Comodo CIS Bug fix policy

[Decopi]

In the real and normal world, security software is NOT based on the opinion of one or a few anonymous people on social networks, people who never present credentials about their supposed knowledge, people who are not experts as they never present protocols about their procedures (which makes any kind of universal reproduction of any test and conclusion unfeasible / unverifiable). No mentally normal person would use security software based on non-expert youtube videos, or based on non-expert opinions on social networks.

In the real and normal world, security software is based on official laboratory tests, or on expert reviews and tests, experts which are publicly known in the market, and follow professional and technical protocols in their evaluation procedures.

Comodo has had no market share for decades, and its own official forum is full of complaints, and endless reports of unfixed bugs (a community that today is almost non-existent compared to years ago). Comodo's own CEO, Comodo staff and Comodo fanatics all them publicly admit the existence of bugs, and all of them (irresponsibly and immorally) confirm that bugs are not going to be fixed (maybe that's why Comodo also abandoned tests in large labs years ago). No surprise that since decades the internet is full of negative criticisms and complaints against Comodo, confirmed by the vast majority of negative reviews and tests made by the recognized experts in the market.

 

[wat0114]

Out of curiosity, malware aside, how good does it firewall?

If you only care about filtering IPv4 traffic, the firewall works well. However, creating rules with some granularity is a cumbersome and time-consuming endeavor; numerous annoying mouse clicks required. Some people simply recommend to allow the application full access, but then you may as well not even use a firewall if you're going to allow an application full, unfettered network access. Perhaps the best, or one of the best firewall interfaces I've ever seen for creating application rules was Kerio pfw from many years ago...

 

[bazang]

There are self described 'experts' here who will say otherwise.

They are not anything other than anti-Comodo trolls.

 

[bazang]

In the real and normal world, security software is NOT based on the opinion of one or a few anonymous people on social networks, people who never present credentials about their supposed knowledge, people who are not experts as they never present protocols about their procedures (which makes any kind of universal reproduction of any test and conclusion unfeasible / unverifiable).

But you are an anonymous non-expert, whereas @cruelsister is an expert when it comes to testing Comodo (and other security solutions).

In the real and normal world, security software is based on official laboratory tests, or on expert reviews and tests, experts which are publicly known in the market, and follow professional and technical protocols in their evaluation procedures.

There are many credible, independent tests of Comodo that report that it produces top security protection results in the tests.

Reviews by Neil Rubenking (who takes payment for placement of solutions in his reviews) and owners of a webpage that provides reviews in return for payment are not credible. Rubenking is not an independent, zero conflict-of-interest tester. Plus there is zero transparency into his test procedures.

 

[Chuck57]

If you only care about filtering IPv4 traffic, the firewall works well. However, creating rules with some granularity is a cumbersome and time-consuming endeavor; numerous annoying mouse clicks required. Some people simply recommend to allow the application full access, but then you may as well not even use a firewall if you're going to allow an application full, unfettered network access. Perhaps the best, or one of the best firewall interfaces I've ever seen for creating application rules was Kerio pfw from many years ago...

View attachment 285335

Kerio was a superb firewall. I'd forgotten all about it. The earlier version to this one was also good but this version was THE best firewall interface ever built.

 

[Pico]

@cruelsister is an expert when it comes to testing Comodo

Being an expert can she tell us more about this IPv6 issue?
How well does CIS Firewall perform on a native IPv6 network?
Many of us want to know...

 

[bazang]

Being an expert can she tell us more about this IPv6 issue?
How well does CIS Firewall perform on a native IPv6 network?
Many of us want to know...

Why are you asking me? Ask @cruelsister directly, but I nevertheless can give you the answer. If Comodo does not filter IPv6 and it bothers you and others so much that it does not work, then either do not enable IPv6 on the system or just do not use Comodo. Obviously, if there is a IPv6 bug, Comodo is aware of it for years and is not going to fix it.

You either accept that the bug will never be fixed and use a workaround, or you do not. All the whining about Comodo on this forum will not give any of those doing the whining what they want.

Complaining incessantly about Comodo bugs is like beating one's own head against a wall. Comodo is what it is. It will never change. The product owner is never going to put any more resources into it than he does now. He has no incentive nor obligation to do anything with the software. It is really perplexing that some complain so much about Comodo. All that exerted emotional and mental energy complaining about it will never - ever - accomplish anything.

 

[Pico]

That sums it up very well why one must not take Comodo CIS as a serious software to protect ones precious system despite "experts" rating how good Comodo CIS is by just ignoring all the bugs, flaws and shortcomings.
Comodo can't deliver and maintain security software like all other vendors do, that's a fact.

 

[Trident]

That sums it up very well why one must not take Comodo CIS as a serious software to protect ones precious system despite "experts" rating how good Comodo CIS is by just ignoring all the bugs, flaws and shortcomings.
Comodo can't deliver and maintain security software like all other vendors do, that's a fact.

They've delivered one "OK" mechanism, namely containment, which is not proven to be broken, although from theoretical point of view, such a system, deeply rooted into the OS kernel, with rare updates, unfixed and undiscovered vulnerabilities, is not to be used.

Even if no in-the-wild malware has been seen bypassing containment (which from some reviews does not seem to be the case), using outdated software, specially crawling every file is not recommend, and a recipe for disaster. It goes against simple best practices, similar to not using 123456 as password or not using your phone without passcode. The disaster may happen tomorrow, after months, after years, but it will.
Thankfully, criminals are not all that interested in Comodo, due to extremely low market share.
This is why Comodo so far has managed to hide under the shadows.

The arguably "OK" mechanism is dressed in various issues, delivers low quality experience and there are many others that can do the job better.

People are using Comodo at their own risk, accepting that bugs will not be fixed.

 

[Decopi]

I fully agree with your excellent comment. Please just allow me to complement:

They've delivered one "OK" mechanism, namely containment

It is important to clarify that “OK” or “Not OK” also depends on the user's profile. It happens that 99.99% of users do not manage to use "containment" or "blocker" based methods, and worse, there is no need, since the market offers for free excellent modern solutions that (unlike Comodo) identify and automatically block viruses/malware, without depending on the user. That's why your comment is perfect when you said: "The arguably "OK" mechanism is dressed in various issues, delivers low quality experience and there are many others that can do the job better."

which is not proven to be broken

Even if no in-the-wild malware has been seen bypassing containment

IMHO, broken or not broken is irrelevant.
“Containment” is just a fancy name for a technology that has been around for decades, used in analogue ways in many other software (antivirus, browsers, virtual machines etc), so it is not a Comodo invention. In fact, there are many other software on the market, well maintained (upgraded/updated), that offer functions similar to “Containment”.
The problem is that Comodo never presents itself as a “Containment”, not even as a “Blocker” software. Irresponsibly and immorally, Comodo always presents itself as “a complete unbeatable cyber security solution”... and as such, it has been confirmed countless times that Comodo is broken!

Another point to consider, is that average-Joe-users can't use “Containment” and “Blockers” because they don't know what to containerize, allow or block. Not to forget that most applications and executables do NOT work inside “Containment” (and this is an issue that is almost never addressed among Comodo fanatics). So, I repeat, in many senses Comodo is broken!

Furthermore, broken or not broken, the burden of proof is on Comodo. But, considering that Comodo hasn't had a market share for decades, hasn't been testing in the big labs for decades, the few fanatics are an insignificant minority almost extincted, and the videos or positive comments are not from experts and don't follow technical protocols... then, Comodo never proved that “Containment” is not broken. I repeat, such a claim should be verified by independent known experts. Comodo and their fanatics claim that “Comodo is unbeatable”, but they never presented reliable independent proofs.
Leading cyber security companies do not rely on anonymous internet users or fanatics to build their reputation. Their software is methodically and systematically evaluated by well-known independent experts, with universal technical protocols, and by the most important labs (by the way, their market share and profit incomes also confirm their reputation).

And @Trident your comment is also perfect when you explain that the lack of updates, upgrades, with ±500 dangerous unfixed bugs, and tons of negative reviews on the web (made by known experts that follow technical protocols)... everything points not only to Comodo being an abandonware, but also to confirm that it is broken in many ways, and there is no logical reason to use it, when the market for free offers better alternatives.

People are using Comodo at their own risk, accepting that bugs will not be fixed.

Comodo's market share is negligible. And the number of fanatics is also almost non-existent. Therefore, without a significant base of users it is a fallacy to infer that “Comodo is unbeatable”, or that “No virus/malware bypassed its Containment” blah blah blah.
Technically, such sophism occurs by making universal inferences from particular premises. In the case of Comodo fanatics, as pirate parrots, it is repeatedly expressed (Ad Nauseam) in their classic mantra: “it works for me so it works for everyone”, or “I have never in decades had a problem or been infected”, or "I have lots of videos of my neighbor, hammering Comodo with malwares without infection, and my neighbor is an expert because he studied wall painting and he is 90 years old" blah blah bla. It is a cognitive limitation of Comodo fanatics, which @Trident you already explained very well in one of your magnificent posts, where fanatics compulsively need to feed back their own false beliefs.

 

[rashmi]

Somewhere in his comments, there's definitely a heartbreaking love story hiding - it's almost as if every comment he makes carries the weight of a shattered romance, an abandoned love letter, tear-stained and forgotten, leaving a bittersweet taste in the air!

 

[Chuck57]

Somewhere in his comments, there's definitely a heartbreaking love story hiding - it's almost as if every comment he makes carries the weight of a shattered romance, an abandoned love letter, tear-stained and forgotten, leaving a bittersweet taste in the air!

Unrequited love. It's said to be painful and difficult to overcome.

 

[Pico]

That perfectly fits into Comodo's soap series full of romantic fiction.

 

[wat0114]

Btw, even though specific firewall rules can't be made for svchost services (Dhcp, dnsserver, etc) in Comodo, it is possible to still create rules that restrict it to suit the user's requirements. Just a few of the ones I had...

Program Path or Ruleset​	Action​	Protocol​	Direction​	Source Address​	Destination Address​	Source Port​	Destination Port​	Rule Name​
C:\Windows\System32\svchost.exe​	Allow​	TCP​	Out​	Loopback Zone​	Loopback Zone​	Any​	Any​	Loopback Zone​
C:\Windows\System32\svchost.exe​	Allow​	UDP​	Out​	Any​	1.1.1.1​	Any​	53​	DNS-Cloudflare​
C:\Windows\System32\svchost.exe​	Allow​	UDP​	Out​	Any​	1.0.0.1​	Any​	53​	DNS-Cloudflare​
C:\Windows\System32\svchost.exe​	Allow​	TCP​	Out​	Any​	Any​	Any​	443​	Allow out to HTTPS​
C:\Windows\System32\svchost.exe​	Allow​	TCP​	Out​	Any​	Any​	Any​	80​	Allow out to HTTP​
C:\Windows\System32\svchost.exe​	Allow​	UDP​	Out​	Any​	Any​	123​	123​	Windows Time Update​
C:\Windows\System32\svchost.exe​	Allow​	UDP​	Out​	0.0.0.0​	255.255.255.255​	68​	67​	DHCP​

Years ago I was more motivated with more time on my hands to actually restrict to IP ranges with subnets, such as Microsoft update servers, probably more important to port 80, but nowadays I can't be bothered. IPv6 is not going away, and more websites, especially the big players, are adapting it, so I that's why I wish to see a firewall filter it properly. I don't see a compelling reason to disable it, especially as a home user.

 

[Decopi]

Btw, even though specific firewall rules can't be made for svchost services (Dhcp, dnsserver, etc) in Comodo, it is possible to still create rules that restrict it to suit the user's requirements. Just a few of the ones I had...

Program Path or Ruleset​	Action​	Protocol​	Direction​	Source Address​	Destination Address​	Source Port​	Destination Port​	Rule Name​
C:\Windows\System32\svchost.exe​	Allow​	TCP​	Out​	Loopback Zone​	Loopback Zone​	Any​	Any​	Loopback Zone​
C:\Windows\System32\svchost.exe​	Allow​	UDP​	Out​	Any​	1.1.1.1​	Any​	53​	DNS-Cloudflare​
C:\Windows\System32\svchost.exe​	Allow​	UDP​	Out​	Any​	1.0.0.1​	Any​	53​	DNS-Cloudflare​
C:\Windows\System32\svchost.exe​	Allow​	TCP​	Out​	Any​	Any​	Any​	443​	Allow out to HTTPS​
C:\Windows\System32\svchost.exe​	Allow​	TCP​	Out​	Any​	Any​	Any​	80​	Allow out to HTTP​
C:\Windows\System32\svchost.exe​	Allow​	UDP​	Out​	Any​	Any​	123​	123​	Windows Time Update​
C:\Windows\System32\svchost.exe​	Allow​	UDP​	Out​	0.0.0.0​	255.255.255.255​	68​	67​	DHCP​

Years ago I was more motivated with more time on my hands to actually restrict to IP ranges with subnets, such as Microsoft update servers, probably more important to port 80, but nowadays I can't be bothered. IPv6 is not going away, and more websites, especially the big players, are adapting it, so I that's why I wish to see a firewall filter it properly. I don't see a compelling reason to disable it, especially as a home user.

Hi @wat0114,
Thank you.
But IMHO what you suggest is a partial and inefficient patch:

Some time ago, when I used Comodo for a few years, I did the same as you did, I customized as much as possible as many executables as possible. And considering that Comodo does not allow to do that, I had to invest months, it was a colossal work, one by one I manually customized as much as I could customize. The problem, as I anticipated, is that with time the executables, paths, IPs etc etc etc... change and the work becomes unfeasible.

It is not only a problem of investing tons of time, this approach also demands a knowledge that not even advanced users are used to have. It was just looking for that help, that I met the developers of other firewalls, and participants at MT who are veteran geniuses in firewall issues in general. I learned with them that these firewalls on the market are not only free, but they are maintained (updates/upgrades), have their own kernel, and the GUI is millions of times better than Comodo, allowing customization of Windows Services, Svchost etc etc etc... without having to do the titanic manual work that has to be done in Comodo.

But as I said, not even a customization in Comodo is a solution, because 20 years ago many executables began to use Svchost for comms, and with Comodo default settings the Svchost is considered “safe”, so absolutely nothing prevents a malware to use Svchost for comms. And even if you customize the Svchost (as you did in your post), at Comodo it can only be done in a generic way, for example, a simple “allow” “port: 53” (necessary for DNS) opens all comms for any malware.

Conclusion, Comodo customization demands a colossal work, it is totally partial, unusable because executables/IPs/etc change every week, and even customized, any malware can use comms with the most powerful Comodo customization.

Considering the existence of Windows Firewall and so many other free and modern firewalls on the market, it simply does not make sense to use Comodo, because it is old, abandonware, without updates/upgrades, full of unfixed bugs, and unable to make real customizations.

 

[bazang]

Comodo can't deliver and maintain security software like all other vendors do, that's a fact.

Comodo was developed to be a completely free software. That means the true cost to the consumer is $0 and its development is not subsidized by paying subscribers.

The product owner does not want to spend any more money on it. He already subsidizes the product at the cost of hundreds of thousands of dollars per year out of his own pocket. Plus he never had any intention of publishing Comodo to derive a profit from it. If he wanted to he certainly could, and spend millions fixing bugs that freeloaders just demand be fixed.

Why would anyone throw money at a free product to make it better because people complain about bugs? Who would do that?

Kaspersky Free is the paid version with features disabled. All the people that pay the annual subscription subsidize all the freeloaders that are too cheap to pay for a license. More importantly, the free versions are purpose-built to entice people to purchase a license. Comodo never operated on that model. That is why it was built in the first place - to not do what every other security software publisher does.

If you come to me and ask for a cheap mode of transportation, I am going to offer you a 20 year old rusty bicycle with a torn seat and a front wheel that wobbles. Don't like it? Then walk.The bicycle still works fine. That it is rusty and has problems is irrelevant. Want cheap and free - you get whatever someone is willing to give you. Either you accept it or you do not. You do not have to use it.

With all the complaints about Comodo, you don't see anybody running to MalwareTips complaining that they were infected with Comodo installed. You experience bugs? So what? Who cares? Those are your troubles. Figure it out. This is information security. That's what resourceful people do. They don't give up and they figure it out.

 

[rashmi]

Unrequited love. It's said to be painful and difficult to overcome.

The recurring presence of "irresponsible" and "immoral" words in his comments... it feels like a cruel symphony, resounding in his ears, reminiscent of the lingering echoes of his unrequited love's melodic voice!

 

[Pico]

But as I said, not even a customization in Comodo is a solution, because 20 years ago many executables began to use Svchost for comms, and with Comodo default settings the Svchost is considered “safe”, so absolutely nothing prevents a malware to use Svchost for comms. And even if you customize the Svchost (as you did in your post), at Comodo it can only be done in a generic way, for example, a simple “allow” “port: 53” (necessary for DNS) opens all comms for any malware.

Exactly!

I was about to write the same thing. Svchost is a nice comms backdoor for every running app, background process or service.
It's a major shortcomming of CIS Firewall!

 

[Pico]

They don't give up and they figure it out.

True, they all gave up on Comodo CIS and started using other better and maintained solutions.

 

[Decopi]

Exactly!

I was about to write the same thing. Svchost is a nice comms backdoor for every running app, background process or service.
It's a major shortcomming of CIS Firewall!

All unfixed bugs and design flaws in Comodo follow a consistent pattern with a similar explanation:

Twenty years ago, blockers like "deny-all" and "zero-trust" thrived in the market, competing with major players by effectively blocking viruses and malware that others did not, especially some zero-day attacks.

However, over time, new technologies emerged, and major players evolved by incorporating modern capabilities. Consequently, blockers gradually became obsolete, as it makes no sense to use a user-dependent blocker when there are excellent, modern, free antivirus solutions that automatically identify and remove malware.

Twenty years ago, Comodo had the chance to evolve and adapt to modernity. Unfortunately, its mediocre CEO (hated by his employees) decided that the CIS model would no longer be developed. No new features were added, and the software entered into "survival" mode (no maintenance, no updates, nor upgrades etc).

This explains why Comodo currently has hundreds of unfixed bugs and why the CEO, staff, and even Comodo fanatics publicly acknowledge these bugs and accept that they will never be fixed.

It also explains why the Comodo model is frozen in time, failing to incorporate new technologies or features. It continues to operate using a dangerous list of "known"/"unknown" files for allowing/blocking, an arbitrary list that hasn't been updated for 15 years. Due to the lack of updates, the number of "unknown" files for Comodo is now endless, leading to countless false containerizations and making usability impractical on Windows 11 (which is hyper-connected and requires constant synchronizations with other devices). For those who don’t understand, Comodo essentially becomes a dummy blocker; it does not identify viruses or malware but merely allows/blocks files based on an outdated list of "known"/"unknown".

The same logic applies to the Firewall. It is stuck in the past (20 years ago) when Windows Services or Svchost were not used by other files and could be considered "safe." This is why Comodo currently does not allow customizations for Windows Services, Svchost, and many other vulnerable files. In practice, Comodo Firewall serves as a placebo because, as you accurately put it: "it is a nice comms backdoor for every running app, background process, or service".

In summary, Comodo represents a pattern of poor business decisions made 20 years ago, resulting in the accumulation of hundreds of unfixed bugs and freezing the Comodo model in time. Today, its blocker is inefficient, its firewall is a placebo, and the rest of the modules are garbage. Comodo has failed to adapt to modernity and can be considered an abandonware.

This explains why Comodo's market share is negligible, its revenues are insignificant compared to its competitors, and its staff consists of a small group of dissatisfied employees. The company and its model are on the brink of extinction. In this context, fixing bugs is futile, as the Comodo model is doomed. Therefore, discussing unfixed bugs or design flaws endlessly serves no purpose.

The only remaining action is to combat the irresponsibility and immorality of Comodo and its fanatics, in order to prevent readers from being misled and deceived by these Comodo-garbage-threads.