In the first test we didn't use Defense+ as we were testing COMODO Antivirus and its Real Time scanner, Defense+ is an extra layer of protection and it would give an unclear picture of the Real Time Protection capabilities of COMODO's Antivirus alone. When we said unfair we meant that no other application in this test used HIPS based protection.
As not all users of COMODO Internet Security have Defense+ enabled, I would advise everybody to look at both results, with and without Defense+ enabled.
Seriously, Avira is just amazingly consistent. I now only use it as an on-demand scanner, and it always tells me my system is clean. I no longer use Defense+ anymore, only Comodo Firewall. Sandboxie is just too powerful if you know what you’re doing. It’s nice not having any more of those Defense+ pop-ups. I thought I had got used to the pop-ups, but it seems I have now seen the light.
How do you set up Sandboxie for the 100% prevention of the operator unwittingly downloading and transfering malware to the computer that its bring used on?
Please re-read my post. Key words are “if you know what you’re doing”.
Operator error is probably the reason why people get infected. They visit dangerous sites without the appropriate protection in place. They use Defense+ and unwittingly allow a malware to run despite a pop-up. They use Sandboxie and unwittingly transfer malware to the real system.
Basically, before transferring any file to the real system (from the sandbox), you need to ensure that it is clean with on-demand scanning.
What do you think? I am keeping an open mind about re-installing Defense+. I just can’t see how it will help me though. I think if you use Sandboxie well, you don’t need a classical HIPS.
If Avast didn’t miss that Backdoor.Win32.Bifrose.bksm, why Gdata missed it? Cause if Gdata is up-to-date, it’s use the same signature as Avast and it’s SHOULD detect Backdoor.Win32.Bifrose.bksm, that doesn’t make sense (correct me if I’m wrong)
Possible difference in heurisitics? That is a question we could bring up to MRG assuming the information about the two AV egines/sigs being the same is true.
My question is: With nearly 6 million virus signatures in the Comodo virus database, why did the anti-virus portion of CIS fail to stop these 6 malicious applications, according to this MRG test?
Trojan-Dropper.gen
Backdoor.Win32.Bifrose.belf
Trojan.Win32.Agent.cllv
Backdoor.Win32.Bifrose.baor
Backdoor.Win32.UltimateDefender.hux
Backdoor.Win32.Bifrose.bksm
I also use SBIE and the advantages of a virtualized browser are many, but when it comes to security while downloading from the internet the bottom line is that one still must decide which detection program to trust completely.
After watching the MalwareRemoval.com video of Comodo Defense+ detecting every piece of known Malware that the operator attempted to download including some viruses that were so dangerous that they could render a computer unbootable while Defense+ gave a clear warning each time before the Malware was downloaded I was very impressed with its real time detection capability.
Remember people. D+ is a HIPS product. The down side of ANY HIPS product is user input. D+ is only as good as the user behind the mouse clicking. So if CIS av cannot detect something,which these tests prove then its up to D+ to stop the infection. Well what if the suer just clicks “allow”. Bammmmmm there infected. This is why Comodo needs to improve the av NOW. Stop wasting time on version 4 and all the Sandbox stuff. Fix whats wrong. You cannot rely on D+ to save your ■■■■.
No not so true. D+ is first and foremost a HIPS. Do not make excuses for CIS. Avira,A-Squared,KAV,Norton,Avast,G-Data and others managed to detect more malware then CIS and NONE of those have HIPS.
avira detected all the malwares. but its avira premium and the version is 477. i am using avira free and the version is 407. does this mean that avira premium and free has different database. coz i thought both has same database so same detection thats why i installed avira free. plzz clear the point.
Avira Free and Avira Premium both have the same detection engine and database. The results would be the same for Avira Free. The difference between the two is a web shield and faster severs for downloads. All you questions can be answered if you visit the Avira site. I am using Avira Free and OA Free. Awesome combo.
