App Review Comodo Internet Security Premium Free 2023

[Shadowra]

Content source

https://odysee.com/@Shadowra:f/Comodo-Internet-Security-Premium-Free-2023:6

COMODO is a free American security suite created in 2005.
Comodo is a well known software used by computer geeks.
Once very austere, the software has been able to bring new features but still remains on its spearhead: The Sandbox, the firewall and Defense+, its solution to block unknown threats.
The software hasn't had any major changes in about 2 years, so we'll see what it's worth at the moment.



Interface: 6/10

The interface of Comodo is very complete and customizable.
Comodo also offers 3 protection modes, I left the default mode.
But I take away points because the interface is not at all adapted to computer novices, even less the settings!
The same goes for the Defense+ alerts that ask if you should sandbox a program or not. Even if Comodo helps us with recommendations, it is not at all a software that I would give to a novice.

Protection:10/10 Web / Fake crack 1/1 Remains 181 threats on 303 malware / PC Infected after Malware Pack + files encrypted by Filecoder

The big problem with Comodo is its anti-malware engine which is for me the BADGEST I've ever tested!
Even if the Sandbox isolates correctly, it will not be foolproof at all times.
The machine gets infected despite the isolation and 2 Filecoder Ransomware manage to bypass the Sandbox to encrypt files.

Let's also note 2 BSOD caused by malware. I don't know if it's due to the Sandbox, but it's worth noting.

And finally, the Web protection is useless. Comodo has caught everything in Sandbox.
Even though it protects correctly with the Sandbox, there are many problems that need to be fixed.

Result :
Comodo: 0
NPE : 3
KVRT : 12

Recommand : Average. The protection provided is good but some elements need to be corrected especially at the level of the Filecoder.
System Clean : No system infected + File encrypted

@cruelsister , @partha_roy request

 

[Zero Knowledge]

Thanks for the test. Not sure what to make of Comodo, it looks like another Webroot where users swear by its sandbox protection and argue they have never been infected so it must be great but tests prove it's bad. I've used Comodo about 10/15 years ago (Firewall version only not the suite) but I was a security novice, it was just too noisy but I admit I probably didn't configure it right. Unsure what the final verdict is on Comodo, but this test is not good for it

 

[ErzCrz]

@Shadowra Great video as always. Just wanted to check that the files were still encrypted after you reset the container?

 

[Shadowra]

@Shadowra Great video as always. Just wanted to check that the files were still encrypted after you reset the container?

Yep the files remain encrypted even after reset :/

 

[cruelsister]

Just as an FYI, as I was previously supplied (Thanks, Shadowra!) with the malware pack, I ran all (303) samples against CF at my settings once again this morning. As before on sandbox reset and reboot the system was totally clean (and no VM freezes occurred when the malware ran).

 

[vaccineboy]

CruelSister recommends setting the profile at "Proactive", whereas yours is at the default "Internet". I personally also set containment to block unknown files, yours is also at the default.
I wonder how the result would change if these settings were adjusted as said.
Edit: did not know CruelSister replied while I was typing this message.

 

[Trident]

But these ransomware samples that encrypted the system, were they isolated (they broke out of the containment) or Comodo thought they were trusted and did not isolate them? Or were they documents/media files with exploit/something that can’t be isolated?

 

[Shadowra]

But these ransomware samples that encrypted the system, were they isolated (they broke out of the containment) or Comodo thought they were trusted and did not isolate them? Or were they documents/media files with exploit/something that can’t be isolated?

Comodo isolated them well, I think they must have escaped to encrypt the system, or the Sandbox failed to completely isolate the 2 Ransomware.

In a video from a Russian tester (COMSS), Comodo had the same trick with Filecoder :/

 

[Trident]

Comodo isolated them well, I think they must have escaped to encrypt the system, or the Sandbox failed to completely isolate the 2 Ransomware.

In a video from a Russian tester (COMSS), Comodo had the same trick with Filecoder :/

I am just watching the video now, the system_service_exception is most likely a Comodo bug or malware has gained kernel access (it must have downloaded/dropped a signed component).

Containment is only good when it’s maintained, bugs and other security errors are fixed constantly.
Even better, containment should be hardware-assisted, such as the HP Wolf way of doing it.

If it’s only software-based and fixes are not pushed in a timely manner, the result is what we see on this test. Components that are in contact with malware (scanners, emulators, sandboxes) should never be outdated.

 

[cartaphilus]

I always wanted to try comodo again but I will not do so do to what Melich did to Kevin way back then. At that time I dropped all connections to Comodo.

 

[simmerskool]

I just installed CF in win10_VM yesterday (with Kaspersky Free), as I had used CF for a number of years, up until a few years ago. I thought I had configured it to @cruelsister's recommended settings from memory, but after I watched her Feb 2023 video implementing her settings on the current version, I realized that I had missed a few, so I tweaked my CF config settings accordingly. So it would be interesting to see cruelsister make a short video with CF at her settings against this same malware pak. For the record, I totally believe her when she says she ran this test and had no infections, no encryptions but not everyone is a trusting as me (in the past 48 hours this VM has not been infected )

 

[Trident]

I just installed CF in win10_VM yesterday (with Kaspersky Free),

in the past 48 hours this VM has not been infected

Of course it will not be infected, out of 100 samples Kaspersky will delete 95 and will leave 5 to Comodo containment. And that’s the worst case scenario

 

[simmerskool]

sure! my last sentence was a tongue in check off the cuff comment -- true but so what. Plus doubt I went anywhere to attempt to get an infection. I meant just re-test CF alone at cruelsister settings...

 

[ForgottenSeer 100397]

Your system crashing multiple times is an issue for the validity of the test. I would request that @cruelsister test the malware in question (that encrypted the files) with CIS defaults.

It appears your system is running Windows 11. (The vendor hasn't labeled the latest CIS version as compatible with Windows 11.) But thank you for the test, as many users have CIS on Windows 11.

Did you get the malware folder on the system before or after the CIS installation?

 

[Shadowra]

Your system crashing multiple times is an issue for the validity of the test. I would request that @cruelsister test the malware in question (that encrypted the files) with CIS defaults.

It appears your system is running Windows 11. (The vendor hasn't labeled the latest CIS version as compatible with Windows 11.) But thank you for the test, as many users have CIS on Windows 11.

Did you get the malware folder on the system before or after the CIS installation?

The answer is in the video I load the malware pack after the CIS install and after Malware URL's test.

The 2 crashes were caused by malware and not by CIS itself. I had run it on Windows 11 for several days before the test without any problems.

And finally, CIS is unfortunately not an antivirus that will block everything, because no antivirus even CIS will protect 100%

 

[Trident]

Your system crashing multiple times is an issue for the validity of the test. I would request that @cruelsister test the malware in question (that encrypted the files) with CIS defaults.

System crashes happen all the time specially when antivirus software is not stable enough. On my ZoneAlarm test (another thread) I had to record the test over 3 times due to crashes of ZoneAlarm, BSOD-s and whatnot. The same BSODs were not observed with any other product or without any AV.
The crash is not @Shadowra ’s fault and it doesn’t invalidate his test in any way. It is Comodo’s responsibility to ensure that their software is stable and secure.

 

[Azure]

I am just watching the video now, the system_service_exception is most likely a Comodo bug or malware has gained kernel access (it must have downloaded/dropped a signed component).

Containment is only good when it’s maintained, bugs and other security errors are fixed constantly.
Even better, containment should be hardware-assisted, such as the HP Wolf way of doing it.

If it’s only software-based and fixes are not pushed in a timely manner, the result is what we see on this test. Components that are in contact with malware (scanners, emulators, sandboxes) should never be outdated.

You can search in the Comodo forum for “hardware assisted”.

Comodo did in fact used that. Not sure if they currently do however.

@cruelsister
might be able to confirm it

 

[Trident]

You can search in the Comodo forum for “hardware assisted”.

Comodo did in fact used that. Not sure if they currently do however.

@cruelsister
might be able to confirm it

It can not be hardware-assisted if it’s not been updated for 2 years and is design to run both on Intel and AMD processors. They may vaguely use some features of the Intel CPUs (like some use the anti-ransomware features) but it won’t be like HP
Wolf where dedicated chip runs only to keep the containment secure.

Scanning, emulating and containing malware is not a joke, it’s a process that requires stringent security. All components must be secure by design and they must be receiving security fixes. Otherwise you are not protecting anything, you are increasing your attack surface.

 

[ForgottenSeer 100397]

The answer is in the video I load the malware pack after the CIS install and after Malware URL's test.

The 2 crashes were caused by malware and not by CIS itself. I had run it on Windows 11 for several days before the test without any problems.

And finally, CIS is unfortunately not an antivirus that will block everything, because no antivirus even CIS will protect 100%

I noticed the malware pack on the desktop, but it was not clear whether you copied it from another location on the system or another channel.

It may run well for you and others (including me), but the product is not officially compatible with Windows 11.

If anything, your test sides with the vendor and shows the risks of using beta, not-ready, in-progress, or incompatible software.

 

[ErzCrz]

Yep the files remain encrypted even after reset :/

Thanks. Nice to see an example where the system was compromised with default settings. Comodo lessened the security of CIS significantly focusing more on usability back around 2018 and really the protection is sub-par and practically solely relying on the Containment part. So unless your running it with Proactive config, there's holes in the protection. I like Comodo, used it for years and years but waiting really on the "summer" update bringing it in line with the Xcitium clients but that's wishful thinking. Comodo is best as just the Firewall rather than the whole CIS package and tweaking as @cruelsister has it for elementany real security and leave the rest of the protection to the likes of MD or 3rd party AV.