App Review Comodo and "New" Boot Time Malware

[cruelsister]

Content source

https://youtu.be/DGxXfrImaos

(Special Guest Appearance...)

 

[Bot]

Thanks for sharing this video! It's always helpful to see visual content related to Comodo and boot time malware discussions. Let's dive into it and discuss further.

 

[Behold Eck]

Good to see you back on form big sis and what a cool track, New Order`s Blue Monday, bought it when it came out way back in the day.

Regards Eck

 

[Vitali Ortzi]

So great to see you back absolutely enjoyed your knowledge and the videos with the great music

 

[Nunzio_77]

In your opinion, is CIS 2025 reliable and safe as a PC protection?

 

[rashmi]

In your opinion, is CIS 2025 reliable and safe as a PC protection?

Users worship the powerful Comodo protection like it's a deity, with some even building shrines in its honor. The antivirus performance is currently inadequate; whispers hint that @Nikola Milanovic's Comodo Valkyrie project promises a permanent solution to all malware.

 

[Andy Ful]

In your opinion, is CIS 2025 reliable and safe as a PC protection?

It is (one of the best), for non-enterprise users.
The situation is more complex in the enterprise environment. However, Xcitium can still be as reliable as most EDR products.

https://www.gartner.com/reviews/market/endpoint-protection-platforms/vendor/xcitium/product/xcitium-platform

One thing must be remembered when using CIS containment. Files that look benign in the Comodo sandbox, can still behave as malware when run without containment (added to the ignored group).

 

[bazang]

Comodo is a "dumb blocker". In other words, Comodo is NOT an antivirus/antimalware.

• It is virtual containment (at the default settings), so it isn't blocking anything actually.
• There is no such thing as a "smart blocker." All default deny must be programmed with allow and block rules. Now whether that is done categorically using generic rules or someone thinks they are slick and tries to get AI/ML to do it, either method is not "smart." Automated, but not "smart."
• Comodo does have an antivirus component, but the Owner stated on the very first day that Comodo was released that it is meant only to detect "old" malware.

Comodo can be defined as "a software to block something".

It is called "Default Deny."

Comodo is an abandonware (since 2018)

It was just updated multiple times (2024/2025).

it is full of unfixed dangerous bugs

Proofs? Receipts? (As in demonstration videos that you show the bugs and you demonstrate that said bugs are dangerous.) Otherwise your claim that "it is full of unfixed dangerous bugs" is not true.

therefore should never be recommended/promoted to anyone (neither to enterprise or non-enterprise-user).

No one in this thread, or elsewhere, has stated "You should use Comodo." This thread is a demonstration that speaks for itself. No human speech or writing required.

if an enterprise or non-enterprise-user decides to use "blockers" as a privacy or security system, there are many other alternatives, much more modern and totally freeware.

Microsoft uses default deny all the time. It is a part of most every enterprise IT ecosystem. The technologies are over 20 years old and they work extremely well today, as they did in yesteryear.

 

[Andy Ful]

... and therefore should never be recommended/promoted to anyone (neither to enterprise or non-enterprise-user).

"Reliable and safe" does not mean recommended for most users. The worship for any AV/EDR is based on illusions.
Let's apply your reasoning for other solutions.
------------------------------------------
Those solutions use "smart" ML models and AI that are as wise as a mouse (probably less). They cannot effectively protect users against new malware, for example:

https://arxiv.org/pdf/2308.14835

https://arxiv.org/pdf/2305.04149

Over 30% (or more) of new malware is active in the wild. So, those "smart" AVs/EDRs should never be recommended/promoted (neither to enterprise nor non-enterprise users).
-------------------------------------------

On the contrary, the "dumb" CIS protection can protect against older and most new malware (in the home environment or hybrid work). Indeed, CIS can still have some irritating bugs (after some tweaks it crippled some of my machines three times). It is kinda dumb, and containment is not an acceptable solution for many users. As always, the truth is somewhere between the extreme opinions.

 

[Nikola Milanovic]

Users worship the powerful Comodo protection like it's a deity, with some even building shrines in its honor. The antivirus performance is currently inadequate; whispers hint that @Nikola Milanovic's Comodo Valkyrie project promises a permanent solution to all malware.

Yes i love CAMAS(Valkyrie)

 

[Vitali Ortzi]

In your opinion, is CIS 2025 reliable and safe as a PC protection?

I would recommend using it together with an av (either built in defender or any other one )
But it's definitely really useful and gets perfect scores in majority of tests above any av software

 

[Nikola Milanovic]

Comodo is a "dumb blocker". In other words, Comodo is NOT an antivirus/antimalware.

That being said, if anyone (enterprise or non-enterprise-user), for whatever reason is interested in using "dumb blockers", then (and only) in this specific case, Comodo can be defined as "a software to block something". For example, someone (enterprise or non-enterprise-user) may want to block "specific telemetry or trackers", and in this case the user will label Comodo as "privacy software". Or someone (enterprise or non-enterprise-user) may want to block "specific executables", and in this case the user will label Comodo as "security software".

In short, enterprise or non-enterprise-users can label Comodo as they want, according to their own "specific needs", saying it's for privacy or security etc. It's totally specific and subjective!

However, in real world and objectively speaking, Comodo is an abandonware (since 2018), it is full of unfixed dangerous bugs, it is not an antivirus/antimalware, it does not detect or identify viruses/malware, it is not an universal blocker and can be bypassed... it is a simple specific "dumb blocker", and therefore should never be recommended/promoted to anyone (neither to enterprise or non-enterprise-user).

It is important to mention that in 2025, if an enterprise or non-enterprise-user decides to use "blockers" as a privacy or security system, there are many other alternatives, much more modern and totally freeware.

1: Xcitium/Comodo is not a blocker,Containment is only there for Unknown files the one that Xcitium has never seen before
2: Xcitium/Comodo does have an AV and every file that is in containment does get a verdict either good/bad
3: Xcitium/Comodo is updating CIS every day

 

[Vitali Ortzi]

I

"Reliable and safe" does not mean recommended for most users. The worship for any AV/EDR is based on illusions.
Let's apply your reasoning for other solutions.
------------------------------------------
Those solutions use "smart" ML models and AI that are as wise as a mouse (probably less). They cannot effectively protect users against new malware, for example:

https://arxiv.org/pdf/2308.14835

https://arxiv.org/pdf/2305.04149

Over 30% (or more) of new malware is active in the wild. So, those "smart" AVs/EDRs should never be recommended/promoted (neither to enterprise nor non-enterprise users).
-------------------------------------------

On the contrary, the "dumb" CIS protection can protect against older and most new malware (in the home environment or hybrid work). Indeed, CIS can still have some irritating bugs (after some tweaks it crippled some of my machines three times). It is kinda dumb, and containment is not an acceptable solution for many users. As always, the truth is somewhere between the extreme opinions.

It's niche but I prefer it to smart screen , smart app control as my experience with comodo was less false positives then the alternative Wich is the built in reputation based prevention (smart app control ,smart screen etc)

Not that I didn't experience I ton of false positives with comodo but it is better for the stuff I use

 

[Vitali Ortzi]

1: Xcitium/Comodo is not a blocker,Containment is only there for Unknown files the one that Xcitium has never seen before
2: Xcitium/Comodo does have an AV and every file that is in containment does get a verdict either good/bad
3: Xcitium/Comodo is updating CIS every day

Comodo Av does almost nothing in tests av based detection is far lower in comodo over most av vendors
But the reputation based prevention blocks usually all samples so basically I will ditch the av and replace it and use comodo specifically for it's strengths and not include all the subpar modules like av

 

[Andy Ful]

It's niche but I prefer it to smart screen , smart app control as my experience with comodo was less false positives then the alternative Wich is the built in reputation based prevention (smart app control ,smart screen etc)

SmartScreen does not produce false positives for application auto-updates, and when using an updater like UniGetUI to install/update applications.
Comodo will produce false positives, especially when the application is unsigned or the vendor is not on the Trusted Vendors List.

When installing new applications originating from the Internet, both SmartScreen and Comodo can give a similar number of false positives, but this number can be smaller for Comodo after extending the Trusted Vendor List.

 

[Sephirothnight]

(Special Guest Appearance...)

Hi,
Thanks for the video and for New Order. I see that after Dead Can Dance there is some good in all this!

 

[Shiz]

I love Comodo's firewall and dumb blocker lol. If there is a better dumb blocker someone tell me. I would still use comodo for the firewall. I use third party AV with it.

 

[Nikola Milanovic]

For Xcitium/Comodo users:
if an file is Unrecognized by Xcitium/Comodo you can Submit it to Comodo for analysis:
1: CIMA/CAMAS- Cloud Verdict Customer Login | Xcitium Cloud Verdict
2: Comodo Instant Malware Analysis- Free Internet Security and Antivirus | Security Solutions from Comodo

 

[rashmi]

it's definitely really useful and gets perfect scores in majority of tests above any av software

The vast army of ordinary antivirus programs fights valiantly with its earthly defenses, while Comodo shines as a legendary defender with divine containment capabilities!

 

[Nunzio_77]

I've always thought that if it had web protection against fraudulent sites and a higher detection rate it would be the best suite ever... just a little effort would make it unbeatable.