Comodo CIS Bug fix policy

[Trident]

But (also) see @Shadowra's video (31 May 2024) various URL & 649 sample malware: (I for one consider @Shadowra's videos, unbiased and informative)

"Final scan :
Comodo : 0
Autoruns : 0
NPE : 0
KVRT: 0
Malwarebytes : 0
Final opinion:
Comodo has done an excellent job of correcting the major shortcomings of its Sandbox software.
The software reacts correctly and has protected the computer well."

CF containment / sandbox worked in that test and "protected the computer well" -- Chuck57 & others report the same experience on their computers despite others' reports of bugs & lack of development. Both can be correct. Use it, or don't. At least if you do try it and do not like it, you haven't lost any money. CF seems unique in the "debate" that it generates.

App Review - COMODO Internet Security 2025 Premium

COMODO is an American publisher, well known among computer geeks. The software presents itself as a totally free security suite, offering defensive shields: anti-malware, firewall, HIPS and a sandbox. Many people thought that the suite had been discontinued, given the very low level of product...

malwaretips.com

On his previous videos, Comodo failed though. But notice that even @Shadowra does not engage in making claims that Comodo is superior, that it has been demonstrated consistently to perform better than others, or that others don’t protect that well. These statements are what we are debating.

 

[bazang]

Comodo has the same, if not worse performance than everyone else.

In some tests yes, but in others it has consistently performed better than the well-known, brand name antivirus such as GDATA and F-Secure. It outperformed them in banking protections and fileless malware tests.

 

[bazang]

that Comodo has been demonstrated consistently to perform better than others

Because it has consistently performed very well at protecting the system without top AV module, without behavior blocker, without all the stuff the some people here say that it is missing.

You cite a single "test" by Neil Rubenking as a Comodo failure. OK we will use that. Compared to Bitdefender, Kaspersky, ZoneAlarm, Norton, and every other antivirus that has failed to stop thousands of malware in independent, credible, reliable AV lab tests. They also failed in thousands of tests performed by MT members in the MT Malware Hub. All of them have been bypassed thousands of times. You can "prove" that Comodo was bypassed only during a single test. Comodo was not shown to be bypassed a single time on the MT Malware Hub.

A child can understand this.

 

[simmerskool]

On his previous videos, Comodo failed though. But notice that even @Shadowra does not engage in making claims that Comodo is superior, that it has been demonstrated consistently to perform better than others, or that others don’t protect that well. These statements are what we are debating.

yes, agree re @Shadowra's video, but some hyperbolic posts, while textually accurate are perhaps out of context to some degree. I read it as performing the same, ie, 100% in that lab test.

 

[bazang]

Comodo is “unbeatable”.

Nobody here ever said that. Again, the problem is your interpretations of what people posted.

 

[Chuck57]

I don't think I've ever said Comodo is superior to other software. I have said that in the years I've used it, it has never failed. And that is the truth.

 

[Trident]

I don't think I've ever said Comodo is superior to other software. I have said that in the years I've used it, it has never failed. And that is the truth.

You didn’t but others did. Yes, you personally, I’ve not seen you posting that. I got very good memory and I am able to track posts across threads.

 

[Shadowra]

Another pointless debate on Comodo, with an invasion of fanboys defending this software body and soul...
The reason I refused to take part in this topic is that every time Comodo is mentioned, it's always the war about “Comodo is the best that even protects from my boss” , “No Comodo is so lame that it set fire to my car” , “Yes but Comodo is Next-gen LOL you don't know” etc etc etc....

Not for nothing when I test Comodo, I've got a ball in my stomach

 

[Trident]

Another pointless debate on Comodo, with an invasion of fanboys defending this software body and soul...
The reason I refused to take part in this topic is that every time Comodo is mentioned, it's always the war about “Comodo is the best that even protects from my boss” , “No Comodo is so lame that it set fire to my car” , “Yes but Comodo is Next-gen LOL you don't know” etc etc etc....

Not for nothing when I test Comodo, I've got a ball in my stomach

And this is exactly the reason why I never mentioned you or referred to your videos.

 

[Trident]

Most of the lies about the "unbeatable Comodo" were created here at MT, a myth based on few fanatics, who tautologically, in a social bubble convince themselves, one repeating to the other the same old mantras.

But don’t forget also the way proof is selectively presented. The AV-Lab test easily invalidates all claims that Comodo performs better than others.

In psychology, this is called choice-supportive bias. It is a very common phenomenon, specifically when people go for niche products. Then they see facts “selectively” in an attempt to convince themselves that the niche brand is better than what big corporations offer. More often than not, they don’t realise that they’ve got this bias.

Example: people may try to convince themselves that Dacia is better than BMW or that cleaning detergent from a local brand is better than what P&G offers, or that trainers from DunaDuna are better than Nike.

But the reality is, neither Dacia is all that good, nor that local brand will beat the science behind P&G products. DunaDuna trainers are gonna last you for 2 weeks (3 if you spray them with a protector).
At one point, people open their eyes.

Another example: everyone goes and buys the new Dior Savage Elixir. Consumer decides that they can’t be mainstream, they can’t be part of the “bandwagon effect”, they must have their own personality and choice. They go around and buy all sorts of perfumes, none of them matching the fragrance and performance of Dior Savage Elixir. They are happy, simply because they are not following “everyone else”, but when you look at the products, ignoring the personal factor, you will realise why Dior is part of the multi-billion LVMH and generates generous revenues, and these niche brands barely generate 1/20th of that revenue. They are simply, not that good.

 

[Chuck57]

You didn’t but others did. Yes, you personally, I’ve not seen you posting that. I got very good memory and I am able to track posts across threads.

As one of those Comodo users, I appreciate the fact that you and I can discuss, argue, rant or rave in a respectful manner. The discussions may get heated, and there may be misunderstandings here and there, Trident, but even though disagreeing with your stance and saying so, I respect your positions.

 

[Trident]

As one of those Comodo users, I appreciate the fact that you and I can discuss, argue, rant or rave in a respectful manner. The discussions may get heated, and there may be misunderstandings here and there, Trident, but even though disagreeing with your stance and saying so, I respect your positions.

The fact that we argue doesn’t mean anything, maybe on another discussion we will agree on something.

 

[mlnevese]

The fact that we argue doesn’t mean anything, maybe on another discussion we will agree on something.

I think this kind of thought is heresy in modern day Internet... Expect the Inquisition at your door any minute...

 

[Divine_Barakah]

Gotcha. It isn't okay that Comodo catches something in default mode while another superior product must be configured to do the same. That makes perfect sense.

And if I understand correctly, Comodo is used with Cs settings, right?

 

[Chuck57]

And if I understand correctly, Comodo is used with Cs settings, right?

I think, but somebody can correct me, the 'new' version of Comodo firewall uses settings very similar to Cruelsister. I read it somewhere, maybe here maybe on their forum. I used it for years virtually at default settings. I didn't know what proactive was. Regardless, I never had any problems with malware of any kind.

 

[Divine_Barakah]

And another thing I fail to understand is that most people who use CF, use it without the antivirus module. Why? Bc everyone knows that this module sucks. Now let's suppose we run a piece of malware (or Gob forbid a malware pack) against Comodo. If we use CF on its own, we need to run each sample and BTW if we redo the test Comodo will not detect the sample ore execution. Why would I choose this product when other product use decent cloud protection and top notch signatures?

As a user, I definitely would not prefer for a piece of malaware to run. Ore execution detection is best. Comodo unfortunately stopped innovation and their antivirus engine sucks. And I also do not get it why anyone would ever prefer to be bombarded with prompts to block a piece of malware that other security solution would take a fraction of a sec to detect?

 

[Divine_Barakah]

I think, but somebody can correct me, the 'new' version of Comodo firewall uses settings very similar to Cruelsister. I read it somewhere, maybe here maybe on their forum. I used it for years virtually at default settings. I didn't know what proactive was. Regardless, I never had any problems with malware of any kind.

Maybe Bc u did not download shady stuff? This is the very same argument that Webroot fanboys use. "I have been using Webroot for x years and I have never got infected".

I admire CS and her work. I find her work to be interesting and enjoyable. I am not an expert, just a casual user. But why would I ever choose Comodo which certainly demands a learning curve when I can use BD which does requires zero interactions from me?

 

[Trident]

yes, agree re @Shadowra's video, but some hyperbolic posts, while textually accurate are perhaps out of context to some degree. I read it as performing the same, ie, 100% in that lab test.

But additional pointers in the test, still proved that others are first, blocking a lot more malware very easily, in the pre-execution phase and second, if they allow anything to execute, react quicker. So even this test cannot serve to prove Comodo superiority, it simply proves that on a scope of 350 samples, Comodo offered acceptable protection.

But others had the capability to offer the same protection in a much more efficient manner.

I am talking about the AV-Lab.pl test, many other tests, Comodo has dropped, usually with a lot of drama around this event.

I think, but somebody can correct me, the 'new' version of Comodo firewall uses settings very similar to Cruelsister. I read it somewhere, maybe here maybe on their forum. I used it for years virtually at default settings. I didn't know what proactive was. Regardless, I never had any problems with malware of any kind.

Xcitium uses similar settings to CS Comodo.
Be honest, you say you never had problems with malware, we accept that. But in reality, how many potential incidents were stopped by Comodo, how many times it contained something and this turned out to be malicious. Does the number exceed 5?

As a user, I definitely would not prefer for a piece of malaware to run. Ore execution detection is best

It is, this is what I’ve been debating. Allowing malware to run is absurd! Every “specialist” will tell you that, nobody will ever advise you to execute malware, even in local sandboxes. If you show a video where malware is allowed to run sandboxed and then a firewall prompt blocks the connection, 4/5 will be laughing at you, the fifth one will probably go away.

And I also do not get it why anyone would ever prefer to be bombarded with prompts to block a piece of malware that other security solution would take a fraction of a sec to detect?

Well this is the choice-supportive bias I explained in a previous post. People get satisfaction from not following the masses, not installing what everyone else installs.

 

[Divine_Barakah]

But additional pointers in the test, still proved that others are first, blocking a lot more malware very easily, in the pre-execution phase and second, if they allow anything to execute, react quicker. So even this test cannot serve to prove Comodo superiority, it simply proves that on a scope of 350 samples, Comodo offered acceptable protection.

But others had the capability to offer the same protection in a much more efficient manner.

I am talking about the AV-Lab.pl test, many other tests, Comodo has dropped, usually with a lot of drama around this event.

And regarding the user-dependent prompts. Now what if a gamer downloaded a crack for their favourite game, and they were presented with a prompt? I believe the user is not capable of making that decision and if they do choose to allow execution? We can blame the user?
Other vendors who spent millions on R&D and developed a user-friendly product that uses multiple layers of protection provide decent protection requiring zero to minimal interactiona from the end user.

If one wants to use Comodo for fun or experiment with it then I get it, but it should never be recommended to users.

 

[Trident]

There is a problem with everything based on alerts, prompts, informational banners and so on, and it is called alert fatigue.

It is a genuine problem in various systems, such as email security platforms, operating systems (the infous UAC), it was the problem of HIPS and it is a problem everywhere the concept of asking or warning the user is applied.

Alerts and prompts are meaningful only when displayed once in a while, at the right time.

When on every file downloaded from the internet or, on every email you display alerts and banners, they simply don’t mean anything to the user anymore.

Systems are required to take decisions and actions. And this requires substantial investments, but delivers the solution that is necessary today.

Alerts and prompts in 2024 are not the security that users and businesses are looking for.