- Apr 25, 2013
- 5,356
Decent Malware Blocking
In my own hands-on malware blocking test, Comodo scored 8.3 points out of a possible 10. That puts it on par with McAfee AntiVirus Plus 2015 and just a hair behind Bitdefender Antivirus Plus 2015. Panda Free Antivirus 2015 earned 8.0 points in this test. However, Panda received excellent ratings from many of the labs, and I weight those scores higher than my own simple hands-on testing. Quite a few products, Avast Free Antivirus 2015among them, have detected all the tweaked samples.
Interestingly, all of Comodo's malware detection occurred the instant I opened my folder of samples. It quickly and silently wiped out 83 percent of the samples, without bothering to announce what it had done. When I launched the samples that survived the initial massacre, it didn't actively block any of them.
I also exposed Comodo to a folder containing hand-modified versions of the same malware samples. I tweaked some non-executable bytes in each sample, and also changed each file's name and size. I was quite surprised to find that my simple tweaking prevented Comodo's signature-based detection system from recognizing more than half of the samples. This might suggest that its signatures need to be more open-ended and less restrictive.
Poor Blocking of Malicious URLs
Of course, in the real world you're very unlikely to simply open a folder containing malicious programs. If you encounter a malware attack, it will most likely come through a malicious or hacked website. To test protection against this kind of threat, I use a feed of newly discovered malicious URLs kindly supplied by MRG-Effitas.
I specifically use URLs that point directly at malicious executables, because it makes scoring simple. Either the antivirus prevents the malicious download, or it doesn't. I also keep track of whether the antivirus prevented access to the URL or wiped out the malware on download.
Comodo's SecureDNS component is supposed to provide a degree of protection against bad websites, including malware-hosting sites, but it wasn't very effective against these newly reported URLs. It detected and blocked just 10 of the 100 verified URLs in my test. The antivirus component whacked another 17, for a total protection rate of 27 percent.
That's quite a bit below the current average of 39 percent. Avira, tested against the exact same set of URLs, blocked 58 percent. Current top score in this test goes to McAfee, which blocked 85 percent.
Ineffective Phishing Protection
SecureDNS should theoretically steer users away from known fraudulent sites, but in testing, it proved almost entirely ineffective. That's probably because the URLs I use for this test are extremely new—so new they haven't been added to lists of known phishing sites.
Comodo hardly detected any phishing sites. Its detection rate lagged a massive 94 percent behind that of consistent antiphishing champ Symantec Norton Security Chrome's built-in phishing protection beat Comodo by 92 percentage points, and Firefox's beat it by 86 points. Even Internet Explorer, which had a really bad week for phishing protection, beat Comodo by 14 percentage points. In practical terms, there isn't any phishing protection here.
HIPS and False Positives
I always run a kind of antivirus sanity check by installing about 20 PCMag utilities that hook deeply into Windows. Over-enthusiastic behavior-based detection systems often flag these utilities as suspicious, or even malicious. Comodo was no exception.
In the program's default configuration, I successfully installed 18 of the 20 utilities. However, it silently wiped out two of them during the installation process. I had to dig into the log files to determine that indeed Comodo was the cause, not some random installation failure. That's pretty bad; I don't know how the average user would handle it.
Comodo's Host Intrusion Protection System is turned off by default. When I rolled back my virtual machine test system, turned on HIPS, and re-ran the false positives test, I clearly saw why it's off by default.
Of the 20 sample utilities, just 7 installed and ran without incident. Every single one of the others caused at least one HIPS popup, reporting a suspicious activity and asking me, the user, to decide how to handle it. Among its many reported sins were "trying to access a protected COM interface," "trying to obtain an elevated privilege," and "trying to modify a protected Registry key." Some programs triggered five or more warnings.
I always clicked the Allow option, because doing otherwise caused the installer or program to fail. Even so, in two cases Comodo seemed unable to remember that I had clicked Allow. I clicked Allow repeatedly, but gave up (in both cases) after 16 tries.
The HIPS system just isn't appropriate for the average user. Even users with advanced technical skills will want to leave it turned off, the way it comes configured initially.
Use What Works
Comodo Antivirus 8 is definitely a step up from the limited antivirus protection built into modern versions of Windows, and it includes a whole raft of advanced features. However, those advanced features are probably beyond the abilities of most users, and turning on the Host Intrusion Prevention System opens the floodgates to confusing popups.
Full Article