Comodo CIS Bug fix policy

[Divine_Barakah]

This will run, if you let it. WTF Dn

What do most vendors do in case of a piece of mal ware that was detected by BB? Some vendors such as Kasperskg will generate a detection UDS until a signature is added for it. This is done to help protect users in the fastest manner possible. If signatures are obselete, then why top vendors still partly rely on signatures on 2024?

I know signatures alone are not enough and should be complemented by other modules, but it is the first line of defense and is doing its job.

 

[Trident]

What do most vendors do in case of a piece of mal ware that was detected by BB? Some vendors such as Kasperskg will generate a detection UDS until a signature is added for it. This is done to help protect users in the fastest manner possible. If signatures are obselete, then why top vendors still partly rely on signatures on 2024?

I know signatures alone are not enough and should be complemented by other modules, but it is the first line of defense and is doing its job.

And what about others that have developed threat emulations, which can be on the cloud, or on-premises appliances? This emulation is not for beauty, it is there to block threats before they even hit the machine, which is always the most recommended and most desired scenario. Nobody who knows what they are doing would allow malware to run on the system (same system that is used to shop and do work), for a minute, before taking actions. If someone does that, it will be for cost-cutting purposes, and not because they don’t understand that pre-execution blockage is vital.

 

[Divine_Barakah]

Well, similar experience with Eset HIPS, it is an alert parade. It has been added (or rather hasn’t been removed) to “register presence”, look at us, we’ve got HIPS. But on a production system, it is completely useless. You end up with 2 postures: learning (where everything will generally be allowed, including malware activity) and user-dependant, where the user will be prompted. All these prompts will not add any protection, they will simply add annoyance.

Obviously. Poor threat intelligence, poor ability to take decisions, so what’s the next best thing? Asking the user of course. The other option is to
A) block everything (annoy users, they will uninstall the product)
B) allow everything (which… can be achieved without the product too).

Regarding HIPS, Kasperskg uses that but in a much smarter way, and I believe BD has some sort of HIPS. It is all about the philosophy and implementation.

In the case of BD, it is promoted as a fully automatic solution and it is doing what it was marketed for. I am not promoting BD, but I used it and I am talking about my experience.

Personally, I use my device to study and browser the Internet not to configure and play with my security solution. I need sth that works out of the box providing protection without the hassle of dealing with it.

 

[Chuck57]

But additional pointers in the test, still proved that others are first, blocking a lot more malware very easily, in the pre-execution phase and second, if they allow anything to execute, react quicker. So even this test cannot serve to prove Comodo superiority, it simply proves that on a scope of 350 samples, Comodo offered acceptable protection.

But others had the capability to offer the same protection in a much more efficient manner.

I am talking about the AV-Lab.pl test, many other tests, Comodo has dropped, usually with a lot of drama around this event.

Xcitium uses similar settings to CS Comodo.
Be honest, you say you never had problems with malware, we accept that. But in reality, how many potential incidents were stopped by Comodo, how many times it contained something and this turned out to be malicious. Does the number exceed 5?

It is, this is what I’ve been debating. Allowing malware to run is absurd! Every “specialist” will tell you that, nobody will ever advise you to execute malware, even in local sandboxes. If you show a video where malware is allowed to run sandboxed and then a firewall prompt blocks the connection, 4/5 will be laughing at you, the fifth one will probably go away.

Well this is the choice-supportive bias I explained in a previous post. People get satisfaction from not following the masses, not installing what everyone else installs.

Over the years, how many incidents? I don't know. In those earlier days, I lived at pirate software sites. Still, I recall only 2 or 3 incidents back then and nothing since I wised up and began staying away from those places. So, not very many. I can't say whether what was stopped was malicious. I simply emptied the container and it was gone. Then, I went on to the next thing I thought I needed.

 

[Divine_Barakah]

And what about others that have developed threat emulations, which can be on the cloud, or on-premises appliances? This emulation is not for beauty, it is there to block threats before they even hit the machine, which is always the most recommended and most desired scenario. Nobody who knows what they are doing would allow malware to run on the system (same system that is used to shop and do work), for a minute, before taking actions. If someone does that, it will be for cost-cutting purposes, and not because they don’t understand that pre-execution blockage is vital.

And let us not forget about we filtering which basically does a great job.

I cannot speak for Zonealarm as I never used it before, but I watched many threads about its capabilities and that it did a great job improving when others are stuck in 2014.

 

[Trident]

Over the years, how many incidents? I don't know. In those earlier days, I lived at pirate software sites. Still, I recall only 2 or 3 incidents back then and nothing since I wised up and began staying away from those places. So, not very many. I can't say whether what was stopped was malicious. I simply emptied the container and it was gone. Then, I went on to the next thing I thought I needed.

Well, your safety can be attributed to your knowledge, habits, your inclination to close a website/discard a download that looks malicious. It is not due to Comodo.

I cannot speak for Zonealarm as I never used it before, but I watched many threads about its capabilities and that it did a great job improving when others are stuck in 2014.

It’s not only ZoneAlarm, they may be the only one that provides access to emulation to home users, in a one-click manner. And they may be among the more efficient ones. But cloud emulation is offered by a few business vendors and on-premises, probably all of the top names offer appliances.
Not even 2014, alerts and prompts in home software were relevant circa 2005-2006, after the point of 2007-2008 none of the top names relied on this concept anymore.

And let us not forget about we filtering which basically does a great job.

It allows malware to be blocked before it even hits the machine and/or use any sort of browser or OS feature exploit. This is the most recommended method to block a sample, before it has even been downloaded.

 

[Divine_Barakah]

And in the case of Comodo, some users blindly trust it based on some videos. They blindly recommended it and never be objective about it.

Personally when I choose a security product and pay for it, then I own it not the other way around. I share my experience both the good and bad without forcefully pushing my experience or turn a blind eye on its issues and bugs. I do not need to deal with issues and bugs when I can choose another solution.

I am using Emsisoft and I was annoyed with it generating FPs. I did not blindly defend it as others do with Comodo. I do not see it other than being a fanboy if you do it.

In the same way, other whined for years and discarded many tests in which Web root failed and they demanded the change of scope and methodology of tests to satisfy their fanboyism. The very same is done in Comodo. If you test it on default settings with it nonexistent web protection and very bad antivirus engine, the test will be discarded and disregarded, but when you test Kasperskg and configure it to the optimal shape making use of its very powerful components the test would be unrealistic? This is just absurd.

 

[Behold Eck]

What do most vendors do in case of a piece of mal ware that was detected by BB? Some vendors such as Kasperskg will generate a detection UDS until a signature is added for it. This is done to help protect users in the fastest manner possible. If signatures are obselete, then why top vendors still partly rely on signatures on 2024?

I know signatures alone are not enough and should be complemented by other modules, but it is the first line of defense and is doing its job.

History with sigs

What do most vendors do in case of a piece of mal ware that was detected by BB? Some vendors such as Kasperskg will generate a detection UDS until a signature is added for it. This is done to help protect users in the fastest manner possible. If signatures are obselete, then why top vendors still partly rely on signatures on 2024?

I know signatures alone are not enough and should be complemented by other modules, but it is the first line of defense and is doing its job.

Just block it without worriying.

(next gen) so it is up to you. Just block it dude.

Regards Eck

 

[Divine_Barakah]

History with sigs

Just block it without worriying.

(next gen) so it is up to you. Just block it dude.

Regards Eck

History with signatures? What if we test Comodo with a malware pack that includes months-old samples. How many samples would Comodo detect with signatures? Do you believe that signatures in this case are obsolete? You prefer running malware?


Block what? Comodo?

 

[Trident]

@Divine_Barakah used signatures as an example of pre-execution protection. In reality, most of it is attributed to short if, then, else logics known as heuristics. Heuristic analysis involves emulating portions of the code in a secure environment, unpacking payloads to the core, looking for specific malware traits.

We now have static analysis as well that looks at roughly 3-5k features of various file formats, running these features through decision trees.

In reality, very solid bulk of detections nowadays are still generated by signatures, heuristics (dynamic analysis), reputation, third-party feeds, web-filtering and static analysis.

Vendors then go further, by implementing post-execution protections that look at connections and behaviour. Whilst some of the implementations are dubious, other vendors excel in these areas.

In Comodo, both the pre-execution and post-execution protections are abysmal, you are left just with the alert/prompt.
This is the reason why others don’t by default bother you with these prompts, because they’ve got other cards up their sleeve.

 

[Divine_Barakah]

And one more point. As far as I understand, one needs to run CF with CS settings and complement it with MD or any other 3 party solution and then complent it with a security browser extension? Layered protection? Why would I invest in a setup that is more likely to cause compatibility issues and increase attack surface?

Did you ever hear anybody recommends to complement Kaspersky or Bitdefender with MB? Why? Because those vendors offer a multi-layered effective solutions, but in the case of Comodo you need to compliment it with sth else which will surely cause a performance hit.

 

[Trident]

Did you ever hear anybody recommends to complement Kaspersky or Bitdefender with MB? Why? Because those vendors offer a multi-layered effective solutions, but in the case of Comodo you need to compliment it with sth else which will surely cause a performance hit.

And then Comodo is light, but it’s easy to be light when you are not doing much. But the overall performance hit of Comodo + the other solution does not constitute for “lightness”. And the software is not maintained in a manner that is acceptable in this industry.

 

[Divine_Barakah]

@Divine_Barakah used signatures as an example of pre-execution protection. In reality, most of it is attributed to short if, then, else logics known as heuristics. Heuristic analysis involves emulating portions of the code in a secure environment, unpacking payloads to the core, looking for specific malware traits.

We now have static analysis as well that looks at roughly 3-5k features of various file formats, running these features through decision trees.

In reality, very solid bulk of detections nowadays are still generated by signatures, heuristics (dynamic analysis), reputation, third-party feeds, web-filtering and static analysis.

Vendors then go further, by implementing post-execution protections that look at connections and behaviour. Whilst some of the implementations are dubious, other vendors excel in these areas.

In Comodo, both the pre-execution and post-execution protections are abysmal, you are left just with the alert/prompt.
This is the reason why others don’t by default bother you with these prompts, because they’ve got other cards up their sleeve.

And this is done automatically without any user interaction, right? The security products is taking the heavy-lifting for you which should always be the case.

I am sorry to say this, but Comodo approach is just dumb. Whether it is effective or not is heavily dependant on user, which should never be the case.

 

[Divine_Barakah]

And then Comodo is light, but it’s easy to be light when you are not doing much. But the overall performance hit of Comodo + the other solution does not constitute for “lightness”. And the software is not maintained in a manner that is acceptable in this industry.

And this is defended by saying come on it is free, so you cannot criticise it.


I have always criticised how bulky and heavy McAfee is with its 10s of processes. Look what they managed to do. They developed and tuned the product. Other vendors do the same and they keep innovating and tuning their products and focus on performance. Comodo is stuck and it still exists bc some fanboys would die if it disappears.

 

[Trident]

And this is done automatically without any user interaction, right? The security products is taking the heavy-lifting for you which should always be the case.

I am sorry to say this, but Comodo approach is just dumb. Whether it is effective or not is heavily dependant on user, which should never be the case.

The need for something or someone to do the heavy lifting is the driving force of many businesses. Billions of dollars every year are generated through various services and goods, including software, because automated solutions are desired.

I have always criticised how bulky and heavy McAfee is with its 10s of processes. Look what they managed to do.

They literally rewrote the software from scratch. It took them 4 years.

 

[Behold Eck]

History with signatures? What if we test Comodo with a malware pack that includes months-old samples. How many samples would Comodo detect with signatures? Do you believe that signatures in this case are obsolete? You prefer running malware?


Block what? Comodo?

When did I recommend running malware ?

Comodo will defend you.

Regards Eck

 

[Divine_Barakah]

When did I recomend running malware ?
]
Comodo will defend you

Regards Eck

If sth is not detected by signatures, how would Comodo react? Oc u have to execute it for the Almighty dragon to protect u.

 

[Trident]

Compared to Bitdefender, Kaspersky, ZoneAlarm, Norton, and every other antivirus that has failed to stop thousands of malware in independent, credible, reliable AV lab tests.

Your posts came all at once and it is a hell to even follow up, so some will probably remain unread, this is due to moderation and not my fault, I will read and reply to whatever I can.

Norton is highly recommended and does a better job, on the Neil Rubenking tests, it has never missed thousands of malware samples on any test, in fact, Norton is consistently demonstrated to be top performer.

The Norton technology is governed by over 2500 patents which serve as a statement of Norton (and Symantec) R&D effort.

If you wanna argue, show me a test where Norton did not get excellent scores. Comodo will not reach the Norton technological excellence even if everyone from Gen Digital goes on a 5-year holiday and Comodo decides to finally invest. Comparing Norton (and others that you mentioned there) with Comodo is hilarious at most.

Now your other comment, that you did not say it was “unbeatable” from one of your accounts (they are just so many), I believe it was Kaylin or something like that, you claimed that “cruelister consistently demonstrated that Comodo performs better than others”.
Then from the test you brought up, this doesn’t seem to be the case.

All other posts, I am trying to read now.

 

[Trident]

I never said that. What I specifically said was that "Comodo has been proven to outperform others." In English, that cannot be interpreted as saying "others are prone to failure."

Your exact words were

Nobody has ever supplied an in-the-wild malware that bypasses Comodo's containment whereas thousands of malware have bypassed Avast, Bitdefender, Kaspersky, Norton, etc.

Cruelsister’s exact words were “if only others weren’t so oblivious to malware”.

 

[Behold Eck]

And this is defended by saying come on it is free, so you cannot criticise it.


I have always criticised how bulky and heavy McAfee is with its 10s of processes. Look what they managed to do. They developed and tuned the product. Other vendors do the same and they keep innovating and tuning their products and focus on performance. Comodo is stuck and it still exists bc some fanboys would die if it disappears.

But it won`t die and that is why you`re irked, it won`t die, It`s alive and well working well on win 10,11 so put up or shut up!

I challenege anyone to make such a video, CS settings of course. just to show

Regards Eck