Why Threatcast will work [CLOSED]

But what if some advanced users blocked a trusted/ok app according to their own preferences, so an average user decided to block the app too. But that average user is blocking an action of the app that the user needs, while the advanced user doesn’t.


I think there has to be pointed a quality control group, the group has to have knowledge about a wide range of applications and has to have the ability to analyse application behavior… this way, the quality and the quantity can be more guaranteed…

It’s a very interesting and daring experiment in collective intelligence.
I hope it adds usability and value, and expect it to do so.

yes, threathcast is based on the thinking that the intelligence of the mass is more powerful than the intelligence of 1 person… this is a known theory and many people acknowledge this theory… it sounds very logical, still I have my doubts in some cases… (:WIN)

It needn’t be the Philosopher’s Stone, yet

I hope it adds usability and value, and expect it to do so.

PS: It might be the elusive Stone after all. :slight_smile:

I think the formulas the mathematicians are building for ThreatCast will prove useful.


“in silence, without notification. Simply to check: with TC enabled, D+ in “CleanPC M, SM or PM”, when a new app is launched you may get a pop-up, like always. But, NO MATTER what you answer to that, if the app is listed on DB, you will get that rule! And your choice/rule goes away, without any warn. Even if you explicity type some permissions OR denials, you will get what is in TC DB. For an example: if you set to “ask” for all items for Firefox (trainning), next time you go to see the rule you will see that it is ALL allowed!!! Angry
Oh God… The only way to do your own choose is to let TC disabled at all! This is too much agressive! You can’t have TC for what you want only, or for what you don’t recognize (as a “help” to configure CIS).
I think that this is dangerous, for browsers mostly.” Link

One question, is this supposed to happen in TC? Is this the only way to use it or are there different settings with TC (e.g. “give me rating, but don’t change rules”) -or does this depend on the D+ mode you’re running in?


Well… There is a flaw to this threatcast. A team of Psychopaths could easily override the allow vote and making average people confused and blocked without knowing it that it was safe. You can maybe use the Usuability people to vote Allow or Block first before you release this as final, but have a perfect RC final-like version that doesn’t have as much ThreatCast votes or statistics in them.

If I am not getting this, then alert me lol. :smiley:

Nevermind my last post, i was being a bit too unrealistic. LOL.

TC enabled should just give an option, as a “guide” for who doesn’t know what to choose.
Could say: “10 million users allowed this, do you accept allow this?” This is imperative to success.


I will NOT leave COMODO, no matter what. I really TRUST in COMODO.

I really did a serious comment, and I didn’t planned to hurt anyone. Sorry if I was rude, my bad. (just learning english - not my natural language)


I will try to make sense on my point:

  1. D+ is in PM.
  2. I did a rule by hand for svchost. Tested and working for now (re-started 3 times, used FF, sol.exe and some others app that I did before, no new rules created)
  3. Then I want to access paint.exe never acessed before, so no rules for it yet.
  4. I change from PM to Clean Mode to get the rules for paint.exe via TC.
  5. paint.exe is fired now.
  6. TC get the rule for paint.exe.
  7. Get back to Paranoid Mode.
  8. TC changed my pre-defined rules for svchost, not only for the interaction with paint.exe, but allowing everything else in a generic way, without asking or notifying.

TC shouldn’t modify a pre-defined rule without asking or notifying the user in a generic way.

If I wasn’t clear, let me know. I hope I can be helpful. 458 and 459 reacts the same for this.

Changing the word TC with Safelist/Trusted vendors will likely provide a less inaccurate description. :-La

COMODO Internet Security 3.8.61948.459 BETA Q&A’s\Feedback will prove an appropriate place to possibly ask devs about new changes to default CIS behaviors.

Hmm. I allow everything in my malware testing just to see what a sample does. Guess I’d better turn off ThreatCast…

if you are allowing a malware to fully run, then what is your purpose for having CIS?

but of course ill intention is always a threat that we will look out for.


Sorry, but I genuinely don’t understand why you would need to turn off Threatcast to test malware.

Threatcast won’t stop or allow anything, it will only offer an opinion as to what your next action should be and, even then, it will only appear as part of a D+ alert.

If the issue is slowing down the malware activity or blocking it, then D+ should be the issue, not Threatcast,or am I not getting something here?

Ewen :slight_smile:

Well, I think that if everybody’s going to do that, people will just follow the votes and let the malware run ?


Simple: it’s a quick and easy (albeit not always accurate) way of seeing what a sample does.

To prevent others from seeing votes that say to allow malware?

Off with my head and on with a pumpkin. LOL> Sometimes the most obvious is the hardest to see.

Ewen :slight_smile:

First of all Threatcast should be an additional information for CIS users about how others answered to this kind of alert but not the main security considaration. That’s why I think that the Security Considerations tab should be always displayed first and not only if there is no Threatcast rating. ( Or at least add an option to Settings menu which would allow to set which tab should be displayed first when Threatcast is enabled).

Secondly, Theatcast shouldn’t send to database answers of users who didn’t choose ‘Remember my answer’ because most likely they Allowed/Blocked an application only for this session or for testing purposes.

Very funny reaction there, panic. LOL
Been a long time since I bursted out in laughter whilst reading a forum topic.
And all that on one page. Boy oh Boy, life can be great.


Don’t actually know - good question! Hopefully one of the devs will pop up with a clear answer.

Also, and this is something that was already suggested in one other thread, but also asked to me today, will Comodo plan to change the way ThreatCast works, as in, make possible for users to keep their own rules, and not see them getting set back to ThreatCast own rules?

At the moment, Threatcast is like pregnancy - you’re either in the club or you’re not. :wink: I can see cases where it would be advisable to diable Threatcast temporarily (malware testing etc. as suggested by a forum member).

Now, one last question, and I'm just asking what I was asked for, since I didn't know how to answer, since I'm not from that time. I was asked what's the difference between this ThreatCast and the old ThreatCast? What has failed with the first version of it? I first knew about the first ThreatCast with a conversation with Melih, when I asked him if ThreatCast would work or not, and forgot to ask what went wrong with the first. But, since, I got asked and couldn't answer, then I take the chance to ask now.

Nothing actually went wrong, AFAIK. I think that it was a case of the new CIS architecture mandated a change to Threatcast, needing to increase the background infrastructure and other development streams taking priority. The concept is the same.

Ewen :slight_smile: