New Update CIS 2025 is now LIVE!

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
That's exactly my experience too. Up until now, Comodo has protected me and my PCs reliably. I'm particularly worried about the AI, can Comodo still keep up, or is their strategy sufficient? I don't trust anyone for now. I'm really open to all advice and grateful.


Also a strong argument.
In general, blocking threats as early as possible is always recommended. Any solution that allows you to run malware (be it contained) and then dwells on this malware, desperately trying to take a decision if it should be remediated or not, exposes your system and information to a risk, and is not optimal. Ask a few IT professionals and they will tell you the same -- even executing malware on virtual machines without the proper hardware enforcement measures in place is not recommended. Maybe it will be fine for a while, maybe not for a while, but for 5, 10,15 years,. One day, disaster will happen. The aim of cyber security is to act pro-actively, not reactively.
It is also recommended to apply additional security at the door, which in terms of sophisticated attacks, most frequently is your email inbox.

In some cases, allowing the malware to run may be necessary, as attackers will always target pre-execution prevention methods first.
Although many attempts to evade pre-execution analysis would fail, some would succeed.

Behavioural blocking systems, containment (there are different implementations of that), traffic control would reduce the potential damage.
This should be the last line of defence.
Once malware has managed to run, without proper, very resource-intensive forensics analysis, often made impossible due to lost attack artefacts, no business or individual can guarantee that your information and system are not compromised in any way. Unless you have deployed some sort of attack investigation previously (such as EDR) and even that's not guarantee. If anyone is making claims how "malware is executed and system is 100% safe", these people are simply dishonest.

In some very complex attacks (that will not target you), just downloading the file subjects it to various parsers (icon viewers, preview generators) and this has been enough to exploit Windows vulnerabilities, without the file ever having to be executed. However, this is extremely rare but outlines the importance of more robust methods.

@bazang Dude I told you many times that I understand your arguments and accept them. Not sure why it is so difficult for you to understand what I'm saying. I do not want any improvements in Comodo -- I do not use Comodo.
 
Last edited:

mlnevese

Level 28
Verified
Top Poster
Well-known
May 3, 2015
1,761
It's quite possible in a few more years the malware scenario will be an AI war between "intelligent" malware and the resident AIs on servers and our own personal computers. Interesting times are coming.
 

Sandbox Breaker

Level 11
Verified
Top Poster
Well-known
Jan 6, 2022
530
Cruelsister is right, HIPS is an outdated system that in 2024 has no place on users’ machines. HIPS was relevant and hyped around 2006 when all vendors had it, I remember Kaspersky, Panda, Bitdefender. Gradually, behavioural blocking emerged as the successor to HIPS, so the system will analyse the process, the events, the context and instead of prompting the user, will act automatically.

Kaspersky IDS is a “smarter” HIPS that takes into account the reputation of every object to take a decision automatically.
I've stopped using Xcitium and moved on to Kaspersky Endpoint in default deny mode.

Would you consider Xcitium full of bugs also?
 

rashmi

Level 12
Thread author
Jan 15, 2024
578
Comodo's long-time users, like me, who have been submitting bugs, feedback, and wish lists since the beginning, remember both the bugs and the developers' responses and positions. I have had conflicts with staff members, like Buket, regarding the timely release of CIS-related matters. Umesh, the CCAV developer who played a key role in CIS advancements, was exceptional. Since Umesh left, CIS developments took a downhill turn following the discontinuation of CCAV. I have always agreed with the Comodo bugs and issues without any arguments. 73, or whatever number, the list includes both feature improvements and bugs, some of which Comodo has addressed, but none have a significant impact on Comodo defaults. There should be no usability or security problems for Comodo defaults or CS config users.
 

bazang

Level 8
Jul 3, 2024
367
Turkish

The main driving force behind development has always been money. More specifically, the lack of any revenue or profit within the consumer CIS\CFW product line.

As far as the management of Comodo's various software products it was Haibo Zhang that directed everything until he left in 2020.

Basically, Haibo brought Melih's "pet projects and experiments" from idea or concept to working products with various degrees of success. Melih has stated many times over the years - publicly posting this stuff ad nauseum - that he does not care about bugs. Software has bugs and he is not going to spend the money to fix them all in a product that he gives away for free.


1724013370554.png
 

bazang

Level 8
Jul 3, 2024
367
I'm particularly worried about the AI
Discussing this would be long so I will just sum it up as "Don't be paranoid." Thanks to @oldschool for his endearing euphemism.

can Comodo still keep up
You do not even need AI. Just write a fully contained malware in a script language such as VBS and PowerShell. After all these decades, it is still possible to bypass a lot of security software using script interpreters.

AI, ultimately, will be used by nation-states and hacktivists to do much worse than infect your system. It is going to be the thing that will bring-down national infrastructure for months or years. Just think of it - AI takes out your nation's electrical grid. Damages critical components that take 6 to 12 months to procure and replace. Once that happens you will not need to worry about an infected system. You'll have much greater problems.

Stop worrying about AI and learn how to create a fire without matches and forage for food.
 

bazang

Level 8
Jul 3, 2024
367
@bazang Dude I told you many times that I understand your arguments and accept them. Not sure why it is so difficult for you to understand what I'm saying. I do not want any improvements in Comodo -- I do not use Comodo.
OK, but you have a problem with "fanbois and fangirlz" telling and showing the world why they like Comodo, right?

@cruelsister and others that "promote" Comodo are not misleading anyone nor doing anyone any harm.

People that like Comodo are enthusiasts and hobbyists just like any other group that has affinity to a product or thing - such as Dell, Fortnite, Corvette, sport team, etc fans.

@Decopi 's claim that there are pathological Comodo fanatics here at MT "manipulating others" to use CIS or CFW and thereby harm those users is plain peak unhinged nuts.

Did you read his\her\its wall of rage & rants?

Trying to stop people like @cruelsister and others from "showing off" their favorite security software is just plain wrong. The other software that suffers the same issues as CIS and CFW is Webroot. And you are the victim of how that fanbase handles criticisms.

I am for the facts. Can Comodo be improved? Oh yes. A lot. Is it "garbage." No, it is not. Are the "insane Comodo fanatics" misleading users and directing them to some user experience apocalypse? No, they are not.

@cruelsister says comparatively very little and yet people read huge amounts into what her intent behind her videos is. My read is that she makes vids that demonstrate that it works better than other software. I guess what really bothers others is that she is able to make videos that show bypasses of other security software and then shows the same malware is successfully contained by Comodo.

She did say "I will use it until I can prove to myself that it no longer works." That's like the rest of us saying we'll sharpen a knife when we notice it has gotten dull. She is prepared to "switch camps" should it be necessary. She is no fool. She just wants to protect her data and, for the past 10+ years, her own testing of a bunch of products (including 100s of tests that never were made publicly available) convinced her that Comodo is the best option.

My guess is that @cruelsister is financially well-off so she is not cheap. It is not a matter of not wanting to spend the money on a security software. It all comes down to her own test results; she does not need any others to tell her what works and what does not. She's figure it out for herself. So that is where I think a lot of her motivations and intent to produce the vids.
 

Helmut

Level 1
Jun 6, 2024
26
She did say "I will use it until I can prove to myself that it no longer works."
I wrote exactly this in the comodo forum and it is still my opinion. I am also concerned about protecting my data and that of others - I don't care which program I use, the main thing is that the program is useful to me. It doesn't matter which dentist treats me, the main thing is that he/she does his/her job well. It's about my teeth, not the doctor treating me.
It's not easy to turn your back on something tried and tested, which I don't intend to do, but to turn to something better, safer, more future-oriented.
Cybercrime has now become a major problem that has penetrated the highest circles.
Thank you for your factual and objective contribution.

It's quite possible in a few more years the malware scenario will be an AI war between "intelligent" malware and the resident AIs on servers and our own personal computers. Interesting times are coming.
It's quite possible in a few more years the malware scenario will be an AI war between "intelligent" malware and the resident AIs on servers and our own personal computers. Interesting times are coming.

Private users may still be too uninteresting.

Melih has stated many times over the years - publicly posting this stuff ad nauseum - that he does not care about bugs. Software has bugs and he is not going to spend the money to fix them all in a product that he gives away for free.
However, since the free version and the paid version do not differ in terms of security, this would mean that paying customers would have no advantage other than online support.
 
Last edited:

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
OK, but you have a problem with "fanbois and fangirlz" telling and showing the world why they like Comodo, right?
Not even that, it’s just user-dependent systems are promoted as the ultimate security, which shouldn’t be the case. It’s like me, showing threat hunting and other EDR features. Obviously through these features I will successfully remediate attacks. But this is showing my personal skills and not the software capabilities.

But on another thread we’ve had discussion with Cruelsister and we’ve pretty much understood each other. Btw she is on holiday now so no need to summon her in that many posts. She is not around to read them.

Then again, you cannot hold her or anyone else responsible for what they show. It’s up to everyone to interpret these videos and showcasing, the way they want.

I personally, am not convinced in the quality of any system that is highly user dependent and I am not convinced in the quality of systems that allow you to run live malware on the same system where you do your work.
I had the same argument with this Webroot supporter that was trying to convince me how amazing Webroot is, with the rollback system.
Allowing malware to run, whether it will be restricted, contained, disconnected is madness.
This should be your last-let incident mitigation (when everything else has failed), but not your be-all end-all.

There are cloud and appliance sandboxes that are reinforced and specially for this purpose, of running and analysing malware.

No MSSP employees in their right mind will allow malware to run on the same system where you work with information.
 
Last edited:

Helmut

Level 1
Jun 6, 2024
26
Allowing malware to run, whether it will be restricted, contained, disconnected is madness.

These are the kinds of tips that make me a little unsure.
How is this possible? By deactivating protective mechanisms to see what it can do and then reactivating these protective mechanisms to see how well a software protects the PC against it? If that were the case, it wouldn't be a problem, would it? Because the protective function would be there. Functions that I don't deactivate would mean that the protective effect of a software would be there. And of course (in line with the topic at hand), if comodo made it possible in this way, to allow - block, then the protection would be there (without going into other strengths or weaknesses).
Once again, to avoid any misunderstandings here: just as I care about my teeth when I go to the dentist (it doesn't matter which one, as long as he keeps my teeth), I care about "my" protection. I don't care who protects my life, and up until now comodo has done this, it's not my fault! And if the software "I'lldoitallforyou" can do it better, then it will be my bodyguard.
To stay on topic, comodo has been very successful. I'm not married to it, I could only trust it.

I researched on the Internet to see who had been the victim of malware on their PC despite having comodo, but no search results despite various search entries. If I didn't want that as proof of comodo's security, but on the contrary, if I wanted it as proof that comodo is not infallible and can easily fail, then I would have fired them immediately.
 
  • Like
Reactions: rashmi

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
deactivating protective mechanisms to see what it can do and then reactivating these protective mechanisms to see how well a software protects the PC against it? If that were the case, it wouldn't be a problem, would it
It will not be a problem if this is a device that is dedicated to testing, properly isolated in a lab. If you are doing that on the same device that you use to shop for clothes, be it in a VM, it is plain dumb.

I already discussed pre-execution vs post-execution protections on another thread, as well as here.

This is not a personal statement or an essay, it is the point of view of every security specialist, based on facts.

You can contact a few and enquire, and see who will advise you to allow malware to be ran on your real machine and then to press "block connection "/ "Contain" -- and will consider this optimal, recommended security. Compared to a solution that will prevent execution or even download.
They will be laughing at you.

I researched on the Internet to see who had been the victim of malware on their PC despite having comodo, but no search results despite various search entries.
How come you didn't find this evidence, when it was just there, in Rubenking's rather unadvanced and incompetent tests...?
Or you just don't want to open your eyes and see it?

Furthermore, Comodo audience is extremely small and very highly technical. Such audience deals with potential security incidents, doesn't go on forums to cry on somebody's shoulder.
 
Last edited:

Helmut

Level 1
Jun 6, 2024
26
1) Of course I assume that this is not done on a PC on which I have sensitive data or temporarily save it for processing - please don't think I'm that stupid. But even on a lab PC I would do both. That's why I tried to prevent misunderstandings, which you seem to want to misunderstand. That won't work.

2) I did it for myself to be sure that I had reliable protection or whether there were any loopholes. You wanted to misunderstand that too. Then read @bazang's post again: factual, objective. That's why I'm going to say goodbye here now, I don't feel like answering people who want to misunderstand me. Closing words: No problems for decades, protected for decades on all Windows versions, laptops, programs, working with sensitive data. No rootkits, worms or other burglars for decades. The IT specialist who introduced me to Comodo knew a lot more than those here who don't want to accept it and just bashing Comodo. Many thanks also to @bazang - he encouraged me and I'm now sticking with Comodo. It may be that Bitdefender or Norton would have done the same, but why do some people have problems with ransomware and rootkits and I didn't? It's a fact and not a bedtime story - that's why I was afraid that it would lead to deliberate misunderstandings, even though I meant it openly.
 

bazang

Level 8
Jul 3, 2024
367
Not even that, it’s just user-dependent systems are promoted as the ultimate security, which shouldn’t be the case. It’s like me, showing threat hunting and other EDR features. Obviously through these features I will successfully remediate attacks. But this is showing my personal skills and not the software capabilities.
I agree. (y)

I personally, am not convinced in the quality of any system that is highly user dependent and I am not convinced in the quality of systems that allow you to run live malware on the same system where you do your work.
The typical user should not be permitted nor have the capability to do much more than blow their nose and wipe their a s s while sitting in front or using any digital device.

"Users want to use stuff" is so outmoded, out-of-touch, unrealistic that it is pathetic.

Our world is based upon "We will pass along the costs to you - the consumer or taxpayer - for all the dumb stuff that others do."

That last sentence sums up the current state of cybersecurity.
 

rashmi

Level 12
Thread author
Jan 15, 2024
578
These are the kinds of tips that make me a little unsure.
You shouldn't overthink these tips. Every protection or mechanism can have flaws. Use software that meets your requirements, and customize it if you have the skills. For example, I've been using Comodo Firewall with proactive configuration and default containment. Our kids' systems have the Comodo containment set to block unrecognized files or programs.
 

EASTER

Level 4
Verified
Well-known
May 9, 2017
159
It's quite possible in a few more years the malware scenario will be an AI war between "intelligent" malware and the resident AIs on servers and our own personal computers. Interesting times are coming.
IMHO That AI Battle between Obstructors vs Defenders is beginning to ramp up soon, Good Point BTW.
 
  • Like
Reactions: mlnevese

l0rdraiden

Level 3
Verified
Jul 28, 2017
117
Xcitium from what I see on their forums, is actively updated and because it is pushed to "Enterprises", I would bet that care is taken to ensure stability and reliability.
Is xcitium base on comodo Internet security? if yes does it mean that comodo IS/AV will get updated more often?

BTW where are the release notes of CIS?
 

Chuck57

Level 12
Verified
Top Poster
Well-known
Oct 22, 2018
591
Is xcitium base on comodo Internet security? if yes does it mean that comodo IS/AV will get updated more often?

BTW where are the release notes of CIS?
Xcitium has a free version. I don't know what in contains as opposed to paid. I'm still in the thinking phase, whether to continue with Portmaster firewall, go back to Comodo firewall, or try xcitium free.
I do this at least once a year, remove Comodo to try something else then miss Comodo.
 
  • Like
Reactions: New_Style_xd

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top