… while not everything works sandboxed … unfortunately 
but if the sandbox would sandbox “things” automatically, when they try to do certain virus stuff, even though they are inside a “program” which was started intentionally and which isnt working in the sandbox so running outside…
THAT would be great!
:)…
so you agree that your statement was misleading…"you are right only as long as the virus is not hidden in something that you want to execute. default deny cant help you then’
Knowingly you are spreading lies to end users, making them think that “an infected file” will not be sandboxed hence can’t be protected against. This is a LIE!
You are only on this forums to try to spread misinformation about Comodo…please stop it…or you will be banned…you are well exceeded our good intentions and now abusing our welcome.
Melih
what?
i simply forgot to mention that i meant “when its hidden in a program that doesnt run in a sandbox”.
and i mentioned it immediately as i found my forgetting.
now you say i lie?
and while you are so concentrated about telling me i would lie, you didnt saw that i tried to tell an improvement for the sandbox. in other words: “to sandbox parts of a program that cant run in a sandbox itself, when these parts try to do harm”… and i said, “THAT would be great”.
and i got a verbal punch in the face.
thanks.
I think that, in the spirit of Christmas, you two should spread more love and understanding.
Come on, let me see that handshake!
(:LOV) :■■■■
then you have image execution options to further protect you…
I assume you’re talking about the trojans that trick you into running them. Then when the program still doesn’t work (because it is sandboxed) you will likely allow it out of the sandbox to run it. In that case you would be infected.
The two possible solutions to this are either a sandbox that can run almost anything, or an antivirus that can detect all possible malware.
DACS is approaching the second solution, and I assume Comodo is still working on improving the usability of the sandbox. We’ll just have to wait and see.
Yes Sandbox is being improved all the time. All sandboxed are limited to some level…every one of them!
you saw how i meant it. i just spoke about it.
would be enough when the sandbox and the antivirus can run and detetct each time the “specific” file 
.
a third possible solution would be, when dangerous acting parts of an “unsandboxed installation process” could be forced into the sandbox, even though the needed questions for “installation” are answered with allow before. by behaviour selected.
an antivirus detection would be a sure protection too 
Running ALL software install archive files you download and intend to use (self-extracting archive .EXEs, .ZIPs, etc.) past virustotal.com or virscan.org BEFORE running them is powerful medicine. Do this always, and you’re using the power of 40+ anti-malware scanners BEFORE the file EVER GETS TO CIS!
That doesn’t help other vectors (“drive-by downloads”, etc.) but it’s powerful for install packages you deliberately download and intend to run.
As for browser exploits (“drive-by downloads”, etc.), running Firefox with the NoScript extension is VERY powerful medicine. It “default denies” ALL forms of “active content” (meaning, code) from ALL domains unless you specifically whitelist them (temporarily or permanently), AND it contains many other exploit countermeasures (e.g. ClearClick, ABE, many anti-XSS techniques that are constantly updated in response to new evil tricks, etc.), most of which are fully automatic and don’t require you to do any configuration and maintenance!
By the way, I’d bet that DACS stands for “Distributed Anti C(something) System” or “Distributed Analysis C(something, “Code” maybe?) System”. I’ll bet it’ll be basically a locally-running variant of the VirusTotal idea, with dozens of engines providing realtime and on-demand scanning of all your PC’s files, via clever “cloud”-like use of the Internet (likely via patented, highly-efficient, minimal-traffic lookup algorithms and other cleverness).
Just my best guess. But I’ll bet I’m right.
Thanks, just saw it now. Looks like I was mostly correct in my guesses.
I just read Melih’s full description of DACS (linked to above).
Questions:
How long before every major AV company adds “Thou Cannot Participate In DACS” to the terms of their EULAs (End User License Agreements)? I’m guessing “within several days to weeks”. I’ve seen countless EULAs that say that the data produced by the product cannot be used for any purpose except personal use by the licensee only, and ESPECIALLY cannot be SENT to any other service. I’d expect a legal war in short order.
“Cloud” and DACS scanning will involve sending whole files, or at least hashes of files, to Comodo and/or TOTAL STRANGERS participating in DACS, for scanning/analysis. I and many other people DO NOT want our files (or hashes thereof, which indicate presence) leaving our PC, especially not in the background all the time with no notice given. HUGE privacy breach.
And yes, I’m aware that CIS has sent out hashes for “whitelist lookup” for a long time now, and I don’t like that either, but I can’t stop it without ceasing to use CIS. But my understanding was that those are only executable files (EXE/DLL/etc.) and not data files, correct? Whereas I’d imagine anti-malware scanning would send out hashes of ALL types of files (or worse yet, the full files themselves).
Has Comodo made any response to these sorts of privacy concerns? If so, point me at it, please? Will we be forever allowed to voluntarily give up “zero day” protection and remain “traditional signature-based only” so we don’t have our files, or hashes of our files, being sent out from our PCs in the background without our permission?
And no, I don’t care about “privacy policies” that say “honest we’ll never misuse the information”. I don’t want the files (or hashes thereof) leaving in the first place, period.
Thanks.
Anti Virus companies are protection Criminals - not anymore thanks to DACS!
DACS is released as part of Comodo Cleaning Essentials.
I think we have quite a bit of wolfs in sheepskin in here and it really shows after DACS comes out
Le’st put it in this way, How can you argue AGAINST improving the detection rating??? Apperantly some here have found a way and THEIR posts proves it
If you don’t like any comodo products, then don’t use it. No hard feelings. :-TU If comodo is not for you, try something else like online armor or putpost <— just to give you an idea
[
jay2007tech, I simply asked two legitimate questions. I like Comodo’s products, and I think they have the best security suite in existence at the moment, and lots of good, innovative ideas. I have no agenda, just asking good questions.
I just saw Melih say this in another thread:
Yes, only executable files (unknown files) are uploaded and checked by Comodo Cloud AV, CAMAS and DACS
This would be a pretty good answer to the privacy question, for anyone who’s not developing their own software they don’t want sent out. This would essentially SOLVE the privacy issue for all non-software-developers, meaning for anyone not MAKING their OWN new executables.
Software developers, I’d imagine, might be able to add their development directories to the “My Safe Files” list, so their contents are never sent out for scanning.
If “executables only” is really true, I’d be all for Cloud/DACS/CAMAS/etc scanning.
One potential issue though, is files that can have executable code or potentially-malicious macros/scripting in them, AND sensitive, private user data… for example, a Microsoft Word (.DOC) or Excel (.XLS) file. This would potentially be a big privacy problem, since the user’s private data would presumably get sent out right along with the unknown MS Office macros/scripts that are contained in the very same file.
I’d really like to see clarification on this “mixed code and userdata” type of file, and how it would be treated.
IMO, An AV product that uses cloud is a good idea, BUT I’m TOTALLY against OS systems in a cloud.(think of only being able to use windows by using a internet connection)
Yes, that’s an awful idea. At least with the cloud AV, presumably there’s the backup of the most-recently-downloaded signatures to scan against, until network connectivity returns. Not being able to use your OS would really suck.
This is likely why TRUE “thin clients” haven’t caught on, and the PC as we know it today still reigns supreme.
They already can. Please get your facts straight.
If "executables only" is really true, I'd be all for Cloud/DACS/CAMAS/etc scanning.You have doubts. No problem. You have proof there is more being uploaded? We're listening.
One potential issue though, is [b]files that can have executable code or potentially-malicious macros/scripting in them, AND sensitive, private user data[/b]... for example, a Microsoft Word (.DOC) or Excel (.XLS) file. This would potentially be a big privacy problem, since [b]the user's private data would presumably get sent out right along with the unknown MS Office macros/scripts that are contained in the very same file.[/b]In the upcoming v5.3 the automatic upload to the cloud of files in Manual and Scheduled scanning is disabled by default and can be enabled.I’d really like to see clarification on this “mixed code and userdata” type of file, and how it would be treated.
Does that cover your concern?
Um, that’s precisely what I’m trying to do by posting and asking here.
You have doubts. No problem.
Yes, which is why I’m asking here. And I’m finding answers, which is great.
You have proof there is more being uploaded? We're listening.
Um, no I don’t, nor did I ever indicate that I did.
In the upcoming v5.3 the automatic upload to the cloud of files in Manual and Scheduled scanning is disabled by default and can be enabled. Does that cover your concern?
Partially, and thanks. It’s good to know that outgoing file sends can be opted out of, at least in the CIS product.
However, cloud/DACS scanning sounds really powerful and good, and I’d like to use it (since only executables are sent). However, if cloud/DACS uploading is turned on by the user, there’s still the question about files that have potentially-malicious macros/code/scripting AND user data, all in the same file. Would these be treated as executables and sent to the cloud/DACS, or treated as non-executables/userdata, and not be sent? Like I said, examples are MS Word (.DOC) and Excel (.XLS) files, and I’m sure many other file types.
Other than that one remaining question, it all sounds pretty good to me. Thanks for the info!
Rephrasing obvious facts, that can be found when doing a little bit of homework, can be easily and righteously seen as a trolling strategy.
Partially, and thanks. It's good to know that outgoing file sends can be opted out of, at least in the CIS product.With 5.3 it will be opt in. They will only be sent when enabled.
However, cloud/DACS scanning sounds really powerful and good, and I'd like to use it (since only executables are sent). However, if cloud/DACS uploading is turned on by the user, there's still the question about files that have potentially-malicious macros/code/scripting AND user data, all in the same file. Would these be treated as executables and sent to the cloud/DACS, or treated as non-executables/userdata, and not be sent? Like I said, examples are MS Word (.DOC) and Excel (.XLS) files, and I'm sure many other file types.Non executables will only be scanned by the AV. When it finds something malicious in it it will alert the user.Other than that one remaining question, it all sounds pretty good to me. Thanks for the info!
DACS is like me scanning the USB stick of my neighbour with my AV scanner. After the analysis I tell him what the scanner reports. We then can discuss the two opinions of our respective av scanners. That is all that DACS provides at a bigger scale.
There is nothing else being shared than what an AV programs reports like in Virus Total. Remember there are no definitions or removal strategies unearthed.
With the outcome of the various reports we can start talking about it. Telling in the EULA not to talk about what a scanner reports sounds like censorship to me. Not something we like in the Western World.
I think they will try to legally oppose it as much as they can but don’t think they will succeed in the end. They may win a battle here and there; they will loose the war.