Watch videos with subtitles in your language, upload your videos, create your own subtitles! Click here to learn more on "how to Dotsub"

What Makes Comodo’s Technology Superior?

0 (0 Likes / 0 Dislikes)
Hi everyone, today I wanna go through... ...what a Default Deny System is. We talk about default deny, default allow, black listing, white listing. I wanna talk about in very simple terms as to what these are. Now, first of all... You have a computer. A laptop, a computer. And within this computer, you have files. and viruses, malware, adware, anything bad is simply a file that works in your computer. so...a file could be a good file. here is a representation of a... cute looking "good" file. here is another cute representation of a "bad" file. they're not so cute in real life by the way once they have infected your PC and then we have what is known as "unknown" file. Alright, what are these? Let's go through... A "good" file could be...let's say a file that comes from a trusted vendor a word ".exe" or outlook ".exe" or a file, or a game that you just purchased. You know is good. You know is not malicious. So, it's a "good" file. Because after all, a file could be... one of three states... like a said: Good, Bad, and Unknown. A bad file... is a file that is trying to cause damage. Or, trying to simply extract your money from you. And an "Unknown" file... is something you've just come across in the Internet. And you really, really, want to download it... because its got all the shiny things attached to it. You know, everything "shiny" you want to download it, that's what I do. But, it's an "Unknown" file. What do you do? Let's go through a Default Allow system, let's go through a Default Deny system... To see how these products will deal with these files... when it comes to those products. So... Now, let's take a "Default Allow" product... Let's say you have one of those, legacy anti-virus products. They are known as "Default Allow" architecture. So, what does "Default Allow" mean? Well it means, it works with a "blacklist". So, IF NOT in "Blacklist", THEN "Allow". This is it. I mean, whether it's a "signature" database or "heuristic" or "behavior" blocking. These are all based on "Default Allow" architecture. If it's a "signature" database... Then it's looking, the "signature" database, which is a list of "blacklisted" applications. If it is "heuristic", well heuristic has a rule-set that explains... say, if it has these rules then it is "bad". Or, it could be "behavior" blocker, that identifies a behavior that is supposed to be bad. It's all about having a "blacklist" of bad signatures, bad behaviors... and it says IF NOT in "blacklist", THEN "Allow". Okay great! So let's take this through its course... So, let's take a good file. Good file goes through... and the application you have asks itself a question... This good file, IF NOT in "blacklist" THEN "Allow". Well, is it going to be in the "blacklist"? In theory, no. So I'll allow it to execute. It just jumps into your computer and you're happy... the legacy anti-virus product has let a good file through and a good file is executing on your computer. So far so good. Thumbs up. Okay... Now comes the "Bad" file. Now, for arguments sake. Let's assume all anti-virus products know about all the bad files that exist on the Internet. Now, in reality that is never the case. No single anti-virus product, will have a list of all the bad "signatures", "behaviors", or "heuristics" which catches everything. It doesn't happen. There is no 100% catching of "bad" behavior. 100% "blacklisting", does not exist. But for arguments sake, let's give a benefit of a doubt. because they are friends. Let's say, they know about every single bad file, okay. So let's be nice. So bad file comes in... You have this "legacy" anti-virus product. Which could have, like I said, "heuristic", "behavior" blocking and "signature" based and so on. So now, let's take a "Bad" file through it's steps as to what happens. In a "Default Allow" architecture, which the majority of desktop security products work on. You take a "Bad" file, it goes through, remember let's assume they can catch "Bad" files. The "Known Bad" files will be caught and won't go into your PC. So this is caught. Let's put it over here. Okay, let's take an "Unknown" file... let's see what happens in that system. Now, remember the rule, the rules are very simple, IF NOT in "blacklist" THEN "Allow". Very simple. Now, you take an "Unknown" file, it dances all the way here, there you go. And the "legacy" anti-virus product which might have either "signature", "heuristic", everything... Then asks itself, IF NOT in "blacklist" THEN "Allow". Is this in the "blacklist"? No it's not it's an "Unknown" application. So it allows it, bang, it goes in. Alright, so question. This "Unknown" file... at some stage, will be "Known". Okay, so this "Unknown" file, at some stage... will become either a "Good" file or a "Bad" file. Okay, so, if it is a good file it's okay to allow it because you got lucky it turned out to be a "good" file. But what if this "Unknown" file then became a "Bad" file? So this "Unknown" file switched into a "Bad" file. And, what your "legacy" anti-virus system did it let an "Unknown" application "execute", in your PC. That is the problem. You can, not, let an "Unknown" application "execute" in your PC. Why? Because it could either be "Good" or "Bad". If it's "Bad" then you have an infection in your PC. This is why we still have this virus, malware problem. And it's an ever growing problem. Okay, here is a real world analogy for you. Someone knocks on the door... and then, you go and let me close my eyes let the person in, and then I open my eyes. Would you ever do that? Would you let an unknown person come into your house? While blindfolded, by yourself? It doesn't make sense. So, exactly same thing. You should not let "Unknown" files... come into your system. Because if I am writing a virus. The first thing I do, is to check that what I create, is not detected, by anti-virus vendors. So, when I'm writing a virus, if I have a bit of intelligence to write viruses. And believe me these virus authors do have good intelligences. Used for wrong purposes. They write an application they write a file and they test their application to see if the anti-virus will detect them. Once they know it's not detected, then they release it to the world. So, when they release it through the internet. Does it become a "Good" file "Bad' file, no. It becomes an "Unknown" file. All new viruses come as "Unknown" files. This is the "envelope", that carries your next infection. And your current anti-virus just let's that through. And that is a problem. Now, I'll wipe this off, and I'll explain to you how a "Default Deny" system works, and how these three different potential types of files, will be treated by a "Default Allow" "Default Deny" system. So, again, we have a "Good" file, we have a "Bad" file, and we have an "Unknown" file. Alright. What is the rule with "Default Deny" system? Now, let's say "Default Deny" system is the Comodo protected PC. Okay. So you take your Comodo protected PC which is based on "Default Deny" architecture. By the way, now you know how bad my handwriting is. Okay, "Default Deny" architecture... What is the rule, IF NOT in "Whitelist" DO NOT "Allow". You see, it's the other way around. First "Default Allow" system allowed it if not "blacklist". Whereas with "Whitelist", we don't allow it if it's not in the "Whitelist". Okay, what could be a "Whitelist"? A "Whitelist" could be a list of all known applications. Or, it could be digitally signed files that we trust. Let's take this through its stages. We have a "Good" file, we send it through Comodo protected PC. Which is a "Default Deny" architecture. We take a "Good" file and we ask ourselves, IF NOT in "Whitelist" DO NOT "Allow". Well, it's in the "Whitelist". So I shall allow it. Ooop it goes in there, so good file goes here. We take a "Bad" file, we try to "execute" that. Well, IF NOT in "Whitelist" DO NOT "Allow". Is it in the "Whitelist"? No. So bad files are not allowed. Bye bye "Bad" file. Take an "Unknown" file, remember this is the "envelope" that delivers your infection. Okay, It's easy to catch a "Bad" file once it's known to be bad. What is tricky is this. So you take an "Unknown" file, waltz all the way there and you ask yourself IF NOT in "Whitelist", DO NOT "Allow". Is an "Unknown" file going to be in Comodo's "Whitelist"? No, it will not. So what will happen? Well, you'll have a "Sandbox" application which says I will but this in a "Sandbox" in the PC. And send it to the Comodo Labs. So, this "Unknown" file will let you "execute" but let you "execute" in a "Sandbox". So that it cannot cause any damage to your Comodo protected PC. And, this file gets sent to Comodo Labs. Comodo Labs analyzes it and all that and returns the result back. Now, result could be, remember an "Unknown" file could either be "Good" or "Bad". Results come back. It says "Good" file, great not a problem. If the results are returned as a "Bad" file... so what do you have "Sandboxed" is a bad file. We say, Okay! Great, we just take it out of the "Sandbox" and delete it. So, your system is always safe and secure. And doesn't cost you money. It doesn't create Pop-Ups. And your system is not at risk. You are not risking your computer by allowing "Unknown" files to "execute" on your system. And, that is what we have achieved. Creating a "Default Deny" architecture. I hope this was a useful session for you to understand what is "Default Deny" architecture versus what is employed by current anti-virus vendors. Thank you.

Video Details

Duration: 15 minutes and 21 seconds
Country: United States
Language: English
Producer: Comodo TV
Director: Fernando Garcia
Views: 103
Posted by: comodotv on Jan 26, 2011

Comodo CEO Melih Abdulhayoglu explains the technology behind Comodo Internet Security. Learn what makes Comodo’s Default Deny Technology™ superior to legacy antivirus.

Caption and Translate

    Sign In/Register for Dotsub to translate this video.