Maturing Comdo AntiVirus

First a little explanation. For years I have been using Kaspersky Anti-Virus and have gotten to know what and how it’s real-time scanning works and is affecting the host computer. What they have really perfected over time is the iSwift and iChecker technologies (together with scanning only new and changed files by default), the more advanced counterparts of Comodo’s Stateful scanning. All combined they bring the overhead scanning of files to a minimum. Kaspersky will not scan files over a much longer time of period, reboots and database updates than Comodo does - or at least it has a very smart way of performing quicker checks on the file instead of running CPU consuming scans. Read the link to the support article for more information.

Now back to Comodo AntiVirus. I am a fairly new user to Comodo after wanting a free solution for a Netbook. That’s why I am also concerned about performance and the differences between Kaspersky and Comodo are easy for me to spot.

While all the other parts of CIS, the firewall and Defense+ feel very powerful and matured, AntiVirus does not. In fact I think it makes CIS act somewhat paranoid. Although the suite controls almost any move of the computer and controls what comes near it AND having the wonderful concept of default-deny in place, the AntiVirus part has to scan every file that is being accessed over and over and over again. Why? At some point we should trust that a file is clean and secure because if it hasn’t changed and is not a new file either. While claiming to “greatly improving the speed, relevancy and effectiveness of the scanning.” citing the help article for CIS5 and yet doing the above, the whole concept is becoming a little shaky in my opinion. This is not how an Anti Virus engine should work today, maybe a couple of years ago but not now.

The AntiVirus component needs to smarten up a lot and I hope others agree with me. People that do want to re-scan files every five minutes because a new database has been downloaded or the computer rebooted they can achieve the same thing by turning off all the above named features in Kaspersky. So not having a similar smart technology does not count as an argument.

Excuse my very broad poll question but it is a very broad topic and my proposal is not equivalent to “please make that button orange instead of red”. It is up to the developers what and how they will implement it. :wink:

Maybe you could mention specifically the parts of Comodo Antivirus you think could be improved. For example I think there could be an option to not scan files that have been whitelisted by Comodo.

By the way, in my opinion rescanning the files after a new virus database has been downloaded makes sense. But I can’t vote in the poll because I both agree and disagree with you. Which option do I choose? 88)

i think what he exatly wan is:
1:CAV to not scan files in “trusted files” again never if not changed
2:not to scan files digitally signet by trusted vendor (i dont know if this is alrealy implemented)
3: wait a longer period to re-scan files alrealy scanned (a day or so)

Yes thank you kinemitor, at least something along those lines.

If one takes a look at the Kaspersky support page you won’t of course find how exactly their technologies work because that would be something the competitors have to work out on their own. And so me as just a normal user I can even less specifically say how Comodo should run its scanning engine. I can only criticize the points that could be improved in my eyes.

So another summary: Comodo Antivirus should have a smart algorithm of when to scan files of any kind, when to skip scans of files it has scanned recently and when to scan them again. This can be based on things like file hashes, position of the file on the partition, new database updates, X amount of time has passed since last scan, and a lot more factors I didn’t even think about.

By the way Chiron I disagree that files have to be rescanned just because new signatures are available. My view is that as long as you lock everything down like you can do with Comodo, no execution of unknown files or running them in very restricted enviroments, it should be possible to maintain a bigger picture of the state of your system and not having to focus on individual files that might contain malicious code. I really think the focus should always be on preventing infections and that is the case I am assuming for my model. It’s really not easy to explain my idea of a better AntiVirus (blacklisting) engine because it’s not a fix idea yet, just some random thoughts.

// slightly offtopic
At some point a merger between software like TimeMachine and CIS has to be made to get a piece of software that would be able to differ between good and bad changes to a computer that go way beyond HIPS and AV blacklisting because it has the intelligence of known good system states. But that is way way more complex for it to actually work flawlessly.