Comodo Internet Security 8.0.2.4508 - General Impression
Pros
- Freeware
- Complete internet suite that includes firewall
- 64-bit system hooking\monitoring (Enhanced Protection Mode)
- Low system impact and high compatibility
- Highly configurable; user has virtually absolute, manual control over system
- Well-established, strong firewall
- Virtual & policy sandboxes built-in
- Complete package includes useful analysis tools and utilities
- Logging is exceptionally detailed
- Skilled, disciplined use will provide solid base-line protection
- With experience user can easily determine what is happening on system
- Huge online help files
Cons
- Slow, “Old School” file verdicts (signatures) and file ratings from Comodo
- Weak heuristics even at “High” setting
- Quirks and bugs can cause confusion
- Complexity can cause confusion and\or contribute to user mistakes
- Multiple methods to accomplish same result can cause confusion
- Some log details are cryptic
- Steep learning curve
It always seems that way with Comodo. There’s something about the company, its CEO and their products that brings out the beast in both haters and fanboys. The short of it: Comodo debates are best not done in-person... there would be blood.
And so, it begins...
Herein lies the truth: There is a lot to love about Comodo, and there is a lot to hate about it.
Discontinued, abandoned, dead-end products... plus a frenetically disjointed web presence that is obviously a mess... and a substandard support forum with sometimes questionable moderation, creates a rather poor image. Comodo's image is that of a dysfunctional, top-contender AV wannabe. Unpolished and unrefined.
Most complaints on the forum are from dedicated users that are frustrated with Comodo's slow and inconsistent improvement. They are a particularly demanding lot of hyper-critical, detail oriented techies who are not shy about making their utter displeasure known. Occasionally, it can make for some really interesting reading. To their credit, it is because of their persistence that CIS improves.
Now on to the product in question... Comodo Internet Security.
Installation and Uninstallation
If you are going to have major system compatibility issues with CIS on your specific system, then it will most likely surface during installation.
There is a quasiofficial Geek Buddy removal tool. However, registry and file remnants will remain - requiring a thorough manual cleanup or use of your cleanup utility of choice. You can find the removal tool by asking around the Comodo forum. Make sure you read Chiron's install\uninstall guide and follow it to the letter; not following the removal tool instructions can cause data loss.
My preferred method for install\reinstall of any AV is simply to clean install Windows OS and then immediately install the AV - which I understand the typical user is not willing to do because it is a bit of a rigmarole. In my experience, the advantage to this method is that it eliminates most install problems - which, in the end - saves me a lot of time, effort and aggravation.
Settings and Configuration
This is one area where Comodo really shines. Huge toy factor.
CIS is all about settings management and user configuration. No other AV has the same degree of configurability except for perhaps ESET Smart Security.
The user can configure CIS to behave over a very wide range - from fully automated without any notifications to a completely manual affair with lots of alerts from each separate module.
Individual protection modules can easily be turned on\off.
On the whole, the user can make the security as lax or strict as they so choose.
This degree of latitude presents a real challenge for the novice user. My suggestion is start by using CIS at its default Internet Security profile (HIPS off). Later on you can decide if you want to use HIPS or not. If you’ve never used Comodo and classical HIPS before, then you will likely quickly tire of it - and think Comodo is complete nonsense because of it. That would be unfortunate - and wrong.
Focus first on learning how Comodo’s File Rating system works - as this will have a lot to do with your experience using CIS. Not understanding how it works will create a mess for you...
User Interface and HIPS
The user interface is one of the better ones - at least for me. Although accessing or customizing some features via the interface is not immediately apparent. It did take me some time to get it all sorted out... not the very best, but certainly not the worst. Generally, I like it.
The HIPS alerts are the best that I have seen in terms of explaining what a file is attempting to do - and more importantly - how the user should respond. Still, some users will make mistakes in responding - unfortunately an unsolvable problem with classical HIPS. It is important for any potential user to understand that successful use of HIPS is directly proportional to their knowledge and experience.
One easy way to learn about the various HIPS alert types is, on an idle clean system, switch HIPS to “Paranoid Mode.” The user can observe a whole bunch of different HIPS notifications - and thereby become at least somewhat familiar with a good portion of them. During observation, when responding to the alerts, do not tick “Remember my answer.”
I think it would make for a better user experience if all the application rules were combined into a single panel - like Emsisoft's Application Rules pane or Kaspersky's Application Control. In CIS application rules for each separate protection module - HIPS, Sandbox and Firewall - are separated. It's not the most convenient but there's a legitimate reason for this type setup. The order of the rules in the list means the upper most is applied first and the bottom one applied last. This is important when creating exception rules and having certain rules applied before others. If all protection module rules were combined then it would be more difficult to customize the order in which modules are applied. When you start using CIS you will understand what I mean...
All in all the user interface flow is very good. It's amazing how Comodo managed to cram so much into such a small package. Controls are generally clear and my only real gripes are that the network monitor, task manager and process activities windows cannot be minimized... meaning I have to move them around sometimes when using them.
On a lighter note...
The notification\alert sound is just plain, obnoxious ick. I would much prefer CIS alerts to talk to me: “The force Luke...use the force !” Better yet, that sound that a Jedi Knight light saber makes: “Whiizzzzzzzshhh !” That would most certainly improve the AV test lab ratings... !
Anti-Virus
Most people already know Comodo’s antivirus and heuristics are weak. In fact, I think Comodo itself considers its AV module as the last line of defense - as opposed to most other AV vendors which implement it as the first line of defense. Differing protection philosophies and models... No big deal, really. However, the typical user can wrap their head around “Push button, detection, Quarantine, delete” - so the signature detection method remains dominant. Comodo, in trying to break away from signature-dependence, takes a lot of flak from all sides for their deviation from AV tradition.
No one in their right mind uses Comodo for its signatures...
Sandbox, Light Virtualization Limitations and Vulnerabilities
Comodo includes autosandboxing of all Unrecognized files as its primary protection. Comodo’s sandbox can be used as either a strictly virtual or policy sandbox - or configured to run files virtually with policy restrictions (combo sandbox). Nice touch... a la Sandboxie.
The problem with sandboxing and all light virtualization is that, generally, it prevents only a persistent infection of the physical system; it does not protect against data theft. If a malicious file is allowed to run without restriction inside a virtual session, then that entire session is “infected.”
Reset the sandbox and the infection is gone. However, in the case where a malicious file exploits a software vulnerability - Bromium researches have shown - that a sandbox can be bypassed. Also, certain rootkits have bypassed light virtualization. So the point is that sandboxing\light virtualization are not “bullet proof.” I only cover this point so that the user is aware of this fact - and not be lulled into a false sense of security.
If you keep your softs updated, then the likelihood that a malware will exploit a vulnerability is small - so don’t fret about it. Malware that can do such a thing - while out there - are relatively uncommon. Fortunately most are of the common, humdrum potato-bug variety.
Best practice (regardless of the AV) is to reduce the attack surface and not use any of the widely exploited softs: Microsoft Office Suite (Word, Excel, etc), Adobe Acrobat & Reader, Adobe Flash, Java and Java Runtine Environment, Windows Media Player, Microsoft Silverlight, Macromedia Real Player, etc. If you must or insist on using any of these applications, then add an anti-exploit: EMET, Malwarebytes Anti-Exploit, HitmanPro.Alert, Trapmine, etc.
Another problem with sandboxing, generally, is that without active monitoring of the running file using tools and utilities by the user - or - any type of notifications from the software - sandboxing does not, in itself, tell the user anything about the file. So what is the user to do?
Tools & Utilities
Comodo solves this problem by including a network monitor, a process monitor, its own task manager, an autoruns analyzer, a commandline utility and KillSwitch. These addons are useful, but they require time and effort to learn. Which brings me to an important point: the entire CIS package can be an overwhelming, confusing experience for the beginner.
The nice thing is that there is no need for the user to cobble basic analysis tools & utilities together with CIS - they're already included. For the most part they're pretty good.
Web-Filtering and Anti-Phishing
Comodo’s Achilles Heel remains its virtually nonexistant malicious webfiltering and antiphishing. There are some addons to the Comodo browsers if you so choose to use those browsers. Yet I think it is much better practice to use FF or Chrome and customize your browser as you see fit. Besides the browser security addons, like uBlock, uMatrix, NoScript, etc - are more secure options.
One can also import malicious Hosts files into CIS manually or simply use PeerBlock. I’ve tried both and each one works fine. PeerBlock has the advantage of being automated, but requires a $10 annual subscription. Plus, on W8 systems the user must use Windows Task Scheduler to get PeerBlock to automatically start... Not a PeerBlock deal-breaker.
NOTE: If you only visit a few reasonable websites during typical use, then don’t bother... Your browser’s own malicious URL filter and ComodoDNS are fine for you. Alternatively you can configure Windows Networking to use the Norton ConnectSafe DNS - which is significantly better than ComodoDNS. On the other hand, if you surf far and wide then you really should bolster CIS surfprotections as much as possible without degrading usability or performance. Neglecting this step can be the difference between an Ebola-like system infection or a 5A1 bill-of-health.
File Rating System and Cloud
This is the single biggest source of confusion for most users. Inconsistent file ratings and treatment on the local system and in the cloud sow nothing but user discontent. Some of it is due to bugs, others it seems to be due to nonsynchronization of Comodo systems, other times to the way Comodo collects malware, etc.
My take on it is that Melih is trying to build a file database system that will rival Virus Total's. IF he can manage to pull that one off, then I will tip my hat to him...
In any case, to great user frustration Comodo is s-l-o-w-l-y getting better at it. Besides the user now has the ability to rate any file on their system - which solves 99.9 % of problems.
I would think the typical dedicated CIS user is fully aware if a file is safe or dodgy... and, if they do not know, they will take the steps necessary to make their own informed local CIS file verdict. This option is a nice touch.
Firewall
Comodo firewall is one of the best.
The user can configure IP addresses, IP ranges, Custom rulesets, standard rule templates, etc, etc, etc.
Rules can be created from the alerts, but not as good as Emsisoft's. Needs improvement.
IP and URL lookup would also be another nice touch, but I probably have a much greater chance of winning a $600 million lottery than that ever being implemented.
Backup
Comodo Backup is not bundled with freeware CIS version but can be downloaded for free. It is a capable file\folder backup solution - but no bootable media creation like AOMEI, Paragon, EaseUS, etc. Combine it with Windows OneDrive or another cloud storage service for best results. 50 GB cloud storage included in the paid Comodo version.
NOTE: CIS has Comodo Rescue Disk which allows user to create emergency recovery media for an infected system - this is not the same as back-up media creation.
Subscription
At $89.99 for the whole CIS kit, I think it is overpriced relative to the features. If I paid for it, then I would badger Geek Buddy to no end... Get my money’s worth. On the other hand when CIS goes on sale then it can be a good overall deal.
The freeware version is sufficient and in all reality will do everything for you the paid version can do... except no "Trust Connect" unsecure network encryption.
You know, Melih doesn't have to provide a complete freeware version. His motives for doing so aside - it is a really nice thing for those who cannot afford to pay for an AV. I think that fact is ignored by a lot of Comodo haters. Even if you despise all things Comodo - at least give credit where credit is deserved.
Support
Support forum - don’t expect much help here; it is more for dedicated, experienced users. If a good support forum is absolutely essential to you then Emsisoft or ESET will meet your needs - their support forums are universally excellent.
E-mail support - can be surprisingly good, but painfully slow. It's not practical for anything except asking for clarification of technical details.
Paid support (Geek Buddy) - as good as the tech and their workload at the other end. I wouldn’t expect too much. Best policy is to hope for the best, but prepare yourself for the worst.
Massive, 600+ page online User's Manual. Very worthwhile reading for those that want technical infos and suggestions on how to respond to alerts. +1 for Comodo.
Performance and Compatibility
On my specific systems CIS performs really well with no apparent system degradation while working at the desktop. Typically combined CPU use is approximately 7 % and RAM 20 %. Time required to system boot takes about 45 seconds on my low-end systems.
The update process is not as heavy as it once was - I rarely notice it.
Full system scans are still heavy - just like every other AV - and are best performed during system idle. If you configure that Full system scan to extract archives and use maximum heuristics then the scan can take hours. Unless you are dealing with an infected system then don’t do it as it is nothing but a complete waste of resources.
Quick scans only last a few minutes at most.
I do note however that Comodo scans are generally among the slowest in the industry.
It gets along well with other softs - like Shadow Defender and Virtual Machines.
Bugs and Quirks
Yes. Comodo is famous for their reported 300+ bug fixes. It's the butt of a lot of jokes, but it does mean that things are being fixed. Comodo, unlike some other AV vendors, does not attempt to hide bug reports. This open policy has the disadvantage of attracting a lot of criticism, negativity and jibes. A closed policy hides a lot; I would bet if you knew the actual number of unrevealed, mandatory fixes made by Kaspersky, ESET, Emsisoft, then you would be flabbergasted, if not shocked and appalled.
CIS is actively pentested by a dedicated, hardcore group of users who report bugs, quirks and performance issues on the support forum. The advantage is that Comodo is aware of them. Although, if any fix is forthcoming it can take a long time.
When I read some of the vulnerability reports I laugh - because some of those vulnerabilities are so arcane that no malware writer in their right mind would ever target them. To do so would net them nothing... On the other hand, some are quite serious and Comodo does fix them.
Most of what gets reported as bugs are nothing more than annoyances as opposed to critical security vulnerabilities. Of those, most are only potential, but highly unlikely, serious security flaws. At least that's my take on it... Comodo's practice of selectively fixing bugs, errors, security issues is no different than that of Microsoft, Mozilla, Google, Kaspersky, Emsisoft, etc, etc, etc.
CIS and the IT Novice
If you are an absolute IT novice determined to use CIS, then I will just say this - like all things in life you have to go through something to get something. So prepare yourself... Using CIS you will be exposed to more, and learn more about, IT security than you thought possible. It can be quite the journey, and in my experience has been worth the time, effort and frustration.
The Bottom Line
For better or worse, good or ill, Comodo Internet Security is partially the end product of a nonunified venture of supertechies. CIS is the culmination of techies run riot is the way I think I said it elsewhere on this forum. If you read some of the feature requests on the Comodo forum it is apparent that some want to turn CIS into SkyNet.
In the grand scheme of things, CIS is probably best used by intermediate or advanced users, especially those that desire a high degree of system control. I think most AV enthusiasts would agree. In my case, on one system I have CIS configured to be fully automated without a peep. On the other it is configured to be an entirely manual affair. Both work for me.
For the novice user it really depends all upon their attitude, motivation and determination.
In the beginning, use of CIS does not simply involve installing it and using the interface. In my own case it required me to use the Comodo forums, security forums like MalwareTips, exploration of a whole lot of IT subjects online, asking for help, asking questions, etc. To be honest, I am still learning... however, I also admit it has become a whole lot easier to use CIS over time. Now I can take things for granted, but in the beginning it was an infuriating experience...
One thing I will point out is that it is vitally important to practice, practice, practice with any AV; a "Set It, and Forget It" mentality will get you nothing but infected. In the worst case scenario you will return home from the bank, after checking your accounts, penniless... head hanging low, all dignity gone. Don't think it happens? Really?
From my perspective, Comodo Internet Security is particularly well suited to basic malware-Windows system analysis. Everything I need to accomplish this is included in the CIS kit...plus at $0 cost.
Comodo's file policy editor and settings are every bit as sophisticated and powerful as Kaspersky's. If you completely understand everything that can be accomplished with either one, then as MT's very own Umbra Polaris would say: You are Neo and have no need of AV. Just leave the file policy settings alone... lest you smash your system. Those settings are buried in the user interface for a reason = reserved only for the most advanced CIS user.
It is extremely configurable and can be heavily hardened through configuration adjustments. This includes configuration as an anti-executable (AE)... an option I can find in no other security suite except Kaspersky. However, using AE settings in Kaspersky causes Application Control to eventually malfunction. So until Kaspersky fixes that bug there is no other AV that can successfully function as an anti-executable except Comodo.
As most of you know I am a huge anti-executable fan so I am probably more than just a bit biased in saying that Comodo is far ahead of other AVs in this regard. At least I admit my character defects...
Protection wise I think CIS is underrated due primarily to the AV module's mediocre performance. CIS protects interpreters and handles scripts with much tighter security than any other AV that I've used. Where it really excels is in how it handles potentially or actually malicious files once they are on the system. Admittedly this can also be accomplished by combining most AVs with Sandboxie. That fact I do not dispute. What I have trouble with is getting Sandboxie to function properly on my specific systems. I tried. And tried. No luck. Comodo is a very well integrated package and saves me the time, effort and compatibility issues of cobbling various separate programs together.
On my systems I have hardened Comodo using techniques I've covered here. I have thrown a lot at CIS and it was only defeated once by a Zbot variant. In testing that sample I disabled the AV module... which turned out to be really bad news. Upon execution it immediately disabled CIS' HIPS and autosandbox. It also prevented enforcement of AE settings.
Now before you get all bent out of shape and blindly call Comodo "garbage", that sample also smashed Kaspersky, Emsisoft, and Webroot... With experience you would know that when granting Admin rights to some malwares the best any AV can do is to stop it by signature detection - which Comodo did - but I over-rode it.
Are there bugs? Yes. Is CIS improving? Yes. Will it offer good protection? Yes... at a high level with correct, educated use.
Before you send Comodo down as FUD, try it...
* * * * *
I want to point out that Comodo's improvement is due, in large part, to many dedicated volunteers behind the scenes - especially improvements to Comodo's file database content.
Malware1 deserves special thanks for his incessant file submissions to Comodo. (I don't think the man sleeps...)
Last edited by a moderator:
