Should I Be Worried? Because I AM...

COMODO Internet Security has only earned the VB100 once and has failed every other time…

http://www.virusbtn.com/vb100/archive/vendor?id=94

Microsoft Security Essentials has earned the VB100 5 times and has only failed once…

http://www.virusbtn.com/vb100/archive/vendor?id=70

COMODO was proud to win the VB100 that one time…

http://www.comodo.com/news/press_releases/2011/04/Comodo-Internet-Security-Earns-VB100-Virus-Certification.html

Hopefully, CIS will never fail again, but detection is a major concern for me.

What can MSE do to protect you from malicious file which signature is not present in its database?
Now ask yourself the same question about Comodo…
Prevention should be the major concern for all of us.

@Siketa Your last comment to another poster was very well said my friend.What can any Anti virus do about a malware that the Av does not have a signature for…Maybe he will like in Using Micro soft essentials and similar, the idea of getting infected and having to try and clean it!!.Just because a testing organization seems to prefer companies who have lower false postive rates but much lower protection rates does not mean squat diddly in the real world. Give me protection such as Cis provides and more fps any time, we can sort them out with care.Having said all that i am sure fps will be dealt with further in version 6…Devs are you listening… ;D

Regards
Dave1234.

Do you guys have other reputable testing sites that say otherwise? Is it not heuristics that protects from the unknown?

Nope it’s the sandbox that does this.

…and also HIPS/BB…

what can comodo do to protect you from malware not in it’s antivirus database, when bypass sandbox due to insufficient setting i.e. limited vs. untrusted, blocked ect.? Until it’s too late. That’s why I say block all unknown files or allow installation outside of sandbox if:

program in whitelist
behavior analyze in the cloud passes test
scanned with CIMA shows no malware behavior

then install in the sandbox with option to make setting permanent when granted by CIMA, and if malware detection:
automatic undo of all changes made by the malware by snapshot of system prior to installation by installing in RAM drive first, then move to real disk after analyzed.

Unfortunately, even with CIS’s advanced features, it has failed. Regardless of any personal opinion, the VB100 is highly sought after. You cannot throw out its results simply because you do not agree with them.

The “Golden Child” is still ESET NOD32 with 72 passes and 3 fails since February 1998.

I like CIS and hope it never fails again. I want to see CIS attain the NOD32 track record. Maybe one day CIS will surpass it.

Try watching this video> Comodo Internet Security Premium Prevention Test - YouTube

Yeah it has an older version but the results looked really good.

If you are running CIS with Defense+ disabled or any other setup that doesn’t include a HIPS then yes you should be worried because you are vulnerable to zero-day malware. Even the AVs with the best detection rates rarely score much above 60% against zero-day threats. VB100 measures detection rates against known in-the-wild malware, it does NOT measure detection of zero-day malware.

Most anti-malware tests (including VB100) measure effectiveness by scanning a folder full of known malware. In the case of CIS and other security suites only the AV component is being tested. The Defense+ component of CIS gives protection against most malware that is not detected by the AV. CIS can therefore give protection as good as or better than other top security suites without needing high detection rates.

what can comodo do to protect you from malware not in it's antivirus database, when bypass sandbox due to insufficient setting i.e. limited vs. untrusted, blocked ect.?
Let's ignore everything about comodo except the sandbox. So....99% CAN NOT get around comodo's sandbox(especially after the computer restarts, of the less then 1% Malware that could under certain conditions, the only one that comes to mind is MBRLock (ransomware) Putting the sandbox level from "partly limited" to just "limited" will stop the rest. <--- I still like to see one that can get around "limited" Going anything higher then limited from my point of view seems pointless and can reduce the functionally of some software

The problem with sandboxes is, “they” can be “circumvented” in any setting when the user gets convinced that its the sandbox limitation which prevents the useage of a wished file.

I came across a very bizarre case in a forum about a file lately. It was a file that “posed” to be something that it actually wasnt. But a person with a sandbox could get the idea, non function was the sandboxs fault. So he would try to start it outside.
The file wasnt detected back then. And it did “nothing”… Until you noticed the intrusion by theft of accounts. But the connection of the file with the later happenings was discovered there even by coincidence only.
What made this case special:
The whole machine would become controlled by the attacker. It even got that far, that the attacker interacted with the victim through the official support platform of a company. In real time! Imitating support staff answers.

That example made me thinking for a while. It was scary.

What i am trying to tell to answer the headline:
Dont outsource sense of security fully in a program!
Yes, you should stay worried, in the meaning of being aware! Whatever program you use.

Do you guys have other reputable testing sites that say otherwise?
Damm right http://www.matousec.com/projects/proactive-security-challenge-64/results.php?track=1716

About the their testing (They DON’T test for known malware, unlike virtually all others)

All the tested products have one common feature – the application-based security model. In combination with their packet filtering capabilities, the tested products attempt to block attacks from other machines on the network as well as attacks performed by malicious codes that might run inside the protected machine. This is definitely not an unusual situation. People who use email clients, instant messengers, or web browsers face attacks that exploit the vulnerabilities in this kind of software very often. It happens that a malicious code gets inside the machine. And then it may try to install itself silently to the system, to steal users' data or sniff their passwords, or to join the target machine to a botnet. This is what the products we test want to prevent. This is why they are used. The problem is that although the goal is common, not all the products implement a sufficient protection.

We require the products tested in Proactive Security Challenge 64 to prevent data and identity theft. They should also implement a packet filter functionality to prevent direct online attacks – i.e. not to let the malware get in. The products should control the software installed on the computer to prevent the malware to integrate itself into the operating system. Then the malware should not be able to get the user’s private data, thus anti-sniffing, anti-keylogging and personal data protection features should be implemented too. And even if the malware succeeded to collect the information it should not be allowed to send it outside the protected system and this means an implementation of the outbound network traffic control. To achieve all these is much harder task than it seems. The protection system also has to prevent attacking trusted processes and other components in the system. Otherwise, the malware would be able to use trusted parts of the system to integrate into the operating system, to collect or steal sensitive data and/or to send the data outside the system without being noticed. So the next feature that is required here is a control of untrusted processes’ activities and that is the hardest task for the tested products. It also includes an implementation of self-protection mechanisms because the malware should not be able to terminate the protection, which implies some other features to be implemented and so on.

im sorry but you guys are wasting time…

there is no test that can make your mind but your own.

install CIS, update it and then try to navigate in ANY link, open ANY e-mail you receive, etc…

Then do it again with another security software, then You choose by yourselfe.

In my opinion? CIS forever!

A long time ago I used KIS and I realy liked it. Very fast, powerfull and beauti, but then I decided to not pay for any kind of software anymore. No im with win7 (gift from some client), running CIS, openning any e-mail, sites, programs, etc… Nothing has passed. Nothing has damaged my win.

Sure, we have to pay attention for this and that… but with CIS I pay nothing and have the same results when using KIS or ESS (try this one for 1 year), btw, sometimes I think CIS is better… dispites the pay cost.

@jay2007tech
Interesting site, but it doesn’t seem to be that well known. Most vendors go for the VB100, AV-TEST, and ICSA. Looking at the .PDF for CIS at your link, it says (in bad grammar), “By no means the results presented in the reports or on the project’s website should be interpreted as overall measure of the tested products quality or security.”

@yro
That’s the whole point of testing by well known organizations like Virus Bulletin.

@ALL
I am a fan of CIS. I remain hopeful it will not fail any future VB100 tests it is included in.

By no means the results presented in the reports or on the project's website should be interpreted as overall measure of the tested products quality or security."
I agree with this and this goes for the same as with any other tests out there
That's the whole point of testing by well known organizations like Virus Bulletin
They can only compare based on their samples that they acquired and test on that, then they give a score on how much of there samples can be detected. What about the other malware that they don't have, but the AV companys do have. AV companys can detect more then what "VB100" has by alot. That's why I wrote
http://www.matousec.com/projects/proactive-security-challenge-64/results.php?track=1716

About the their testing (They DON’T test for known malware, unlike virtually all others)


There’s only a very few organizations that do. :slight_smile:
I like matousec.com because I like their methods of testing of Internet security products. But that’s just me

I know this review is for an older version of CIS, but OUCH!

http://www.pcworld.com/article/170640/comodo_internet_security_free_antivirus_software.html

And there is also the mixed reviews on Wikipedia article on CIS…

Hopefully CIS will continue to get better and better.

That’s two and half years old. Detection has definitely improved and so did heuristics.

And there is also the mixed reviews on Wikipedia article on CIS...

Hopefully CIS will continue to get better and better.

The av tests are older there too and less relevant given the rapid development of Comodo’s detection rate. (Time for the article to be updated… :wink: )

I came across this…

http://www.westcoastlabs.com/checkmark/wildList/

Does COMODO not add Wildlist Organisation’s current in the Wild List?

It seems there hasn’t been a certification since COMODO AntiVirus v4.0…

http://www.westcoastlabs.com/checkmark/productList/?vendorID=120

Does COMODO not add Wildlist Organisation's current in the Wild List?

It seems there hasn’t been a certification since COMODO AntiVirus v4.0…


Propably because comodo doesn’t want to pay for a piece of paper that says “Your Certified”. (I don’t blame them.) I personally don’t care if comodo is certified or not. I know comodo is the best out there(paid or not), I don’t a piece of paper to tell me that, but I’m sure some people would like to see that.