why the wait for cavs 3 makes sense

Hi all. just a quickie. I read this in paper today and makes interesting reading (http://www.guardian.co.uk/technology/2008/jan/17/computersecurity). Seems to me to provide good argument in moving away from traditional ‘blacklist’ type antivirus in favour of a ‘whitelist’ or ‘hips’ approach such as used by cavs2 and to be furthered by cavs3. I know there are those whom detection rates are the ‘thing’ to look for but they are no protection against unknowns especially if this article is anything to go by and one can only use whatever security program has the most hackers on their books!

                              kitt :Beer


Here is a light hearted article i wrote about this.


But we’ve been waiting sooooo long! The “Soon” promise has been floating for months! I love Comodo products but am tired of explaining to the users that I say grace over why I recommend the firewall / malware products, but send them to another vendor for AV. I’ve seen all the links to why AV isn’t the first line of defense any longer, but most end users aren’t moved by discussions of computing reality.

Yeah, this is free. But at this point Comodo has succeeded in becoming an important piece of the security puzzle. Leaving users hanging who are using an OS that has been out 1-1/2 years at this point is terribly frustrating, free software or not.

despite my frustrations – (L)

Patience is a virtue - unless you’re waiting for a broken elevator.

We have a Production Release Version scheduled for End of June! This means the beta will be before then.


Thank you for the good news :BNC

Yes, we have all been waiting for CAVS3. Kind of like buying a car.

Car 1: is available sooner than promised, but because it was rushed through production some of the nuts and bolts were left off, but the salesman says “we can deal with that later in our garage.”

Car 2. takes a little longer to build, all the parts were put on securely, might still require some tweaking (no car is perfect), will require you drive “ole betsy” just a little longer while waiting.

Both cars cost the same (FREE!).

Umm…I choose Car 2.


Me too I choose Car 2 (:LGH)

Yes I can’t wait…

Comodo is the only brilliant company in the world that is doing whitelisting. If not for them there is no other product in the world that already does whitelisting…

The last time I asked, Melih said something like “next week!”. So I held my breath… now I am completely blue… :-[ … Oh boy, talking about love hurts… (L)

Kaspersky does both blacklisting and whitelisting :slight_smile:

afaik whitelisting is not their first line of defense…? I don’t use their product so i don’t know if they changed that or not?


At least in version 8 they have it. I don’t know if it’s the first line of defense for them though. :slight_smile:

You will see that the industry will follow on our lead and will start making whitelisting the 1st line of defense!


Sorry; must have missed something. Whitelisting has been a colossal failure for email, and has not worked well for web browsing. Just because most users deal with a lot of unknowns and don’t tend to catch up very quickly. I am not a CAVS user, so wonder what Comodo is doing differently for CAVS3. Thanks; Ed.

Facetiousness genuinely becomes you. 88)

Number of baddies out there is outnumbering the number of goodies.
Its much more difficult to find baddies (cos they hide until they start causing damage, in which case its too late), than goodies.
Its much safer only to allow safe apps to run than running everything then figuring out whats bad in there.

As to most users dealing with a lot of uknowns: Not sure I share the “most” aspect of that statement. Not sure how many new executables an average person introduces to their machines on daily basis, however I do suspect to be a low number. And in the case of businesses, they are doing everything to stop the employees from introducing any new executables to their PCs to save support issues.

Also there are additional benefits like: Drive by downloads will be caught red handed with a Whitelisting approach, whereas blacklisting will wait for the signature.


No harm in having blacklisting as well.
No evidence of mal-intent does not equal evidence of no mal-intent.
If something is known to be bad it needs stopping, not ignoring.

of course…
hence why I wrote this article about future of computer security .


1st - Prevention
2nd- Detection
3rd- Cure


Thanks for the info, Melih. I was really wondering what it is that CAVS3 is whitelisting? For AV/AS/Antispam it is usually things like email address consistency, correspondents, web page URLs, … that do vary a lot and are difficult to maintain. Are you whitelisting executables (CRCs?) and using a HIPS approach to prevent white programs from doiing black things or something entirely different? Perhaps a reference where we can go read about the CAVS3 approach? Thanks; Ed.