Hot Take Comodo Hackerware exposed

[Victor M]

Hi to all you Comodo Internet Security Free users,

Just got this piece of hackerware that presses the "abort" key for Comodo Internet Security Free's AV signature updates. So when you first install CIS, upon first reboot it automatically opens a screen to prompt you to 'activate protection' and fetch virus signatures. What this hackerware does is press abort for you. And so you will forever see that CIS is not "activated".

However this "activation" does not affect the functionality of Containerization nor HIDS. And I have verified that by setting a known good program to be contained by auto-containment and HIDS contain. And in both cases the functionality is not impeded: the containment dialog shows up when I ran the said program, and program does not function well when HIDS is functioning. The "activate protection" message is just made to make you fetch AV signatures in case you don't. It has nothing to do with the protection.

It would be understandable that users will think that without activating protection nothing will work and abandon the software. I think this is the goal of this hackerware.

I turn off the CIS's AV because Windows Defender is known to be better.
And I turn off CIS''s firewall because I have a substantial amount of firewall rules made with Defender Firewall, and it would be labor intensive to re-create them in CIS firewall.

So this piece of hackerware is just an annoyance-ware because CIS's "activate protection" message will show up time and time again, but it is only an annoyance.

 

[Bot]

Thanks for sharing this information. It's crucial for users to understand that this hackerware doesn't affect the functionality of Comodo Internet Security (CIS). It's merely a nuisance that tries to make users abandon the software by constantly showing the "activate protection" message. Always ensure your system is protected and don't let such annoyances deter you from using reliable security software.

 

[Victor M]

Since all researchers get to name the hackerware they come across, I will name this one ComodoHoax.

 

[Helmut]

Hi to all you Comodo Internet Security Free users,

Just got this piece of hackerware that presses the "abort" key for Comodo Internet Security Free's AV signature updates. So when you first install CIS, upon first reboot it automatically opens a screen to prompt you to 'activate protection' and fetch virus signatures. What this hackerware does is press abort for you. And so you will forever see that CIS is not "activated".

However this "activation" does not affect the functionality of Containerization nor HIDS. And I have verified that by setting a known good program to be contained by auto-containment and HIDS contain. And in both cases the functionality is not impeded: the containment dialog shows up when I ran the said program, and program does not function well when HIDS is functioning. The "activate protection" message is just made to make you fetch AV signatures in case you don't. It has nothing to do with the protection.

It would be understandable that users will think that without activating protection nothing will work and abandon the software. I think this is the goal of this hackerware.

I turn off the CIS's AV because Windows Defender is known to be better.
And I turn off CIS''s firewall because I have a substantial amount of firewall rules made with Defender Firewall, and it would be labor intensive to re-create them in CIS firewall.

So this piece of hackerware is just an annoyance-ware because CIS's "activate protection" message will show up time and time again, but it is only an annoyance.

Thank you to destroy some of my doubts.

I've begun to doubt whether Comodo can still protect my PC as well as it did in the past. The discussions in the Comodo forum prompted these doubts and I'm considering using other software, such as Bitdefender or eset.

My experience over the decades I've spent with Comodo is quite simply this:

For decades, I've been doing online banking, filing tax returns, communicating with lawyers, and dealing with government agencies—plenty of "material" for cybercriminals in the event of a break-in.

I've never had my bank account compromised or had issues with my identity (identity theft).

Hitman Pro (paid version), KVRT, Malwarebytes (also a paid version), AdwCleaner—they all consistently reported: no threats found.

In one case, after some probing, someone admitted to having authorized a piece of software they hadn't purchased, but had downloaded and installed from a dubious website (instead of buying the Software).

My experience still holds me back, but Cybercriminals are getting better and better, and Comodo is keeping pace with developments. Updates and helpful contributions from the development team are lacking.

 

[bazang]

I turn off the CIS's AV because Windows Defender is known to be better.

As Melih explained many times in the past, Comodo AV is intended to catch old malware. He believes signature detections are inherently not necessary, but to save a user from having to deal with old malware being sandboxed, he designed the product to include an AV scanner that focuses on old malware detection.

I turn off the CIS's AV because Windows Defender is known to be better.
And I turn off CIS''s firewall because I have a substantial amount of firewall rules made with Defender Firewall, and it would be labor intensive to re-create them in CIS firewall.

This begs the question "If you use Windows Defender, and you have hardened Windows Firewall, then why do you have CIS installed in the first place?"

 

[Victor M]

If you use Windows Defender, and you have hardened Windows Firewall, then why do you have CIS installed in the first place?

I use CIS to control a few windows essential lol bins which can't be blocked.

 

[Pico]

As Melih explained many times in the past, Comodo AV is intended to catch old malware. He believes signature detections are inherently not necessary, but to save a user from having to deal with old malware being sandboxed, he designed the product to include an AV scanner that focuses on old malware detection.

On the old Comodo forum there was a mod who actively submitted new malware signatures for a long time which Comodo added to their CIS AV database. So I believe the CIS AV database contains both, old and new malware signatures.
On the new Comodo forum that mod isn't active anymore submitting malware signatures but maybe he still does it behind the scene I don't know.

 

[Pico]

Just got this piece of hackerware that presses the "abort" key for Comodo Internet Security Free's AV signature updates. So when you first install CIS, upon first reboot it automatically opens a screen to prompt you to 'activate protection' and fetch virus signatures. What this hackerware does is press abort for you. And so you will forever see that CIS is not "activated".

Why not just install CIS deselecting the AV option?
No activation needed.

 

[Victor M]

Why not just install CIS deselecting the AV option?

I think deactivating AV on CIS does not bypass the initial scan and activate prompt.

 

[Pico]

I think deactivating AV on CIS does not bypass the initial scan and activate prompt.

During CIS install time you have the option to not install CIS AV but only install CIS Firewall (which comes with all the other goodies but without AV).

 

[bazang]

On the old Comodo forum there was a mod who actively submitted new malware signatures for a long time which Comodo added to their CIS AV database. So I believe the CIS AV database contains both, old and new malware signatures.

Yes, this is true. I merely explained Melih's response to all the criticisms about "terrible Comodo AV signatures." He stated that the intent of the AV - when he authorized its creation - was not to be an industry-leading AV. He intended it to be for old malware. That was the intent for the AV. The concept being to save the user from having to deal with old malware that is sandboxed. For new malware, it would be sandboxed.

As Melih stated over-and-over again, he does not care about AV signatures. AV is secondary to the product's (CIS) design and purpose.

If anyone wanted to use Comodo AV as standalone, then he said openly that the signature database is not as good as other options.

 

[Trident]

I think the Comodo database contains mainly hashes, they don’t create signatures and heuristics like a leading AV, it is merely a small offline copy (used to be around 250 mb) of the known threats database. They don’t even bother with malware type and all that. That’s very similar to the offline cache of Panda Cloud Antivirus.

 

[Pico]

Yes correct, on the old forum just simple file hashes were submitted and added to the CIS AV database.

 

[bazang]

I think the Comodo database contains mainly hashes, they don’t create signatures and heuristics like a leading AV, it is merely a small offline copy (used to be around 250 mb) of the known threats database. They don’t even bother with malware type and all that. That’s very similar to the offline cache of Panda Cloud Antivirus.

Confirms Melih's stated purpose of the AV.

 

[Trident]

Nowadays that database is probably automated, whatever is identified by Valkyrie as high risk and higher prevalence (not on 3 systems) probably floats into the database. Yeah, it confirms the purpose of the AV module being supplementary only to deal with very well known threats, the rest is being contained.

 

[bazang]

Nowadays that database is probably automated, whatever is identified by Valkyrie as high risk and higher prevalence (not on 3 systems) probably floats into the database. Yeah, it confirms the purpose of the AV module being supplementary only to deal with very well known threats, the rest is being contained.

For whatever reasons, so many people out there cannot understand this design. Because they do not understand, they should have never used Comodo in the first place. It's a good indicator that they could not handle Comodo.