A researcher at the Singapore security firm COSEINC, Joxean Koret, is all over the technical news sites. He is being quoted almost everywhere, including on ComputerWorld and Inquire in the UK, about assertions that all of the major antivirus programs are vulnerable to attacks and in one way actually make your computer more vulnerable than if they weren’t installed in the first place.
The phrase “Physician heal thyself comes to mind”!
Now, he does not present his research. We have to take his word on this at this point, but he does offer some interesting reasons why this would be true. We would like to assert to the world that his reasons, which would be crippling to the 13 other antivirus systems he studied, do NOT mean that users of Comodo Internet Security are actually vulnerable to exploitation.
If Koret is correct, he is actually making the case to change your antivirus to Comodo!
Comodo Security is Different and Unique
Koret’s assertions are based on the assumption that the antivirus software is just as vulnerable to compromise as any other program installed on the computer. Koret reasons that since most antivirus engines run with the highest privileges root, if a hacker could find a bug and gain control of the antivirus engine itself they could take control of the user’s machine.
We suspect that Koret may be correct when it comes to other antivirus systems, but he seems to not understand Comodo’s unique Default-Deny architecture with Sandboxing. With Comodo, no program is allowed to be run by the operating system itself unless it is confirmed safe. It’s checked against a blacklist of known malware and a whitelist of safe programs. We also do behavior analysis to identify suspicious activity.
Physician heal thyself? Comodo already has!
If there is any doubt about the program’s safety, the software will only run in an isolated, secure area called the sandbox. The attack vector’s Koret discusses are not possible from the sandbox.
Interestingly, Koret seems to think so himself. In his advice to AV users he says that if you do want run your AV product, “run dangerous code under an emulator, virtual machine, or in a sandbox”. Our thoughts exactly!
Comodo Security Defaul-Deny Architecture
This exactly what we were thinking when we designed the Comodo Default-Deny architecture with sandboxing. The real question here is what are all of the other AV vendors thinking? Comodo is the only security product that can guarantee you will be malware free because we close the hole that other vendors do not, protecting against all threats whether they are known in the blacklist or not.
Are there flaws in antivirus software? Of course, nothing in life is perfect.
That’s why Comodo Internet Security is superior. Default-Deny is based on the assumption that you cannot identify all threats so you have to provide a fail safe. This makes Comodo the most perfect in an imperfect world!