Re: Comodo anti-virus?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
"Brian Cryer" wrote in message
Quoted text here. Click to load it


Well, obviously it is BETA.  Even Comodo says *not* to use it as your
primary AV program.  They deliberately have left it in beta status to
eliminate having it analyzed at various independent testing agencies
(av-comparatives.org and VirusBulletin).

It's whitelist of known good programs (with a hash to identify them
from other same-named files) has been mostly a community effort.  That
is, the users submit the unknown files to Comodo to have them checked
that they are okay to be included in the whitelist that is part of
their updates.  The idea is to eliminate some of the prompting from
the HIPS (host intrusion protection system) part of their AV program.
It is a fairly good HIPS in that it also checks not only what program
is allowed to run in memory but also what caller loaded it into
memory.

It is a pig on resources.  Last I recall, it consumed 155MB just for
their AV program.  Part of that is because they load 2 instances of
the same process.  Part of the reason is to ensure that they watch
each other and restart the other if it gets killed, but software can
run faster than a user trying to kill processes to kill both so the
bouncing-ball method isn't reliable for keeping up an AV program.
Supposedly there is some efficiency use of the 2 instances to prevent
lockouts on files or to facilitate faster scanning.  Comodo has never
made clear why *they* think 2 instances are needed.

The last testing on Comodo's AV program was for its 1.x version (the
latest still-beta version is 2.0).  It did so poorly that it never
made it into the comparatives table and instead got relegated into a
whitepaper where, as I recall, its on-demand scan coverage was a
miserable 38%.  Their signature database wasn't very large at that
time and Comodo seems to rely too much on community submissions for
the whitelist.  I don't remember if the program, once installed, tells
you how many viral signatures are in its database or gives you a list
of which viruses it can detect (and perhaps grouping them by
polymorphism which vaporizes when the pest gets loaded into memory).

I have been interested in using Comodo's AV product because of its
inclusion of HIPS which matches up nicely with their use of HIPS in
their firewall product.  Too much a resource pig, too much unknown
regarding its coverage (no one tests it, and "works for me" is
worthless drivel), and they've been in beta way too long which seems a
ruse to prevent it from being tested and compared against other
competing freebie AV products.

I tested it within a VM using VMware Server (free).  That way, it
doesn't pollute my environment.  I was impressed with its HIPS.  I
wasn't impressed with its AV function unless more information is
forthcoming about its coverage.  Also, go read their forums.  It is
beta and is causing problems for some users.  Too many companies, like
Comodo, think "beta" means the product should still be under
development.  Wrong!  Beta means that version should be almost
identical to the released version, with little changes and certainly
no major changes, and is it provide a larger base of hosts to check
for compatibility, not to flesh out and heal functionality.  That is
has been beta status for so long bodes ill for the product.  Either it
is crappy and unstable code or Comodo lost their resources to finish
the product.

I tried it.  I reverted the VM (i.e., wiped it back to its base state)
to get rid of it.  I'm still waiting until it is no longer in beta
status AND until it gets tested by av-comparatives.org and VB.


Re: Comodo anti-virus?

Quoted text here. Click to load it

I had assumed that being beta it was relatively new. Clearly that isn't the
case from your comments. Thank you.

I just had a look on their forum, and there is a comment posted there that
Comodo isn't going to release a public non-beta version before V3. Seems a
bid odd ... but it does tie up with your comment that they want to leave it
as beta to avoid it being tested by independent testing agencies.

Quoted text here. Click to load it

I've installed it on an old box to have a look. Certainly it has at least
two processes running. Memory usage doesn't seem excessive, but I'll keep an
eye on it - I know memory usage can creep up over time.

Quoted text here. Click to load it

38% isn't very good! According to the virus list in the application, they
are up to "262,665". The McAfee anti-virus I have on my desktop claims
"334,023" threats. So the implication is that they are still a long way
behind.

Quoted text here. Click to load it

To be honest, I'm not even sure what HIPS is.

Quoted text here. Click to load it

Thank you for your comments. Very useful.
--
Brian Cryer
www.cryer.co.uk/brian



Re: Comodo anti-virus?

"Brian Cryer" wrote in message
Quoted text here. Click to load it

Beta should only last a couple months.  Alpha might last for many,
many months but when beta then there should be little difference
between it and the released version.  Unfortunately Microsoft (with
their "preview" versions of Windows) and Gmail (that has been beta for
years) have so bastardized the meaning of beta that other vendors,
like Comodo, are following suit.

Quoted text here. Click to load it

I only recalled the total memory size which is real AND virtual
memory.  Most users never bother to add the VM Size column to Task
Manager's Process panel to see what is the total consumption of memory
whether it be in RAM or in pagefile space on the hard disk.

Quoted text here. Click to load it

The total count of signatures is misleading.  Comodo's anti-virus
incorporates HIPS which regulates what can and cannot load into
memory.  Nothing runs unless it gets into [real] memory.  Polymorphism
vaporizes when a program is loaded into memory, so all those AV
products that don't regulate memory loads have to include signatures
for all polymorphic variations of viruses.  Comodo only has to see
what the resultant signature is after the program loads into memory,
so a smaller signature count is not necessarily bad.  The problem is
that Comodo keeps its 2.x version in beta status and seems determined
to keep it that way which means av-comparatives.org and VB will not
bother to test it for coverage.  If Comodo keeps behaving this way,
they could end up with an excellent AV product that no one will use
because there have been no independent verification that it really is
an excellent product.

Quoted text here. Click to load it

http://en.wikipedia.org/wiki/Intrusion-prevention_system


Re: Comodo anti-virus?

Just for your info: AV-Comparatives did test Comodo in past. I think
it was March 2007. Please see on the website (Comparatives, scroll
down to special tests).


Re: Comodo anti-virus?

Quoted text here. Click to load it

Yes, February 2007 -
http://www.av-comparatives.org/seiten/ergebnisse/2ndgrouptest.pdf . They
tested Comodo Antivirus 1.1 Beta. (Has it ever not been a beta?)

In all the tests listed in that PDF, Comodo came last. They gave it a total
detection rate of 27%, the next lowest was 50%, so not very impressive. They
do include the comment that the "new version 2 (beta) detects in total about
42%", but it may be reasonable to assume that that figure has improved by
now especially since I'm given to believe that Comodo are concentrating
effort into improving detection rates.

Their conclusion was (quote): "Comodo AV should not be used as primary AV"

I'm still hoping that Comodo will eventually become a serious challenger to
the well known names, but it isn't there yet. I'm going to leave it on the
old box that I've installed it on (its switched off most of the time
anyway), but will continue for now with Mcafee at work and AVG at home.
--
Brian Cryer
www.cryer.co.uk/brian






Re: Comodo anti-virus?

Quoted text here. Click to load it


Yes, for version 1.0.  It's now up to 2.0 and still beta.
av-comparatives.org and VB have yet to test version 2.0 probably
because Comodo keeps it at a beta status.


Site Timeline