Would you buy software that advertises itself as letting viruses through or that there is a possibility that you’ll be hacked? I don’t think so.^^
I think what Melih wants to say is that most security vendors claim their product to be perfect.
He didn’t say that he excluded Comodo from that.
He just said an old AV Architecture like the one Norton uses is becoming obsolete. CIS, however, uses same AV Architecture but has other defense layers build around.
For marketing reasons, he will surely say: CIS is perfect.
I mean, a lot of people say the same when they want to sell you a washing machine
And for the Norton Cleaning Tool mentioned a few posts before, I think Melih has the right to express his criticism about it. I even recall that a few months before, Symantec said that free AV Vendors like Comodo shouldn’t be trusted. Only paid Products like Norton do the stuff.
From my experience, CIS is better than most paid products I’ve ever used. Only encountered one Problem with it so far since the 2 years I’m using it.
The claims that comodo does about CIS in their website are exactly the same with the same purpose and background that norton, avg, nod… or any other security vendor does.
So I agree with Melih, that comodo, norton, and many others lies in their websites.
Maybe I’m wrong, but I thought those were more for usability purposes. Essentially for the same reason they introduced the whitelist.
Firewall: This is necessary as it complements Defense+ and I don’t believe it belongs in this list.
AV: Will catch most (hopefully) bad files before the user makes a decision. This makes it much less likely they will allow a malicious application to run
BB: Same reasoning as the AV only it works differently
Sandbox: Essentially this is an automatic form of Defense+ so that the user will not have to answer any questions. At least this is the idea behind it. I think it still needs some work to make it more usable.
CTM: This is used if the AV/BB miss the malware application and the user allows it because they believe it is safe. You can then fix the computer if you find out later that the file was malicious and it can’t be removed.
I believe this is how these are supposed to work. I don’t understand your argument.
D+ is capable of catching almost all malware upon installation.
I was referring to the fact that Melih is arguing that a new signature based solution is not gonna cut the mustard as prevention of signature based solutions is not enough in its self.
If I am not mistaken, but I must say I never installed it as I always used the complete suite, the Comodo AV has D+ active.
You are around long enough to know that sandbox, av and bb are very much there to lessen the amount of alerts from D+'s default deny strategy. Users make mistakes; so there is a potential source of getting infected. Luckily CTM brings a solution to go back in time to get rid off an infection.
Do you belive what are you saying? so if I execute any malware in the world D+ is going to stop it the 100% of the times… Taking into account that D+ is going to ask me about to execute any file we could say yes, but them UAC is also 100% efficient.
If we accept to execute the file and them we block the rest of alerts some malwares will infect the computer anyway, every release of comodo has bugs, bugs of D+ bugs of the sandbox…
Melih started to laugh about the new scanner of norton, let me remember the SUPER Comodo Cloud scanner so everybody can laugh now.
Norton has AV with Behaviour Blocker, whitelist, blaklist, greylist, cloudAV, firewall, and also system protection like D+ but light, and many other technologies. So the only thing that comodo has and Norton not is the sandbox and that its something relatively new in comodo. Without mention that Noton AV is much better than CAV. So you can use sandboxie+Norton and you will get a better protection, the only problem is that you need to pay for norton, anyway the web is plenty of AV’s better than CAV
Anyway I use Comodo, I like it, I would like to see someday a comodo with BB and cloudAV (comodo has a big comunity), but I think that comodo need to improve a lot and fix a lot of problems before criticize the others.
It’s possible to smell the arrogance in this forums sometimes, and this is the major bug of comodo.
That’s exactly right! And this is the reason why a default-deny approach is the best. I’m not saying that a default-deny approach will work for everyone in all scenarios. But if I was living with someone and they kept getting their computer infected by malware, I would seriously consider employing a LUA/SUA + SRP/AppLocker/Anti-executable 3 security setup/approach for them. In this way, the user can’t even run anything new (therefore, the user doesn’t need to make a decision of whether a file is bad or not) by default even if they wanted to. If they wanted to run something new, they’d have to ask you for the admin password etc. Then you (the person who has more experience) can work out whether it’s safe or not.
I don’t really understand what you’re saying really. But to answer your question, yes Defense+ will stop almost 100% of all real-world malware out there if configured properly/optimally (it is a CLASSICAL HIPS) and used properly. Even in default configuration, it is very powerful. Find me a malware sample that can bypass it right now. You won’t be able to! Or if you can, I’d be very interested to get hold of that sample haha.
Regardless, the last time I checked, Norton didn’t have a CLASSICAL HIPS. Does it?
Follow the whole conversation and you will understand it.
So now D+ is 100% bug free?
Even if is true (is not true) who wants to make 50 click only to open and application, or 500 to install something, is not a real solution, and also you can get infected anyway if you dont make the right choice.
Not sure what you mean by “bug free”, but I’m starting to understand what you’re actually trying to say. And in reply to that, read my post at the top of this page. I personally used Defense+ for a long time but realised after a while that all I needed (personally) was a default-deny anti-executable. And I subsequently discovered that there was already one built-in to my OS (Windows XP) called SRP. I also subsequently discovered that SRP has never been bypassed by real-world malware. Furthermore, AppLocker (built into Windows 7) has never been bypassed by real-world malware and also has never been bypassed by any POCs, period.
Regardless, Comodo’s Defense+ when used properly is extremely powerful. Unfortunately, it does need to be used properly. If a user really wants to run something and everything, then the only thing that can stop them is to configure CIS accordingly and password protect Defense+ and suppress alerts etc. But by doing this, you’re simply employing the equivalent of SRP etc.
why do you guys keep talking about a COMODO technology by itself. CIS is a HIPS, Sandbox, AV, firewall and memory firewall. That is why comodo is really good. Not only the sandbox gets rid of popups but it protects and prevents! the hips is really effective, even with the 500 clicks you say. The AV is really good as it is just an AV. All combined, now that is some good security. so if you are going to day D+ sucks, try CIS as a whole. go to malware domain list dot com and look for a sample that COMODO cant stop. if you do, submit it to comodo
Why we have sandbox? Come on man…how many times we have to say it…usability!!! Security is provided thru D+ everything else is mainly usability, including blacklisting in the AV engine, whitelisting etc
I never said that; not even by implication. In case you had assumed that I corrected myself:
I don’t know where you get the 100% protection claim from D+ from.
Taking into account that D+ is going to ask me about to execute any file we could say yes, but them UAC is also 100% efficient.
???
If we accept to execute the file and them we block the rest of alerts some malwares will infect the computer anyway, every release of comodo has bugs, bugs of D+ bugs of the sandbox...
I never said that, in case you were talking to me,; not even by implication. In case you had assumed that I corrected myself:
[quote="EricJH post:29, topic:253102"]
D+ is capable of catching almost all malware upon installation.
[/quote]
Melih started to laugh about the new scanner of norton, let me remember the SUPER Comodo Cloud scanner so everybody can laugh now.
Norton has AV with [b]Behaviour Blocker, whitelist, blaklist, greylist, cloudAV[/b], firewall, and also system protection like D+ but light, and many other technologies. So the only thing that comodo has and Norton not is the sandbox and that its something relatively new in comodo.
Last thing I know CIS outperfomed Norton by a mile on the Matousec Proactive test.
Without mention that Noton AV is much better than CAV. So you can use sandboxie+Norton and you will get a better protection, the only problem is that you need to pay for norton, anyway the web is plenty of AV's better than CAV
I don't know the exact latest scores but traditionally Norton's AV is top notch.
Anyway I use Comodo, I like it, I would like to see someday a comodo with BB and cloudAV (comodo has a big comunity), but I think that comodo need to improve a lot and fix a lot of problems before criticize the others.
Let's await the developments. Even though there is always room for improvements I count my blessings with the serious foundation of D+ default and eagerly await all improvements that will come for AV, sandbox as well as the introduction of the behaviour blocker.
It's possible to smell the arrogance in this forums sometimes, and this is the major bug of comodo.
It's hard not to be with a solid foundation like D+...;) :D O0
D+ is a lose of time UAC is equally effective (you can say no every time you open a executable) or any anti-executable software. The combination of D+ and the “sandbox” (is no really a sandbox) is very interesting, but still the sandbox gives as many problems as D+
D+ have been bypass over the time why not again? and the sadbox is bypass every week…
Anyway we where talking about Norton, why they make false publicity and not Comodo?
And if you are the CEO and Comodo is so great why dont you try to make publicity of comodo? If you are sure that Comodo is 100% safe you can start a competition offering 1000$ or 100$ to the first person able to bypass comodo with a malware writen by himself. Comodo will appear in all the security sites.
Or even better, join to AV-Comparatives they already make real live test as you wanted.
Are we waiting to the Behaviour Blocker now? it should appear in 4.1 but the changes in 4.1 is remove things, change the name and little bugs (I hope to see something else)
Maybe we are waiting to the “acid cleaning”, I dont know.
I don’t think so.^^
