Comodo Valkyrie Uploader 1.0

[savit]

What is Valkyrie Uploader?

Comodo Valkyrie - http://valkyrie.comodo.com/Default.aspx

To upload a file to Valkyrie, you can visit the main analysis site, click the Browse button to select a file from your hard drive, and then click the Upload File button. You can make this process even easier with the free Valkyrie Uploader utility. After installing it, you can simply right-click maximum 20 files at one time with the size of each file under 20MB and choose "Valkyrie" from the Windows menu. The verdict results will display in your browser as usual.

The first version of the Valkyrie Uploader utility is described in the How do I start? section.

http://valkyrie.comodo.com/Uploader.aspx

Send file(s) to Valkyrie

With Valkyrie Uploader, this task could be easier, just right-click on the file(s) you wish to upload and select the Valkyrie option from the windows menu:

Scan running processes

Some malware samples keep running in the system as ordinary processes, it is what the antivirus industry calls active malware. Valkyrie Uploader includes a feature to help users in identifying active malware. When you click the upload active process button, Valkyrie Uploader will try to find and read the process' image file and send it to Valkyrie.

 

[Jack]

Comodo FVS is a cloud based file analysis system that tests user-submitted files with a range of static and dynamic detectors - including heuristics, file look-up and real-time behavior analysis. By using FVS, our users quickly gain a verdict on the safety of an unknown file and can help accelerate the identification of zero-day malware.

Ok...So I've download a malware sample from MDL (MD5 : b17aaf7eca58d693840bda0e009de5ab) -

VT Results
Comodo FVS Results
And the problem that I see is that for the Static Detection the verdict is : SAFE .. :lolz: http://valkyrie.comodo.com/Result.aspx?sha1=11EB5B89CDF968503B457FA3A81F02F0B431A49B&&query=0&&filename=BestAntivirus2011.exe

In fact the overall result is SAFE
Auto Result:Safe
Final Result:Safe
[attachment=167]

 

[Valentin N]

I suggest people test in VMware or any alike; after it's installed the computer begins to act at it own will and hell knows where that can end.

 

[jamescv7]

Well only in dynamic detection flagged as suspicious++. But as the overall it marked as safe.

 

[Jack]

Ok...so this is a quick test.. I've downloaded and submitted 10 Zero Day malware samples to Virus Total and Comodo File Verification Service, bellow are the results :

[attachment=168]

1. 0723.exe
   Virustoal - Result: 33/ 41 (80.5%)
   Comodo FVS - Final Result:Malware:TrojWare.Win32.TrojanDownloader.Delf.gen
   
2. btnet.exe
   Virustotal - Result: 30 /41 (73.2%)
   Comodo FVS - Final Result: Suspicious+
   
3. nn342_ntodaykorea.exe
   Virustotal - Result: 20 /40 (50.0%)
   Comodo FVS - Final Result:Malware:UnclassifiedMalware
   
4. play.exe
   Virustotal - Result: 23 /41 (56.1%)
   Comodo FVS - Final Result:Malware
   
5. PODAROK.exe
   Virustotal - Result: 21 /41 (51.2%)
   Comodo FVS - Final Result:Suspicious+
   
6. pusk2.exe
   Virustotal - Result: 3/ 42 (7.1%)
   Comodo FVS - Final Result:Safe
   
7. Real_Santander.exe
   Virustotal - Result: 13/ 41 (31.7%)
   Comodo FVS - Final Result:Malware
   
8. smss.exe
   Virustotal - Result: 9 /42 (21.4%)
   Comodo FVS - Final Result:Malware:Application.Win32.ClientIRC.mIRC.~AB
   
   
9. st_7.exe
   Virustotal - Result: 30/ 42 (71.4%)
   Comodo FVS - Final Result:Safe
   
   
10. WizSearch.exe
    Virustotal - Result: 3/ 41 (7.3%)
    Comodo FVS - Final Result:Safe

 

[jamescv7]

Not a bad test it only missed three and marked as safe.

 

[Valentin N]

the only thing that I find sad is that it will only be available online which means that people that have slow internet or dial-up will not benefit from it.

I also asked if it could be integrated and the answer was no; not even a high-end cpu will be able to do those calculations.

Valkyrie's main function is to reduce the generic signature

Regards,
Valentin N

 

[Ink]

Do Comodo have any plan on presenting this program better? :huh:

Looks like something one would download from a warez site.


This reply judges the GUI and not the product's service.

 

[jamescv7]

Hmm..... I didn't expect that the GUI will be like that, probably in future versions may improved the interface.

 

[Jack]

Yeah...the GUI is not very modern..in fact I can ,most likely, draw a better one in Paint (kidding)
The major problem that I see are the "Safe" ratings given to malicous programs......I do hope it;s just because they are still working on this project....

For instance :

st_7.exe
Virustotal - Result: 30/ 42 (71.4%)
Comodo FVS - Final Result:Safe

st_7.exe is detected as malware by the Static Detector (AI_Detector_2 - Malware) but the Final Result is "Safe" .... I can only say - :lolz:

Aslo in my first example COMODO FVS said the file was safe even if the Dynamic Detection said it was : Suspicious++ ...why not rate this submission as : "Suspicious"

As an advice for COMODO they should add a banner to their site which says : BETA .. because their are some improvements that can be made to their ratings ..........
COMODO should release to the general public products that are tested and proffesional , and by doing so they can increase their reputation.


EDIT : I did forgot to say that the installer isn't signed yet ... also I don't like the icon

 

[bogdan]

Conclusion: We still need signature based detection . So far, only a human is capable of distinguishing a rogue from a legit program.