Why Comodo programmer's not develop heuristic for phishing sites ?


Bitdefender have these heuristics.

Why CIS do not ?


Hi Henrique,

Could you please let me know the details ? I would like to understand this heuristics analysis you mean relates to checking content of website or malicious activity. We will definetly consider this as we already doing a malicous URL filtering and would like to improve and built antiphising protection as well.

Could you please kindly fill in a wish report for me to process ?

Thank you

Use Bitdefender Free and notice how it can detect zero-day phishing sites from the PhishTank.com.

Bitdefender analysts found something in common between phishing sites and thus created heuristics to detect them.

My english is bad for wishlist ( do you ).


Are you sure they don’t use PhishTank database?

I sure !

I find Comodo not good at detection software. Comodo AV, WebShield, etc… are average at best. WebShield is poor.

Comodo is good at rule, policy, etc… based software.

Comodo never believed in an AV & their AV is average yet. They never wanted to add WebShield but added & it is poor yet. Comodo DNS is poor at malicious/phishing protection.

I do hope they come up with good detection software.

Tell that to the Melih and convince him

We value protection more than detection…

If you have to choose between prevention malware vs detecting it once its in your computer…which one would you choose?
Yep…thats why we focus on prevention…
With our Containment technology the malware is always contained.

So why participate in the AV-Test ?

you are right, we shouldnt really....but then users complain as to why we dont take part in av tests :slight_smile:

we can`t win :slight_smile:

the issue is, there are few users who don`t understand how CIS work and think detection is important…

Not saying this to criticize, containment technology is great however it requires more beta testing. Take a look at Kaspersky for example, they beta test their products six or seven months in advance before releasing. IMO what CIS needs is more extensive beta testing.

this containment technology has been used by over 85 Million people last 5 years day in day out…
enough beta testing? :slight_smile:

production machines should never be considered beta testing.

This is awesome and again not trying to criticize, but recently there are some problems in this containment technology. To name a few, buffer overflow protection not working, Firewall not filtering raw packets, Heuristic Cmdline Analysis not working if cmdline contain multiple commands… A more extensive beta testing cycle would avoid those issues IMO.

good to know

its not about cycles of beta but how wide the beta test is…

if you only have one person beta testing, then it doesn`t matter how many times you run the same thing on the same machine you will have the same answer.

We run beta tests and a number of people attend beta tests…we get feedback…we address what we think is critical and important and we launch…
after we launch, because it then goes to wider audience with differing configurations, we see more bugs…just like any other software…

So the point is not the beta cycle but the beta reach…

Are you saying that the bugs devilbat66 mentioned aren’t considered important by Comodo?

That is true, software will always have bugs, because its made by human hands, so it can’t be perfect. I believe that Comodo is making the right choice by focusing on prevention. However IMO Comodo should give a bit more attention to the Buffer Overflow prevention component of CIS alongside the Heuristic Commandline analysis module, since that those two modules are almost hidden in the CIS suite {by hidden I mean how they are located deeply inside settings} and tend to be forgotten. Not saying that you guys don’t test them, because I don’t know what happened in those two situations and hence why I can’t judge.

its all about protecting the user.
If that bug proves to cause insecurity then we will address it.
Can you infect the computer using this bug, if you can`t, then its not critical.

You have to admit, Melih, that Containerization is not going to protect users from phishing websites etc. :frowning: Comodo webfilter is very poor and will not block them as well. I remember you’ve told about some logo recognition technology, is it still developed?