The critical flaw with comodo is there is nothing stopping a noob from panicking and paying the ransom.
Last edited by a moderator:
COMODO Internet Security 10 BETA (Techie vs User)
- Thread starter Venustus
- Start date
It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Your problem nikos200 is you live in the real world. You're not allowed to bring up real world scenarios when talking about CIS, all must proclaim it the perfect anti-malware solution.
- Jul 3, 2015
- 8,153
No solution is perfect.
If you use a multi-layered approach, including native Windows security features, you are pretty much free from the "boom, infected!" syndrome, because your system is by nature very difficult to infect. Then, COMODO is an elegant icing on the cake.
- Mar 1, 2014
- 1,708
I think he was being sarcastic.
But yeah, I agree that nothing is perfect. So, even the best of the best can be bypassed.
- Dec 29, 2014
- 1,711
Maybe this issue comes down to "what's best for each user". Then also, maybe all current security concepts can still be improved in some aspects. For example, could Comodo do a better job of examining sandboxed apps for "misbehavior" and of keeping the user updated about these behaviors in some special/separate way from the normal?...make it easier for the user to track activities of sandboxed applications? Who knows what AppGuard will be like in 2 or 3 years? I feel there is still room for creative improvements. At this point, it is true that malware can be smart about sandboxing and fool a user. This is a long shot to work, though, and security is still high.
One other thing. On lockdown mode with AppGuard it's important to research software. So, is anyone saying this is not true with those who favor the sandbox approach? This is good practice for everyone, correct? In this context, both methods are effective. I will say this, though. If something strange happens or a very sophisticated attack occurs and an installer is phoney somehow, Comodo does have your back with the sandbox. That's very nice to know. The rest is up to user LOL I admit. I am assuming all the research about the application intended to install has been done before running this hypothetical phoney installer.
I am asking myself if it is important to examine the user's intention for the particular/one PC being protected. True, lockdown will protect and also true that one should know everything about a program before installing. Yet, cruelsister may be right about one thing. It is human to find oneself in a hurry. Comodo gives one last opportunity to correct the issue when software must be installed. So I feel both Umbra and cruelsister are correct.
One other thing. On lockdown mode with AppGuard it's important to research software. So, is anyone saying this is not true with those who favor the sandbox approach? This is good practice for everyone, correct? In this context, both methods are effective. I will say this, though. If something strange happens or a very sophisticated attack occurs and an installer is phoney somehow, Comodo does have your back with the sandbox. That's very nice to know. The rest is up to user LOL I admit. I am assuming all the research about the application intended to install has been done before running this hypothetical phoney installer.
I am asking myself if it is important to examine the user's intention for the particular/one PC being protected. True, lockdown will protect and also true that one should know everything about a program before installing. Yet, cruelsister may be right about one thing. It is human to find oneself in a hurry. Comodo gives one last opportunity to correct the issue when software must be installed. So I feel both Umbra and cruelsister are correct.
- Jun 12, 2014
- 314
That argument goes for all security software. If a kid downloads a game hack / crack and it is sandboxed by Comodo, blocked by an anti-executable or detected by an antivirus, the kid will just disable the software und run the malware anyway.
A good antivirus with low false positives at least makes you hesitate, whereas being blocked by an anti-executable or being "unrecognized" by Comodo gives you next to zero confidence in the actual maliciousness of the file in question. An anti-executable blocks everything, good or bad, and Comodo doesn't know so much stuff, that being unknown by Comodo doesn't inevitably mean it's malware, it could just as well be their insufficient whitelist.
Then there are installers of legitimate software which are bundled with PUPs. The user will disable the precious anti-executable to run the installer, doesn't pay attention and boom, the PUP is installed along with the legitimate software. Precious comodo auto-sandbox would be silent during the whole fiasco as well, because the legitimate software and the PUP are both digitally signed and installed on hundreds of thousands or millions of computers.
- Jul 3, 2015
- 8,153
bottom line is: user cannot escape decision making, even with COMODO or VoodooShield or whatever.
Security softs just stop things from happening behind your back.
Security softs just stop things from happening behind your back.
At the end of the day people press always “Yes”: because the average user, despite the warning message may be very clear, he will press on “Yes” if the window will continue to repeat itself. After all, who reads the messages of security app ?
It is act of repetition: if 98% of the applications that we install on a computer are safe, the remaining 2% might not be. But who loses time to read the dialog boxes ? And the “Yes” button is not labeled as “Yes”, but as “Continue”; a word that the mind when you are in a hurry, it is less subject to process and understand in the correct way.
- Dec 8, 2014
- 206
Get infected, reverse actions. Problem solved.
Despite the industry-wide best efforts, software cannot be made "fool-proof." There is one way that comes close outlined below.
I am not interested in any kind of debate. I am not promoting one product versus another. I am not promoting one protection model versus another. To each his own...
The purpose of this is just to point out how some enterprises have tackled the issue of unrestrained, unknowledgeable users and thereby protect their systems (almost completely).
Various enterprise case studies have shown that this methodology will invariably protect the system from being physically infected:
1. Start with a verified-clean baseline operating system
2. Install verified-clean desired softs
3. Install or configure software restriction policies and enable protections
4. Password protect the SRP and lock the user out so that they cannot disable protections and modify the baseline system configuration
In one case study, workstations were configured with obsolete versions of the most commonly exploited programs and OS built-in protections disabled. The SRP was configured as above and not modified for two years. The workstation users had tried to download and run all manner of stuff. The final review showed Poweliks, Kovter, Ursnif, PUAs\PUPs, malware, adware, riskware, malicious scripts, etc - none of which had been able to execute on the system. Exploits had succeeded, but the payloads had been blocked from execution. Encrypted malicious registry keys from file-less malware had been neutered.
With the above protection in-place, there was no impact on typical computing and productivity tasks such as online activities, working with PDFs, creating documents - including those with macros, video creation, etc.
In other words, the best option all the way around is to prevent any user decisions or actions from modifying the system.
It does not get any more simple than that.
Last edited by a moderator:
Exact, the user is and will always been the weak link. You don't need the best security software to be protected, just restrict the rights of the user to infect himself, SUA is the first step.
In one test, the workstation was configured to use Admin account. Even then, SRP kept system safe.
However, Admins forgot to apply same restrictions to all of their servers. Forgot one. So that server got infected.
- Nov 17, 2016
- 1,242
The first line of defense cannot be the web protection because the first line of defense is yourself, not any software. You as the user make the decisions at the end of the day, all the security on your system (e.g. layered protection) all comes after yourself.
If you are sensible and watch what you do and are careful about how you do things then you most likely won't end up infected, and if you are click-happy and are not careful then you'll most likely become infected regardless of the security installed on your system (e.g. social engineering -> you might white-list and run and then become infected anyway, an example of a stupid non-sensible decision).
Similar threads
