PC MAG review of Comodo ver 5

this is a big problem for AV engines in general. If you know what to modify, its easy to evade detection…

here are some methods of detection:

1)Static Detection (be it, signature, heuristic etc…)
2)Dynamic Detection (same as above but in memory)
3)Behaviour Analysis (its dynamic but looks for behaviour rather than signature etc)

The biggest problems exist with Static Detection because all you see is, a potentially, “packed” file. This is why you are seeing the industry is moving towards more Dynamic approach. Its easy enough to “pack/encrypt” a file so that static detection will have a hard time… but when the file execute itself, you can see the intention, hence Dynamic analysis is a more preferred method.

Of course, there will ALWAYS be some that all these detection methods will miss.

Melih

Melih, or any one else, this has got me wondering. How does CIS typically recognise an attack and then neutralise a threat from something as difficult to identify as Zeus? As it morphs, assuming the AV cannot detect it (and of course it is too late then), what kind of file or processes would typically be identifed by D+ or other parts of CIS for the really nasty Zeus variants? Is there a CIS thread somewhere on this topic?

As far I know, the malware gets automatic sandboxed and isolated.
After booting, all infections are gone (or just left inert in the disk, can’t harm).

Nice review, alot of people are testing Comodo now which goes to show, it highlights areas which need to be refined and also allows new users to give it a go…

I do have to agree with the point made of clean-up capability… But I think you are already working on that one, judging by the hints you have made recently on the forums.

Good job though! :comodo110: