince many people to switch to CAVS.


That’s true. The problem is most non-techies are only attracted to numbers and detection rates fit the picture. HIPS is much newer and there are so few tests on the web to measure it with something easily identifiable as stat percentages.

On the contrary, people would rather use avast/avg/AntiVir PLUS Spyware Terminator than CAVS. Lesser bugs, more detection rates and HIPS.

But how do you know?

I can see that, I use all sorts of malware detecting programs like HijackThis, Gmer, Spybot Search and Destroy, Adaware, online scanners, etc., etc.

The same way that you know “your” AV is working - it says nothing. It all comes down to trust.

Ewen :slight_smile:

Well…detailed results were published today and it seems that comodo at least caught over 70 percent of the windows viruses (w/e that means)

And the test places a lot of weight on trojans, it seems, with trojans making up about 60 percent of the test…to score well on this, i guess that comodo needs to improve trojan detection

I don’t know. Maybe it’s because Mr Eugene Kaspersky makes a product that trounces this free antivirus, and you get what you pay for?

The consensus seems to be that CAVS makes up for its poor detection rates through its HIPS module. All I can say is that the HIPS module of CAVS IS NOT A HIPS AT ALL. It’s NOTHING MORE THAN A WHITELIST. A real HIPS program provides the user with detailed information about that a program does as it is running - what files and registry keys it is trying to access, which API hooks the process is calling, and so on and so forth - information which helps the power user decide if the program is malicious or benign. Unfortunately, what Comodo chooses to call the “HIPS” component of CAVS does absolutely nothing of that sort. All it effectively does is to tell the user: “I have never seen this file before, and have no idea what it is.”

Does it work? Sure, if you send every file to Comodo and wait for days for the results of the analysis. But is it a HIPS? No. It’s nothing but a “dumb” solution that relies on the fact that malware can do no harm if it doesn’t execute, something EVERYONE can do on his/her own without having an extra annoyance layer that is the whitelist. It provides no information about what a program is or what it does, only that Comodo has no idea what it is, and it INDISCRIMINATELY FLAGS ALL PROGRAMS fitting this criterion as opposed to only blocking programs which exhibit malicious, malware-like behavior. Compare this to true HIPS programs like System Safety Monitor, EQSecure or ProSecurity that tell you what a program is trying to do and gives you control over its actions, allowing the user to decide whether a file is malicious or not even if they don’t know what it is. Or even better, compare it to intelligent HIPS like Kaspersky’s Proactive Defense Module, which comes with smart rules to minimize user interaction. Now THAT’S a real HIPS component, as opposed to a simple, dumb whitelist filter being marketed as a “HIPS” to mislead unsuspecting novices.

There are many reasons why you might want to pay Mr Eugene Kaspersky for his product. Better signature detections and a real HIPS component (the Proactive Detection Module) are two of them.

The question is:

if malware was to attack your machine which product would protect you better?

Why don’t you test it and let us know;) and oh btw… cavs is still beta…

What you call it is totally irrelevant… the question is which one protects the user better with less nuisance!?


That’s a hard question to answer, really. It depends on how the user answers prompts.

But I think the more interesting question is “why”. The thing I was really trying to say was that the Comodo “HIPS” gives the user no further information to make an informed decision on whether to run the program or not, other the fact that Comodo has no idea what the file is - ergo, it is not a “HIPS” at all, only a dumb whitelist filter. Are whitelist filters effective? Certainly, because if you flag EVERYTHING indiscriminately, INCLUDING THE BENIGN FILES, obviously you’re going to flag 100% of the malware as well. And therein lies the problem. It’s like hiring a bouncer who nabs EVERYONE who shows up at the door, takes down nothing but a list of their names, and asks you to decide who the legitimate customers and miscreants are without any further information. OR you can ask the bouncer to decide for you, but it’s going to take him days, for each and every person, to come up with an answer.

There’re a lot of ways to secure a PC, such as unplugging it, chaining it up in a safe and burying it underground in solid concrete. Unfortunately, not all of them are feasible and/or ideal.

Whitelist filters are also redundant unless you’re enforcing a security policy on a PCs that you’re not using, for reasons that should be obvious.