Comodo might come back from the grave

[Decopi]

People who dislike Comodo post over and over again: Comodo has not been updated in two years, is not officially Windows 11 compatible and has over 40 bugs listed in the Comodo forum of which three are serious (one official reported with CVE of over 7 and two bypasses of the sandbox).

People who are in favor of Comodo post over and over again: Comodo in Cruel Sister's config still has a spotless reputation in protection and has never been bypassed in the wild and post that Comodo works on their PC with Windows 11 and are thrilled by the latest post of Comodo CEO promising an update soon.

And there is one Comodo fan-boy very successful in feeding a few pronounced Comodo critics with facts and fables to make this a never ending thread.

Please, allow me to add a third group of people, like me, who do like Comodo, who do love @cruelsister, who do like and used @cruelCF for a long time... and they (including myself) don't think that this thread really is about Comodo and liker/disliker guys/girls.

I'm an old but very passive participant at Malware tips, I read lot of commentaries everyday, but I only participate very but very few times.
And in this opportunity, I decided to speak out because this thread is violating an untouchable golden principle: "Any security software without updates in +2 years, having dangerous bugs for +2 years, not officially compatible with latest OS etc... should not be used".

Therefore, quoting @Trident amazing words:

Well there is no point of arguing but we can't let him and his misleading statements win. It's not about him, it's about reality.

Again, I apologize for complementing your comment, it was important to make clear that I'm not here talking about Comodo or fanboysgirls.
I'm talking about reality.
I'm talking about principles.
I'm talking about any security software regardless likers/dislikers or fanboysgirls.

Thank you

 

[Pico]

The bug is exactly as I described it, and Haibo Zhang who was director of research at Comodo at that time confirmed it. The bug applies to all rule areas of active protections - firewall, HIPS, sandbox. Many rules in one section can have a negative influence on the other sections.

I've experienced the bug as I've described it. My own observation on my own system with CIS version 12. I had just a few HIPS rules on the list and the whole HIPS rules list got erased after a while. It happened over and over again not only once even after a new fresh installs..

lol, you did not look very hard. The warning is in the documentation for every version of Comodo and it has been there since the 4th version.

I may be blind but were is that warning saying: 'causing stability issues'? I only see it 'may lead to endpoint performance issues' which is something totally different meaning it could degrade responsiveness of the system and no word about deleting or corrupting rules or any database.
As I said I can't find that 'causing stability issues' phrase of yours in any CIS user guide.
Please point to that phrase in this official CIS V12 user documentation here : Comodo_Internet_Security_ver.12.0_User_Guide
Thank you.

 

[Ink]

@Oerlink, @Decopi, @Pico and @Trident

You know we are all going to be banned for a week when this thread reaches over 210 posts?

read the forum rules

Based on past experience, Comodo threads tend to have very opinionated comments and views between their user base.

The bigger threat is them having no profile photos.

 

[Pico]

Based on past experience, Comodo threads tend to have very opinionated comments and views between their user base.

The bigger threat is them having no profile photos.

Dear Admin,

I do not have a profile photo, maybe I will add one in the near future.
I would like to let you know and to all the members here that I have been a CIS user for a very long time and I love it and unfortunately I keep running into the same bugs over and over again which is very frustrating.

Thank you for your understanding.

 

[Ink]

I would like to let you know and to all the members here that I have been a CIS user for a very long time and I love it and unfortunately I keep running into the same bugs over and over again which is very frustrating.

Could it be perhaps due to not receiving any program updates in the last 2 years? Does this not indicate that the user bases' concerns are of little interest to the development of their consumer products? Do they not care about any software bugs or critical vulnerabilities in their code?

It doesn't matter if the CEO says a new product is coming, he's not a software engineer, he's not going to get the current version of Comodo fixed. They say things to appease their investors and customers, to keep you reeled in.

The answer is clear from an outsiders perspective. The same cannot be said for any emotionally-attached users for a product line that is, dare I say, abandoned.

It's your decision to either move on, or struggle with a potentially insecure security program.

 

[ForgottenSeer 98186]

Comodo has not been updated in two years, is not officially Windows 11 compatible and has over 40 bugs listed in the Comodo forum of which three are serious (one official reported with CVE of over 7 and two bypasses of the sandbox).

Comodo has not said officially that it is incompatible with Windows 11. Comodo, the company, has said nothing about Window 11. The "bypasses of the sandbox" are not a threat. Comodo made an assessment and decided not to fix them. I am not sure if anyone knows, but many of those bugs on that 40 bug list have been there for years - they have been submitted to Comodo - Comodo has assessed them - and Comodo is not going to fix them.

An AppGuard (Blue Planet-works, Inc) employee under the alias @Oerlink, with fumbling arms, sarcasm, and a little bit of outdated information keeps swirling us into an argument - every time I decide we are done, he is back here. He likes a beef and can be very persistent (I’ve searched him, it wasn’t hard).

I asked you what is AppGuard? What are you talking about?
That's not true about the information not being correct. It is correct. If you keep coming back to "argue," then that is your problem. Nobody is making you do it. You are doing it on your own. Claiming that you have to come back here to respond is my fault is about as asinine a statement as can be made.

I may be going in my grave soon if I have to keep reading this thread.

You do not have to read it. lol

I may be blind but were is that warning saying: 'causing stability issues'? I only see it 'may lead to endpoint performance issues' which is something totally different meaning it could degrade responsiveness of the system and no word about deleting or corrupting rules or any database.
As I said I can't find that 'causing stability issues' phrase of yours in any CIS user guide.
Please point to that phrase in this official CIS V12 user documentation here : Comodo_Internet_Security_ver.12.0_User_Guide
Thank you.

I already said it is irrelevant. There are multiple workarounds. So it is not a problem for a user that knows what they are using. You can interpret it as you wish. Comodo is not going to fix it. E.V.E.R.

Could it be perhaps due to not receiving any program updates in the last 2 years? Does this not indicate that the user bases' concerns are of little interest to the development of their consumer products? Do they not care about any software bugs or critical vulnerabilities in their code?

It doesn't matter if the CEO says a new product is coming, he's not a software engineer, he's not going to get the current version of Comodo fixed. They say things to appease their investors and customers, to keep you reeled in.

The answer is clear from an outsiders perspective. The same cannot be said for any emotionally-attached users for a product line that is, dare I say, abandoned.

It's your decision to either move on, or struggle with a potentially insecure security program.

I have already repeated this like 5 times:

1. CF\CIS is a freeware, and Melih said on the forum he subsidizes it, and he offers it as he sees fit.
2. In the Comodo EULA it says Comodo is not obligated to fix bugs nor provide any updates.
3. There is no dedicated CF\CIS development team.
4. It is wrong to assume that because there have been no updates, that the virtualization protection is broken.
5. Nobody has proven that Comodo protections are in any way diminished on Windows 11.
6. If a person does not like how Melih and Comodo do things, then they can go use another vendor's product.

This is why software developers do not like dealing with home users. Because of their ridiculous insistence that continuous updates are required for software. Updates with two lines of code are released so home users can "feel good."

Why do users keep using Comodo after over a decade of the same never-ending criticisms? Because it provides superb protection that has been proven over time to be exceptional.

 

[ForgottenSeer 98186]

Awards confirm Comodo as the only free product to provide 100% protection against zero-day malware.

May 7 - 2022


AV-TEST results
AV-TEST publishes its research every 2 months to ensure its results are the most up-to-date statement about the protection offered by a solution. The researchers pit each product against a range of real-world attacks and rate each on protection, performance and usability:

• Bulletproof protection. Comodo scored a 100% protection rating against zero-day malware attacks, inclusive of web and e-mail threats. The result repeats Comodo’s 100% performance in the firm’s February survey.
• Superior Performance. Scoring 5.5 out of 6, Comodo beat industry averages in 3 out of 5 categories and offered extremely fast load-times when launching popular websites on high-end PCs.
• Outstanding Usability. With another 6/6 rating, Comodo collected a perfect score of zero false-positives in 3 out of 4 categories. And with just one false-positive out of 1,615,677 scanned files, Comodo beat the industry average 10 times over in the remaining category.

You can find more details on the AV-test results here: https://www.av-test.org/en/antivirus/home-windows/

Best Three Awards in Latest Security Test From AV Lab | Comodo

This blog post explains that Comodo products win three best awards in the latest security test of AV lab. Learn the recent test on cybersecurity here!

blog.comodo.com

 

[Ink]

Nothing is 100%.

Check the date, 2018. Where are you getting July 2022?


Edit: If I recall, wasn't Cloud AV eventually discontinued or merged?

The AV-Test site indicates Comodo was last tested in August of 2019.

Test antivirus software Comodo

The current tests of antivirus software from Comodo of AV-TEST, the leading international and independent service provider for antivirus software and malware.

www.av-test.org

 

[Chuck57]

Oerlink, it's a waste of your time trying to convince them.

It seems most of their whining about bugs is related to Comodo FW HIPS. The simple and obvious solution is, don't use HIPs. There hasn't been a decent HIPS program available since the days of System Safety Monitor or EQ Secure, years ago.

Comodo containment, with just a couple of boxes clicked, offers superb protection. But, you're dealing with people who, because they don't use or like Comodo, think nobody should use or like Comodo. That's what I'm getting from this much too long thread.

Your reply is perfect = don't like it, don't use it. That isn't good enough, though.

 

[ForgottenSeer 98186]

Nothing is 100%.

Check the date, 2018. Where are you getting July 2022?
View attachment 272813

The AV-Test site indicates Comodo was last tested in August of 2019.

Test antivirus software Comodo

The current tests of antivirus software from Comodo of AV-TEST, the leading international and independent service provider for antivirus software and malware.

www.av-test.org

The date on the webpage is 2018. Comodo, like the vast majority of companies, does not update their webpages very often, if at all. Instead they will just sunset a page and create a new one whenever they get around to it. In the case of the webpage that I have linked, Comodo is just adding stuff from after 2018 to it on an ad-hoc basis.

I made a typo saying it was July - 2022.

The date of the AVLab test is May 7, 2022. Lower right corner of the AVLab +++ image (black box).

lol

 

[Ink]

The date on the webpage is 2018.

The date of the AVLab test is May 7, 2022. Lower right corner of the AVLab +++ image (black box).

lol

So you're telling me the 3 tests were not conducted between May 7th-22nd of 2018.

Where does AV-Test show Comodo test results for 2022? Is there membership fee for that?

 

[ForgottenSeer 98186]

Where does AV-Test show Comodo test results for 2022? Is there membership fee for that?

I never said that the AV-Tests were done in 2022. The webpage is dated 2018, but the link to AV-Tests is to the most recent test results, which is 2022.

As far as 2022, there were things done in March and May with Comodo by AVLab.

As far as dates, the only relevance is that Comodo's containment has been proven over the years through various tests to protect systems. This is just as true today as it was in 2010. The fact that there are unfixed bugs has not diminished the protection. If someone insists that the existence of bugs does diminish the protection, then they are free to prove it - and not make statements like "The product has not had any updates so it must automatically be assumed to be insecure."

People here are grasping at straws, trying to use the dates of tests as the basis to discredit Comodo. Comodo was just announced as "Product of the Year" in 2022 for its exceptional results - almost all of which were provided by its containment technology.

Fees charged by AV test labs do not discredit the test results. Only home users make absurd claims that "They paid for the test so we cannot believe the results." That's complete nonsense and baseless.

 

[Pico]

Comodo is not going to fix it. E.V.E.R.

How can you be so self assured in this answer?
Are you CIS CEO or CIS Head of Software Development Department or are in any ways connected to Comodo?

 

[ForgottenSeer 98186]

How can you be so self assured in this answer?
Are you CIS CEO or CIS Head of Software Development Department or are in any ways connected to Comodo?

Because Comodo said so. Not once but multiple times. How did they say it? Comodo development replied "No" to the Comodo forum maintainers on the private bugzilla and they have not fixed it since it was first reported over 10 years ago. I also stated in this thread, not once but twice, that Haibo Zhang (based in China) - the former Director of Research - told me directly that they would not fix it.

Since CF\CIS are freeware products, Melih is never going to tell his development team to re-code the product starting from a "clean sheet." That would be both expensive and be a huge effort that would be a burden on company resources. The commitment of personnel to such a project makes no sense given that there is no revenue from the product. You do not have to believe a word I say. You can ask Melih himself. He'll just repeat what I told you. lol

Maybe you should put more effort into being informed about Comodo, the forum and its products? You have stated multiple things here in this thread based upon false assumptions and ignorance.

 

[likeastar20]

Damn, 12 pages of @Oerlink vs the rest

 

[Chuck57]

I never said that the AV-Tests were done in 2022. The webpage is dated 2018, but the link to AV-Tests is to the most recent test results, which is 2022.

As far as 2022, there were things done in March and May with Comodo by AVLab.

As far as dates, the only relevance is that Comodo's containment has been proven over the years through various tests to protect systems. This is just as true today as it was in 2010. The fact that there are unfixed bugs has not diminished the protection. If someone insists that the existence of bugs does diminish the protection, then they are free to prove it - and not make statements like "The product has not had any updates so it must automatically be assumed to be insecure."

People here are grasping at straws, trying to use the dates of tests as the basis to discredit Comodo. Comodo was just announced as "Product of the Year" in 2022 for its exceptional results - almost all of which were provided by its containment technology.

Fees charged by AV test labs do not discredit the test results. Only home users make absurd claims that "They paid for the test so we cannot believe the results." That's complete nonsense and baseless.

Containment is its strong point. HIPS is not needed, except by those who think it provides 'another layer of protection,' which it may - or may not. IF we see an upgrade in the firewall, they could remove the HIPS feature entirely. The firewall will be just as strong. I've never used its HIPS, because I don't know how it works and never bothered to try to learn. It isn't needed.

 

[ForgottenSeer 97327]

Comodo has not said officially that it is incompatible with Windows 11. Comodo, the company, has said nothing about Window 11. The "bypasses of the sandbox" are not a threat. Comodo made an assessment and decided not to fix them. I am not sure if anyone knows, but many of those bugs on that 40 bug list have been there for years - they have been submitted to Comodo - Comodo has assessed them - and Comodo is not going to fix them.

Memory issues? We had this discussion before, so you I won't bother MT-members with a boring endless loop response. [LINK to my previous response]

 

[Trident]

I asked you what is AppGuard? What are you talking about?
That's not true about the information not being correct. It is correct. If you keep coming back to "argue," then that is your problem. Nobody is making you do it. You are doing it on your own. Claiming that you have to come back here to respond is my fault is about as asinine a statement as can be made.

You asked me what is AppGuard, but on another thread you refer to AppGuard as “we”.
Post in thread 'Zero Trust (Solution Vote)'
Poll - Zero Trust (Solution Vote)

It seems on that thread that you know very well what AppGuard is and you have emotional attachment to the developer of a competitive app as well. All in all you seem to be a very emotional and attaching person.

And once again, you are caught lying.

Could it be perhaps due to not receiving any program updates in the last 2 years? Does this not indicate that the user bases' concerns are of little interest to the development of their consumer products? Do they not care about any software bugs or critical vulnerabilities in their code?

It doesn't matter if the CEO says a new product is coming, he's not a software engineer, he's not going to get the current version of Comodo fixed. They say things to appease their investors and customers, to keep you reeled in.

The answer is clear from an outsiders perspective. The same cannot be said for any emotionally-attached users for a product line that is, dare I say, abandoned.

It's your decision to either move on, or struggle with a potentially insecure security program.

Absolutely true. Btw summer time will come, we’ll see what will be released and fixed.

Nothing is 100%.

Check the date, 2018. Where are you getting July 2022?

It’s there, BUT we don’t see it. For everything our dear @Oerlink shares there is always one big BUT.

Like you have issues BUT Comodo doesn’t owe you a fix.

You have issues BUT the documentation says you will.

When asked to provide a link to this documentation again there is one big BUT….

Always, at all times we see a statement and when we call out this statement as incorrect there is a BUT and counter-statement
Here:

I made a typo saying it was July - 2022.

@Oerlink, instead of preaching about a software that’s less than great for various reasons you mentioned yourself, why don’t you channel your energy in the development of the product you have been hired for? You can’t convince anyone in anything, just accept that nobody owes you anything and we are not obliged to share your point of view.

 

[ForgottenSeer 98186]

Memory issues? We had this discussion before, so you I won't bother MT-members with a boring endless loop response. [LINK to my previous response]

Because you are making a false statement. A low-level employee on the Comodo forum, who is not a member of the development team, can say whatever they want - it is unofficial. Just because they are a Comodo employee doesn't mean their statement is the official position of the company. This is a matter of established consumer law.

@Oerlink, instead of preaching about a software that’s less than great for various reasons you mentioned yourself, why don’t you channel your energy in the development of the product you have been hired for? You can’t convince anyone in anything, just accept that nobody owes you anything and we are not obliged to share your point of view.

I am not preaching for nor promoting Comodo. Nowhere have I explicitly stated "everybody should use Comodo." Nor have I implied it. I am merely pointing out all the false statements being made by others on this thread, like "we must assume Melih is lying" and "a bug is reported on the Comodo forum and it is a serious hole in security."

Everybody knows Comodo is full of bugs. Everybody knows that Comodo is slow to or does not fix bugs. Comodo has faced that criticism for a very long time. It is an accurate criticism. However, Comodo is a freeware and Melih is never going to satisfy your expectations. Why would he? He is under no obligation to spend the money and exert the effort to create a polished product with no bugs. He supplies, what is called in the industry, a "best effort" product for free.

Bugs are annoying, but nobody has demonstrated that any of the bugs represent a serious threat to the system. Not only that, but Comodo's containment has been proven year-after-year, out-of-the-box, to be more effective than all the other default-allow software publishers.

I never said anybody owes me anything. Why you even bring that up is really weird.

I never said anybody has to share my point of view. Everybody can disagree with me all they wish.

You sure do make a lot of assumptions and put words into others' mouths. Unless a person explicitly says something, then you cannot assume anything. That is how language and interpretation of peoples' statements works.

You also make a lot of unsubstantiated claims. If Comodo protections are insecure because of no updates and bugs, then prove it. The burden of proof is on you. You have every opportunity to make a video showing all the weaknesses that you assert exist.

These are such simple things that even a 5 year old can understand them, yet you cannot and you keep on blathering about how unsafe Comodo is. If you prove what you say, then I am all for stating that you were right all along.

All in all you seem to be a very emotional and attaching person.

Why, how nice of you. Thank you. Yes indeed. Those are warm and endearing traits.

 

[Pico]

Because Comodo said so. Not once but multiple times. How did they say it? Comodo development replied "No" to the Comodo forum maintainers on the private bugzilla and they have not fixed it since it was first reported over 10 years ago. I also stated in this thread, not once but twice, that Haibo Zhang (based in China) - the former Director of Research - told me directly that they would not fix it.

Since CF\CIS are freeware products, Melih is never going to tell his development team to re-code the product starting from a "clean sheet." That would be both expensive and be a huge effort that would be a burden on company resources. The commitment of personnel to such a project makes no sense given that there is no revenue from the product. You do not have to believe a word I say. You can ask Melih himself. He'll just repeat what I told you. lol

Maybe you should put more effort into being informed about Comodo, the forum and its products? You have stated multiple things here in this thread based upon false assumptions and ignorance.

What about the 41 other bugs? Are those also not going to be fixed because of what's written in the EULA and requiring too much code rewriting?
What's the use of that 'List of current bugs' on the Comodo Forum when these bugs are not being taken seriously by Comodo and stay there forever?
Just showing a bug list for the fun of it?