PC Mag: The Best Free Antivirus Software 2011

Comodo was one of the 9 chosen of the free software.

Josh

I never take PC Mag test seriously, their test are flawed. Using rootkit remover and AV in same tes, outdated versions,…

What baffles me is why is it not an issue for other vendors to continually improve the cleaning part of their Avs within the app itself, and Comodo take the route of a seperate app aka CCE?.If CCE had been integrated within Cis then a vastly different clean up rate would have been the case i am sure.

I am aware that Comodos stance is to keep the pc clean and i personally will continue with Cis/Cavs as long as it continues to do so and be continued to be developed as the enviroment changes out there in “malware world”.However the likes of Pc mag will continually point the clean up abilities of Cavs as a serious flaw in comparison to others until it is dealt with in a similar manner.

Is it so difficult to improve the clean up abilities and include it within Cis and therefore shut these people up, or am i asking too much, is it too diffucult to do.

Just my few English pounds on this one chaps.

Regards
Dave1234.

I would like to congratulate the Comodo Team, this makes me want to test/try CIS again in the near future, keep up the good work. :slight_smile:

Dave1234 or whom ever,
If I am not mistaken, that was the future intention of Comodo to have CCEs abilities integrated into CIS in some manner. But you have to put the whole reasoning I believe behind CCE at this period of time. CCE is a program that can be used to clean an already corrupted system and can be “stored” on a flash drive or equivalent to be easily accessed. I do not know of any other “program” that is similar to what CCE is and can do what it does so profoundly. I do believe that as I have stated Comodo will sometime hopefully soon integrate some of the features that CCE has into CIS but, why? CIS does a remarkably superior job at doing what it does by preventing such anomalies to affect a system harshly, and CCE is doing its job as a “portable program” to use to clean and already infected system. So there is no reason to ever want to implement those two superior IMO programs together.

People need to stop thinking that there is any reasons as to why these two programs need to be intertwined in any way because, as I had previously stated they are separately doing what they are/were intended to do.

Roger :slight_smile:

The Comodo jury is still not out on the question whether to integrate Killswitch into CIS or not.

comodo jury?
who is that

Thank you Eric, that is why I have said; “if I am not mistaken,…” because I was not sure or not if it was previously discussed somewhere or not. :slight_smile: But, having just “Killswitch” implemented into CIS somewhere like a “add-on” like other programs I know have (i.e. Malwarebytes “More Tools”) would not be an entirely impossible or to take away from the importance of having CCE entirely. I mean, CCE would still be the ideal tool to possess for doing “cleaning” and having Killswitch used in CIS as well would not take away from the importance or need in using CCE for what it was meant and created to do. So in other words, having it in both programs but not take away the importance of CCE but would only increase the (temporarily I am at a loss for the appropriate word) of CIS. I use it as my “Task Manager” on my system.

Roger

does anyone know how the scoring works?

Because I see Comodo got the Best %ages for all categories (All Malware, Rootkits, Scareware) when it comes to protection (malware blocking), but the score doesn’t reflect it.

thanks

Melih

[attachment deleted by admin]

The % is the detection and the score (1-10) is some kind of blocking score or finding and removing all traces.

“One way or another Comodo detected fully 94 percent of the malware samples, the same detection rate as the free Panda Cloud Anti-Virus 1.1 (Free, 4 stars) and Ad-Aware Pro Internet Security 8.3 ($39.95 direct for three licenses, 4 stars). No other product has detected a bigger percentage of the threats. However, the other two products more thoroughly blocked all traces of malware installation. Ad-Aware scored 9.2 points, Panda 9.1, and Comodo 8.9.”

“As for scareware, Ad-Aware, Webroot, and Malwarebytes’ Anti-Malware 1.46 (Free, 3.5 stars) shared the previous record of 8.9 points. Comodo detected 100% of the scareware samples and set a new record for scareware blocking, 9.2 points”

Thank you very much for the explantion.

what does " However, the other two products more thoroughly blocked all traces of malware installation" mean? Thank you again!

That is indeed a bit vague. It could be they execute the malware and it installs itself and some files are detected (blocked) but not alle files/registry entries are detected. The source file is not detected but some of the dropped files are.

Would be nice if someone from PC Mag could give us the exact meaning.

Well that would be cleaning more than protection imo…also, it would be good to find out what happened to the remaining 6%, i can’t see that 6% bypassing CIS :wink: …so what happened to them? Sandboxed? if Sandboxed then why is it a fail cos it protected the system from infection and so on…:slight_smile:

Melih

I am a little bit confused with this detection and blocking thing.
Isnt it that if a security suite DETECTS a malware, isnt understood that it will BLOCK it?
Or it will say: “Hey I know you, your a malware… please common in”.

How is it possible that COMODO detected 100% of the threats but got 9.2 (not a perfect 10.0) when its about blocking all the malware that i detected?

That’s exactly why we have questions :slight_smile: it seems that “scoring” needs explanation. The real data of %ages are there and shows that we do 100% etc… but “score” somehow is less clear…

After investigating, I found the answers we were looking:

[quote]Scoring

Naturally the product scores a full ten points for each threat it eliminated on sight. Continuing the test, I launch any samples that survived the initial culling and note how the product reacts. Typically I’ll launch three or four of them and then run my proprietary analysis tools to determine whether the threats managed to place any files on the test system.

If the threat didn’t plant any executable files and installed from zero to 20 percent of its non-executable file and Registry junk I award ten points, the same as if the antivirus wiped it out on sight. An antivirus that allowed the threat to put 20 to 80 percent of its junk on the test system still gets nine points. That sinks to eight points if 80 percent or more of the junk landed on the test system.

Once the antivirus has detected a threat attempting installation it really should prevent placement of any executable files. If an executable file gets through I offer five points, or half-credit. If, despite the antivirus’s best efforts, a malware component manages to run, that goes down to three points. Naturally a total failure to detect the threat earns zero points.

Blocking scores are typically higher than removal scores. After all, it’s a lot easier to prevent a threat from installing than to kill and gut a malware program that’s actively running. The overall blocking score is simply the average of all the individual scores. I also break out separate scores for blocking rootkits and scareware.

The product’s final rating doesn’t have a one-to-one correlation with the malware blocking and removal scores. Other factors can come into play, including the results of independent lab tests, but scoring well on my malware removal and blocking tests certainly helps get a good rating.

I am still not clear as to how Comodo blocked MORE malware than others yet got less score for “All Malware” category?

Also: what happened to remaining 6% of the malware? Surely it didn’t bypass CIS or Sandbox so where is it?

Fixed the quote structure

The reason why COMODO scored 8.9, 9,4 and 9.2 on Malware, Rootkits and Scareware respectively:
“If the threat didn’t plant any executable files and installed from zero to 20 percent of its non-executable file and Registry junk I award ten points, the same as if the antivirus wiped it out on sight. An antivirus that allowed the threat to put 20 to 80 percent of its junk on the test system still gets nine points. That sinks to eight points if 80 percent or more of the junk landed on the test system.”

So this means that what lowed COMODO scores were the ‘non-executable files and registry junk’ or leftovers.
Compared to other products, apparently COMODO left more junk on the OS.

He is only giving %ages of detection if the malware is detected on sight:
The main test begins when I open a folder containing the collection of samples and note how the product reacts. In many cases, the minimal access that occurs when Windows Explorer displays the filename is sufficient to trigger real-time protection. I also single-click on each file, since real-time protection in some products doesn’t kick in until a click.”

Thats the reason why no product could take 100% of detection. None of them deleted all the samples when he opened the folder containing them. Then he continues:
Continuing the test, I launch any samples that survived the initial culling and note how the product reacts. Typically I’ll launch three or four of them and then run my proprietary analysis tools to determine whether the threats managed to place any files on the test system.

Underline test shows that the detection must come before execution of malware. After that, when he executes the malware not deleted when he opens the folder, its when he uses the scoring process previously explained.

So his test works like this:
If he had 50 malware samples, COMODO deleted 47 of them (94%) when he opened the folder.
And 3 of them (6%) remained at the folder. He executes them, and scores COMODO according to their junk allowed in the OS.

So IMHO, COMODO did actually stopped 100% of the malware.
Because 94% was detected “on sight” and the 6% was detected on “doubled click”.
If there were leftovers, which we now know they are user for scoring purposes, that means that COMODO did what it was supposed to do.

thats exactly right!

Is this a paid test? A joke? or since when did ad-aware become a good product again? last i used it was like 5+ years ago.

And they used a 16 month old version of MBAM. 88)