So Melih- Do we need Our antispyware/antivirus programs anymore? :-)

system · December 8, 2007, 11:38pm

Hello Melih,

OK… I don’t mean “Through away all your security applications, all you need is CFP 3+CMG+CAVS 3(when that is released)+Comodo BO Clean”

Well… Actually! What if you just need those things. I mean… CPF 3 is a whole new program A-VSMART (Antivirus, Antispyware, etc), technology, right? and it suppose detect 60% of the unknown viruses which both you and Egemen pointed out! You have taken security to a whole new level… I congratulate you for that! As soon as CAV3 is out and has gone final, and same with CMG, I don’t think I will even need another Antispyware application/Security application?

TRUE/FALSE? Other users, feel free to answer this question too… Remember Melih you talked about Prevention Vs Detection? OFF COURSE, I have now learnt Prevention is better, and CFP 3 is a PREVENTION MACHINE (laugh), unlike Antivirus Software that only use Signature based threats to detect viruses (hardly any Advanced Heuristics), But CFP 3 is better because it has HIPS and A-VSMART, Making is so much stronger, So…again… do we need Anti virus software? Antispyware software? Along with CFP 3, CMG and CAVS 3, Would we have the best protection in the world and working with PREVENTION and not DETECTION?

CAVS 3= Detection (With HIPS so it is a Prevention too)
CFP 3= Prevention (The power of A-VSMART and HIPS+the Network Firewall and those 1 million+applications in the whitelist).
CMG= Protects your Memory (Buffer overflow protection!)
Comodo BOClean= Antimalware tool

Also when you think about it, We have our old security programs that DETECT (to name a few)…

Spybot-S&D- DETECTION ONLY
SUPERAntispyware- DETECTION ONLY
Ad-aware-DETECTION ONLY
Ordinary Antivirus Software (AVG, etc)- DETECTION ONLY

COMPARED TOO…

Comodo Firewall Pro 3- PREVENTION

All those things(Comodos Products above) will eventually be intergated into CFP 3, Starting with CMG (Nice new thing btw), will these tools be all that we need for security? Has Comodo Really put Security to a whole new level? I would say yes. (Prevention, Prevention Prevention) and NOT Detection Detection Detection which 99% of the security vendors out there are still working on… Which is so old, and Prevention is the best new thing (WILL IT PROTECT AGAIN ZERO-DAY ATTACKS? is there REALLY such a thing as Zero-Day attacks??)

My self… I am definitely going to through away Avast! Pro and replace it with CAVS 3 when it is out. You guys have done an amazing job, I have found because I haven’t had a single spyware/virus/trojan since CFP 3 has been on my machine, and SUPERAntispyware and Spybot just sit there like lost dogs doing nothing. Do I need them?

We are talking about the future! Comodo has created a new level of security. and it is time to think new… Just think of what Comodo can do in the future for the computers around the world… Will Comodo make history?

Users: What do you Think about all this? do you really think CFP 3 as soon as it is integrated with the other security programs, Be the only thing we need?

Best,
Josh.

Cangrats on all your efforts!! Josh.

Melih · December 9, 2007, 1:50am

Thanks for the post Josh!

First of all I would like to draw your attention to one of my articles about Layered Security Layered Security | Why this is the Only Way Forward?

Even though with v3 you pretty much don’t need anything but its a good practice to have detection technologies as a back up.

The point is: the “first line of defense” is now “PREVENTION” its no longer “DETECTION”. You will have more advanced users doing away with Detection technologies, because they are confident about not making mistakes about running (and allowing) malware on their system and V3 will naturally prevent them from any uknown attacks, so they will be secure and just have V3 on their system (erm… like me I have no AV… just v3 on my systems now with CMG). So the only way into my system is for me to say, ok go ahead and install yourself mr malware… but i know better not to So using V3 on its own is good enough for me. (but i am not an average user) (i am well below average (:NRD) )

Bottom line is: my recommendation is a Layered system!

thanks
Melih

system · December 9, 2007, 2:32am

Thanks for the Layered Security Article!

You have a nice blog on that site… I will more later You only have CFP 3 and CMG? Wow and yes, I agree best to have the detection tools as a backup, I will keep Spybot and SAS as backup, But so far… Nothing is found…

Josh.

system · December 9, 2007, 2:40am

Interesting Melih!.. so if V3 is good enough for you, Why have CAVS 3, BOClean, etc? They are detection tools too right?, are they considered “Backup” as well?, Well they will be integrated into CFP 3 eventually down the track… So do we tell the users not to use them or to use them?

I guess it reply depends on the user :-)… and layered Security. Sorry for going into it too deep Melih!
CFP 3=Prevention
CAVS 3=Alarm bell

Yes, layered Security Silly questions I asked!

I am also currently using CMG and CFP 3! Melih, Is CMG planned to be offical released soon?

Melih · December 9, 2007, 9:21pm

Indeed… the answer is layered security.
For me: I am confident about what i let in to my system, however I wanted prevent anything else coming in any other way (BO attacks etc getting and malware getting into my system without me even noticing). with v3 and CMG i get that. So for me v3 and CMG is all I need.
However, not everyone understands how a malware might look like. Hence Detection is important just in case! The issue is Detection becomes a “Just in Case” kind of protection rather than your “First line of Defense”

Melih

jon.bean · February 17, 2008, 4:55am

All these layers on top of Vista memory hog?? I’m getting to the point where I may just be 100% safe, keep my memory and move to Mac.

The answer is always “more is better.” Oy vey.

Ragwing · February 17, 2008, 1:12pm

Ever heard of ‘Less is more’?
Anyways, I think that if you’re an advanced user, you won’t need anything else than CFP (once CMF is integrated). But if you’re a average PC-user, you might not be to used with HIPS, and therefore it might be a good idea to keep your anti-virus and anti-spyware software.
Even less experienced users might be fine with CFP 2.4, anti-virus and BOClean (and possible CMF).
I would say that CFP protects against 99% of all malware, if you know how to use it. But malware writers will of course write malware to terminate CFP, but the only way would be to let it install a driver (like IceSword does). And if you download something you’ve never heard of before, you don’t just let it install a driver without looking it up somewhere.

Cheers,
Ragwing

giraffe · February 17, 2008, 2:10pm

Yes, agreed. A couple of days ago a site tried to send me a trojan; Avast! detected it, warned me and stopped it from doing anything. That’s both detection and prevention (if the trojan had tried to do anything, Avast! would have stopped it).

Now if the AV hadn’t seen it, CFP would have stopped it installing/getting out but might not have detected it, so having a layer that stops a threat at the point of trying to download is a good first layer.
A firewall that stops the ensuing behaviour is a good second layer. If it can then remove the threat, ideal.

So, detection (warning, choice of action, prevention of initial transfer/opening/installation); prevention (overlaps with the first layer, then as the last defence stops the beastie from getting out/doing any harm to important files); cure (this is sometimes the most difficult part, which is why PREVENTION is so important).

Melih · February 17, 2008, 3:36pm

Thank you for this thought provoking post Josh.

In my opinion, practically speaking, the only time we will need an AV is: When we are executing applications that are not in our whitelist and we really can’t trust the source where they are coming from and we really have to execute that application without waiting on Comodo to analyse it, then an AV would be handy.

If you only run known or fairly well trusted applications, again practically speaking, there would be no need to use detection technologies.

Of course layered security is great and it doesn’t hurt to run on demand scanner (not on access) every so often just in case.

The Paradigm Shift in Security has happened and security is moving towards Prevention as first line of defense than Detection.

thanks
Melih

asker · February 27, 2008, 7:26pm

Melih post:9:

Thank you for this thought provoking post Josh.

In my opinion, practically speaking, the only time we will need an AV is: When we are executing applications that are not in our whitelist and we really can’t trust the source where they are coming from and we really have to execute that application without waiting on Comodo to analyse it, then an AV would be handy.

If you only run known or fairly well trusted applications, again practically speaking, there would be no need to use detection technologies.

Of course layered security is great and it doesn’t hurt to run on demand scanner (not on access) every so often just in case.

The Paradigm Shift in Security has happened and security is moving towards Prevention as first line of defense than Detection.

I see layered security that way. comodo firewall represents locked door to your house. It is good to have doors looked and in most cases it is secure enough. But ask yourself if you protect inside that house something important to you, would not than be great to have some more security for example motion detector - like laser net spreded through the house. That is what av represents in my opinion. If intruder somehow manages to get into your house (past your comodo firewall), than the motion detector-laser (antivirus) will most likely detect it, unless if the intrudor can see that laser net through “special glasses” (algorithm) and bypass it. But if so, it will have trouble of getting out the door again, cos firewall will be there again.
Yes layered security is quite interesting and safer because you are having a few agents guarding your computer, not just one big rambo-like. But, now that vista is well out and many of us are using it, I need to find a compromise between security and system responsiveness, cos every added layer of security affect vista badly. One of the concequences of malware is slow system responsiveness, and with many security programs installed, you get that same effect. So the compromise is to be considered and taken. I would go for cpf3 with some sandboxing program and that would be pretty much all. Quite safe and it would not affect my system constantly scanning and using power and electricity, which is not really cheap these days.

Thank you Melih for letting me thing of security from another point of view. I now see prevention more important than detection. And I am glad comodo has that great engineers that work for us agains black hats.

thanks
Melih

MorphOS_REBOL · March 1, 2008, 6:03pm

Sorry Melih,

I really dig your new approach vs. malware, but I have to differ in opinion here a bit.

Whilst it is known that most malware could be prevented by a fine FW/HIPS solution (if the user is more or less intelligent) I honestly find it to be way exaggerated to say heuristic and data based AV detective proggies are out of date now and, thus, no more being needed.

This is simply NOT TRUE. (even if I’d like to say so).

Data based AV prevention is STILL a necessary part of security layer. I wish it were not, but it’s a fact. (I sincerely hope, this will change in the near future).

Cheers

The REBOL

Melih · March 1, 2008, 10:35pm

Where do I say you don’t ever need an AV?

You need an AV if you are executing uknown applications. Also, if you read my article on Layered security (in this board and in my blog at www.melih.com, I always made it clear you need a layered approach.
Prevention
Detection
Cure

My approach, for clarity, is that: Prevention is now your first line of defense not detection!

Melih