Comodo Leak Tests and Emsisoft Anti-Malware

Is Comodo Leak Tests still relevant?

  • No.

    Votes: 16 53.3%
  • Yes.

    Votes: 7 23.3%
  • Somewhat.

    Votes: 7 23.3%

  • Total voters
    30
Joined
Jan 31, 2014
Messages
844
OS
Windows 10
Antivirus
Microsoft
#1
Hello.

I just happened to run some leak tests for testing firewall purposes using COMODO's Leak Tests, a very old tool.

I am using Emsisoft Anti-Malware. I know it relies on Windows Firewall with some tweaks. I also hope that its behavior blocking will do some help (am I right in this?). I remember that Online Armor (a discontinued firewall HIPS app from Emsisoft) scored higher. Now the result is 180/340. I am on Windows 10 32bit 1709. Comodo Leak Tests tool doesn't recognize my OS.

I am not really alarmed by the result but is this something to worry about? This is not something against Emsisoft, I know that Emsi is now much much better than before. I am just curious to know some technicalities that I don't understand. So, is this result still relevant?

Thanks
 

Attachments

Likes: BryanB
Joined
Jan 31, 2014
Messages
844
OS
Windows 10
Antivirus
Microsoft
#3
@ifacedown

1- Comodo Leak Test is old and obsolete
2- CLT is an HIPS test, EAM has a behavior blocker.

So you can't reasonably test EAM with it. OA scored good (i remember i scored 340/340) because it was an HIPS.
Thanks.

So that would mean that in real-world, the behavior blocker of EAM is enough to cover things that a HIPS could protect? HIPS and BB terminologies again and its differences :)
 
Likes: BryanB

Umbra

Level 61
Content Creator
Trusted
Joined
May 16, 2011
Messages
17,775
OS
Windows 10
Antivirus
Default-Deny
#4
Thanks.

So that would mean that in real-world, the behavior blocker of EAM is enough to cover things that a HIPS could protect?
A BB is enough for the common people because it has a good user-friendly/efficiency ratio.
Average Joe is already annoyed by UAC prompts so imagine their reaction with a HIPS's shower of popups.

HIPS monitors everything even activity not related to malware, while BB have rulesets to identify malicious actions; basically HIPS are dumb (they block every actions), BB are smart (they block what they are taught).
So HIPS protect better, the problem is very few people can discern what to block and what to allow; most users will just click "allow" to get rid of the prompt.

Ask yourself, if HIPS alone were perfect tools, why OA was abandoned? why Comodo disabled it by default and added a BB and a sandbox? why Kaspersky simplified its HIPS making it more like a BB?
The reason is simple: user-friendliness.

HIPS are mechanism of the past, they are almost dead, they were ultimate geek tools for ultimate paranoids.
 

Lockdown

From AppGuard
Developer
Joined
Oct 24, 2016
Messages
3,013
#5
A BB is enough for the common people because it has a good user-friendly/efficiency ratio.
Average Joe is already annoyed by UAC prompts so imagine their reaction with a HIPS's shower of popups.

HIPS monitors everything even activity not related to malware, while BB have rulesets to identify malicious actions; basically HIPS are dumb (they block every actions), BB are smart (they block what they are taught).
So HIPS protect better, the problem is very few people can discern what to block and what to allow; most users will just click "allow" to get rid of the prompt.

Ask yourself, if HIPS alone were perfect tools, why OA was abandoned? why Comodo disabled it by default and added a BB and a sandbox? why Kaspersky simplified its HIPS making it more like a BB?
The reason is simple: user-friendliness.

HIPS are mechanism of the past, they are almost dead, they were ultimate geek tools for ultimate paranoids.
Users don't buy or activate HIPS because they say "We cannot learn how to use it." So publishers respond to users' outcries by dumbing down their softs. Once you dumb down a soft as far as you can you end up with Cylance.

Users don't want to learn anything and no one wants to teach them.

It is a shame because HIPS provides the kind of protection that users expect. But then, users complain "Hey, there's too many alerts or some other issue..." :rolleyes:

It's a pathetic state of affairs.

Security software is not a substitute for user knowledge.

And the part that infuriates me, is that most people expect any security soft to protect a system against every potential threat - regardless of the vector, methodology or technology - both known and unknown - not to mention protecting users from themselves which the industry absolutely cannot do (it has tried for decades and failed miserably). When people have those kinds of expectations - if you don't realize it - it shows that their thinking is as irrational and ignorant as it can get.
 
Last edited:

Windows_Security

Level 16
Content Creator
Trusted
Joined
Mar 13, 2016
Messages
762
OS
Windows 7
#6
Before HIPS there were HIDS. Host Intrusion Detection System and Host Intrusion Protection system both look at attack vectors. A HIDS simply has its action set to monitor (with exclude option) while a HIPS has it action set to block (with allow option). Behavioral Blockers were HIDS which blocked selective actions. The difference with HIPS was that a BB did not block after a single intrusion, but could track a process and block it after it had triggered multiple HIDS (attack vector) warning. I don't see HIPS as dead I think they just evolved to BB.

With the hype of machine learning the BB got a central analysis and monitoring collection, so the rules could be adapted based on new attack vectors or threats. So the BB evolved to EDR's (Endpoint Detection and Response systems). When HIPS were dumb (triggered on a single attack vector), BB's were smart (triggered on multiple attack vectors), EDR's are intelligent (dynamicallly add business rules based on intrusion patterns).

In a way HIPS - BB - EDR are the evolution: HIPS let the enduser decide. BB had (static) rules based on the analysis of security experts (but trimmed down for compliancy/useability), EDR's have dynamic rules based on Machine Learning.

See Gartner for reference Compare Cylance vs. ESET vs. Kaspersky Lab vs. Symantec in Endpoint Protection Platforms | Gartner Peer Insights
 
Last edited:
Joined
Jan 31, 2014
Messages
844
OS
Windows 10
Antivirus
Microsoft
#7
A BB is enough for the common people because it has a good user-friendly/efficiency ratio.
Average Joe is already annoyed by UAC prompts so imagine their reaction with a HIPS's shower of popups.

HIPS monitors everything even activity not related to malware, while BB have rulesets to identify malicious actions; basically HIPS are dumb (they block every actions), BB are smart (they block what they are taught).
So HIPS protect better, the problem is very few people can discern what to block and what to allow; most users will just click "allow" to get rid of the prompt.

Ask yourself, if HIPS alone were perfect tools, why OA was abandoned? why Comodo disabled it by default and added a BB and a sandbox? why Kaspersky simplified its HIPS making it more like a BB?
The reason is simple: user-friendliness.

HIPS are mechanism of the past, they are almost dead, they were ultimate geek tools for ultimate paranoids.
Thanks much, I am very much enlightened.

I used to love HIPS before, from Online Armor and Private Firewall. I loved the feeling that my security software monitor a lot of things. But then, yes, for the first week I had to deal with a lot of notifications. I understand how could that annoy the average user.

Then I fell in love with Whitelisting Apps or Anti-exes like Voodooshield and NVT ERP. Much simpler yet super effective.

At the end of the day I am much more thankful that Emsi uses BB and not HIPS. I am curious though if Emsi would sometime in the future include Whitelisting.
 

hamo

Level 9
Joined
Mar 30, 2014
Messages
431
OS
Windows 10
#9
Users don't buy or activate HIPS because they say "We cannot learn how to use it." So publishers respond to users' outcries by dumbing down their softs. Once you dumb down a soft as far as you can you end up with Cylance.

Users don't want to learn anything and no one wants to teach them.

It is a shame because HIPS provides the kind of protection that users expect. But then, users complain "Hey, there's too many alerts or some other issue..." :rolleyes:

It's a pathetic state of affairs.

Security software is not a substitute for user knowledge.

And the part that infuriates me, is that most people expect any security soft to protect a system against every potential threat - regardless of the vector, methodology or technology - both known and unknown - not to mention protecting users from themselves which the industry absolutely cannot do (it has tried for decades and failed miserably). When people have those kinds of expectations - if you don't realize it - it shows that their thinking is as irrational and ignorant as it can get.
I respect your opinion, because it contain many of truth.
But you always miss some thing, the majority of people pay $ for comfortable not for ......!
--------------------------------------------
So any one should use what he can deal with, not the most secure.
If you can not use something, try to understand it, if can not NEVER use it.
 
Joined
Jan 31, 2014
Messages
844
OS
Windows 10
Antivirus
Microsoft
#10
I respect your opinion, because it contain many of truth.
But you always miss some thing, the majority of people pay $ for comfortable not for ......!
--------------------------------------------
So any one should use what he can deal with, not the most secure.
If you can not use something, try to understand it, if can not NEVER use it.
Well yes, we would like to be most protected, but of course most people are not willing to learn. To that end most AV companies chose to simplify their security products. Maybe Comodo is one of those rare vendors that still choose to offer products that give the geeky the fulfilment to tweak and experiment.
 
Likes: bribon77

Lockdown

From AppGuard
Developer
Joined
Oct 24, 2016
Messages
3,013
#11
I respect your opinion, because it contain many of truth.
But you always miss some thing, the majority of people pay $ for comfortable not for ......!
--------------------------------------------
So any one should use what he can deal with, not the most secure.
If you can not use something, try to understand it, if can not NEVER use it.
Most people do not even know what they are buying - and then complain about it one way or the other. One of the most common complaints is "I see bypass video on YouTube. This AV I bought suxx !!"

People buy AV XYZ and expect it to protect against everything and anything.

What people expect out of security softs, and what they get, are two different things.

The average person has absolutely no idea what they are buying when they buy a security soft - they have no concept of usability versus protection. What they do expect is "I paid $50 and I expect it to protect my systems against the NSA, CIA, FSB, KGB (doesn't exist any more), PLA, DPRK, etc,... - which is complete irrational, ignorant thinking and expectations)."

And they expect their newly purchased security soft to never have a bypass video of it posted on YouTube or anywhere else. Once again, complete and utter ignorant and unrealistic expectations. (Besides, they couldn't spot a legit from a non-legit bypass anyway.)

Like I said, there is no substitute for user knowledge.
 
Last edited:

Opcode

Level 28
Content Creator
Joined
Aug 17, 2017
Messages
1,733
#12
Maybe Comodo is one of those rare vendors that still choose to offer products that give the geeky the fulfilment to tweak and experiment.
COMODO make a mint off other services unrelated to the home user market for security software catering, so it probably doesn't matter to them what route they take (e.g. simplified products, advanced products, etc.). An example would be the SSL certificates/digital signatures; people can go to them and purchase a digital signature to sign their kernel-mode/user-mode software for example. Many people use their certificates for both software and web-based services, and these certificates need to be renewed on a 1-3 year basis (usually) which keeps business booming as long as the customers stay in business themselves.

All in all, because they make money from many other things away from the home user market for security software, this is likely the cause of why they are able to provide a Firewall (with the auto-sandbox) and alike for free.
 

Windows_Security

Level 16
Content Creator
Trusted
Joined
Mar 13, 2016
Messages
762
OS
Windows 7
#13
What people expect out of security softs, and what they get, are two different things.
Sorry mate, you have a very pessimistic view on security vendors ("a pathetic state of affars") and people using it ("don't know what they are buying") and sometimes your posts are very funny (at least to me: but I am an irrational optimist). Your quote is even wiser when you replace "security softs"with "life".
So enjoy what you get out of it. ;) Happy holidays.
 

Lockdown

From AppGuard
Developer
Joined
Oct 24, 2016
Messages
3,013
#14
Sorry mate, you have a very pessimistic view on security vendors ("a pathetic state of affars") and people using it ("don't know what they are buying") and sometimes your posts are very funny (at least to me: but I am an irrational optimist). Your quote is even wiser when you replace "security softs"with "life".
So enjoy what you get out of it. ;) Happy holidays.
The pathetic state of affairs is not the security vendors. The pathetic state of affairs is that no one is willing to teach the younglings. That's society's job - not ours. This is a digital age and IT security is part and parcel to the digital age. It is a societal problem, not a security soft publisher problem.

Walk into any Best Buy and stop a user who is buying security soft. Start to ask them questions about what they are buying. It will be enlightening. Average Joe is clueless and you know it. "I am buying dis here AV because my neighbor told me its good."

The proof is all over the internet and the posts made by users. Just look at the amount of ignorant posts made. Just watch the outcry when the next YouTube bypass video is posted. Or the next report of Exploit XYZ. The garbage comments begin to fly.

There is no substitute for user knowledge. Security softs are not a substitute for user knowledge. They don't need to be experts, but some fundamentals - like what is on their systems - and other stuff would go a long way.

3 decades later and some people who graduate from university with PhDs from top technical universities like Lusanne and MIT still cannot locate the power button and call technical support when the unit is not plugged into the power outlet. I don't know what anybody else's definition of a pathetic state of affairs is, but this scenario certainly meets mine. And you can ask @Umbra - the above scenario might be the extreme case, but it isn't made-up bullshit. The people that come onto these forums are not Average Joe - they are security soft geeks that represent the extreme views towards the ends of the bell curves.

Average Joe's views are not represented here because Average Joe doesn't come here. He doesn't even know this place exists. None of this stuff even makes sense to him. He wouldn't even know where to begin.

People will always be the problem. If they weren't then there would be no need for forums like Malwaretips.

Happy Holidays.
 
Last edited:
Joined
Jul 6, 2017
Messages
690
OS
Linux
Antivirus
Default-Deny
#16
The average Joe is a happy guy, who does not care about security.
His antivirus has also been installed by a friend who knows less than he does. is on YouTube listening to music at full volume.
therefore, talking about them is like preaching in the desert:)
 
Last edited:

Slyguy

Level 31
Joined
Jan 27, 2017
Messages
2,096
OS
Other OS
#17
The pathetic state of affairs is not the security vendors. The pathetic state of affairs is that no one is willing to teach the younglings. That's society's job - not ours. This is a digital age and IT security is part and parcel to the digital age. It is a societal problem, not a security soft publisher problem.

Walk into any Best Buy and stop a user who is buying security soft. Start to ask them questions about what they are buying. It will be enlightening. Average Joe is clueless and you know it. "I am buying dis here AV because my neighbor told me its good."
The state of affairs right now is indeed grim.. You see legions of noobs in Microcenter buying stacks of 'smart stuff' thinking they are all cutting edge and cool with absolutely NO idea what they are running or the risks/pitfalls involved. I ran into a guy that has 11 Alexa's in his home. I asked him how his network is setup and he said "I bought a bunch of cheap old routers at garage sales and run those.".. Yup.. 4 different routers, all different DHCP pools, all different SSID's overlapping and interfering and you guessed it - all of them default logins and never patched. People are flat out fools!

Another big issue is - in the old days one could buy any old cheap router, plug it in and they were 'reasonably' secured if they changed the default password. Not so these days, basic routers really are proving to be inadequate because of the incredibly large blended threat surfaces in homes now. In the old days, you could buy a computer, turn it on and install an antivirus and be considered very very safe out browsing and such. These days? That's considered reckless and in short order you'll have exploits, fileless malware and other assorted things even with reasonably good habits. People aren't learning, adapting or even caring.. I've seen countless systems in 2017 where they bought them and tossed one of the big name AV's on it and in 3 weeks it has fileless malware or a coinhive operating on it.

Case in point - my father in-law spent 27 days deciding what blinds to put in a spare bedroom. 27 days talking to people, asking opinions, researching. He asked me 5 times what blinds I thought looked good. He had 2 interior designers out. But when it comes to network or system security he DOESN'T EVEN BOTHER to ask my opinion, do 5 minutes of research or even hire a third party expert.. Nope.. It's a matter of the first free AV he Googles and downloads - 5 minutes - done.

People like this are in the majority and they are hopeless. I've learned to walk away from them and laugh later when they cry about how infected they are and why JoeBob's AV didn't save them when it promised it would.
 

Lockdown

From AppGuard
Developer
Joined
Oct 24, 2016
Messages
3,013
#18
No problems, no primary ways to make money.

Some of those problems are lovable. :love:

The cutie girl who seriously requested malware removal assistance here at MT to "rid her system of the rogue Windows Defender AV" was the most endearing. She was dead serious. And she was equally dead serious when she called people "Jackasses... it is better to be safe than sorry" when they said to her "Are you joking ? Windows Defender is a legitimate part of Windows. Don't you know that ?"

By the way, I am pretty sure that girl was a university student.
 
Last edited:
Joined
Feb 10, 2012
Messages
395
#19
CLT is outdate same as AV test comapred to old malwares.

explain:
1)If you HIT 100% in CLT not mean you are good secured casue from this time exist new other diferent method to atack your system which no exist in this test
2)If you dont even hit 100% in this CLT test is even worst situation as above -,-
 
Joined
Jul 1, 2014
Messages
268
OS
Windows 10
Antivirus
Emsisoft
#20
Abrakadabra"Is it that easy? Or so heavy?"

HIPS the best?
Behavioral Analysis the best?
UAC (User Account Control) or better yet Harden UAC better?
Want the Users not learn ?

claim and reality ..from us..from experts..from Developer ?
Earlier in the 70 years with cpm..Dos and the first home computers.
Have computer interested People put on the computers.
And in that more and more people make that a hobby.
And more and more economic interests of companies played a big role.

Today's computer industry suggests that People "Turn on your computer ... and everything
going as if by itself !

Lockdown say "Security software is not a substitute for user knowledge."
Yes that's right, But there is no "computer-Drive-license" you have to do !

We forums "here and many others worldwide" dealing with the topic employ,
we are the ones trying to solve it and information to to pass on.

And the people who buy something expect it is working
However you think that it works should is normal.

So let us the people enlighten
and help;)