Hi all. just a quickie. I read this in paper today and makes interesting reading (Security breakdown | Cybercrime | The Guardian). Seems to me to provide good argument in moving away from traditional ‘blacklist’ type antivirus in favour of a ‘whitelist’ or ‘hips’ approach such as used by cavs2 and to be furthered by cavs3. I know there are those whom detection rates are the ‘thing’ to look for but they are no protection against unknowns especially if this article is anything to go by and one can only use whatever security program has the most hackers on their books!
But we’ve been waiting sooooo long! The “Soon” promise has been floating for months! I love Comodo products but am tired of explaining to the users that I say grace over why I recommend the firewall / malware products, but send them to another vendor for AV. I’ve seen all the links to why AV isn’t the first line of defense any longer, but most end users aren’t moved by discussions of computing reality.
Yeah, this is free. But at this point Comodo has succeeded in becoming an important piece of the security puzzle. Leaving users hanging who are using an OS that has been out 1-1/2 years at this point is terribly frustrating, free software or not.
despite my frustrations – (L)
BNAMack
Patience is a virtue - unless you’re waiting for a broken elevator.
Yes, we have all been waiting for CAVS3. Kind of like buying a car.
Car 1: is available sooner than promised, but because it was rushed through production some of the nuts and bolts were left off, but the salesman says “we can deal with that later in our garage.”
Car 2. takes a little longer to build, all the parts were put on securely, might still require some tweaking (no car is perfect), will require you drive “ole betsy” just a little longer while waiting.
Comodo is the only brilliant company in the world that is doing whitelisting. If not for them there is no other product in the world that already does whitelisting…
The last time I asked, Melih said something like “next week!”. So I held my breath… now I am completely blue… :-[ … Oh boy, talking about love hurts… (L)
Sorry; must have missed something. Whitelisting has been a colossal failure for email, and has not worked well for web browsing. Just because most users deal with a lot of unknowns and don’t tend to catch up very quickly. I am not a CAVS user, so wonder what Comodo is doing differently for CAVS3. Thanks; Ed.
Number of baddies out there is outnumbering the number of goodies.
Its much more difficult to find baddies (cos they hide until they start causing damage, in which case its too late), than goodies.
Its much safer only to allow safe apps to run than running everything then figuring out whats bad in there.
As to most users dealing with a lot of uknowns: Not sure I share the “most” aspect of that statement. Not sure how many new executables an average person introduces to their machines on daily basis, however I do suspect to be a low number. And in the case of businesses, they are doing everything to stop the employees from introducing any new executables to their PCs to save support issues.
Also there are additional benefits like: Drive by downloads will be caught red handed with a Whitelisting approach, whereas blacklisting will wait for the signature.
No harm in having blacklisting as well.
No evidence of mal-intent does not equal evidence of no mal-intent.
If something is known to be bad it needs stopping, not ignoring.
Thanks for the info, Melih. I was really wondering what it is that CAVS3 is whitelisting? For AV/AS/Antispam it is usually things like email address consistency, correspondents, web page URLs, … that do vary a lot and are difficult to maintain. Are you whitelisting executables (CRCs?) and using a HIPS approach to prevent white programs from doiing black things or something entirely different? Perhaps a reference where we can go read about the CAVS3 approach? Thanks; Ed.
