I was thinking like how much of the newest roque av’s can comodo actualy detect? so i thought let’s make a little test I collected 60 samples, only the newest roque’s like rapid av, malware catcher and so on…
Comodo was fully updated, and heuristics on medium. I also tested other av’s like kaspersky and trend micro + superantispyware and mbam.
Hard to find your results credible when we have no idea where you got the samples or how you tested each program. So what you are saying is that you installed CIS and tested it. Then completely uninstalled CIS and then installed F-Secure. Then you completely uninstalled F-Secure and installed BitDefender. So on and so forth.
I got the samples from various sites. They are coming from searches for free av’s trough google, p2p downloads, redirects, and i got a few links on hosts-files.net. Sunbelt’s blog also post various new liinks to malware sites every week.
Too test each i av i used there online scanners, bitdefender hase a free scanner though.
damn i feel like this now http://kevinrobinson.files.wordpress.com/2008/06/epic_fail.jpg
You can’t realy call comodo’s current heuristics like something that will catch a lot. I just tested with heuristics on low and i catched the same amount of sampels. Those online scan probably only use signatures, and maby some heuristics so the difference can’t be to big. I didin’t executed the files so no behavious is involved. I think it’s a pretty fair test.
Though I personally have no interest in doing this on my own, I do value and like to read threads like this done by average joe people. Is there or has there been any talk of setting up a member driven guide on how to set up, test, and report findings like this? I’ve seen a lot of people with the drive to help out but get torn apart when trying to actually conduct/report their findings. Just an idea/question.
The problem with testing Comodo or any other security product against ‘rogues’ in this way is that by their structure there’s often nothing to differentiate a rogue product from a legitimate one such as SAS.
Unless a specific blacklist signature exists,heuristics etc. will offer very little help in determining the intentions behind a program (ie removing malware or removing £££ from wallet).
Rogues are entirely different from traditional malware in many cases and this is why they’re so popular (and successful) with wrong doers.