In the Defense settings options I have two checkboxes.
Perform cloud based behavior analysis of unrecognized files
Automatically scan unrecognized files in the cloud
Which one of these is responsible for sending files to the cloud? What is the difference between the two? I am seriously confused by the two, hehe.
However, my main question is this: Comodo seems to be sending all my programs, heck I even think it has sent my source code also in the cloud, does this mean that Comodo gets free source code and precompiled programs for free from all over the world? Or can I trust that the files is deleted again automatically?
I get a little nerves when I see sensitive files just pop into the cloud without even asking me, who knows it could have been my credit card number that went along in the cloud. I know comodo is trying to create trust online and that is their goal, but I can’t give them THAT much trust, can I? (:NRD)
[b]Perform cloud based behavior analysis of unrecognized files[/b] – When checked, any file that is marked as unrecognized and is sent to the Comodo Instant Malware Analysis (CIMA) server for behavior analysis. Each file is executed in a virtual environment on Comodo servers and tested to determine whether it contains any malicious code. The results will be sent back to your computer in around 15 minutes. Comodo recommends users leave this setting enabled (Default=Enabled).
[b]Automatically scan unrecognized files in the cloud[/b] – Selecting this option will automatically submit unrecognized files to our File Lookup Server to check whether or not they are on the master Comodo white list or black-list (White list = files that are known to be safe. Black list = files that are known to be malware) and the files are rated accordingly. The important features of the cloud based scanning are:
Cloud based Whitelisting: Safe files and trusted vendors and trusted publishers can be easily identified;
Cloud based Antivirus: Malicious files can be detected even if the users do not have an up-to-date local antivirus database or a local antivirus database at all;
Cloud Based Behavior Analysis: Zero-day malware can be instantly detected by Comodo’s cloud based behavior analysis system, CIMA.
The cloud scanning, complemented by automatic sandboxing and application isolation technologies, is very extremely fast and powerful in preventing PC infection even without a traditional antivirus signature database while keeping the user interaction at minimal levels.
Comodo recommends users leave this setting enabled (Default = Enabled).
I would like to point out a weakness with “Cloud Based Behavior Analysis: Zero-day malware can be instantly detected by Comodo’s cloud based behavior analysis system, CIMA.”
A malware writer could just rewrite the malware, send it to the cloud to see if it was detected, and then rewrite it until it doesnt detect it anymore. So cloud based is not entirely secure.
The entire cloud system can actually become an efficient tool for malware writers. Some malware can also detect sandbox, so it can behave nicely under sandboxed environments and then maliciously when its not.
Any service can be used like that.Virus Total can be used like that. Every cloud look up of every AV can be used like that. It’s the on going cat and mouse game…
Do these Cloud Services works when D+ is disabled permanently? I am asking this coz Realtime CAV has Cloud by default. So does CAV Cloud has these services or benefits from the already analyzed files by these services?
