The Good, The Bad and The UGLY (ugly because its unknown!!)

Legacy AntiVirus products allow Unknown (The UGLY) applications to execute on your computer!

A computer file could be an executable or non executable type in general. The executable one is full of instructions telling the CPU (the intel thingy ) what to do, like show this character on the screen etc…just full of instructions…sometimes, these instructions could be some malicious things like, copy the password and email it to fraudster etc…

A file can be in 3 states

[b]1) A good file (aka The Good)

2)A bad file (aka The Bad)

3)Unknown file (aka The UGLY)

A system, like legacy Anti virus products work in the main with “Blacklisting” architecture.

They work by saying: “if you are in the blacklist you are not allowed to execute in this computer”.

So lets take the files and step it thru a legacy antivirus to see if their architecture works.

Journey of a Good file…

We take a Good file and push it thru an antivirus…antivirus checks this against their blacklist…it can’t find it there so lets it go ahead and execute…all well and good so far…great……

Journey of a Bad file…

next…lets take a bad file….(lets be nice and say that this is a bad file that the legacy antivirus knows about, cos there are many bad files that legacy Anti virus products know about, as No single Antivirus company can have 100% visibility to ALL the malware out there, period)…but lets be nice :)…so take the bad file and push it thru a legacy Antivirus….antivirus check this against their blacklist and bingo…it detected it and stopped it from executing….welldone legacy antivirus!!

Journey of an Unknown file…

Now lets take an unknown file and push it thru a legacy antivirus product, it will check against its blacklist…is it there? Nope…so lets just let it go ahead and execute…after all its not in its blacklist….

so what did i just execute?

What was that unknown file that I just executed? Was it good or bad? Afterall it can either be good or bad…. so using a “blacklisting” architecture you just allowed potentially malicious application to run and damage your computer!

If you were writing Viruses…

Now, lets say you are writing viruses for living…and believe me there are many out there that does that and many more who use these to make money from them. What would be the first thing you would do when you created your malicious creation?

Yep, you guessed it right…you would first check to make sure popular legacy Antivirus products don’t detect it. Afterall, if you are intelligent enough to write a virus, you should have an ounce of brain (used for wrong purposes….) to check if your virus is detected or not. And yes you make sure its not detected and then you release it on people….

But wait!!!

This new virus/malware that this Virus author just released will be an “unknown” file and will be executed….errrmm…yes…it will……so now you know why you are MAD MAD MAD to rely on a legacy Antivirus that still uses “blacklisting” techniques in an attempt to protect you but fail miserably!

Yeah but Legacy AntiVirus products have heuristic built in……

■■■■, didn’t know that oh really, well everything is fine then…:slight_smile: (sorry for the sarcasm….:slight_smile: Heuristic is also based on “blacklisting method”, these are rules that identifies files/behaviours that matches a blacklist of rules. The architecture is still the same! You are still running the “risk” by “executing” “unknown” applications. Do these things detect more…sure they do…do they eliminate the risk, hell no!

So if you don’t want to run your computer or your business like a lottery and letting your security applications run “unknown” applications, then better use Comodo



I do not think anyone could better and easier as Melih explain how it works Comodo
Internet Security. With conventional antivirus products, the UGLY will always gain
something from our computers, what is a risk which, besides being very large is
also a continuing risk. >:-D

We have now the possibility of using a product like Comodo to greatly reduce this
risk, (Why not close to zero) making a bad file in one inofesiv for our computers.
We must see the reality: conventional antivirus products are about to lose the war
and alternatives are the products that rely on prevention, not detection!
When we get a internet security suite, we should not think about the great detection
rate of 99.99% but the fact that we want a product that will provide a full complete
protection against unknown malware! Why does not Comodo Internet Security?

Keep up the good work Comodo! :-TU

Best Regards,

Completely agree with Melih. I’ve been repeating it across various forums - “Antivirus” and/or “Behaviour Blocker” software is simply a “roll of the dice” security setup/approach.

CIS is certainly on the right track, particularly with Defense+. However, a default deny setup/approach (and not running as admin) would be even more powerful, and is what I’ve been employing for over 8 months.

This is funny…Go ahead buy Norton for $50…but when it fails…come and get this Norton Power Eraser…

I mean, do i need to say anymore?

PS: this power eraser could also delete your legit files though…so you must be careful…


No you don’t have to say anything Melih because Norton is always after more money and nothing else.

Or, Maybe it’s a fishing line and hook. If your infected using another product then you might Google for the removal tool, Come across power eraser and think ’ Hey this is good, it fixed my problem. Maybe I’ll buy Norton!’

PS: this power eraser could also delete your legit files you must be careful....


This is no different from any black listing application. Comodo for example quite often labels false positives with it’s antivirus (Even more so then a lot of other applications!), Which results in the deletion of legit files.
Comodo, Symantec,McAfee,anything,everything.
All the same.

All companies are after money. There MAY be a few exceptions…Charity… etc.
Comodo for example has a different way of making money through CIS than Symantec does through Norton, You pay for support. It’s a different method, but in the end it performs the same function $$$$

Comodo for example quite often labels false positives with it's antivirus (Even more so then a lot of other applications!), Which results in the deletion of legit files.

But at least you are not allowing a virus to run unknowingly on your system. The FP at least tells you it may be malicious, hence the option of submission to have it tested for absolute certainty.

You can too upload potential malware to Symantec and have them check for malware. You can report it on the forums too, Just like here at comodo and get them to verify if it’s a false positive or not.

In the context that Melih provided about how sucky Norton Power eraser black list scanner is, He was saying it has the potential to delete safe files, this is no different from comodo’s black list scanner - Comodo AV.

Possibly a dumb question, but which AV’s use the Legacy approach, Is legacy an AV system or is it itself an AV I haven’t heard about?.

The only dumb question is the question thats not asked!

Legacy In computing, describes outdated, obsolete hardware or software. Usually a PITA. Often refuses to die. "You'd think after around 30 years legacy storage like floppy disks would be vapour."

Yes, just like Comodo AV does sometimes

Thanks Kyle, now I understand.

let me explain the main point…

Main point: Norton readily admits Antivirus products miss malware…


All antivirus misses malware Melih… you know that. You should of stuck with the original post and not mentioned norton’s black list scanner :stuck_out_tongue: Kinda shot your self in the foot when you have a black list scanner yourself ;D

Are you always this funny? :slight_smile:

Kyle: I know they miss malware…you know they miss malware. I wrote this post/article for many people who do not understand this subject. So lets let them read it without cluttering it with irrelevant posts ok?


But this is nothing new, and why this is important? they never said “our AV detects 100% of malware”

The interface does show it is beta software and the EULA, which nobody usually reads, also informs us.

However the web page does not tell this and the program should have stated more clearly in the interface.

to avoid double posting. I already replied here

as a side note: Where do they, in their marketing material ever admit that user’s are not protected 100%?
they claim they prevent dangers in their website

here are some statements they make:

-Prevents botnets from taking control of your PC
-Prevents cybercriminals from using security holes in your web browser to load dangerous software onto your PC.
-Prevents unauthorized users from stealing your bandwidth and accessing your files
-Guards your PC against all kinds of cyber-threats without slowing down your computer or eating up system resources.

So lordraiden, where do you think a user is informed that actually Norton does NOT Prevent 100% of the above but only detects %age of it? To a user they will think Norton is all they need and they will be protected! This is false advertising at best imo!


The point here is that a traditional AV itself sucks. That is why COMODO brings DDP with layers of security. Symantec says themselfs, an AV is not enough. i say, an AV DOES NOT PROTECT!! No matter what software you use make sure you have layers of security and a DDP environment.

So you do exactly the same:

Comodo Internet Security

* Defends your PC from Internet attacks
* Detects and eliminates viruses
* Prevents malware from being installed I can never get infected

Comodo Antivirus


* Detects, blocks, and destroys viruses [i]I dont need anything else yuhuu xD[/i]
* [b]Immediate [/b]feedback on suspicious files [i]JAJAJA  ;D[/i]
* Protects with On Access scanning

You are been a hypocrite. This is a problem of all the security industry including Comodo.

So Melih, where do you think a user is informed that actually CIS does NOT Prevent 100% of the above but only detects %age of it? To a user they will think CIS is all they need and they will be protected! This is false advertising at best imo!