First of all, pls allow me to stat again, thy coder for anvir has done an excellent job and built a very good task manager.
Here is a small test i did on a VM machine with not much stuff in it…
Check the screenshots…
Killswitch showed Zero untrusted process (this shows the power of whitelisting)
vs
Anvir showed many files as it didn’t know the verdict on them (thats my understanding of course I could be wrong)…
So, If i was hunting a malware on this PC, KillSwitch would have made my life much easier as I didn’t have to go thru many files to “deduct” what could be malware.
Like I said, this is how I removed malware (day zero)…you just want to know what is untrusted…and let me find amongst whats untrusted which one is really untrusted.
Again, anvir coder has done a good job and welldone to him for a nice and sophisticated task manager.
If you have a good whitelist which includes all the critical files for OS etc…then its ok to fight malware by killing all unknown processes…this gives you a chance to work out where the problems are…gives you a breathing room…again these are my own experiences for malware cleaning. We are more than happy to improve with our users suggestions.
I was not saying which one is better, bigger white/black list. I was answering this question:
Quote from: Melih on Today at 08:07:53 AM
I didn't know other process managers have the ability to verdict a file?
Can you pls show me which Process Manager have this ability? thanks
Of course anvir does not have the same resources than Comodo to get a huge white/black list.
All your shourcuts are ok, but still you can do the same with anvir, process hacker or any other.
Show only untrusted with Comodo requires 2 clicks
Order the files by veredict (same visual effect) for anvir/KillSwitch : 1 click
Instead kill all the untrusted (2 clicks) you can select holding the “cap” key the first untrusted app and the last one, right click terminate (4clicks).
But having a tool combined with a huge whitelisting will create an ability that doesn’t exist in other task managers.
That ability is to terminate unknown files. You see, if you have a good whitelist, you can easily terminate unknown files. If you don’t have this whitelist, then terminating all unknown will cause you a lot of problem. You can do that will Killswitch much easier than you can with other task managers. that was my point. Its not about the task manager…its about the combination of Comodo’s infrastructure into this task manager that makes the product so unique.
The only feature in my biased view that AnVir has over KillSwitch/PH is the bloated and ugly UI. Look at how many icons and custom menus they use. And just like all the other process viewers (aside from Process Explorer) the author of AnVir Task Manager doesn’t actually know what he’s doing, and thus fails all basic tests like not being fooled when a process tries to fake its own file name in its RTL_USER_PROCESS_PARAMETERS block (although PE fails this as well).
Process Hacker has been written someone who “gets” security! And Comodo’s usage of Process Hacker is a testament to that. It is important to understand that KillSwitch is based on a very sound and well architected platform - Process Hacker!
Well, I’m not really a security person, and I’m not a fan of the “security” industry at all or even the existence of it. Anyway, hope you enjoyed reading my small rant about AnVir. IMHO it’s one of the worst process viewers out there, just for its horrible UI.
comodo’s whitelist is superior and it makes the cleaning process with KillSwitch very convenient rather than other task managers that I have to go through all the running processes to find this nasty piece of malware that is compromising the system !!.
On heavily infected systems you can get dozens of evil malware processes running , and sometimes it looks like legitimate processes exactly !!.
so without the comodo’s whitelist ( like in anvir ! ) it will be just like searching for a needle in a haystack !!
and above all these features , It has DACS ! built in so u can also check for the unknown processes before terminating them and ruin your system ! , and this is awesome !! :-TU :-TU :-TU
and let me tell u something , it’s totally free ! :-TU :-TU :-TU
many thanks to melih and the developers team. you guys rock !
Melih, It would be nice if u include some tweaks in Killswitch like the ability to ‘Enable Task manager’, ‘Enable access to registry editing tools’ etc… when they are disabled due to malware infection.
Hopefully the devs will allow users to contribute code so at least some of these features will actually get implemented. It’s one of the awesome things about free and open source software, and SourceForge.net.
That’s your opinion, not to be confused with facts.
The fact is, when you have a computer that’s infected with who-knows-what, it can take hours and many re-boots to identify and tease out all the malware. I appreciate a quick solution to get the computer up and running so you can finish disinfecting it. I think MANY OTHERS appreciate it too.
Two weeks ago I need to manage two notebooks infected with Sality.
One had Kaspersky installed. The other, Avira.
I’ve used all weapons I know, from bootable CDs (like Kaspersky, AVG, Avira and Bitdefender). In one of them I’ve managed to install avast and run a boot time scanning.
Man, I’ve lost time… No way… Sality always come back.
I wish I could have tested KillSwitch on them. I reformated
Not exactly related to KillSwitch but I find Dr.Web Boot CD the most effective for cleaning sality and virut infections, followed by a scan with HMP and MBAM. Haven’t tried KillSwitch for this purpose yet, though.
Hi Tech. Could you have used CTM to go back to a point where you were not infected, rather than a tedious reformat?.I say this because you seem by your posts, to have been a user for some time.Oh, by the way before i got CTM i was also infected with sality and tried every possible way to remove it that i could think of and yes i reformatted eventually. Wish Killswitch was around then!.This was on a machine with Avast as the Av and Threatfire covering behaviour.
Neither are installed now, Cis and all its bells and whistles on both machines, should have known better and had Cis on both from the start.
CTM was not installed in that notebooks.
CTM is currently not installed in my notebook as it is instable and the development is doing to slow. I work in a production machine and work at it. I need it, at least, without BSODs and data losing.
avast clean it but it reapers… I couldn’t find exactly what was going on. The cleaning procedure was unsuccessful.
