Comodo free AV working well with MASM32 SDK v10.

[Mark Jones]

That's right, Comodo Antivirus is also lighter on system resources than Avira or AVG, and does not bug the user with annoying pop-up ads. To test it's currency, I jumped on usenet and randomly queued a bunch of small (and questionable) executables for download, and ALL of them were flagged as malware/virus/worms etc. (Usenet has gotten REALLY scary lately.)

Comodo did however, flag one example from an older masm32 SDK (version 8 I believe, qexit.exe) as "unclassified malware." Looking into the differences between the older file and the newer one, the only difference I could find were minor PE header details, probably caused by the linker. In both executables, the code itself was identical, and both were legitimate.

So in closing, Comodo seems like it could be a great choice for a free, lightweight, comprehensive, and frequently-updated antivirus package, which does not hold a pessimistic attitude towards every executable on the system, nor pester the user with incessant advertisements.

[Jimg]

Keep us informed of how it works out.  It's only available with the complete package now, right?  Firewall, etc.
I remember I tested comodo av among many other av's a couple of years ago.  I can't remember why I chose avira over comodo.  Perhaps it had something to do with the fact that comodo added 740+64 keys, 1343+261 values to the registry, changed 1020+143 other values, added 84 folders, 13976 files.  Verses about one tenth that for avira.  (I run incontrol on everything I install.)  Hopefully things have changed.

[Mark Jones]

Hi Jim, that is interesting. I don't have incontrol (nor can find anything on google), but would be curious to see what it says about the current install. From a quick glance, it does seem to add some entries to the registry, although I cannot tell how many. But I can say that the latest Comodo package will let the user opt-out of installing each component during install.

[Jimg]

I'll try it tomorrow and let you know what I find (after I take a full acronis backup  :wink)

[kromag]

I've been using Comodo too with out any problems :bg
---
William

[Jimg]

Okay, here's my report.

I started with a clean windows XP intall and updated to SP2.

I tracked the installation of Comodo-

Keys added: 3167
Values added: 7040
Values changed: 124
Folders added: 15
Files added: 94
Files changed: 64


The files addition was much, much better than previous editions.  It added just over 100 megs of files.
I'd say the addition to the registry was pretty appalling, however.  That's a new record for keys added.  Not even Microsoft office added that much stuff.

The worst part, however, is how it slowed down the machine.

After each reboot before and after installation, I highlighted the files and folders in the root of the C drive, right clicked and did a properties, to get a file/folder count and size for comparison.
After installing Comodo, it seemed like that process was taking much too long.  So I disabled Comodo and rebooted.  I let the system set for several minutes so all the startup background stuff that goes on should have been well finished.  I redid the properties on the files/folders of C drive, and it took 25 seconds.  I rebooted and redid this several times with the same results.  I then renabled Comodo.   I rebooted and redid the properties test several times, and it took over 100 seconds each time.  I'd say that's a pretty severe impact on performance.

When Comodo did a full scan of my system, the only false positives were two ancient dos program that I know were not infected.

All in all, it seems like a good product if you don't mind the other side effects.

[BlackVortex]

My ESET smart security is also slow sometimes. When scanning new files, especially those packed with lzma algorithm. Sometimes it takes a full minute or more to get "unstack" and continue. In this time I could manually unpack it, damnit. What the hold-up ?!

Thankfully it doesn't disagree with my masm playground.

I'm very happy with the firewall though. It never lets me down.

[Mark Jones]

Hi Jim, thanks for the analysis. So-far so-good here, but I agree that some of those stats are atrocious. Part of the install must be various core components and run-times, as my \Comodo\ folder is 85.7MB with all the features installed -- firewall, AV, etc. (Interestingly, there is a backup folder in there with copies of all the executables -- 35.8MB in redundancy, which I suppose is acceptable.)

I would imagine, in the world of malicious code trying to circumvent the AV products, that some rather serious Windows integration is needed in order to safeguard processes and namespaces from outside compromise. Curious, did you create any comparable reports for Avira or the other products? Googling for "Antivirus shootout" or similar is fruitless at best.

If nothing else, Comodo comes with an uninstall feature. :bg

[Jimg]

Two years ago, avira was the fastest and lightest.  Since then, it's become a bloated nagging pig.  I'm still using it because I haven't really found anything I'm happy with.  I'll restore the partition to pre-comodo state and try avira just for you Mark.

[Jimg]

Okay, here you go-

Avira Antivir results:

Keys added: 138
Values added: 530
Values changed: 147
Folders added: 17
Files added: 182
Files changed: 65

total about 65 megs of files.  (But like you pointed out, 23 Megs of that is in the failsafe backup folder)

The properties test took 25 seconds one time, 32 the second time, and 14 seconds the third (I got a call, so the computer sat idle for about 5 minutes before I got back to do the test).  Virtually indistinguishable from not having it loaded.

I have to say, this totally changed my mind about avira.  I was really ready to dump it.  I guess two years of updates and screwing around kinda messed it up.  Anyone using it should probably do an uninstall, search and destroy, and reinstall.
I'm sure it still has the nag screens, but hey, it's free.

I'll test avast next.

[Jimg]

Avast results:

Keys added: 408
Values added: 947
Values changed: 152
Folders added: 35
Files added: 241
Files changed: 60


about 83 megs of files

25 secs properties test time.


Not too bad, but on a personal level, I just didn't like the look and feel of it.  Just me, the program's probably fine.

[Jimg]

AVG results

Keys added: 838
Values added: 1368
Values changed: 181
Folders added: 37
Files added: 258
Files changed: 65


15 seconds on properties test 

154 megs of files


very quick, but that's a great lot of bytes in comparison, and two thirds of it was in the documents and windows system folders rather than it's own folder, which I personally disagree with.

[Jimg]

I finally got around to cleaning up my main desktop (removed all traces of antivir).  I installed the latest version and tested against masm32v10r.  There were no false positives.

[ThexDarksider]

Bit of a bump but I got two detections with COMODO. AntiVir found nothing, even on the highest heuristic level. :green2 Is this a false positive?

X:\masm32\examples\poasm\runcpl\runcpl.exe
X:\masm32\macros\lst.exe

Are these legit? I downloaded from masm32.com. :bg

EDIT: Also it is "unclassified malware (0xSomeCode)", I guess AVs just don't like ASM. :toothy

[Mark Jones]

Yes those files are safe.

Jim, any chance you could create a "report" for: http://www.sunbeltsoftware.com/home-home-office/vipre/

That's an impressive package; small and lightweight. It is quite sensitive though, even on the lowest heurristic level.