So how good/bad is CAVS 2.0 beta at detecting pests?

Without taking into account for the HIPS (host intrusion prevention system) in CAVS 2.0 beta and its whitelist, which is a preventative mechanism, I’m interested in how well it detects the pests that do manage to get in.

For http://www.av-comparatives.org/ back in Feb 2007, Comodo’s anti-virus did so poorly that it wasn’t listed in the comparatives table. Instead it got relegated to being reported in their whitepaper which, as I recall, it had a measly 37% detection rate overall. That was for version 1.1 (but 2.0 was listed as similarly very weak in detection). Well, CAV is still missing from their Aug 2007 comparatives table. This table just lists the scanning coverage (i.e., detection rate), not the overall effectiveness of blocking a pest from getting into a host; however, blocking isn’t always perfect so detection is required, and poor detection is, well, just poor protection. VirusBulletin doesn’t even list Comodo’s offering which means [to me] that they haven’t even bothered to consider CAV as a serious anti-virus product.

HIPS is nice for front-door protection but it shouldn’t be the sole method of eliminating pests (and I’m not sure Comodo’s HIPS is that strong an IPS solution). AV detection is the burglar alarm to alert if a pest got past the front door. A so-so front door and a burglar alarm with blinders doesn’t make for a strong setup. Yeah, I know CAV 2.0 is a beta version but is has been beta for long enough that it should’ve by now accumulated a large enough database of signatures to be a reasonable AV contender.

Does Comodo have any independent testing or specifications to help bolster its position that their anti-virus w/HIPs product is or will be a contender?

Lol. its funny how come no one has an answer to this?, i would like to know also. i had a virus through msn, i knew it was a virus… but it was in a rar file so it was safe as long it was in there, i even scanned it three times with comodo and still nothing, not even when i opened it. the only thing that stopped it from sending to all of my contacts was an encryption program i have on this laptop (asks if you want to encrypt file before its sends it), so to bump this thread, how good is it really?

It is not on par with other major applications that have been longer in existence or purchased existing engines/virus research. Yet. Comodo has developed (and re-developed) their product from the ground up (thus it still being in Beta), as well as all malware definitions for it. Depending on the methodology used for testing (they vary) its results vary. There are at least two users here who work in the industry and their test results are much different than AV Comparatives. There are posts and discussions about it…

While there are some malware it does not detect (please submit to Comodo for analysis, if you have a copy available), there are some it has caught (based on user reports) that their more established AV missed. Since Comodo has purchased BOC, they now have access to its 10+ years of malware research, detection capabilities, and definitions; this will be incorporated into the next version of CAVS.

Sorry the post has not been directly answered. It has been answered, many times over (elsewhere in the forums); this one appears to have slipped through the cracks. :frowning: Unfortunately, sometimes new posts do not show up in the lists the way they should and get overlooked.

LM

WOW, That is horrible. I was so in love with the firewall that I didn’t even start to investigate the AV that well. It has been giving me problems lately with freezing explorer so I have been looking at forum posts and learning lots, and this is the most shocking thing I have found yet. It is scary to think that the reason it is free is supposedly to show us a sense of security to promote online buisness so as to recover costs in larger amounts from the ones benefiting from internet use. Which is a good rational, but really, if the detection rates are that low, how secure do YOU feel, as I know how secure I feel with that thought in mind. I am used to great protection and would love to stick with Comodo, as I love these products, I really do think that they need to provide a proper release that is comparable at least, as I know NO AV progy gets em all, they should at least get MOST!!! Anyway, TY for the revelation…Hope things change soon…

You should not take too much notice of these comparative tests. Most of them are based on detecting a “zoo” of viruses, and are heavily biased in favour of the long established products that are able to detect every virus that has been written since computers were invented. Most DOS viruses are incapable of infecting anything in a modern system running Windows XP or Vista. So you are no better protected using a product that can detect them than one that can’t.

The same criticisms are often levelled against the open source ClamAV, which is widely used for scanning emails by many ISPs and commercial businesses, because of the prohibitive per-email-account license costs levied by the “big boys”. It is effective at that, because it focusses on being able to detect the viruses that are around now. Because it is not so good at detecting the viruses of yesteryear, it too scores badly in comparatives.

In my opinion, behaviour blocking techniques are much more important and are quite capable of providing effective protection. There have been a few anti-virus products that used this method exclusively but they have always been rubbished by the “big boys” who have a large investment in technology that relies on signature based detection.

The various anti-virus “authorities” are reliant for investment on the major anti-virus companies (Virus Bulletin, for example, is very closely tied to Sophos) while the majority of computer journalists who write about anti-virus products know nothing about the subject other than what they read in the white papers produced by Symantec, McAfee etc. Draw your own conclusions…

Please see the reply of Melih about AV-Comparatives: https://forums.comodo.com/feedbackcommentsannouncementsnews_about_cavs/av_comparatives-t9997.0.html;msg72536#msg72536

Comodo (Melih) wanted to get its product tested by AV-Comparatives and they know that they are still scoring low and need much more improvement regarding detection rates. But what you guys have to understand is that Comodo AV is not primary an AV, it is a HIPS (imo it should be labeled as such and used together with other AVs and not call it AV). Saying that testers or tests are biased just because your loved product scores not as good as you would have expected/wished is a quite inmature reaction.
Btw, there are no DOS viruses in the test-set…

Well, I will start by saying BECAUSE Cavs is in Beta, and there isnt much in the way of solidarity or founded and grounded information pointing to the effectiveness of CAVS that Comparitive information is Important, BUT how do you compare an AV solution that is in a different class, its Leveled approach and preventative nature is totally different than other companies AV Software. I really do like the way CAVS deals with things, and as always we must each in turn make our own decisions. Proper security comes not from AV scanning alone, and there is no 1 product that would protect you fully against all the threats there are out there. I believe in my experience I have learned to maintain a proper security stance through the use of MANY tools, and my arsenal is well advanced in the war on Malware, SO I will at this time continue to test this Beta software, as I believe its goals are sincere, and well founded in wisdom. Also the fact that a product cannot advance without the aid of trial and error, and feedback such as that provided through forums and support. Truly Comodo seems to be trying and we can all plainly see that they are capable of creating great software that offers security and protection, it may take some time to get it all perfect, but really, what doesn’t. Good Luck to Comodo, and hopefully with our support you will advance and we will one day have been a part of the launch of an incredible new product in their quickly growwing line of security products, that may I remind you are both free, and well built with Protection and Security in mind. Keep up the good work Comodo, and PLEASE keep up the effort in perfecting this software, as if you do, it will be a great product indeed…

I think that is a bit of a personal insult, especially since it is statistically probable that I have been around a lot longer than you have.

Comparative tests of the type referred to are biased against HIPS type of products simply because they are designed for virus scanners that try to identify viruses just by looking at them. Products that detect viruses by monitoring or blocking what they do are never given the same opportunity to prove themselves, because it would require that the tester try to activate each virus and see if the product catches it, which is far harder and would take much longer to do than simply pointing it at a folder full of virus samples. Nevertheless it is wrong to say that a product is no good because it fails to detect a large number of inactive virus executables, when what most users are interested in is protection from infection.

The AV industry has always heaped scorn on products that cannot perform well in these identification tests and that has been true since the early 1990s and the advent of a clever Israeli-developed behaviour blocking product called Invircible. That is a fact and would be true regardless of how well Comodo AV performed in any test that tested infection prevention rather than virus detection.

The failure of traditional signature based virus scanners is evident when you look at the number of people who get infected despite having the latest Norton or whatever. It has long been time to ditch this technology that slows down everyone’s computers by scanning files to see if they contain one of 100,000 different viruses, and which is no use at all on a new virus that has just been released into the wild for which the identification signatures are still being worked on by the product developers.

:wink:
Let’s cut the personal comments, and keep the conversation friendly, guys. The topic is a hotly-debated one, so we need to make sure we set our “personal” stuff aside.

Tnx,

LM