I have an idea that I think would work well. I don’t think that they currently have anything like this.
Comodo should use very sensitive Heuristics to continually scan your system. If a file triggers this Heuristic it is immediately sent to Comodo Labs to be tested. Also all files that are marked as suspicious by the ordinary Heuristics should be sent to the lab to be analyzed in addition to being quarantined. A high priority should be put on all of these files so that if only one computer manages to get infected the rest of the community will quickly be protected.
Now user participation for this setting should be optional, but highly recommended for people with fast internet connections.
Well in part I agree with you but for what I know in CIS v4 we will have a better behavior blocker , so most of the job that you are talking will be done by it.For the rest of submitting the file my opinion in it’s relation is cloud computing. Using a cloud to do that will be excellent
I am not too familiar with cloud computing, but if that would be the fastest way to get definitions to the masses than maybe that is the way to go.
As I mentioned before this would be an opt-in option. It would and should not be pushed on anyone who doesn’t understand the risks. Also it would be a way of quickly dealing with false positives.
Also, maybe there could be very configurable settings. You could choose to only apply this to certain folders (ie: internet files, etc…) and also choose the maximum size of file to be uploaded.
I agree with you entirely. Prevention is more important than detection.
However, if the user made a poor decision and allowed the malware to execute or is using CAVS as a standalone scanner then the issue is still very relevant. I believe that it is in everyone’s best interest to have the fastest response time possible.
For example if you believed that you had to download a flash player in order to view a video you would likely allow the malware to install on your computer. It can then do whatever it was programed to do. If the AV had already identified it then there would not be this danger.
There are many situations in which an AV is still very relevant. I would like to see CIS lead the pack in every way, including further improvements to CAVS.
(without giving my support or dislike for the idea…): I know that Avira uses something like this… Once when I scanned some samples there were a popup box “please send bla bla and bla bla to avira for analysis…”.
But they wasn’t labelled as Virus or included as detection… Just “please send those”, probably since Avira thought they were odd somehow. I think this may be a good way to collect malware that normal users has on their computers without giving any FPs. Maby it will be to late for that first guy, but the next guy that gets the virus will get a precise alert. Having each users computer act like a honeypot must be a good thing for the detection/“black list”?
