App Review Comodo Internet Security 11 Review | Test vs Malware

[ForgottenSeer 72227]

Maybe sometime in the future AV vendors must consider the possibility to sell their products with high/hardened settings at default, will help them also for marketing reasons having good test results.

Maybe one day they will!

I think the reason(s) as to why they don't do it currently is to prevent support calls and complaints of higher system impact as well as incompatibilities, or the product being considered to aggressive. I agree for marketing purposes it would be awesome for them, but I think they are trying to walk a fine line of good protection/good performance/good system compatibility. I would say that most major products do walk this line fairly well already, but doesn't mean they may change this balance down the road.

Another thing I thought of (with these videos), I really wish that aside from doing a product review, reinforcing safe surfing habits and security 101, is crucial, as its not always security geeks watching these videos, there are tones of people with basic computer skills Googling what's the best AV and stumble across these videos. It doesn't have to be a long winded thing, just a gentle reminder is more than enough.

 

[Deleted member 74454]

1. Samples... These are non verified to prove working/corrupted or even malware. All files renamed, points to a pre-packed sample pack, which are generally older samples with a few fresher mixed in among the corrupted/non working files and non malicious ones. How can one even pretend to determine a detection rate from this.

2. Knowledge of product... This tester has shown time and again to lack knowledge of products. The follower base he has, is mostly novices, then are now corrupted, by greed of business. As I guarantee this tester is not doing this to help his fellow man.

On demand products can and will pick up malicious items in another products quarantine and sandboxes. Not wiping Temp files before 2nd opinion scans is silly, and tools such as Ccleaner or windows built in will wipe those. I could literally sit here and tear this test to shreds, but have spoken enough of this subject.

3. Users such as myself, keep trying to drive this home, it works for about 4 hours, and then someone else will post another one. The users here, are responsible for the misinformation they spread. No one learns from this, it just confuses and sidelines real knowledge from being obtained. Until all work together to stop this, and place learning and sharing on the right track, it will continue as always.

 

[Nestor]

1. Samples... These are non verified to prove working/corrupted or even malware. All files renamed, points to a pre-packed sample pack, which are generally older samples with a few fresher mixed in among the corrupted/non working files and non malicious ones. How can one even pretend to determine a detection rate from this.

2. Knowledge of product... This tester has shown time and again to lack knowledge of products. The follower base he has, is mostly novices, then are now corrupted, by greed of business. As I guarantee this tester is not doing this to help his fellow man.

On demand products can and will pick up malicious items in another products quarantine and sandboxes. Not wiping Temp files before 2nd opinion scans is silly, and tools such as Ccleaner or windows built in will wipe those. I could literally sit here and tear this test to shreds, but have spoken enough of this subject.

3. Users such as myself, keep trying to drive this home, it works for about 4 hours, and then someone else will post another one. The users here, are responsible for the misinformation they spread. No one learns from this, it just confuses and sidelines real knowledge from being obtained. Until all work together to stop this, and place learning and sharing on the right track, it will continue as always.

We can learn from everything to improve ourselves, from good and also from bad tests.That's why we critisize it to conclude to a better result.

 

[ForgottenSeer 72227]

3. Users such as myself, keep trying to drive this home, it works for about 4 hours, and then someone else will post another one. The users here, are responsible for the misinformation they spread. No one learns from this, it just confuses and sidelines real knowledge from being obtained. Until all work together to stop this, and place learning and sharing on the right track, it will continue as always.

I agree with everything you said, especially point 3. Unfortunately some people are unwilling to learn and will continue to spread misinformation on a variety of things. It's hard for people to step back for a minute and realize that maybe it's not exactly like what they thought it was. I am by no means an expert on security, but I try to have an open mind and if I am wrong I will gladly admit it and learn from it.

 

[Deleted member 74454]

We can learn from everything to improve ourselves, from good and also from bad tests.That's why we critisize it to conclude to a better result.

This tester will not conclude to better results from criticism, as he has had plenty over time.

As stated above, the best method, is to not share misinformation, it is a distraction from actual knowledge, one that leads to those that do not read comments or knowing any better, to walk away with a twisted perception of reality and most times with a false sense of security.

To break this down, it's like labeling half the fiction books in a library non fiction and expecting readers to differentiate between what's real and not.

 

[cruelsister]

Hi Guys!- I have to be REALLY careful with this post otherwise I'll be getting a bunch of "Number 1 Fangirl" t-shirts in the mail.

1). The points made above regarding the sandbox flush prior to do a 2nd opinion scan are valid.
2). Would have been nice to see MSCONFIG entries.
3). Would have been nice if the "malware" used in the test was verified. Personally I'm not impressed with numbers- Quality over Quantity is always the best option.
4). Notice Malware(384) and mdscsfud.exe are identical. It seems to be this one:
VirusTotal

Something that was first seen in 2010 and last scanned in 2014 (I guess it is a plus that it at least zero-decade). It seems to have been a Windows Desktop Widget, and sadly I can't find this file anywhere. IF it is indeed a Widget, sandbox at PL may have allowed the drop to Appdata (kind of like something changing the Desktop Wallpaper). I would have loved to see if that guy would have restarted after a reboot.
5). And Finally, Leo sould know that neither HMP nor MB will pick up worms. Some manual analysis would have been nice.

 

[Morphius]

This file is rated as "Trusted" by FLS, so it could be executed outside the sandbox. That seems the most likely scenario.

-> Valkyrie Verdict

 

[cruelsister]

I would have LOVED to have said that, but once again I'm trying to cut down on the t-shirts...

 

[Morphius]

BTW If you create an account at verdict.valkyrie.comodo.com you can download this file.

 

[oldschool]

.... Some manual analysis would have been nice.

Manual ANYTHING would be nice from this huckster. He's the one-man blitzkrieg of tests. "Thanks for watching. And remember, stay secure and stay informed!" I absolutely love this clown!

 

[Thirio]

Leo's tests are fun and all....but I prefer this guy's test a lot more


"Stay uninformed, stay unsecure.":emoji_ok_hand::emoji_clap:

 

[klaken]

updtae file clean is malware .
Veredic valkyria 1 = clean
Veredic valkyria 2 = clean
Veredict signature = clean ????????
Veredict human = malware .
Final veredict = malware .
Valkyrie Verdict
Wtf XP

 

[Morphius]

Primary it was found trusted, then I reanalysed it and it was still trusted. I sent it to human analysis which found it malware (human expert analysis is superior to all other automated analysis of Valkyrie so the final verdict became malware)Now, they have just to remove the safe signature from the cloud.

 

[Deleted member 178]

Once again Umbra is right, Comodo without Hips at paranoid isn't Comodo.

 

[ZeroDay]

So, even though Leo isn't really a knowledgeable tester if we can even call him a tester at all. This file did bypass Comodo's sandbox? I haven't watched the video his voice goes through me lol. Was it Comodo at default settings?

 

[Nestor]

So, even though Leo isn't really a knowledgeable tester if we can even call him a tester at all. This file did bypass Comodo's sandbox? I haven't watched the video his voice goes through me lol. Was it Comodo at default settings?

From what i have understand and according to Morphius the file doesn't even contained because it was persumed clean through Valkyrie analysis.So it wasn't sandboxed.As for the settings, I think Leo makes every test at default settings, that means internet security and not proactive.

 

[ZeroDay]

From what i have understand and according to Morphius the file doesn't even contained because it was presumed clean through Valkyrie analysis.So it wasn't sandboxed.As for the settings, I think Leo makes every test at default settings, that means internet security and not proactive.

I thought that was the case but thank you for clarifying it. I think the best thing anyone who watches Leo's videos can do is listen to what he recommends and do the complete opposite lol. But, with this file being trusted by comodo it would have allowed to run anyway wouldn't it, it's only any other potential files it attempted to download and run that may have been stopped. We all know how strong a correctly configured CIS, CF can be, but Comodo do need to do some work with their cloud and, in my opinion the trusted vendors list being so large is a disaster waiting to happen. But, still, the level of protection Comodo offer for free is amazing.

It still isn't great that Comodo had a file with so many VT defections as trusted.

 

[Nestor]

I thought that was the case but thank you for clarifying it. I think the best thing anyone who watches Leo's videos can do is listen to what he recommends and do the complete opposite lol. But, with this file being trusted by comodo it would have allowed to run anyway wouldn't it, it's only any other potential files it attempted to download and run that may have been stopped. We all know how strong a correctly configured CIS, CF can be, but Comodo do need to do some work with their cloud and, in my opinion the trusted vendors list being so large is a disaster waiting to happen. But, still, the level of protection Comodo offer for free is amazing.

It still isn't great that Comodo had a file with so many VT defections as trusted.

This Valkyrie project is very ambitious and the same time very risky.

 

[Deleted member 74454]

The sandbox was not bypassed, the file was just marked trusted, it's the same thing as white listing a file with any product. The detection on VT clearly points to this not being fresh samples as claimed by tester, so it's dumb luck on his part, and a lesson Comodo needs to learn with their trusted list.

 

[ZeroDay]

This Valkyrie project is very ambitious and the same time very risky.

I agree. I'd have thought it would have been mature now they've been working on it for years. I really hope they improve it and it starts working better for them.