What is the best antivirus software for you?

General Discussion (off topic) Anything and everyt
21

They have sandbox for automated analysis like ESET and BitDefender Gravity Zone (Business).
Its still detection based. But Comodo has containment so virus cant kill your computer.

But in ESET, BitDefender and Kaspersky they add the virus to their database lately so virus finishes all of its job and then they detect it. (Except ESET’s LiveGrid Pro-Active setting).
BitDefender’s sandbox will send you email when it detects a threat (by sandbox) but until it detects, you can use the file. So the file finishes all of its job until BitDefender’s action.

And Comodo has behavioral analysis, threat defense, frequent updates (about database) and proactive protection too.

Lastly, Comodo actually have Sandbox feature too (Automated analysis).
I didnt know that Kaspersky has Sandbox feature, is it newly added?

3 Likes
22

For example, Kaspersky Endpoint Security includes the Kaspersky Sandbox component, which automatically detects and blocks advanced threats on computers.

And when Eset detects a threat, it sends it to the cloud and gives a verdict. This means you cannot use the file. You are prevented from using the file until there is a verdict.

2 Likes
23

I know that ESET’s LiveGrids’s Pro-Active setting blocking the file’s operations 'til it decides the file is safe or not.

But i didnt know the Kaspersky one, actually i used business version of Kaspersky and i didnt see any feature called Sandbox. I think its newly added.

And Comodo doing it too. With File Rating i think, and extraly Comodo has Containment and HIPS.
I agree that Comodo’s database not good as Kaspersky.

2 Likes
24

I did some research, I think it was in 2020 if I’m not mistaken.
Here is the link showing it.

2 Likes
25

I really like the self-containment of CIS echo show in its sandbox.

2 Likes
26

Yes Comodo/Xcitium has Automated Analysis in containment the file is sent to XAMAS(Xcitium Automated Malware Analysis System/Valkyrie) for a fast verdict 95% of the time

3 Likes
27

so far you guy did not answer this question:
how you will prevent the breach when these detections miss a brand new malware?

The answer is they cannot!

Only Comodo can, because we “automatically contain any unknowns” and this is our patent and others can’t do it.

4 Likes
28

In the mawaretips forum someone wrote (I don’t have the link) that comodo and its containment are pure blockers. What else does security software do or should it do?

2 Likes
29

They are wrong! Not blockers, but use Virtualization. So no blocking but virtualization of resources that are important to malware. So all unknown executables are NOT blocked but given virtual resources to use for important things. For example a brand new executable file comes in, we don’t let it write to hard drive, we give it a virtual hard drive to write. If that brand new executable file then turns out to be ransomware there will be no damage because they only were able to write to a virtual hard drive.

4 Likes
30

I don’t think CIS is just a blocker like the people at mawaretips keep saying.
Even though its malware detection is the worst on the market.

2 Likes
31

I watched this video carefully and I have a question that I think you can explain to me.

If someone develops malware that can break through this sandbox, what will protect us if CIS has low detection?

I believe this is a question that many people who use CIS, like me, have.

3 Likes
32

Its isnt worst in the market (about CIS). Yea i agree that it isnt good as Avast, Kaspersky, BitDefender, ESET, Malwarebytes. But file rating system can actually detect a virus in just 1 minutes in most of the files.

It actually happened in the past, someone developed malware that can breakthrough the sandbox feature. (But its fixed rn so dont worry xd)
I think HIPS and VirusScope can block the virus or firewall.

If the sandbox breaking virus is trying to steal your browser cookies they cant send it to their servers because of the Firewall.
If it just try to kill your machine then HIPS will give you alert.

And VirusScope can block it too (if its isnt in/set to “Monitor only contained apps” mode).

3 Likes
33

I understand what you said, but there are people who only use the Firewall and disable HIPS.
If they get infected and get past the Sandbox, they’re ■■■■■■■.

2 Likes
34

Thank you, Melih!

If that is the case, then a change would be advisable!

Is it the worst on the market because some only use the Firewall and disable HIPS?
Is it the one of the best if using HIPS? :thinking:

1 Like
35

What I wanted to say is that there are users who like to use HIPS disabled when using CFW.

1 Like
36

Is it the worst on the market because some only use the Firewall and disable HIPS or not? Why do you use comdo then? That’s serious questions.

1 Like
37

Leave that subject alone, you don’t understand me, hugs!

1 Like
38

You speak in riddles. Just answer my questions. It’s not difficult.

2 Likes
39

Yes you got a good point.
I dont really think that someone (that founded the containment bug) will just destroy your computer, i think he/she will try to access your data too.

And Comodo’s userbase not much as Kaspersky, BitDefender so the number of people looking for vulnerability in containment is low.

2 Likes
40

Exactly that, I agree with you.

I’m glad you understood my argument.

Because there are people who like to use CIS with HIPs disabled.

Those who use CFW and also disable HIPs may have serious problems. How do you get around this if the user disables it?

2 Likes