Comodo - New advertisement from Melih

imuade

imuade

Level 12
Thread author
Verified
Top Poster
Well-known
Jul 29, 2018
566
Lockdown or Vaccine.png

This is a new message from Melih, Comodo's CEO, on their forum.
I personally think this message is really astonishing.
That statement goes completely against the concept of containment that Comodo has always advertised...

Learn how to keep your PC clean | Digital Container Solutions

We place good files in our digital container and use it on unknown environment and place bad files in our container and use it on good environment.
containment.comodo.com containment.comodo.com
Default Deny with Auto-sandboxing
The Jail House Method of Containment
Click to expand...

So, containment is like placing a virus into a jail house (so, like the lockdown in the picture) so that it can't harm the PC, while traditional AVs are like killing an already spread virus (you can make a vaccine only after you discover something unknown is a virus)... but now they advertise Comodo like a vaccine...

What do you think about this?
 
  • Like
  • HaHa
Reactions: Behold Eck, fabiobr, Moonhorse and 13 others
I

Ink

Administrator
Verified
Jan 8, 2011
22,490
Comodo's R&D engineers, who have developed an extraordinary application that allows you to run your critical application, such as POS System, safely when the platform has already been compromised.

This is what we call securing a Good file in a Container operation in a Bad environment. But we can also contain a Bad (or unknown) file operating in a Good (clean) environment and keep a device clean!
Click to expand...
 
  • Like
Reactions: show-Zi, Gandalf_The_Grey, Fel Grossi and 5 others
danb

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,720
@cruelsister

Great to see you! I wanted to get your thoughts on a couple of things, purely out of curiosity and also for a potentially interesting discussion on friendly terms (I am not dissing Comodo at all, it is an amazing product).

To me, global whitelists are nothing more than a repository for pre-analyzed files. Our WhitelistCloud is extremely accurate, but it is certainly not perfect, and it would be difficult to imagine any global whitelist with an efficacy of > 99.9% or so. To me, the only item that should be allowed is what is on the tiny, customized whitelist snapshot of the processes that were previously running. I mean, if you want to be super safe.

I was also curious what you thought about anti-sandboxing mechanisms. At some point, the code needs to run for real, or it never needed to run at all.

Just curious… I am certain you have some amazing insights.
 
  • Like
Reactions: ForgottenSeer 89360, Behold Eck, Outpost and 9 others
imuade

imuade

Level 12
Thread author
Verified
Top Poster
Well-known
Jul 29, 2018
566
danb said:
@cruelsister

Great to see you! I wanted to get your thoughts on a couple of things, purely out of curiosity and also for a potentially interesting discussion on friendly terms (I am not dissing Comodo at all, it is an amazing product).

To me, global whitelists are nothing more than a repository for pre-analyzed files. Our WhitelistCloud is extremely accurate, but it is certainly not perfect, and it would be difficult to imagine any global whitelist with an efficacy of > 99.9% or so. To me, the only item that should be allowed is what is on the tiny, customized whitelist snapshot of the processes that were previously running. I mean, if you want to be super safe.

I was also curious what you thought about anti-sandboxing mechanisms. At some point, the code needs to run for real, or it never needed to run at all.

Just curious… I am certain you have some amazing insights.
Click to expand...
Hi Dan,
Thanks for your questions, I'm also looking forward to reading cruelsister's answers, but I'd like to write my notes too, if you don't mind :)

Whitelist
Many Comodo users complained about the length of their whitelist, even because actually there are two whitelists, one local and one on cloud.
Now the user can modify the local whitelist and can choose to either check or not the cloud one.
Having a huge whitelist can lead to false negatives (malware whitelisted by mistake) and that actually happened to Comodo. But a short whitelist will surely lead to many false positives (I experienced a lot of them when I tried VS), so it's not easy to find a balance.

Anti-sandbox
I'm not a fan of the sandbox approach, that's why I prefer to use Comodo containment as an anti-exe and block unknowns instead of virtualizing them

Have a nice day :)
 
  • Like
  • Applause
  • +Reputation
Reactions: Behold Eck, Brahman, Fel Grossi and 10 others
danb

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,720
imuade said:
Hi Dan,
Thanks for your questions, I'm also looking forward to reading cruelsister's answers, but I'd like to write my notes too, if you don't mind :)

Whitelist
Many Comodo users complained about the length of their whitelist, even because actually there are two whitelists, one local and one on cloud.
Now the user can modify the local whitelist and can choose to either check or not the cloud one.
Having a huge whitelist can lead to false negatives (malware whitelisted by mistake) and that actually happened to Comodo. But a short whitelist will surely lead to many false positives (I experienced a lot of them when I tried VS), so it's not easy to find a balance.

Anti-sandbox
I'm not a fan of the sandbox approach, that's why I prefer to use Comodo containment as an anti-exe and block unknowns instead of virtualizing them

Have a nice day :)
Click to expand...
Hi imuade, yeah, that is one of the great things about Comodo... you can configure it pretty much however you want, and I would certainly opt for blocking unknows as well. That is the funny thing about whitelists, they need to be large enough to reduce false positives, and small enough to reduce false negatives ;).
 
  • Like
  • +Reputation
  • HaHa
Reactions: Behold Eck, Brahman, simmerskool and 8 others
Chri.Mi

Chri.Mi

Level 7
Well-known
Apr 30, 2020
337
danb said:
Hi imuade, yeah, that is one of the great things about Comodo... you can configure it pretty much however you want, and I would certainly opt for blocking unknows as well. That is the funny thing about whitelists, they need to be large enough to reduce false positives, and small enough to reduce false negatives ;).
Click to expand...
I am not a programmer or smth like that,
but is not possible to use process and parent process signer for reduce the database size?
 
  • Like
Reactions: Behold Eck, toto_10, Protomartyr and 3 others
show-Zi

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,464
About the comodo message.
The infected person gets rid of the virus by treatment. People who have had contact with infected people or who have a slight tendency to become infected are isolated and monitored.
I interpret it this way.

I like the idea of a whitelist, but I don't think that list is provided by anyone else. I think it is basic that each user makes it by trial and error.
 
  • Like
  • +Reputation
Reactions: ForgottenSeer 89360, toto_10, Protomartyr and 3 others
danb

danb

From VoodooShield
Verified
Top Poster
Developer
Well-known
May 31, 2017
1,720
Chri.Mi said:
I am not a programmer or smth like that,
but is not possible to use process and parent process signer for reduce the database size?
Click to expand...
Yeah, I think a lot of whitelists (and AV's for that matter) rely heavily on signatures, which is for the most part safe, and can be made super safe if there are other checks in place as well.
 
  • Like
Reactions: Brahman, simmerskool, toto_10 and 2 others
AtlBo

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,716
Think Melih is saying that other methods are inferior and leave the customer imprisoned with malware, while Comodo with its HIPS detects everything happening under the surface. In other words, even an infected system could be cured by installing Comodo, because all infection activity would be detected by HIPS.

So I guess Comodo is the vaccine in this scenario and in Melih's presentation. If the software were combined with good network and control monitoring software, I suppose this could be true of Comodo really. As it is it is good on machines on a one by one basis where the operator understands what is happening. Don't think Comodo has great network control software at this point (STILL :)).
 
  • Like
Reactions: simmerskool, Protomartyr and Behold Eck
fabiobr

fabiobr

Level 12
Verified
Top Poster
Well-known
Mar 28, 2019
569
danb said:
Hi imuade, yeah, that is one of the great things about Comodo... you can configure it pretty much however you want, and I would certainly opt for blocking unknows as well. That is the funny thing about whitelists, they need to be large enough to reduce false positives, and small enough to reduce false negatives ;).
Click to expand...
For full protection whitelisting is not enough.

As we saw here at MT and showed by Bitdefender researches, a good behavior blocker is needed to block suspicious behavior that a healthy process might be having.

Ransomware and financial malware are already using trusted Windows process to bypass AVs protections/whitelists.
 
  • Like
Reactions: Protomartyr, Brahman, Nightwalker and 1 other person
koloveli

koloveli

Level 4
Well-known
Sep 13, 2012
191
comodo protect and prevent leak data...
1. detection antivirus, if fail...
2. auto containment prevent data collect (cyber criminous see dark screen and nothing password o user), but;
3. firewall block or ask connections for out...
4. the user can activat e hips and to stay still more safe...
 
klaken

klaken

Level 3
Verified
Well-known
Oct 11, 2014
112
I as someone who knows the immune system.
It seems ridiculous to me, a vaccine cannot be comfortable and in theory the closest thing to a vaccine is the cloud (all AVs have it).

Vaccine: - Enter an infection for the immune system to detect. Nube AV: detects an infected PC so that all PCs receive.

In universal terms it would be like this:
- Vaccine: Cloud (Receive instructions against unknown threats)
-HIP: Skin and others (first line of defense against external elements)
- Signatures: Lymphocytes and antibodies (detect known threats)
-Viruscop (similar): Macrophage. (remove and present threats)
-Sandbox: Intestines (it is not full of bacteria, I don't think there is something like it XD).
 

Similar threads

Shadowra
    • Like
    • +Reputation
    • Applause
  • Locked
App Review COMODO Internet Security 2025 Premium
Replies
117
Views
12,445
Video Reviews - Security and Privacy
Victor M
Victor M
vaccineboy
    • Like
    • Applause
  • Locked
Comodo might come back from the grave
Replies
316
Views
32,253
Comodo
Ink
I
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Comodo Firewall BETA 2024 (Modified Settings)
Replies
12
Views
2,675
Video Reviews - Security and Privacy
Nikola Milanovic
Nikola Milanovic

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top