Did comodo increase their Detection rates ?

Slerion

Level 5
Thread author
Verified
Well-known
Feb 24, 2016
238
So after my own small detection test ( some months ago i posted it here ) and i found some other new ones of small youtubers.

and it looks like comodo AV or Cloud AV allways lands in the top 3 or 4. ( most times including eset , bitdefender and more ) atleast in detection.

did other community member test comodo av and or cloud av of comodo recently ?
 

S3cur1ty 3nthu5145t

Level 6
Verified
May 22, 2017
251
So after my own small detection test ( some months ago i posted it here ) and i found some other new ones of small youtubers.

and it looks like comodo AV or Cloud AV allways lands in the top 3 or 4. ( most times including eset , bitdefender and more ) atleast in detection.

did other community member test comodo av and or cloud av of comodo recently ?
Most YouTuber's are using Virussign to get their samples from, these are not fresh , vetted samples, and can make any product look good.

I tested CCAV a couple nights ago with 12 fresh samples, CCAV only detected 1of them, although the auto-sandbox kicked in and scooped up the rest as normal.
 

Slerion

Level 5
Thread author
Verified
Well-known
Feb 24, 2016
238
i saw multiple ones use samples of Malwr and "das malwerk" they are fresh . my own test was 50% fresh ( less than 1 day ) and 50% old 6day -6 months

comodo was if iam not wrong 2 ? 3 rd ? place on my test same for other youtubers that use fresh sources
thats some nice info you have in your post
 

Thirio

Level 3
Verified
Well-known
Mar 3, 2017
126
Yq6imdZ.png

Comodo's detection appears to be improving according to the latest av-test report
AV-TEST – The Independent IT-Security Institute

Comodo's protection score moved up to 5.5/6 and it was consistently near the bottom of these tests in most recent months with scores of 3/6

Looks like its improving day by day thanks to Valkyrie. How much it is improving is hard to tell. If you look at the Valkyrie homepage you can check the hash files of some freshly uploaded malware and can see Comodo being one of the few to detect some new malware which is great to see. Advanced File Analysis System | Valkyrie
 

S3cur1ty 3nthu5145t

Level 6
Verified
May 22, 2017
251
Yq6imdZ.png

Comodo's detection appears to be improving according to the latest av-test report
AV-TEST – The Independent IT-Security Institute

Comodo's protection score moved up to 5.5/6 and it was consistently near the bottom of these tests in most recent months with scores of 3/6

Looks like its improving day by day thanks to Valkyrie. How much it is improving is hard to tell. If you look at the Valkyrie homepage you can check the hash files of some freshly uploaded malware and can see Comodo being one of the few to detect some new malware which is great to see. Advanced File Analysis System | Valkyrie
Please read their test methodology, how and when they collect samples/URL's, and their copy right/disclaimer before referencing from these sites.
 

Thirio

Level 3
Verified
Well-known
Mar 3, 2017
126
Please read their test methodology, how and when they collect samples/URL's, and their copy right/disclaimer before referencing from these sites.
Thanks for the tip. But last I checked their methodology applies to all the tested products, not just to Comodo. And seeing how av-test is one of the the few labs to actively test Comodo, I think my reference was fair and straight to the point. Jumping up from ~95% detection to 99.8% is an improvement whichever way you want to look at it.
 

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,814
Thanks for the tip. But last I checked their methodology applies to all the tested products, not just to Comodo. And seeing how av-test is one of the the few labs to actively test Comodo, I think my reference was fair and straight to the point. Jumping up from ~95% detection to 99.8% is an improvement whichever way you want to look at it.
If it's a consistent improvement that carries over month after month then sure, but it speaks volumes that Comodo usually does incredibly poorly in the prevalence test (although usually aces the 0-day test) and has consistently done poorly since it was first tested 6½ years ago.
 

S3cur1ty 3nthu5145t

Level 6
Verified
May 22, 2017
251
Thanks for the tip. But last I checked their methodology applies to all the tested products, not just to Comodo. And seeing how av-test is one of the the few labs to actively test Comodo, I think my reference was fair and straight to the point. Jumping up from ~95% detection to 99.8% is an improvement whichever way you want to look at it.
There is no way that any AV will be hitting that high of detection rates with Fresh "within 24 hour old" samples or zero days. So this testing methodology is misleading because of the sample usage. There are two main testing sites everyone pulls this misinformation from, care to read an outlined example from one of them?

AV-Comparatives May 2017 test. Windows Defender did great!
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
You can see a result of CIS here (of course take these with a grain of salt). The samples tested may not have been fresh (and not all of them were malicious, some were apparently PUPs) but you can compare detections with other AVs in there just for the sake of comparison.
As @S3cur1ty 3nthu5145t said, one needs to refer the methods and measures that were included as ways of detection by the AV Tests before concluding on CAV's performance.
I used to scan many malware packs from MH with CIS (back when I tried it) and it usually has 40-60% static detection.
One point I need to mention is that the "Heuristic scan" is set to "OFF" in the antivirus module of CAV/CIS by default, and I've always used "Medium/High" heuristics for tests (the latter two settings had similar detection ratios). CAV with Heuristics=OFF is pathetic in detections. Most of the static detections have generic/heuristic names.
 

Thirio

Level 3
Verified
Well-known
Mar 3, 2017
126
If it's a consistent improvement that carries over month after month then sure, but it speaks volumes that Comodo usually does incredibly poorly in the prevalence test (although usually aces the 0-day test) and has consistently done poorly since it was first tested 6½ years ago.
I wouldn't say it did poorly all the way, it had some good months between 2013-2014 with versions 6 & 7. The only test that matters really is the 0-day test and its doing fine already. I guess we'll have to wait and see but so far it looks like version 10 has made some improvements. I have high hopes they will improve detection rate as it has been one of their main complaints through user feedback. They have also mentioned focusing on improving the malicious URL blocking lately on the forums.
 

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
You can see a result of CIS here (of course take these with a grain of salt). The samples tested may not have been fresh (and not all of them were malicious, some were apparently PUPs) but you can compare detections with other AVs in there just for the sake of comparison.
As @S3cur1ty 3nthu5145t said, one needs to refer the methods and measures that were included as ways of detection by the AV Tests before concluding on CAV's performance.
I used to scan many malware packs from MH with CIS (back when I tried it) and it usually has 40-60% static detection.
One point I need to mention is that the "Heuristic scan" is set to "OFF" in the antivirus module of CAV/CIS by default, and I've always used "Medium/High" heuristics for tests (the latter two settings had similar detection ratios). CAV with Heuristics=OFF is pathetic in detections. Most of the static detections have generic/heuristic names.
I agree. I've been testing Comodo's Static detection just to see or myself using samples from you guys in the hub and it's static detection is shocking.
 

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
Maybe Comodo (via improved sigs/detection) is making a push to be taken more seriously with the endpoint/network solutions? Guess time will tell if there is a trend developing. I feel it's critical with endpoint security for an auto-contain program to be paired with great signatures/file recognition. Accurate CloudLookup (whitelisting) is also extremely important with CFW/CIS.

I'd be basically thrilled to see Comodo generating higher income and credibility on business networks with the free software making so many strides forward. I know the free needs some work, but Comodo does deserve a breakthrough imo after all these years. There sure seems to me to be great potential for Comodo products on corporate networks. With endpoint it's gotta be clean (unobtrusive), light, effective, hands-off, and manageable (across the network)...
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Maybe Comodo (via improved sigs/detection) is making a push to be taken more seriously with the endpoint/network solutions? Guess time will tell if there is a trend developing. I feel it's critical with endpoint security for an auto-contain program to be paired with great signatures/file recognition. Accurate CloudLookup (whitelisting) is also extremely important with CFW/CIS.
I'd be basically thrilled to see Comodo generating higher income and credibility on business networks with the free software making so many strides forward. I know the free needs some work, but Comodo does deserve a breakthrough imo after all these years. There sure seems to me to be great potential for Comodo products on corporate networks. With endpoint it's gotta be clean (unobtrusive), light, effective, hands-off, and manageable (across the network)...
I am not sure if they need to improve their signature approach for the corporates to increase their adoption rate. They've very well placed the selling point of their product (Auto-containment, Whitelisting, File lookups, CPU virtualization...) in front of the industry, along with the small complementary stuff provided that are helpful for the paranoids. Have you gone through their White Paper PDF revolving around this point? :)

Still by improving their AV module, they may be wanting to up their rankings in the independent or anonymous tests being performed by institutes and individuals, that do affect the sentiments and influence selection of security products everywhere. As you said it has to be clean and manageable, I wonder Comodo may suit or not suit what kinds of industries and departments. With training and varied levels of efforts by the users, there should not be much problem for most of them if they commit to the product.
 

Attachments

  • Comodo-containment-technology.pdf
    1.5 MB · Views: 1,072

AtlBo

Level 28
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
I wonder Comodo may suit or not suit what kinds of industries and departments. With training and varied levels of efforts by the users, there should not be much problem for most of them if they commit to the product.

Hope to get my hands on Comodo's end point program at some point to look it over. Guess that is still just the small picture, considering manageability is so key now with Sophos and Kaspersky (and others?) putting out the super apps for network security management and monitoring. Not sure where Comodo is with this but I sense not on the same level maybe? Only saying this because the company doesn't seem to be getting credit for network security management on a level that I personally have noticed.

Still by improving their AV module, they may be wanting to up their rankings in the independent or anonymous tests being performed by institutes and individuals, that do affect the sentiments and influence selection of security products everywhere.

Yes, this is what I was wanting to know myself. Competing at the top of the A-V testing could only help, so maybe there is an emphasis on improving detection for that reason.

Thanks for the pdf. Gonna read up now :)
 
Last edited:

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
That disappearing rules bug could prove extremely troublesome at the enterprise level though.
except i'm sure the enterprise product gets fixed in 2 minutes after companies report it that they pay money for.
meanwhile comodo home products having bugs since centuries.
not sure how can someone respect comodo when they don't care to fix huge problems.
 

ZeroDay

Level 30
Verified
Top Poster
Well-known
Aug 17, 2013
1,905
except i'm sure the enterprise product gets fixed in 2 minutes after companies report it that they pay money for.
meanwhile comodo home products having bugs since centuries.
not sure how can someone respect comodo when they don't care to fix huge problems.
I completely agree.
 
  • Like
Reactions: AtlBo

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
Comodo may offer good protection but I really dont like it anymore (I used to like it a lot), so many problems/bugs/questionable behavior with this company.

About Comodo detection rate, anyone remember BoClean fiasco and the bad blood between Comodo and former leader developer Kevin McAleavey?

I was unaware that this was how it was done until we were acquired by COMODO and I got tossed into that bucket there and got to work with third world veterans of the antivirus business who had worked for various other major names before coming to COMODO. First engineering question I was asked was "how do we detect a packer in a file?" Ummm ... entropy? Apparently the AV industry had just started working on that. I won't disclose whose competitor's AV engine they stole, but it's out there for googling.

Not a chance of malware submissions getting any detailed analysis unless someone knew what the MD5 for the file was (yeah, copy and paste THAT) or it was properly "cursed" by enough other AV's who gave it one of dozens of different names that rang a bell. I kid you not! And you had to search manually through the definitions database knowing what you were looking for to have a look assuming they bothered to even keep a copy of the sample in the first place! So analysis was rarely done unless it was reported back as a false positive problem and the customer remembered what it was detected as.

And there's yet another fail mode. Someone reports a file as an FP. How is it handled? Why it's REMOVED from the signatures and tossed back into the "undetecteds" in the database with hope that someone who is bored might have a look at it. What are the chances? And so the criminals learned quickly that the best way of keeping their malware undetected if they couldn't just go to Jotti or VirusTotal and keep modifying it until nobody detected it or even better, was to report it as an FP to everyone. Problem solved for criminals!

With over 70,000 samples a day coming in the door, analysts just can't be bothered. And with the public completely used to the idea of false positives being commonplace, if only a handful of AV's detected their submission to Jotti, then it must be their AV doing an FP. And there's your antivirus. At work.

I won't even bother to go into what gets hired over there in those countries. At COMODO, there were plenty of people in the AV labs who were dodgy and a few very good people who just walked away. I was told many tales of analysts who "lost things" as far as detected malware went, and it's entirely possible that with these overseas analysts that some are in cahoots with the criminals.

Source: The Demise of the Antivirus Industry
 

darko999

Level 17
Verified
Well-known
Oct 2, 2014
805
If you want "Detection rate" just don't go Comodo, what's the point. It has never been it's strong side. About the "Rules bug" has to be something related to specific computer items. Because it is not reproducing on everyone, I have a lot of rules believe me and I would notice if some of them vanish because I run a lot of games and I would see when some of them are asking me for rules I have already put in place. Take in mind that when an app updates or gets modified new rules are required as well.
 
  • Like
Reactions: AtlBo

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top