The database concept is what I originally stated was flawed, as in the local database.
If I only have 30 applications on my computer, why do I need a program checking them every second against a database of 2 million bad applications, or why would I need a database on my pc with the details of 30,000 good applications?
Microsoft has the concept of signed drivers: there is no database on my machine of either bad drivers, or good drivers; the information about the legitimacy of the driver is contained within the driver itself.
This was my original point, about databases in general, which some tried to obfuscate with a debate about the exact definition of the term whitelist.
In hindsight I fear I may not have responded to your suggestion adequately, and so I will I try to do so now:
Yes, panic, your idea is better than any current blacklist or whitelist database implementation, but IMO, some sort of signed application mechanism would be preferable.
I am sure there are some just chomping at bit, ready to shoot down the idea as delusional; I won’t deprive them of satisfying their desires.
panic, how about something like a “safety installer”.
When I want to install a program, instead of launching the program’s installer directly, I launch it indirectly thru the safety installer.
The safety installer then goes online and submits the program’s signature and some entity responds letting me know if the program is trusted or not.
This way I don’t have any database on my pc, I don’t have some program running in the background all the time, and I don’t need to check for any updates if I haven’t changed anything on my machine.
I really hope that its finally scheduled late this, or early next month. I’m eager to finally test it out. I also like to have all Comodo security products on my computer.
Imagine we use this “safety installer” to install a product and the other entity says it’s OK so it runs and installs the app. When we then run the installed app our firewall will pop-up, as it is, to the firewall, an aunknown app attempting outbound access. We create a rule.
This rules is stored where?
Possibly in a local DB for future reference?
Possible the the AV and the firewall will have the smarts to co-operate and share resources?
Stay tuned.
I don’t know this will appear in CAVS3. Just conjecture on my behalf. I could be wrong. I hope I’m not.
Melih, it never fails to amaze me that, as a CEO of a company, you would openly resort to weak rhetoric. There are inherent flaws in blacklisting technology, granted. So how does that mean that whitelisting, with its own massive set of problems as well, is the answer?
For all its flaws, antivirus companies have learned to adapt over time with different approaches and technologies to blacklisting. I ask you to tell me when was it that the world saw a widespread malware outbreak. At the same time, please tell me which company so far has managed to make whitelisting a major success. (Some intelligent answers, please; I’m not one of those syncophantic Comodo worshippers that you’re used to addressing.) As far as I can see, your company is trying to present itself has having designed a new-generation, cutting-edge solution to an age-old problem. I can assure you that that is most definitely not happening.
Melih, if people were smart enough to tell by themselves which files are safe and which aren’t, then they don’t need your product which would be nothing but a redundant piece of junk. I don’t see the point of a product that needs me to tell it which files and safe and which ones are malware.
I don’t think we need a “widespread malware outbreak” to come to the conclusion that many people get infected. Partly because they are incautious, partly because their black listing software misses the malware.
This hasn’t happened yet (which is the answer you want, right?) if you ask me. But more importantly, does that automatically mean that white listing is no good? Just because Symantec and McAfee grew large thanks to black listing, that’s the way to go? Your question indicates that you want to come to that conclusion…
No matter how unique Comodo’s white listing technology is, I believe it’s the way forward (not necessarily Comodo’s technology, but white listing technology).
Yes, IF they were that smart. But they aren’t.
So you need no black listing, no white listing? That’s good for you, but 99% of all computer users do need that.
Of course they do. But many others stay clean as well, and I daresay a very very large majority of them aren’t users of Comodo’s revolutionary whitelisting-technology products either.
The market and evolution of technology always has a strange tendency to favor the solutions that work best. All I did was to point out some simple facts that some may have missed. I don’t think that qualifies as bias; do you?
And if they aren’t, then that technology is useless to them. Sounds like a pretty catch 22 to me. Here we have a product that asks the user which files are clean and which ones should be blocked, when the user ostensibly installed the software so that it could tell him/her that.
No, you’re misintepreting my words completely. What I don’t need is a security product that pretends it’s providing any security by asking my opinion on anything and everything. When I install a security product, I don’t expect the product to hand all responsibility of security back to me.
The market and evolution of technology always has a strange tendency to favor the solutions that work best.
And how does that explain Windows?
In reality, the evolution and marketing of technology are inextricably entwined, rather than a quest for the best possible soluton.
IBM’s MicroChannel architecture was/is a technical masterpiece.
OS/2 Warp was amazing.
Ditto the Amiga hardware / Operating System combination.
The Pick database system.
The C/TOS operating system and hardware.
Where are they now? Snuggled up comfortably as a footnote in the annals of computing history.
Market acceptance does not always equate to technical superiority. The reverse is equally true (just ask the *nix guys).
You need to remember that the best solution is not determined by technical superiority alone. A technically superior product may be hindered by a variety of other factors that make it not the best suited for its purpose. Take antivirus software for example, since we’re on the topic. WebWasher is the ultimate scanner in terms of detection rate, yet I don’t think many people have even heard of it, much less used it before. Can you guess why?
The same goes for whitelisting. It’s all good and well to espouse the virtues of whitelisting (while conveniently forgetting to mention its drawbacks), until you consider the problem of who’s going to create that whitelist and keep it updated. The user? The vendor?
And for the record, Windows (XP, at least) is a fine product. I just wished it looked as good as a Mac OS.
I respect your opinion solcroft, but I don’t really agree with you.
As I wrote earlier:
I’m very far from being a security expert, but thinking of all new malware that’s being created, I’ll prefer to step into the future with extremely restrictive policies on my system. In other words, “allow no activity except for safe activity”, instead of “allow all activity except for malicious activity”.
For non-skilled users, Comodo makes efforts to minimize the number of HIPS popups. Besides, ThreatCast will be used to help them even more. Today already, the white list is quite large, so there aren’t that many popups to answer. When there is malicious behavior, the popups are red colored and informative.
I do agree on the XP part (:)), today there is no other OS I want more. But that’s actually rather a question of which programs I can get. If there was a CFP 3 available for Linux I would probably switch.
Everyone, if we are going to discuss white/black listing, we are supposed to do it in the HIPS section!We are here already…
If you know an activity is safe, why do you have to go through the unnecessary trouble of telling Comodo’s product that this activity is safe before you’re allowed to do it?
If you don’t know whether an activity is safe or not, then just don’t perform it! Don’t run programs that you don’t trust. I don’t see why you need a Comodo product to help you with that. In the end, you’ll have successfully enforced the policy you had in mind perfectly well all by yourself, without having to tolerate all that noise from Comodo’s product.
Given Linux’s traditional policy of enforcing limited access rights by default, a program like CPF is likely to only introduce extra noise without providing additional security. In fact, Windows can be also configured to only present the user with a limited rights environment - a more no-brainer and quieter anti-malware solution by far.
But like me you are interested in this, which gives us an interesting discussion. You make me think twice why I do what I do, and think the way I do.
When my system is newly installed, of course I know it’s all safe. I don’t need Comodo telling me that. I also don’t need Comodo warning me for newly downloaded applications (in case I want to update 7-Zip, CCleaner or whatever). But what I do need is Comodo warning me for new, unknown stuff:
For example, I use Firefox with NoScript to avoid getting malware from the internet (by just visiting a site running malicious scripts). However, any of those sites I mark as safe, may get hijacked. It has happened already, although not in the moment when I’ve visited those sites. That creates a possibility for malware to sneak out of Firefox and into my system, despite the power of NoScript. This is where CFP comes in; it will warn me whenever Firefox will perform such an action. It’ll work like a second layer for malware coming from internet activities.
You are right about Linux. I should clarify that I did not at all mean that I wish to have CFP’s HIPS in Linux, all I want is a decent firewall with outbound protection. Maybe such a firewall exist, I didn’t look much for it, but I was never satisfied with the built in inbound protection (I’m referring to Ubuntu now) - similar to XP’s firewall. Why do I want outbound protection so badly? Because there are so many small unknown applications available in Linux, so I want to see if any of those compromises with my privacy.
I guess I’m too lazy to find a Linux distro that is non-bloated, small, has a beautiful GUI (I love Mac OS X too, just like you do) and is easy to set up. Ubuntu was very easy to start with, but way to bloated. Now I’m using nLite to get Windows XP exactly how I want it, instead.
I think Comodo crew should develop more its heuristic module, today we have in CFP just one more level of info. I would rather see less of it when execute an *.exe and be sure it is malicious than (many FP) and just have it as an information.
NOD32 is level to be reached 70% with very few FP, I am amazed with that percentage, how is that possible?
Well I not only don’t agree with solcroft, but I also don’t respect his opinion!
(:AGY) “The thing about Comodo is that they seem to have a clown for a CEO and a culture of isolationist self-worship at their forums. I have nothing against them otherwise, since they develop and give away products for free, and that’s no sin. I hate to generalize, since I’m sure there are exceptions, but from what I can see, their fanbase seems to be built purely on inexperienced newbies who allow themselves to be deluded by leaktest results and the opinion that they actually know how to use Comodo’s products to any effective degree, led on by their prancing chieftain that is Melih.” solcroft, Wilders Security Forums, April 1st, 2008
I agree with God here, as I too have been offended by the words of solcroft on Wilders.
Typical of the arrogance of the academic, I thought. A very narrow expertise and totally lacking in commonsense. It is so easy to posture on forums anonymously and attack others who have far greater achievements in life. Wilders seems to be full of a clique whose posts are allowed however offensive they may be and any other opinions are suppressed.
Most forums would discourage the sort of personal and offensive comments solcroft made in that thread, but not Wilders.
I am always amused by the use of the term ‘fanboys’ which I often read over there to describe those of us who enjoy this forum.
They clearly do not recognise freedom of speech when they see it.
Yes, it’s almost impossible to beat the one post hit and runners that have been flooding the forums lately. I’d email them, only a lot of them are using auto expiring freemail accounts.
I’ve seen that post before, and of course it isn’t a nice one. However, in this thread I only meant that I respect solcroft’s opinion here (he/she hasn’t insulted anyone yet, I think).
