Comodo CIS Bug fix policy

[Chuck57]

PIco and the other 3 or 4 seem to think we all worship this Melih guy. I don't know him, never heard him speak or anything else. I only know that I installed Comodo Firewall, not the security suite, on my desktop many, many years ago and I haven't been infected with anything. And I was messing with somewhat dangerous sites in those days, trying out pirated software like some stupid kid. Whether it was luck or Comodo, I was never infected. If something was contained and I do recall some instances, I just emptied the container and that was that.

Some of us, maybe all of us who use the software, do not march to the drum of Melih. I don't care who makes Comodo. What I care about is the results, and the results speak for itself. It works.

 

[Pico]

It works if one follows the strict CIS setting guidelines and one doesn't fear the FW leak.

I did not mention Melih those are your words.

 

[Helmut]

Comodo is good at keeping the community running like hamsters in a running wheel. Keep on running guys, while we throw dust in your eyes...

You made the start with this comment! Again, just speculation, what I have read and what I have not read. You seem to enjoy doing that.

Thinks that comodo only causes problems. As I already wrote, enthusiasts remain enthusiasts, fanaticism is fanaticism, I, on the other hand, am just a completely normal user who uses comodo like WordPad, Photoshop Elements, PDF software, Windows, Macrium, firefox etc. etc. and also comodo.
Why should I listen to your bashing? I don't like Norton, for example, or Acronis because of my experiences, not like here on the basis of belief, dislike, hatred of these two programs and possibly also their users or companies.
Why should I lash out at them now, as has already been done here in some really unacceptable, disgusting ways. At most I would share my experiences, that would be it. But not in a way that is almost hateful, other lemmings who are considered stupid (like you did in one of your last posts).
If an Acronis user has had and continues to have very good experiences, then I accept that. And if someone has had and continues to have very good experiences with Norton, then I accept that. Is it so difficult? Do you have to start ranting about it? I really don't understand it. As I wrote, I would share my experiences with the programs, completely neutrally, no more and no less. But not with foam at the mouth.
That's all from me. I actually just wanted to know what others think about the problem with the certificate. It was a complete waste of time. It won't happen again.

 

[Pico]

As I've said earlier if you are fine with CIS then use it and move on with it, no problem.
There is enough marketing stuff on Comodo forum, if I want to read that I'll go there.

 

[bazang]

It works if one follows the strict CIS setting guidelines and one doesn't fear the FW leak.

Thank you for admitting Comodo works.

There is no firewall leak. Non-filtering of IPv6 is not a leak. A leak is something entirely different and has nothing to do with what you are talking about.

As I've said earlier if you are fine with CIS then use it and move on with it, no problem.
There is enough marketing stuff on Comodo forum, if I want to read that I'll go there.

There is no Comodo marketing happening here.

You need to move on because your entire intent behind your participation is to disrupt and interfere with legitimate discussions of a software. That is why this forum exists. To have those discussions. People like you coming into these discussions to create flame wars and attack others is all because you want to shut down every single Comodo discussion. The more that people like you do that, the more that Comodo should be discussed. I think I'll do just that. I am going to create another Comodo thread.

 

[rashmi]

I actually just wanted to know what others think about the problem with the certificate.

There is a problem, and the Comodo team is investigating it. They said that the issue doesn't affect the protection, so I'm not worried. I have had no problems with the installed CF 2025 on our systems. Users might see some CF files listed as unrecognized, but that doesn't affect CF features. At least, that's the case for us. I'm also okay with CF releases and updates. They have repeatedly stated that the product works as intended and is compatible with supported operating systems. Comodo performance remains unaffected by so-called bugs, particularly when using the default, cruelconfig, or HIPS-disabled settings. Users with these configurations shouldn't have any problems using CF.

 

[bazang]

I actually just wanted to know what others think about the problem with the certificate.

It is a common issue across the entire IT and software development industries. It is not unique to Comodo. Neither is it a result of Comodo negligence or disregard for the product. Unless an organization or person is particularly obsessive-compulsive about tracking certificate expiration dates (and most are not OCD about it), it is easy to lose track and you have an expired certificate problem.

There are those here that want to blow the certificate problem way out of proportion, mis-characterize it and say things about it that just ain't true, and use it as "just another example of Comodo not caring for end users" - and meanwhile those detractors never paid a single cent for the Comodo product. They never donated a single cent to support the development of the product. They argue "If you place it onto the market, then you - as the owner - are obligated to make it trouble-free." That is not how it works. Those detractors are 100% incorrect. The product owner owes nobody anything. He can decide that he wants to maintain the product at the level of pig slop quality - and if you do not like it then get lost. Go use something else.

And to clarify, Melih remains the owner of all Comodo products. He decides what level of software quality is good enough. Not end users.

 

[Pico]

The difference would be in utilizing svchost (allowed) vs a file mimicking svchost (not allowed as it is not the true svchost) to connect out. If you have the desire to watch this weekend's video and would like to see how CF would have handles things (as both legit and mimicked svchost can be seen), please let me know.

@cruelsister, I was wondering if you've already made the test video about the real and fake svchost on both IPv4 and on IPv6 native network. Maybe you've already done so I may have missed it. Thank you.

 

[cruelsister]

@cruelsister, I was wondering if you've already made the test video about the real and fake svchost on both IPv4 and on IPv6 native network. Maybe you've already done so I may have missed it. Thank you.

Although the video was completed a few weeks ago, I'll have to review it again to see if it bores me prior to publication. As to "on both IPv4 and on IPv6 native network", this really wouldn't apply (thankfully so as the ipv6 attack topic can be rather complex while also not being applicable to many).

 

[Pico]

Another Comodo issue...
Comodo CIS 2025 "trail period" has expired. It can not longer be used nor being (re)installed due to a revoked certificate.
Expected fix in CIS 2026.

Ridiculous, the revoked certificate issue still hasn't been fixed.
This bug won't be fixed within reasonable time like all others so it seems.

 

[bazang]

Ridiculous, the revoked certificate issue still hasn't been fixed.
This bug won't be fixed within reasonable time like all others so it seems.

People complain that other software companies do not fix problems yesterday.

Your statement implies that Melih and Ozer are taking their time about fixing the certificate issue. That they are being neglectful. This is not true. It is common for certificate issues to take at least weeks to fix. More commonly months.

Comodo should keep publishing CIS\CFW and never fix a single bug - just because it bothers people like you so much. I actually do believe that Melih deliberately does not fix certain bugs as a response to the unjustified attacks and criticisms. It is one thing to be critical of a company that publishes a paid software and never fixes bugs. The concept of bug fixes completely changes when the software has $0 revenue. In that case there is no justification to try to fix anything except major bugs that are proven to break functionality or introduce an extreme threat to security.

Melih also does not fix certain bugs - and leaves the unfixed bug list up - to troll those that complain. He already said many times "If you do not like it, then go use something else. Please. I'd prefer that you go use some other product."

 

[Pico]

Although the video was completed a few weeks ago, I'll have to review it again to see if it bores me prior to publication. As to "on both IPv4 and on IPv6 native network", this really wouldn't apply (thankfully so as the ipv6 attack topic can be rather complex while also not being applicable to many).

@cruelsister,
Have you finished the fake/real svchost test video to your satisfaction meanwhile?
IPv6 should be taken into account in that test video too as IPv6 is common these days as IPv4 address ranges are exhausted from 2019.
Leaving out IPv6 in the test leaves people who are using or who must / have to use IPv6 in an unprotected Firewall state.
Please reconsider CIS IPv6 testing.

 

[bazang]

@cruelsister,

Leaving out IPv6 in the test leaves people who are using or who must / have to use IPv6 in an unprotected Firewall state.

What @cruelsister tests or does not test does not leave anybody unprotected. She is not Comodo's QA\QC. She is also not the "Voice of Comodo" nor obligated to produce Public Service Announcements (PSA).

We all know IPv6 does not work, so the solution = implement a workaround = disable IPv6 on all device network adapters.

Win Key + R > SHIFT + X > Check that it is Admin PowerShell console running >

Disable-NetAdapterBinding -Name "*" -ComponentID ms_tcpip6

So simple. So fast. So secure! That took less than 60 seconds.

 

[Pico]

Thank you for admitting that CIS Firewall IPv6 doesn't work and that people should avoid using CIS Firewall when they are connected to an IPv6 native network and want to use or have to use IPv6. People who have the luck to have both IPv4 and IPv6 native network should cripple their system by switching off IPv6 to be able to use CIS Firewall? Just ridiculous!

Nobody knows that one has to switch off IPv6 on their system and only use IPv4 so that CIS Firewall can protect them. Let alone people or newcomers visiting Comodo forum or forums elsewhere wanting to use the product they know nothing about this problem and just start using the product with that IPv6 door wide open.

Whatever @cruelsister likes to test is totally up to her she can have her own voice on that (or not if she wishes).
She said she would do a test video on the fake/real svchost but only on IPv4 and not on IPv6, now we know why she doesn't like to make that test video...

 

[bazang]

Thank you for admitting that people should avoid using CIS Firewall when they are connected to an IPv6 native network and want to use or have to use IPv6.

I never said any such thing.

Everybody should use Comodo. Just because. No other reason other than, just because.

Shake 'n Bake

Woohooo!

People who have the luck to have both IPv4 and IPv6 native network should cripple their system by switching off IPv6 to be able to use CIS Firewall? Just ridiculous!

Your statement that disabling IPv6 = "crippling their system" is what is ridiculous.

You obviously do not know how to manage IT systems. You do realize that Windows, and Linux, the system is designed such that the person using the system is supposed to disable features to make it more secure, right?

Nobody knows that one has to switch off IPv6 on their system and only use IPv4 so that CIS Firewall can protect them. Let alone people or newcomers visiting Comodo forum or forums elsewhere wanting to use the product they know nothing about this problem and just start using the product with that IPv6 door wide open.

A user's responsibility is to figure it out. It is no one's duty to educate them. They need to put in the time and effort to educate themselves.

The whole strawman concern argument "But you have to explain it all coz new users and neophytes must be told otherwise should they use CIS\CFW they will be harmed" is agenda-driven dreck. Plain. Straight-up. Dreck.

She said she would do a test video on the fake/real svchost but only on IPv4 and not on IPv6, now we know why she doesn't like to make that test video...

She already told you why she would not test IPv6; "It would not be relevant to most users."

You think you are proving something here. You're not.

 

[cruelsister]

Actually I never mentioned ipv6 which is not applicable anyway for a product test where files are run locally. Although there exists ipv6 servers that host malware (primarily in Taiwan and Spain), those I tried a CURL Echo query resulted in an Error Code 6, so no Joy. But even if this was not the case, malware from there (or elsewhere) will be ineffective against machines that do not have routeable IPv6 interfaces, which is the majority.

As to the svchost video, I viewed it again and as it really doesn't show anything novel (it pretty much bored me), so it probably won't go public; and a specific (and meaningful) ipv6 packet filtering review would get so far into the weeds it would far, far exceed a 4 minute video (and also bore me).

 

[Chuck57]

Not having a clue what IPv4 or IPv6 was, I went looking and read a little bit about it. I didn't dig deeply because it's of no interest to me. It's basically a fancier ISP number if I read correctly.

What I did learn was that it began implementation in 1998 and so far has achieved less than 40% adoption worldwide (as of March 2022). It's estimated to be another 20 to 25 years according to Google before full implementation is achieved.

So, Comodo firewall is "crippled" because it fails to protect against something less than half the world even uses.

 

[New_Style_xd]

To solve this problem is very simple, just mark this option as the image below indicates.
The problem is solved...

 

[Pico]

Not having a clue what IPv4 or IPv6 was, I went looking and read a little bit about it. I didn't dig deeply because it's of no interest to me. It's basically a fancier ISP number if I read correctly.

What I did learn was that it began implementation in 1998 and so far has achieved less than 40% adoption worldwide (as of March 2022). It's estimated to be another 20 to 25 years according to Google before full implementation is achieved.

So, Comodo firewall is "crippled" because it fails to protect against something less than half the world even uses.

Let below IPv6 country figures speak for themselves...

No Firewall, including CIS Firewall, can't ignore decent IPv6 filtering these days.

 

[Pico]

To solve this problem is very simple, just mark this option as the image below indicates.
The problem is solved...

View attachment 285650

It was mentioned that CIS Firewall IPv6 doesn't work...