Avast home vs CIS (Comodo Internet Security)

[sded]

As far as logging, CIS does selective logging-in spite of what you might choose, they actually do the selection.  SPI controlled features can't be blocked or logged at all, for example.  D+ has no way to log allowed events.  If you want to log everything, CIS won't do it.  For a simple exercise, try to log all allowed input or all output as a global rule.  Or go to GRC at http://www.grc.com/intro.htm and do a port scan and try to log all the results.  You will need to bypass your router to do that one, since NAT will block it otherwise.  Check the new version to see if there has been an upgrade; haven't used it in a few months-If they have fixed it and just not told anyone, good on them anyway.  I ran experiments to support disgruntled users on how to log things to solve their problems, and admit failure-but that was last year, so   You might still be able to do a search under "logging" for some of the threads and possibly add my user ID for some of the specific experiments.
BTW, this might have been a firewall deal breaker if I had not been a mod-I depend on the firewall logs to help with the hard problems, along with things like Wireshark.   Don't know anything about the CIS AV logging, but Avast! logging is pretty simple and straightforward and includes a debug mode.

[patrice58]

http://www.personalfirewall.comodo.com/release_notes.html

[patrice58]

The one problem I have had with the firewall and the AV using one process is that if the AV scan crashes for any reason it takes the firewall down with it. (It does happen, only once but still..........) Which for something as important as a firewall is something you can do without, even tho resource use is great as it would be seen only one process is being used but there is a down side as above.

[sded]

Interesting.  Agree that the AV killing the firewall shouldn't happen-Firewall/D+ is still advertised as "standalone".  Other strange thing I have seen there is that the AV won't run in safe mode either, so that if you have a virus problem CIS can't fix it there.

[lukor]

... even tho resource use is great as it would be seen only one process is being used but there is a down side as above.

Hmm, processes are pretty cheap resource. There is indeed some work for the scheduler and some memory taken for every running process, but the mere fact that a system (like firewall) is hosted inside one process does not in my opinion say anything about its lightness on resources.

Edited.

[IBadget]

Interesting.  Agree that the AV killing the firewall shouldn't happen-Firewall/D+ is still advertised as "standalone".  Other strange thing I have seen there is that the AV won't run in safe mode either, so that if you have a virus problem CIS can't fix it there.

I'm fortunate that I installed Malwarebytes Antimalware a couple of months ago. Last month, I was hit with a Trojan that froze my computer whenever I booted up the machine. So, I went into Safe Mode with Networking and did a scan with MBAM. Thank God MBAM runs in Safe Mode. After MBAM removed all Trojans and asked me to reboot the computer to delete the Trojans on reboot, my computer worked normally again. MBAM is a real life saver. Now whenever I download a program, I right-click on the newly-downloaded program to tell MBAM to scan the file and report whether or not it's malware. Also, to make sure I don't get hit with future malware via automatic installation, e.g., spyware, I have installed Comodo BOClean. Now I'm very confident about my computer.

[gery]

1-When talking about Comodo we all agree that it was a very good free firewall and the people there are giving a hard try to make a good firewall. Recently there is a great HIPS supporting thing going around in security forums and mainly this is something legitimate for those who really know what HIPS and malware blocking is all about.Let us think about the majority of business or school, or a a very ignorant (in the meaning of not heaving enough understanding or knowledge) that never thought about installing HIPS or malware scanners . In every moment this people can not depend on something that depends on their decision whether the blocked thing is bad or fine thing. The result needs no comment
2-Secondly the ease of use. Some people like myself who play a little with these thing find out that Comodo is a very frustrating software in terms of installation and uninstallation. I am not the only one who had problems with Comodo.
3-Comodo antivirus may become good in detection at best but can this be a premise that it will be a good healer or cleaner? History of Antivirus Antimalware cleaners tells the opposite.They all have problems including Avast but they have a longer time in this battle   
4-How long will CIS be totally free? Will it follow its competitors on the long and very harsh way of economic disaster?
 
5-What about compatibility issues with other software having resident webshield?
the list of cons may become longer but there are better choices like OA or PCTOOLS etc which require a very little intervention and do almost the same job . I think SAS or MBAM are pretty normal back up scanners that will do no harm to have installed alongside AVAST.

[patrice58]

Hey Everybody !

Just wanted to let you guys know what you can expect in the next version of CIS 3.5:

Heuristics - This will be added to the Antivirus Component. The Heuristic will be similar to CIMA and on similar lines to Kaspersky and Avira.

Threat Cast
Extended Whitelist & Blacklist for the Firewall & Defense - This will provide even greater usability! If the  AV in CIS detects a malware for example for blacklisting, D+ will not bother alerting for it. Whitelisting, same thing, theoretically you should not get a D+ Alert. Over 1 million whitelisted executables will be added.
Brand new AV Signature Format - The signature format will improve for speed & efficiency, Due to so many malware getting sent to Comodo and so many signatures getting released. Memory Consumption will be reduced, Removing malware will be better, and less False Positives.
Comodo Memory Firewall, full developed & integrated
Comodo BOClean

Release date is unknown.

[patrice58]

That was posted from http://forums.comodo.com/overview_cis/development_activities_for_comodo_internet_security_as_of_december_2008-t31970.0.html;new#new

[sded]

Looks like a big bang will occur shortly.  Hope they have done extensive simulation, emulation,  and analysis and lots of closed beta testing before open beta release of all this stuff together.  Good luck to them, but certainly seems like an unusually ambitious and risky way to do software development and deployment.  Wonder if they could just need to get most of their hundreds of developers off the payroll.  Also hope they have an efficient plan for controlling the problem identification, tracking, resolution and upgrade process-has been a real weakness in the past if you read the forum comments.  But all will be revealed in time. 

[patrice58]

Oh sorry that was from December I know now that BOClean will not be included in this "new" improved version that no one has seen yet, even now.

[patrice58]

Every virus update has 4000 sigs or so one of the mods say.................

[sded]

Hard to say what that number means, except that they are making progress.  A bit dated, but you might find http://www.av-comparatives.org/seiten/ergebnisse/Release_rates.pdf interesting.  Don't know what Avast! might say, but current data from places like Norton says that a mature AV might have a few million equivalent signatures updated at the rate of a few thousand a week, more if there is lots of activity.  Because of things like generic signatures and different heuristic approaches,   Time to discover and analyze is key, and behavioral tools like Prevx Edge and others try to do that in near real time based on user discovery-pity the first victim, of course.   There is actually quite a bit of sharing between the AV companies, but Comodo does not seem interested in joining their conferences and groups.   And since most firewalls now include HIPS ( in spite of Comodo claims for D+ being "special" ) there is a way to also look at the actions of what passes the AV test if you know how to evaluate.  How well Comodo has extended Threatcast (it originally just presented raw data, like voting on the value of pi) and the implemented heuristics approach is yet to be seen, but similar techniques are widely used with variable results.  So the countdown continues. 

[Vladimyr]

Aahh C.O.M.O.D.O. . . . .   Resource hog one day, fast and loose the next!

avast! is way ahead for home use in my opinion, but let's all try to keep an open mind.

I was never much enamoured of the Comodo AV 2.0 Beta. It was just too horribly slow in use to be consdered a viable alternative to anything!
I've been testing CIS 3.5 for a little while now and I must say, there's quite a lot to like. The main UI and messages may not be entirely to my taste but they're clear and mostly easy to understand.
Some commercial users I know have dumped their previous McAfee and CA Home/Office multi-user license packs in favour of Comodo (and some to PC Tools Free AV). They tell me they have not had any functional, stability or security problems with CIS 3.5 (Note: They are only installing the AV) and they are saving a little money. My only complaint so far on test machines is a high FP rate.

cheers

[solcroft]

Heuristics - This will be added to the Antivirus Component. The Heuristic will be similar to CIMA and on similar lines to Kaspersky and Avira.

Threat Cast
Extended Whitelist & Blacklist for the Firewall & Defense - This will provide even greater usability! If the  AV in CIS detects a malware for example for blacklisting, D+ will not bother alerting for it. Whitelisting, same thing, theoretically you should not get a D+ Alert. Over 1 million whitelisted executables will be added.

Ahhh... from solid rock-bottom straight to Avira-class heuristics, I wonder what the Comodo marketing guys will come up with next. Would be a miracle if they really pulled it off, though.

User-voted whitelists were a failure as implemented by Mamutu (still caused it to trigger on critical OS processes), let's see how Comodo does it...

As for 4000 sigs per update, they sure as hell need it. First off their detection capability stinks, and they've got a hell lot of catching up to do; second their generic detection ability is even worse, and modfying a few bytes of a binary is often all that's needed to bypass the AV.