- Apr 13, 2013
- 3,152
In response to a question asked elsewhere concerning the native data theft protection of CCAV.
Comodo Cloud AV vs a Keylogger
- Thread starter cruelsister
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
- Oct 2, 2014
- 805
- Jul 14, 2015
- 743
- Apr 13, 2013
- 3,152
With Comodo it's really all about virtualization. The AV is middle-tier at best.
But the one important thing to remember is that NO AV will catch a true zero-day malicious file.
But the one important thing to remember is that NO AV will catch a true zero-day malicious file.
- Feb 14, 2013
- 113
That user on Comodo forum is me & just now read Melih's reply. And was thinking "ViruScope" for data theft prevention? Dont know how effective is ViruScope & would be good to see some tests. And as I further scrolled down saw the test links & mention of you by Melih.
Just watched the test here. I am little confused. Was it sandbox that protected from keylogger or ViruScope? Coz there was no ViruScope alert.
What you say cruelsister?
Hope to see few more tests.
Just watched the test here. I am little confused. Was it sandbox that protected from keylogger or ViruScope? Coz there was no ViruScope alert.
What you say cruelsister?
Hope to see few more tests.
- Apr 13, 2013
- 3,152
YN- This particular keylogger won't be detected by the AV, and even if it was it could be easily re-coded to make it FUD once again. Personally I don't even consider the AV detection on this or any other product to be of importance. True Zero-day malware (like my Chaos Scriptor) will go through any AV like a knife through butter.
There were changes made to the sandbox in CCAV (new for Comodo) that caused this logger to fail- nothing at all to do with the AV.
But that being said, CF (with my settings) is still by far the stronger product.
There were changes made to the sandbox in CCAV (new for Comodo) that caused this logger to fail- nothing at all to do with the AV.
But that being said, CF (with my settings) is still by far the stronger product.
I didn't mention antivirus. I mention ViruScope. I requested for data protection in CCAV & Melih mentioned it will. I asked anything new coming in CCAV for data protection & Melih mentioned ViruScope will alarm you.
And it seems as per you sandbox protected from keylogger & not ViruScope. Is sandbox full virtual in CCAV? Whats the new change in CCAV sandbox that protected from keylogger?
Anti-keylog feature in Comodo products will defeat some keylogging and not others. It is dependent upon the keylog soft.
This is same problem with Zemana, SpyShelter, HitmanPro.Alert and other anti-keylogging softs. They are not universal.
Keystroke encryption is a much more universal anti-keylog technique. The only problem is that the keylogger can remain on system for a long time if it goes undetected. Therefore, if you uninstall keystroke encryption soft - and are unaware there is keylogger on your system - you can potentially lose data.
If one is paranoid about keystroke capture, then KeyScrambler Pro has been well-tested and performs the best overall. However, here too, it will not protect against 100 % of all keylog softs.
This is same problem with Zemana, SpyShelter, HitmanPro.Alert and other anti-keylogging softs. They are not universal.
Keystroke encryption is a much more universal anti-keylog technique. The only problem is that the keylogger can remain on system for a long time if it goes undetected. Therefore, if you uninstall keystroke encryption soft - and are unaware there is keylogger on your system - you can potentially lose data.
If one is paranoid about keystroke capture, then KeyScrambler Pro has been well-tested and performs the best overall. However, here too, it will not protect against 100 % of all keylog softs.
Dear Sister:
Where would we find those settings. Can A gamer use CIS with your settings? Is it heavy on system? Thanks.
Sister:
Concerning CIS and your settings. If there is any other security software that you think is better, I am open to suggestions If you have any Please share them.
Thanks again.
Where would we find those settings. Can A gamer use CIS with your settings? Is it heavy on system? Thanks.
Sister:
Concerning CIS and your settings. If there is any other security software that you think is better, I am open to suggestions If you have any Please share them.
Thanks again.
Last edited by a moderator:
- May 26, 2014
- 1,339
@Rod McCarthy
Comodo has a gaming mode that disables alerts. However, if you keep Comodo Cloud lookup enabled, the possibility remains that Comodo will auto-sandbox an Unrecognized game file. For optimum compatibility it is best to enable HIPS Training Mode, install game and then continue to use it for a while (at least a week) before switching HIPS back to Safe Mode. Also, every time you play a game use Game Mode.
Gaming is one of those activities that can be problematic with security softs. And there is no way to know beforehand if a security soft will give you troubles. Finally, there is no general rule that can be applied to all games and all security softs in order to avoid problems. The short of it is that you will have to try Comodo on your specific system to see how it works.
The impact Comodo has on system varies from system to system. However, at the desktop, it is quite light on resources and cannot be noticed except during a Full System Scan running in the background. Honestly, this Full System Scan impact is no different than most other AVs so it should not be viewed as a negative.
As far as protection, Comodo offers a very good base-line protection - especially at protecting the physical system from persistent infection. On the other hand, Comodo's web protections are not 1st rate. The argument being that with the way Comodo works, it is not needed - nor is a 1st rate anti-virus signature detection needed.
As far as web protection not being needed, I disagree with regards to phishing; Comodo will not protect you from phishing. If you are reasonably safe web surfer, then it is likely you will never see any benefit to stronger web protections. In that case, Comodo will work fine.
@cruelsister has a video on settings. It is one of the best settings - once you have set up rules for any safe, but Unrecognized files. To start, I would recommend Safe Mode. I will even go further and recommend clean install OS, then immediately install Comodo and enable Training Mode. Install drivers and desired softs. Run Training Mode for at least a week, then tighten security by adopting @cruelsister's settings with or without HIPS enabled. IF you use Training Mode, CIS will auto-learn file activity and create allow rules for you. Once you switch to Clean PC or Safe Mode, you will rarely get a HIPS alert.
The problem with Comodo HIPS is its alerts. They are poorly designed - with poor documentation - and lead many novice users to make mistakes. Until you learn how HIPS alerts work, it is strongly recommended that you do NOT use any of the "Treat As..." options.
It is important to learn how to operate Comodo and get experience on how it behaves. You can do that only by using it over an extended period of time.
This only covers a fraction of what a user needs to know about Comodo. Unfortunately, you simply cannot install it, adjust a few settings and then forget about it if you actively use many softs and\or are constantly installing\uninstalling softs.
Comodo has a gaming mode that disables alerts. However, if you keep Comodo Cloud lookup enabled, the possibility remains that Comodo will auto-sandbox an Unrecognized game file. For optimum compatibility it is best to enable HIPS Training Mode, install game and then continue to use it for a while (at least a week) before switching HIPS back to Safe Mode. Also, every time you play a game use Game Mode.
Gaming is one of those activities that can be problematic with security softs. And there is no way to know beforehand if a security soft will give you troubles. Finally, there is no general rule that can be applied to all games and all security softs in order to avoid problems. The short of it is that you will have to try Comodo on your specific system to see how it works.
The impact Comodo has on system varies from system to system. However, at the desktop, it is quite light on resources and cannot be noticed except during a Full System Scan running in the background. Honestly, this Full System Scan impact is no different than most other AVs so it should not be viewed as a negative.
As far as protection, Comodo offers a very good base-line protection - especially at protecting the physical system from persistent infection. On the other hand, Comodo's web protections are not 1st rate. The argument being that with the way Comodo works, it is not needed - nor is a 1st rate anti-virus signature detection needed.
As far as web protection not being needed, I disagree with regards to phishing; Comodo will not protect you from phishing. If you are reasonably safe web surfer, then it is likely you will never see any benefit to stronger web protections. In that case, Comodo will work fine.
@cruelsister has a video on settings. It is one of the best settings - once you have set up rules for any safe, but Unrecognized files. To start, I would recommend Safe Mode. I will even go further and recommend clean install OS, then immediately install Comodo and enable Training Mode. Install drivers and desired softs. Run Training Mode for at least a week, then tighten security by adopting @cruelsister's settings with or without HIPS enabled. IF you use Training Mode, CIS will auto-learn file activity and create allow rules for you. Once you switch to Clean PC or Safe Mode, you will rarely get a HIPS alert.
The problem with Comodo HIPS is its alerts. They are poorly designed - with poor documentation - and lead many novice users to make mistakes. Until you learn how HIPS alerts work, it is strongly recommended that you do NOT use any of the "Treat As..." options.
It is important to learn how to operate Comodo and get experience on how it behaves. You can do that only by using it over an extended period of time.
This only covers a fraction of what a user needs to know about Comodo. Unfortunately, you simply cannot install it, adjust a few settings and then forget about it if you actively use many softs and\or are constantly installing\uninstalling softs.
Last edited by a moderator:
Sister
Thanks for the reply...
IF I wanted a minimum fuss Security Software, what would you recommend.
If I were to summarize all your videos.... When it comes to a total protection package, against scripts, worms, zero day, and malware... IT JUST DOESN'T EXIST...
So basically (My words not yours)... We are getting ripped off, and security software unfortunately is NOT being made to deal with the real threats... They know about it from your watching your videos, but no one is moving to make a complete solution...
OR did I miss the boat?
Thanks for the reply...
IF I wanted a minimum fuss Security Software, what would you recommend.
If I were to summarize all your videos.... When it comes to a total protection package, against scripts, worms, zero day, and malware... IT JUST DOESN'T EXIST...
So basically (My words not yours)... We are getting ripped off, and security software unfortunately is NOT being made to deal with the real threats... They know about it from your watching your videos, but no one is moving to make a complete solution...
OR did I miss the boat?
- Apr 13, 2013
- 3,152
Hi Rod! No, you didn't miss the boat at all. Actually we seem to be on the same boat (in First Class, of course).
The basic issue with the traditional AV approach is twofold:
1). An AV will not stop malware for which there is no definition (zero-day), and
2). Most absolutely suck at detecting scriptors (they are so paranoid in getting a FP for a good script they let the malicious ones get right through).
Neither one of the above shortcomings is exactly secret. In a paper presented by Google this July at SOUPS (Symposium on Usable Privacy and Security) the results of a survey of Security Pros vs the general public was discussed. Among other things it was noted that:
"42% of non-experts vs. only 7% of experts said that running antivirus software was one of the top three three things they do to stay safe online. Experts acknowledged the benefits of antivirus software, but expressed concern that it might give users a false sense of security since it’s not a bulletproof solution."
And a typical user shouldn't be blamed for having a false sense of security. A few videos ago I started with the main MB page where we were assured that the product would protect us from Worms- that really wasn't the case at all, was it? And in most product testing thingies it seems the goal is to crown a Champion, thus a bulk of the malware used is of the garden variety riff-raffy files that allow certain products to rise to the top. Personally (being Cold-Hearted and Mean) I would rather dwell on the nastier stuff.
But to answer your question- there are security applications like Anti-exe's and Sandboxie that are oblivious to the age of the malware, and in sure hands will provide excellent protection. My concern here is that user input (do you trust this file?) is needed. One bad decision will end in tears (my next video will be a More Fun with CryptoWall 4 and the concern will be noted somehow).
Finally we come to Comodo- please strike CIS from your memory and think instead of CF (Comodo Firewall); CIS just adds a local AV and I guess I don't have to tell you how useful I think that is. CF is light as a feather at my settings and provides wonderful protection. God knows I've been trying to breach it long enough.
(and thanks for your post- you made my day!)
The basic issue with the traditional AV approach is twofold:
1). An AV will not stop malware for which there is no definition (zero-day), and
2). Most absolutely suck at detecting scriptors (they are so paranoid in getting a FP for a good script they let the malicious ones get right through).
Neither one of the above shortcomings is exactly secret. In a paper presented by Google this July at SOUPS (Symposium on Usable Privacy and Security) the results of a survey of Security Pros vs the general public was discussed. Among other things it was noted that:
"42% of non-experts vs. only 7% of experts said that running antivirus software was one of the top three three things they do to stay safe online. Experts acknowledged the benefits of antivirus software, but expressed concern that it might give users a false sense of security since it’s not a bulletproof solution."
And a typical user shouldn't be blamed for having a false sense of security. A few videos ago I started with the main MB page where we were assured that the product would protect us from Worms- that really wasn't the case at all, was it? And in most product testing thingies it seems the goal is to crown a Champion, thus a bulk of the malware used is of the garden variety riff-raffy files that allow certain products to rise to the top. Personally (being Cold-Hearted and Mean) I would rather dwell on the nastier stuff.
But to answer your question- there are security applications like Anti-exe's and Sandboxie that are oblivious to the age of the malware, and in sure hands will provide excellent protection. My concern here is that user input (do you trust this file?) is needed. One bad decision will end in tears (my next video will be a More Fun with CryptoWall 4 and the concern will be noted somehow).
Finally we come to Comodo- please strike CIS from your memory and think instead of CF (Comodo Firewall); CIS just adds a local AV and I guess I don't have to tell you how useful I think that is. CF is light as a feather at my settings and provides wonderful protection. God knows I've been trying to breach it long enough.
(and thanks for your post- you made my day!)
Well I'm glad I made your day... Now I hope that you don't misunderstand me, I want to make a few personal comments.
We do not know each other. I am a married man, with children, and I am old enough to have grandchildren. I come from a time that didn't really pay attention to the PC commonality we find today.
When I grew up in the 70's men were men, women were women, and gays were rarely tolerated. We liked fast cars, loud music, and pretty girls.
We were not confused about who were were or how we felt. (I am getting somewhere)... We had 3 groups of people, nerdy smart guys, hot chicks, and jocks...Yes nerdy smart girls too. (I never paid the smart girls much attention) being a jock I focused on lifting ETC.
Later in life I grew attracted to PC's thru my children. At first I was afraid to touch our PC. My kids used it... I have learned a little about PC's mostly concerning building my own, maintenance, and installing.
But I find you truly fascinating, I could never understand what you seem to know so well. It's kinda sexy... In an intellectual way, or maybe it is just my age?
ANYWAY... I think you should write a book about your life, make it an ebook and sell it for a small fee. I would love to read it, and thanks for the help, even though it appears there is no security help on the horizon.
We do not know each other. I am a married man, with children, and I am old enough to have grandchildren. I come from a time that didn't really pay attention to the PC commonality we find today.
When I grew up in the 70's men were men, women were women, and gays were rarely tolerated. We liked fast cars, loud music, and pretty girls.
We were not confused about who were were or how we felt. (I am getting somewhere)... We had 3 groups of people, nerdy smart guys, hot chicks, and jocks...Yes nerdy smart girls too. (I never paid the smart girls much attention) being a jock I focused on lifting ETC.
Later in life I grew attracted to PC's thru my children. At first I was afraid to touch our PC. My kids used it... I have learned a little about PC's mostly concerning building my own, maintenance, and installing.
But I find you truly fascinating, I could never understand what you seem to know so well. It's kinda sexy... In an intellectual way, or maybe it is just my age?
ANYWAY... I think you should write a book about your life, make it an ebook and sell it for a small fee. I would love to read it, and thanks for the help, even though it appears there is no security help on the horizon.
