Comodo might come back from the grave

[Decopi]

I agree if updates are available you should install them, usually after they've been out for a few days to avoid a "bad" update. IT happens! Meanwhile what I got from your last post was don't listen to subjective comments that a software is good, but if someone posts a message re a "bug" take it to heart, but aren't many bug reports subjective too?? Depends who is making the bog report and also who is reporting something is good...

Many users here are basing their decisions according personal subjective opinions of other participants.
This is wrong!

If you are really interested on Comodo, don't listening to users here.
Go to Comodo' Forum page.
Read the bugs.
Read the critics.
Make your own mind and take your own decision based on your own research.

And no, I don't believe Comodo' forum is subjective.
Lots and lots of users there are reporting same bugs, same critics, same recommendations etc... for years!
And there you have the Comodo official answer to bugs, critics, recommendations etc.
So don't pay attention to fanboy&girls here. Also don't pay attention to me!
Go to Comodo forum page and expend several hours reading years of critics.

If you don't have the time or patience to do that, don't worry. Make the safest move:
1. Wait for Comodo updates
2. Wait for Comodo bugs being fixed
3. Wait for Comodo official statement confirming compatibility with Win 11

In short, deal with Comodo as you should deal with any security software.

 

[overdivine]

I like apples.

 

[ForgottenSeer 98186]

Many users here are basing their decisions according personal subjective opinions of other participants.
This is wrong!

It is not wrong. It is their freedom to make their own choices.

Nobody on this forum said "Use Comodo. Look see, here. My videos. They are proof that Comodo protection is perfect." It is you who is passive-aggressively stating that @cruelsister implies these things with her videos. Her statement "It works me" is not a sweeping statement that other users will not experience a problem. What she is saying, based upon her experience with the product over the years, is that a serious security malfunction is improbable.

You can ask her directly instead of beating around the bush.

And no, I don't believe Comodo' forum is subjective.

Nobody ever said that the Comodo forum is subjective. However, the vast majority of what gets reported there either cannot be replicated or is incorrect.

Software vendors do not fix anything if they cannot replicate the issue reported. Repeated reports and intense discussions do not matter. Cannot replicate; will not fix.

Lots and lots of users there are reporting same bugs, same critics, same recommendations etc... for years!

This has been true for years and Comodo will not change in this regard because Melih has expressed his position on bugs in freeware products.

Do you think that CF\CIS have a dedicated development team? No. That is not the case. There is a single development team at Comodo that Melih directs to work on all his development projects. There is no CF\CIS team at Comodo just waiting for bug reports and then they get to fixing them. That is not how Comodo works. CF\CIS, as freewares, get updates when Melih gets around to making developers free to work on them.

If you don't have the time or patience to do that, don't worry. Make the safest move:
1. Wait for Comodo updates
2. Wait for Comodo bugs being fixed
3. Wait for Comodo official statement confirming compatibility with Win 11

Comodo will make a release and then the next one will be 2 years from now. This is how Comodo has always operated. Long periods of time between updates - UNLESS - someone PROVES there is a serious security breakage in the product. Even then Comodo is slow to release an update.

lol

 

[oldschool]

I like apples.

Especially Cosmic Crisp!

 

[Chuck57]

Especially Cosmic Crisp!

McIntosh, or MacIntosh. I've seen it spelled both ways.

 

[Azure]

Just because Comodo has not made an update or made a statement about Windows 11 does not mean it is ignoring anything.

There is no proof that the Comodo protections are not working on Windows 11. Comodo issuing an update, which will amount to a GUI update and some bug fixes will not improve its underlying security. It does not have to make any adjustments to its protections on Windows 11 unless it is proven that the protections do not work on Windows 11. Melih is not going to direct his staff to go on a fishing expedition to discover all the possible issues on Windows 11 just because it makes users "feel good."

What do people not understand about this?

The other thing is that Melih just does not care what people think and what they post on forums. He has stated as much on his own forum and given the reasons why.


Xcitium takeover? There is no Xcitium takeover. Comodo just changed the name (re-branded) of the product from Comodo to Xcitium. Xcitium IS Comodo.


The custom HIPS rules being created by the user getting deleted does not make the HIPS insecure. Neither does deleting the default HIPS rules which are there for convenience. It is an annoyance more than anything else, but it is understandable that users who want to use the HIPS would be troubled by it.

The bug about the disappearance of HIPS rules has been reported since version 5 and Comodo has said it will never fix it.

It has been a long standing problem that the forum does not keep a list of all the things that Comodo has stated it will not fix. So the same bugs get reported every version. The forum volunteers keep submitting them to Comodo, and Comodo keeps ignoring them because, it has already stated it will not fix the issue.


You have not supplied a single shred of evidence while at the same time making false statements.

Who said "Comodo has no bugs, Comodo does not need updates, Comodo is compatible with Windows 11, Comodo works for me then works for everybody"? Not one person has stated that anywhere on this forum.

Everybody would agree with you if someone here actually said any of those things, but no one has.

Plus you have willfully ignored the facts which have been given to you. For example, you claim that Comodo is censoring bug reports when I've told you twice that sections of the Comodo forum are archived when a new release will be made in the coming months. Comodo has followed this practice from the very beginning of the forum. You keep claiming that Comodo is quashing users on the forum and that is a false statement.


Where did I say that you all are wrong?

Comodo not updating their website to include Windows 11 does not mean a thing. Lots of vendors do not update their webpages in a timely manner. Is that the extent of evidence that is "Proof that Comodo is saying its product is not compatible with Windows 11"?


Why would Comodo ever say that? Comodo has always fixed reports of security problems that it can replicate and confirm as valid.

You are automatically assuming what is reported on the Comodo forum is valid. The fact of the matter is that the vast majority of it is not. That is what the forum volunteers are there for. To sort out the huge mess of things reported on the forum that are not actually any kind of real problem. If what is reported is confirmed to be a serious security issue, then those reports go directly to Comodo. It is not the job of Comodo employees to sift through and confirm all the stuff reported on the forum. What they are responsible for is to review what the forum volunteers submit to them in a private channel\bugzilla. That private channel contains a fraction of what is on the public forum. Why is that? Because, again, most of what gets reported on the forum is not valid.


lol, not one person here said those things.

I do not know what people do not understand about Comodo. There have always been complaints about long time periods between updates. Melih stated the product is free, he subsidizes it, and he provides it at his pleasure as he sees fit. Don't like it? Then don't use the product.

“There is no proof that the Comodo protections are not working on Windows 11. Comodo issuing an update, which will amount to a GUI update and some bug fixes will not improve its underlying security.”

So bugs affecting GUI doesn’t diminishes the protection of the product. Yeah, that makes sense.

“Xcitium takeover? There is no Xcitium takeover. Comodo just changed the name (re-branded) of the product from Comodo to Xcitium. Xcitium IS Comodo.”

I forgot Xcitium was Comodo until I remember it was mentioned here yesterday

“The bug about the disappearance of HIPS rules has been reported since version 5 and Comodo has said it will never fix it.”

Quite unfortunate. Some people would likely love to configure the HIPS rules for their. Also from what I vaguely remember being mentioned in this forum only custom rules were affected.

Thanks. The things you said do make sense

 

[ForgottenSeer 98186]

So bugs affecting GUI doesn’t diminishes the protection of the product. Yeah, that makes sense.

Sure, a bug could diminish the protection, but nobody is providing any proof that such a bug exists. Certain individuals just keep repeating "Bugs are reported on the forum," and yet that person has absolutely no idea what any of those bugs are.

It is wrong to assume that if there are bugs, then in some hidden, unknown way the protection is questionable. One has to provide proof, and not only that, the issue must be reproducible. If it cannot be reproduced, then it won't be fixed.

"There are bugs, so the product is unsafe" is about as incorrect statement that anyone can make.

I can understand those who advocate that users become fully informed about Comodo software. That is a sound bit of advice. But claiming the product is unsafe just because it has not received software updates in two years is incorrect and baseless.

Does everybody know that Windows Firewall has not received a single update in over 15 years? So, by the argument being here based upon the lack of updates, Windows Firewall must be leaving the network door wide open for everybody.

What about AppLocker, Group Policy, Software Restriction Policy, WDAC, Desired State Configuration, Trusted Platform Module, Just-in-Time Administration, etc - all of these get infrequent updates, some have not been updated in nearly 20 years. So they are automatically unsafe?

lol

 

[Pico]

It is not only about HIPS that's being buggy in current CIS version. There are many other bugs on the list. Please visit the Comodo Forum and read the 'List of current bugs' to get an impression of all 42 bugs. And please note that these bugs have been verified / confirmed by Comodo Forum Mods and by Comodo Staff.

 

[goodjohnjr]

I like apples.

Relaxed Natalie Dormer GIF:


Johnny Depp Mela GIF:

 

[simmerskool]

And no, I don't believe Comodo' forum is subjective.
Lots and lots of users there are reporting same bugs, same critics, same recommendations etc... for years!
And there you have the Comodo official answer to bugs, critics, recommendations etc.
So don't pay attention to fanboy&girls here. Also don't pay attention to me!
Go to Comodo forum page and expend several hours reading years of critics.

If you don't have the time or patience to do that, don't worry. Make the safest move:
1. Wait for Comodo updates
2. Wait for Comodo bugs being fixed
3. Wait for Comodo official statement confirming compatibility with Win 11

In short, deal with Comodo as you should deal with any security software.

? what's the difference between reading comments here re CF which you frown upon, and reading comments at comodo forum which you encourage?" (other than a comodo rep might answer your question -- agree that is not nothing, but also not everything) Just looked at comodo forum for CIS but seems not to have one specifically for CF, although I assume there are posts under CIS heading about CF. Under CIS News & Feedback there's 95,048 posts | Help CIS 12,176 | Bug Reports CIS 152. Small percentage of bug reports relative to total posts. I don't doubt that some bugs have gone unfixed. Do those bugs compromise security? I for one am not qualified to answer, unless I experience a breach, I have to rely on reports from others. Is it safe to assume that among the 100,000+ posts at CIS forum, most of those posters continue (continued) to use CF despite the 152 bug report posts? Probably. Sure, it would be nice if CF is updated, and I read that is expected. Will I use it? I might put it on a VM...

 

[ForgottenSeer 98186]

It is not only about HIPS that's being buggy in current CIS version. There are many other bugs on the list. Please visit the Comodo Forum and read the 'List of current bugs' to get an impression of all 42 bugs. And please note that these bugs have been verified / confirmed by Comodo Forum Mods and by Comodo Staff.

This is where the CIS bugs are reported - and NONE of them are confirmed by Comodo. C.O.M.O.D.O. RT is just a community manager\moderator who performs basic triage. They are not a part of Comodo engineering\development. He\she is a go-between for Comodo engineering with the participants on the forum.

Comodo Forum

Comodo community forum to discuss and help people using security products

forums.comodo.com

There are 14 issues in the CIS\CF public bug tracker (there is also the internal\private Comodo bug tracker which the public does not get to see). The interaction between C.O.M.O.D.O. RT and the people on the forum is not a confirmation of anything. That person is just asking questions back-and-forth, providing steps like "uninstall\re-install" and passing information along to developers, if necessary. Nowhere do they state that anybody from Comodo engineering\development "confirms your submitted bug."

It is just amazing how people mis-state the facts.

 

[monkeylove]

No comment re win11, but I ran cruelcomodo on win7 & on win10 for several years and always worked fine, no issues, no malware. That's experience, not a cult.

I think experience has to be informed, such that one can have many users representative of the population, and then test them against various malware. Then results can be verified and shared to the public.

 

[ForgottenSeer 98186]

No comment re win11, but I ran cruelcomodo on win7 & on win10 for several years and always worked fine, no issues, no malware. That's experience, not a cult.

"I call experience, experience."

-- Loki

 

[simmerskool]

I think experience has to be informed, such that one can have many users representative of the population, and then test them against various malware. Then results can be verified and shared to the public.

Tend to agree. I never directly tested CF by intentionally throwing known malware at it. Others have, including @cruelsister. Not sure if CF has been tested in MT Hub. I have not seen (or noticed) comodo at AV-C. I forget the name of the lab that might have tested CF.

"I call experience, experience."

-- Loki

that's what I thought... not sure how "informed" mine was...

 

[ForgottenSeer 97327]

I will spell it out for you... Melih deliberately did not make an update to Comodo when Windows 11 was released. Melih was busy with much more important things.

Thanks for spelling out Melih's messages. A mortal like me does not has access to the inner circle of Comodo's board of directors. We are lucky to have someone like you (one of the chosen ones in direct contact with his Melihness) to explain this thoughts and considerations to us.

Comodo will make a release and then the next one will be 2 years from now. This is how Comodo has always operated. Long periods of time between updates - UNLESS - someone PROVES there is a serious security breakage in the product. Even then Comodo is slow to release an update.

Thanks for this reassuring insight.

 

[ForgottenSeer 98186]

Thanks for spelling out Melih's messages. A mortal like me does not has access to the inner circle of Comodo's board of directors. We are lucky to have someone like you (in direct contact with his Melihness) to explain this to us.


His Melihness words are a bit confusing. Does above also apply to the Comodo forum? As said we are lucky to have one of chosen ones as a member of this forum and explains Melih's words and thoughts to the rest of the world.

Melih explained his position on the Comodo forum. All you need to do is go to forum and read his posts.

He will tell you himself... don't like anything he makes or how he does things, you have the freedom not to use his product.

 

[Zero Knowledge]

OK so you develop a bulletproof security software solution that stops 99.9% of malware and then you just let it slowly die, not fix bugs, not release updates, not improve it and not put any effort or even think about into making it into a successful subscription model, where you pay a yearly fee to use it with which you could make millions?

Doesn't make any sense. Logic does not apply! Maybe there just isn't any money in Firewalls?

 

[ForgottenSeer 97327]

Melih explained his position on the Comodo forum. All you need to do is go to forum and read his posts.

Do you have a link where he tells you that he is not ignoring Windows 11, just to busy with more important stuff? I can't find that on the forum.

Maybe there just isn't any money in Firewalls?

According to business reports, Comodo's turnover was 53.4 million, that is roughly 1/10th of Bitdefender's estimated turnover on that same website. Melih has received 10x this amount of money for his Comodo CA division (now Sectigo), so he has enough money and Xcitium is a healthy organization (income wise). As posted earlier, the Xcitium endpoint protection is basically CIS in CruelSister's configuration, so they use the underlying technology, but the firewall part is not the core proposition, the sandbox is what makes them stand out "default deny with default allow (sandbox) useability". Despite this advantage and relatively low price for managed EDR they are the bottom of the third-tier vendors in the < 50 million company size market (for comparison MalwareBytes and Webroot do much better).

 

[Trident]

This whole debacle is wrong on many levels but mainly because it revolves around a dead product. Even the name of the thread is “Comodo may come back from the grave”.

So it becomes quite evident quite quick that we are talking about a software that’s been phased out.

Is it true that defence+ brings business grade features (sandboxing is frequently reserved for enterprise products, albeit being a bit different there) to home users?
Yes, it is. And it does it for free.

Should the product really be deployed and should we all rush to download it from the website?
I don’t think so.

The product not being updated for 2 years means that it contains a collection of outdated drivers and scanning for malware, emulating (if Comodo uses emulation) as well as running malware in an outdated sandbox MAY (bear in mind I am not saying it WILL but exploring a possibility here) provide malware with more access it could normally have, simply being missed by a regular (if that’s a thing) antivirus. Once a malware is able to obtain kernel access, it could bypass a whole stack of defences.

It is wrong to assume that default-deny is the panacea that will sort all your malware problems out as there are ways to go around default-deny, as well as reputation monitoring by using signed malware.

According to a Trend Micro report which can be found below, there is a vast amount of malware being signed.

Understanding Code Signing Abuse in Malware Campaigns

Using a machine learning system, we analyzed 3 million software downloads, and provide insights in this three-part blog series. In this part of this series, we discuss the problems regarding code signing abuse.

www.trendmicro.com

https://documents.trendmicro.com/assets/wp/wp-exploring-the-long-tail.pdf

I also urge readers to have a look at this article about threats to Windows kernel:

https://documents.trendmicro.com/assets/white_papers/wp-an-in-depth-look-at-windows-kernel-threats.pdf

It is also wrong to assume that default-deny is something exclusively patented by, and reserved for Comodo. There are various different implementations of default-deny, with the most notable being the App Control by Kaspersky, but products like Avast/AVG with hardened mode, Trend Micro and Norton have light implementations as well.

Antimalware products should be designed carefully, always with security and potential exploits in mind. All third-party libraries MUST be updated as soon as possible and the AV engine must be heavily contained& restricted. Automatically capturing every downloaded file with outdated engines could lead to a 0-click exploit.
Even vendors like Norton have been on the news for not updating libraries: Symantec security flaws are "as bad as they get," says researcher

And just because nobody has been interested to test Comodo properly and document any security holes, or because 2-3 people on MalwareTips “never had any issues”, doesn’t mean that the product is not plagued with security holes. Or that security holes haven’t been exploited out there. We all remember articles about AV drivers being abused.

Delicately swinging and re-shaping words around in a lawyer-like matter to support a favourite product of choice (E.g. no updates are needed cuz it’s already ahead of its time, nobody said the product is not compatible with Windows 11, there is no evidence of bugs) can’t change the FACTS.
And what are the facts?

1. This is a free product and in today’s inflation, as well as with the costs to develop, manage and distribute a product there is no way you can have a great antivirus when nobody pays for it.

2. This is now an outdated product in a world where threats evolve quickly and other vendors distribute monthly updates/fixes + up-to-the-minute threat intelligence updates.

3. Product offers below minimum support and should absolutely be avoided by novice users who may not know how to handle certain situations.

4. The product was released before Windows 11 was officially distributed by Microsoft. There is no official statement that says “Stop! Do not use on Windows 11!” but there is also no official statement “Yes! We are compatible.”

5. Bugs have been reported for ages. How many of these are true, accurate, widespread, how many can be reproduced is not that important.
Users are facing issues and there is nobody to help.

6. There is no evidence of the design being flawed, but also there is very little information that it is secure.
For example, can anyone supporting Comodo provide any light on whether the AV engine runs with a wrapper around, or whether the drivers used by ViruScope, anti-malware engine and sandboxing are protected by abuse? Comodo has no bug bounty (just saying).

I personally would not recommend, use or condone/support a product of this nature.

 

[Decopi]

? what's the difference between reading comments here re CF which you frown upon, and reading comments at comodo forum which you encourage?"

You can read here whatever you want.
But there is a difference! Even if here you have the most expert Comodo guy, at Comodo forum you always will have the Comodo official answer.
And even if the Comodo official answer is wrong or a lie (which most of the time is), that answer makes Comodo Forum non subjective.
Therefore, any opinion about Comodo should only be based on Comodo Forum or Comodo page.
What fanboys&girls are doing here is to defend Comodo without evidences, against reality, and based on their subjective opinion where the fallacy is: "If it works for me, then it works for everybody".

Just looked at comodo forum for CIS but seems not to have one specifically for CF

Yeap, look again, there are lot of reported bugs for every home product.
Just remember that Comodo uses to delete an entire thread at every update. So, at Comodo forum you really can't see the whole dangerous problem with their products.
Even worse, as censorship, Comodo unilaterally deleted the 3 years old thread where lot and lot of users posted hundreds of bugs... and Comodo did that without updating its products.

Under CIS News & Feedback there's 95,048 posts | Help CIS 12,176 | Bug Reports CIS 152. Small percentage of bug reports relative to total posts.

Firstly, please, read again my answer above, Comodo deletes threads, so you never will know the proportion of bugs.
Secondly, it's not a matter of "quantity", but is a matter of "quality". Even one single dangerous bug is enough to stop recommending Comodo.
You should not use security products that are not well maintained. Period.

Do those bugs compromise security?

Please remember, is the whole package:
1. Lack of updates +2 years
2. Lack of upgrades +2 years
3. Lack of fixed bugs +2 years
4. Lack of oficcial Win 11 compatibility
5. Shady attitudes at Comodo' forum
6. Etc

Now, please answer yourself: If fanboys&girls argument is that "Comodo is so good that doesn't need anything"... why Comodo doesn't say that?
The reality is that Comodo is not so good. It doesn't exist such miraculous product that is so good that doesn't need nothing.
Fanboys&girls are out of reality (Cognitive Dissonance), they speak in the name of Comodo or in the name of their employees, CEO or etc... fanboys@girls words sound as Sumum Priests of the Temple Guardians Of Comodo God... but in reality fanboys&girls are just regular guys like you and me. Better to trust yourself than to trust them.

I have to rely on reports from others.

It's your right.
But then, with all due respect, I don't think you need to keep writing me or asking me.
If you choose any software based on "trusting" subjective opinions... go ahead, good for you!... but then I'm not the right person to answer your questions.
I deal with rationality and facts, I don't deal with "religious beliefs".

Is it safe to assume that among the 100,000+ posts at CIS forum, most of those posters continue (continued) to use CF despite the 152 bug report posts? Probably. Sure, it would be nice if CF is updated, and I read that is expected. Will I use it? I might put it on a VM...

You need to put your assumptions under context.
Comodo is a very old company... and Comodo never was capable to rank in first places.
Every year Comodo invents a new stroboscopic weird product... and Comodo fails.
Comodo is a quiet shitty company.

My final word to you is: Deal with Comodo as you should deal with any other security software. Don't make exceptions for Comodo, just because you 'trust" users here with subjective opinions.

And my most important message is: If Comodo will be updated, upgraded, bugs fixed, Win 11 compatibility etc... then I'll recommend (only) CF with @cruelsister settings.