:comodo110: :comodorocks: Some people will call me a fanboy, i can live with that!. Many who have read my previous posts know i have absolute faith in what Melih is doing withn Cis and applaud his ambitions. However i was a wee bit dissapointed in not seeing Cima integrated into Cis Av 3.9 as a lot of Members thought would, and wanted to happen. Why?. Because i wanted to see more tests done indipendently and as i already know Cavs Capabilities detection rate wise, having done tests myselfe and achieved 98% rates, then i feel Cima would have potentially silenced a few doubters and see a further improvement towards the dizzy heights of the 99% plus brigade. i am about to get on my soapbox again, and just say this. I know detection rate is only part of the picture, dont remind me. However lets remind those who chose Avira in my post Which Av would you choose?, of a few facts why i will stay a fanboy if the improvements in 3.9 carry on to version 4. 1) Traditional Avs like Avira rely on " realtime guards" to detect Malware, and Avira being the best of these detection rate wise in on demand tests, fails miserably in that it lets in 29% of unknowns in Av-comparitive tests, period. Surely that is eneough to make users switch to Hips or BBs.No such problem in Cis and some others.2)What other apps have another two other important layers of protection, in Boclean and Buffer overflow protection?. None that i know of but will stand to be corrected.3) the effectiveness of buffer overflow is such that over 27% of infections are caused by the lack of it, and cant understand why other vendors dont use it given the protection it offers. Is this a patent thing Melih?.That fact alone should make anyone wanting serious protection ditch avs without it and those that dont have D+ or similar.i could go on and on on this one but the basic facts are there. Those that went for Aviras better on demand ( at present) detection rate seemed to be blinkered into ignoring the info in the Comodo forums and elswhere that If they rely on similar apps to Avira , Avast being another than they will definitley come unstuck due to poor real time guards, lack of Hips or BBS, and probably the most important factor in this one.Over one quarter of infections are caused by Lack of bufferoverflow protection, and so what if another app can detect 2% more on demand at present. I would rather have the 27% protected by Buffer overflow protection That Cis provides. Knock me off my soapbox if you will, but thats my opinion, and the facts are there, in the forums and elswhere.
Thank you for your kind support and faith in us Dave1234. We will, as always, do our best to live up to it.
I will try to answer some of the questions:
- Why don’t other’s have BO protection: Its not that easy to build one that works for the masses. Of course that doesn’t mean that they can’t build it. We identified this to be a huge issue and created the solution. I really do not know exactly why others don’t.
2)Why CIMA is not in this version: CIMA is a realtime analysis environment. It runs malware in the PC and tracks its effects and then depending on the rule set it determines whether its malware or not. We have some good ideas how best this can be done utilising some Sandboxing and Behaviour blocker technologies and will take some time. Its not as easy as simpy integrating, cos CIMA does require a virtual PC (not even an emulator will do as we already have that). So we have some ideas and lets see if we can incorporate these to ver 4 which will then provide security and usability that will simply be unmatched (yep… unmatched).
Hope I was able to answer your questions, pls do reply if i missed any as more than happy to answer more questions…
Nice to hear that Melih… :comodorocks: :comodo110:
Just sharing some of my own experiences with CIMA:
I’ve pumped I think around 24 samples at it some day ago (that I knew was bad but was undetected by CAVS)… I think around 17-18 came back suspicious or suspicious+… =)
Also I pushed some “safe” samples at it too, none came back suspicious… =)
So I think CIMA will be a great addition especially if it get’s as good or near as good as the Online one!!
I loved how it even alerted “disables windows firewall”. ;D ;D ;D ;D However I belives it fails to detect keyloggers (in my limited sending) but those was unpacked, maby that was the reason…
Keep up the good work CIMA team! :-TU :-TU
Just a question about CIMA.
Would it be integrated as a part of the normal scanning process?
I assume not, since it would take quite a long time to execute and analyse every file. So how would it be integrated? It would be very useful to prevent false positives, however I cannot see how it would help in catching any viruses or malware which are not flagged by the scanner, or that the user doesn’t explicitly scan with CIMA.
very good point Sliso. Thats why we couldn’t simply integrate it and require a substantial work to re-architect it especially for CIS so that it can be used for realtime scanning
To solve this should be easy.
Add CIMA in CIS.
Batch Scan those detected suspicious file after manual scan or schedule scan.
** to using CIMA only for those detected items. **
** this would be good for avoiding FP **
Batch scan those Quarantined Items.
** to confirm they are not FP **
If they are identified “suspicious” by CIMA, then maybe can add one button for sending COMODO R&D or Lab center for further identification.
Or COMODO CIS can add extra one option button for sending virustotal for classify if they are detected by other anti-virus vendors.
:-TU Thanks for the prompt reply Melih!. I must admit i never realised it was such a big job to integrate Cima into Cis, and now after your words, understand fully why its not in 3.9 at the moment.However i wait patiently ( says he biting his nails) for the eventual announcement of its integration in V4, and for the time when Comodo can finally silence the doubters and kick more than a few butts!.
Did you read what Melih wrote about how CIMA works? It allows the malware to run and watches what it does. Not such an easy thing to do inside CIS…
So you’re saying it would be easy to run a scan then have CIMA run all the malware (suspicious files) and watch what they all do? Doesn’t sound so easy/practical to me…