Re: COMODO Anti-Malware Database may reach 3 Million this Weekend

rejzor · April 18, 2009, 12:21pm

Numbers mean nothing. Especially in Comodo’s case since they detect bunch of harmless stuff under “Unclassified Malware” name. 88)

anonymous · April 18, 2009, 12:50pm

Harmless? Please explain…

I assumed that Unclassified Malware simply meant malware without a specific name ???

alaertsxan · April 18, 2009, 12:52pm

I assume you’re referring to Keygens, trainers, patches etc ?

Xan

LeoniAquila · April 18, 2009, 1:10pm

Numbers do mean something… 3 M is better than 1 M, as long as you count in the same way.

Anyway, I can’t recall that you really had any arguments for this claim, as per this post and onwards… If you can refer to tests or other information telling that there is a bunch of harmless stuff in the Unclassified Malware category, fine. If not, I’ll rather buy Comodo’s own explanation that they don’t want to waste too much time on classifying malware, and instead just find the malware and make signatures for it.

Jaki · April 18, 2009, 3:03pm

My Dearest educated RejZoR

Please enlight me, could you define “harmless” and “stuff” to me? Within the context of computer security, of course. Please RejZoR, I cannot wait for your answer. ;D

Peace. >:-D

rejzor · April 18, 2009, 5:07pm

Verified keygens and cracks are totally harmless (even though not legal but still harmless). Different small tweak tools and plain small tools also.

Tesk · April 18, 2009, 5:19pm

Avira detects builder for Remote Administration Tools (RAT, backdoors) too. They are harmless too. They are only used to create a trojan, not a trojan. If you are unhappy with Comodo’s efforts and classification of malware I do not know why you stick around on the Comodo forum.

Whoop-dee-doo · April 18, 2009, 5:59pm

Whoop’s Thoughts on # of Signatures

Number of signatures for a given product: From one update to another, malware is generally counted in the same fashion; thus, a higher signature count correlates directly with a greater detection rate. In this situation, an increase in the number of malware signatures for a given product is a good thing (assuming false positives are minimized). So, when comparing the signature count for a given product, I agree with LeoniAquila:

Comparing the number of signatures between products: This type of comparison is meaningless because of the differences in how companies count signatures (i.e. the malware is NOT counted the same way). So, comparing signature count between products does not provide accurate information regarding the relative detection rates of the products. In this situation, comparing the numbers means nothing. This may have been what RejZoR meant when he said:

The only way to know how Comodo Antivirus compares to other antivirus programs is to do testing, where each program (with a comparable configuration) is evaluated under identical circumstances. I know there is some controversy about what constitutes a valid comparison, but it seems that testing can be designed to minimize bias. These tests may provide more accurate information regarding the relative detection rates of various products.

As forum members, we have the luxury of criticizing or cheering from the sidelines while Comodo is putting in all the effort and labor. Whether I am criticizing or cheering, I always respect Comodo for their hard work. And I think some of that hard work is reflected in the rapidly rising signature count. :-TU

Whoop

Jaki · April 18, 2009, 6:19pm

My Dearest Educated RejZoR

With all my humility I can sincerely say that you still have not answered the question. What do you mean by “harmless” and “stuff” within the context of computer security. Please RejZoR, answer the question define “harmless” and “stuff”. Moreover, just between you and me, sort of, did CIS delete all of your keygens and cracks? You know, stuff. ;D

Peace. >:-D

rejzor · April 18, 2009, 10:40pm

Wtf? What ese should i say too you? Paint the whole thing in MS Paint?!?!?!

Sliso · April 18, 2009, 11:09pm

I strongly doubt that Comodo will be able to sustain that rate. Most likely it will level off to something like 1000 sigs or lower per day.

RejZoR is right. I can’t see how Keygens and cracks can be classified as malware unless they actually act maliciously. Just the fact that they happen to be that type of software doesn’t mean that they are bad.
If you give antivirus alerts for harmless programs, when who is to say the user will not ignore the alerts for actual harmful ones?

system · April 18, 2009, 11:23pm

And I am sure you have some kind of proof to prove that?

Cheers,
Josh

andyman35 · April 18, 2009, 11:27pm

He does make a valid point though.Lumping all this stuff,both good and bad,together does lead to a high rate of FPs which not only cause alarm for average users but also impact negatively upon system functionality.Yes on the whole with unknown files it’s better to be safe than sorry but some of these are in common useage.

andyman35 · April 18, 2009, 11:37pm

In that case it must be just a coincidence that all the FPs I’ve come across have been in the unclassified malware category (none so far with 3.9 it should be said).

Melih · April 18, 2009, 11:46pm

A signature created for a specific malware which is unnamed (aka Unclassified Malware) could be causing an FP. If you pls report these then we fix them asap.

yes majority of the issues with the FPs were fixed with 3.9.

thanks
Melih

AeoniAn · April 19, 2009, 12:01am

+1

I have something else to say:

Since, and IF you have D+ and FW with restricted rules you can “ignore” those alerts. D+ and FW gives you more protection than any AV against this type of files. I’m not the only one saying this.

In my case, since both popular BlockList Manager and X-Setup were rated “as something not so understandable to me” (both reported as FP and they said: “harm application” or something like this - in “computish-short-language”, I just can’t care so much to the advices anymore… D+ and FW are here well tuned, and I feel safe. ;D In doubt, virustotal, SAS, MBAM or google. Included those little, very much popular and well known magic-executables…

What my grandma will think and do is another story… No worries, she doesn’t know how to play with these stuff anyway…

relax…

:comodo110:

Jaki · April 19, 2009, 2:49am

My Dearest Educated RejZoR

WTF is not an expression of an educated person, don’t you think? >:( I have asked you politely, twice I might add, to define “harmless” and “stuff” within the context of computer security and still you have not answered. My only conclusion is that you don’t know what you are talking about; you just shoot with your mouth aimlessly. The mirage of savoir faire that you are trying to project is futile with me. When face with facts illusion and deceit always crumble under the weight of reality, if you know what I mean ;D.

Like I told you before you keep your harmless stuff a.k.a keygens and cracks and I’ll keep them away from my own computer. Fair, isn’t it?

Peace. >:-D

HeffeD · April 19, 2009, 2:52am

Yep. I tried to get a macro recorder in the Scite editor for AutoIt added to the whitelist because it’s completely benign, but because it is ‘suspicious’ they won’t add it. Yes, it’s a keylogger… How else is it supposed to record your keypresses for the macro you are creating? It’s completely harmless (OK, I guess I could write a macro to steal my passwords… 88) ) but due to it’s behavior, it’s suspicious… :-TD

Melih · April 19, 2009, 3:05am

suspicious is different than the signatures as its generated by the heuristic engine.

Melih

OmeletGuy · April 19, 2009, 5:58am

Why don’t you just change it to Unnamed Malware or Uncategorized Malware? ;D :ilovecomodo: (V)