Comodo might come back from the grave

[Trident]

Sure. Users can say anything. Nobody is stopping all the posts being made on this thread by those who claim there are "very serious holes" in Comodo security, but supply no evidence and do not even understand the potential of malicious action in a 20 word sentence in a bug report.

Investors, shareholders, profit do not apply to Comodo. That company is not reliant upon what users on MalwareTips thinks. Comodo is privately owned, and Melih has made enough money without CF\CIS to start his own venture capital firm.

Again, users don’t have to know and understand, this is not an exam here and it’s not a court hearing. You are not a jury.

A concerned user sees a CVE report and shares it with other users, saying this is a vulnerability (which it is, since it is there). They are not obliged to create a PoC (frequently that is uploaded together with a patch for a CVE to be issued) and they don’t have to prove you or anyone else what they say. You failed to prove any of your statements too… just so you know.

 

[cruelsister]

By the way, also is good to remember that years ago Comodo Firewall allowed malware to pass (inside CCleaner) because Comodo itself released the certificate

Although this thread has descended into silliness, it should at least be accurate: file was countersigned by Symantec:

 

[Decopi]

Although this thread has descended into silliness, it should at least be accurate: file was countersigned by Symantec:

Here the point is that Comodo Firewall with your settings passed the malware.
It doesn't really matter "why" or 'how", because the specific contested argument here was the fallacy wrongly affirming that Comodo Firewall is perfect.
Everything has a context. And that's the context of that fallacy and the reality.

 

[ForgottenSeer 98186]

Again, users don’t have to know and understand, this is not an exam here and it’s not a court hearing. You are not a jury.

A concerned user sees a CVE report and shares it with other users, saying this is a vulnerability (which it is, since it is there). They are not obliged to create a PoC (frequently that is uploaded together with a patch for a CVE to be issued) and they don’t have to prove you or anyone else what they say. You failed to prove any of your statements too… just so you know.

The person who said there are "serious security holes" also included bug reports on the Comodo forum. That person does not understand what is reported and their claim that "there are at least 3 serious security holes in Comodo security" is false. So your assertion that "a user is just sharing a CVE with others" is not quite correct. That person is saying additional things that are not proven to be any kind of real liability. That person is making statements based upon assumptions that are also not correct.

I am not making any baseless claims. So I have nothing to prove.

 

[Trident]

Here the point is that Comodo Firewall with your settings passed the malware.
It doesn't really matter "why" or 'how", because the specific contested argument here was the fallacy wrongly affirming that Comodo Firewall is perfect.
Everything has a context. And that's the context of the that fallacy and the reality.

@cruelsister is just correcting the fact that it was signed by Comodo - it may have been signed by Symantec before they sell their division due to mismanagement.

Btw I hope nobody has said before that the product is perfect and nothing can bypass it… This statement would be very unrealistic. I am yet to see this perfect defence that nothing can evade.

 

[Bumblebee Uncle]

No. Melih needs to make no apologies. He provides a freeware protection and does not owe anybody anything. If anybody does not like how he does things, then they can use another vendor's product.

So why would Melih ever need to make an apology?


Nothing is wrong with me.


Where am I worshipping and adoring Melih?

I merely copy-pasta'd Melih's posts he made on the Comodo forum. Melih speaks for himself.


Merely proving that people here are making statements that are not factual. That is all.

Apologist means someone who defends others constantly. It is a term used in Christian circles for defenders of the Christian faith! Guess we have a new faith - Comodoaith! This is heights @Oerlink - let it go!

 

[ForgottenSeer 98186]

because the specific contested argument here was the fallacy wrongly affirming that Comodo Firewall is perfect.

Who, and where, did anybody say that "Comodo Firewall is perfect"?

How could you even interpret or reach that conclusion based upon ANYTHING anybody posted in this thread and elsewhere on this forum about Comodo?

Apologist means someone who defends others constantly. It is a term used in Christian circles for defenders of the Christian faith! Guess we have a now faith - Comodoaith! This is heights @Oerlink - let it go!

Where am I defending anything?

Someone makes a post here and in it states things that are not factually correct. I supply evidence that proves them wrong. That is not defending anything or anybody.

If you all are going to make claims about Comodo, then you have to prove those claims with evidence. Saying "It has bugs and has not been updated in 2 years, and on that basis it is insecure" is just baseless "drivel" and ranting.

And what, exactly, do Christians have to do with Comodo? What are you talking about? How would you get that the word "apologist" is a Christian thing? The word "apologist" has absolutely nothing to do with Christians.

 

[Decopi]

@cruelsister is just correcting the fact that it was signed by Comodo - it may have been signed by Symantec before they sell their division due to mismanagement.

Btw I hope nobody has said before that the product is perfect and nothing can bypass it… This statement would be very unrealistic. I am yet to see this perfect defence that nothing can evade.

Thank you.
Yeah, perhaps was Symantec, no problem. But I meant to say that the certificate is not the point at all, irrelevant, due to the context.
And yeah, it was said, many times: "Unbeatable", "Perfect", "Doesn't need upgrades nor updates", "Never failed", "it catches everything" blah blah blah

 

[Trident]

@Oerlink we supplied enough evidence but we didn’t see you proving anything. Nothing you say is supported with any external references whilst I’ve provided plenty. Whilst you may think that you have great knowledge about everything and you may be knowledgeable indeed (you may be a developer at AppGuard as well), we don’t know who you are and we need evidence. So far we see none.

So you see how we conclude you are a fanboy?

 

[Bumblebee Uncle]

You have lost all credibility. You have systematically demonstrated that you do not even care to read other people's arguments! I used the word apologist because it means something and you are being an apologist for Comodo. To offer perspective, I gave an example. Let me direct you to the dictionary meaning of the term:

You have systematically demonstrated that you do not read what other people write - this being an example. Nothing you would say moving forward will have any credibility - at least in my eyes! Good luck being an apologist for a product which has had numerous bugs over the years! All the best with your needless ranting!

 

[ForgottenSeer 98186]

@Oerlink we supplied enough evidence but we didn’t see you proving anything. Nothing you say is supported with any external references whilst I’ve provided plenty. Whilst you may think that you have great knowledge about everything and you may be knowledgeable indeed, we don’t know who you are and we need evidence. So far we see none.

So you see how we conclude you are a fanboy?

What do I have to prove?

I repeated what Melih said and supplied screenshots of the posts he made on the Comodo forum.

 

[Azure]

@Oerlink we supplied enough evidence but we didn’t see you proving anything. Nothing you say is supported with any external references whilst I’ve provided plenty. Whilst you may think that you have great knowledge about everything and you may be knowledgeable indeed (you may be a developer at AppGuard as well), we don’t know who you are and we need evidence. So far we see none.

So you see how we conclude you are a fanboy?

But he did.

Melih claims that big report are being evaluated (so they can decide if they do indeed to be fix or not)

How to be secure when Detection fails - Comodo Internet Security - CIS | Page 3

Literally every endpoint security product out there can only provide protection and keep you secure only and “ONLY” if they can detect a threat. W

forums.comodo.com

And that the code base was “never stopped being developed for better security”

How to be secure when Detection fails - Comodo Internet Security - CIS | Page 3

Literally every endpoint security product out there can only provide protection and keep you secure only and “ONLY” if they can detect a threat. W

forums.comodo.com

In addition he Oerlink already gave example of products that haven’t been updated in more than 10 years.

Personally, right now, with all this information, my worry of “Comodo hasn’t been updated in two years” has diminished.

Sure it would be nice if things like hips rule bug were fixed. But it sounds like the product can still protect users. And that’s good.

 

[Trident]

Melih claims they are being evaluated but there is no evidence on that either. In contrast, Avast Free for example receives updates on monthly basis. So do Kaspersky and Bitdefender Free. 2 years is a bit long for someone to “evaluate” bugs.

They never stopped developing, yet from Comodo 4.7 in 2008 to the version now in 2023 I barely see anything new… I mean fair enough @Oerlink is basing their claims on that, but this is obviously utter rubbish and dust in people’s eyes.

This is what we are talking about here.

 

[ForgottenSeer 98186]

You have lost all credibility. You have systematically demonstrated that you do not even care to read other people's arguments! I used the word apologist because it means something and you are being an apologist for Comodo. To offer perspective, I gave an example. Let me direct you to the dictionary meaning of the term:

View attachment 272733

You have systematically demonstrated that you do not read what other people write - this being an example. Nothing you would say moving forward will have any credibility - at least in my eyes! Good luck being an apologist for a product which has had numerous bugs over the years! All the best with your needless ranting!

This is your post. You used the word "Christans." Do you not even know what you are posting? I will ask again "Why would you use Christians as an example?" It is very odd.



I do not need to apologize for Melih, Comodo or the Comodo products.

Everybody knows Comodo products are full of bugs. They have been that way since the very beginning. It is software. Software has bugs.

Do you actually believe that all the complaining about Comodo having many bugs is going to make it change? People obviously keep using Comodo. It is nice that you have a care on their behalf, but they probably just don't care.

If you do not like how Comodo does things, then you have the freedom to use another vendor's product.

Melih claims they are being evaluated but there is no evidence on that either. In contrast, Avast Free for example receives updates on monthly basis. So do Kaspersky and Bitdefender Free. 2 years is a bit long for someone to “evaluate” bugs.

What do you mean there is no evidence? The Comodo development team worked a long time on Xcitium. It IS the CF\CIS code base. So Melih's statement that "we are constantly developing the core code" is factually correct.

That is not true at all. Avast, Bitdefender and Kaspersky do NOT make monthly major updates. Bitdefender and Kaspersky make semi-annual or annual major updates to their security modules in their General Availability products. They also release fixes for bugs that have proven to negatively affect security - and those kinds of bug fixes are rare.

Why would Comodo need monthly updates? For what? There is no proof that its virtualized protection mechanisms need any kind of update. The Viruscope gets signature updates when needed. Comodo does not rely upon signatures. So what evidence do you provide that it needs monthly updates?

They never stopped developing, yet from Comodo 4.7 in 2008 to the version now in 2023 I barely see anything new…

What "new" stuff does Comodo need to implement in the CF\CIS product? The protection mechanisms do not need anything "new" until it is proven that they do not work.

I mean fair enough @Oerlink is basing their claims on that, but this is obviously utter rubbish and dust in people’s eyes.

This is what we are talking about here.

So your objection is not based upon any facts, just an assumption that Melih is lying.

 

[Pico]

Bug number 20 is 10 years old.
Happy anniversary!
Live long and prosper.

 

[ForgottenSeer 98186]

Bug number 20 is 10 years old.
Happy anniversary!
Live long and prosper.

So what? Microsoft and Linux kernel developers did not fix bugs that were 20 years old that got exploited and caused tens of millions of dollars in losses.

That never happened to Comodo.

Everybody knows Comodo is full of bugs and bugs do not get fixed. It has openly stated that it will not fix certain classes or types of bugs. The company is NOT going to change. So what is everybody's point?

 

[Trident]

So your objection is not based upon any facts, just an assumption that Melih is lying.

When somebody claims they are sweating in hard work on their product, yet you see their product is very similar to what it was when Norton 2009 was in beta and Avast had a car player UI skin, you can only assume they are lying. And again, you have no evidence this protection mechanism is perfect. You don’t have evidence on anything you say, you just perform a keep-alive on the argument with no real proof on anything.

Have you downloaded every piece of malware you could find and tested Comodo against it?

You’re also contradicting yourself regularly. In previous posts you said “who said Comodo doesn’t need updates” and stated “nobody said the product is perfect”. Now you are claiming no updates are necessary.

Security software is not do-once-and-forget. It is an ongoing commitment. Commitment Comodo apparently hasn’t made.

 

[Pico]

So what? Microsoft and Linux kernel developers did not fix bugs that were 20 years old that got exploited and caused tens of millions of dollars in losses.

That never happened to Comodo.

Everybody knows Comodo is full of bugs and bugs do not get fixed. It has openly stated that it will not fix certain classes or types of bugs. The company is NOT going to change. So what is everybody's point?

Why don't you want Comodo to change?

 

[simmerskool]

Therefore, any opinion about Comodo should only be based on Comodo Forum or Comodo page.
...So, at Comodo forum you really can't see the whole dangerous problem with their products.
Even worse, as censorship, Comodo unilaterally deleted the 3 years old thread where lot and lot of users posted hundreds of bugs... and Comodo did that without updating its products.
...Firstly, please, read again my answer above, Comodo deletes threads, so you never will know the proportion of bugs.
...
Comodo is a quiet shitty company.

It is clear you do not like comodo ("is a quiet (sic) shitty company"). To me you seem somewhat scattered re forum reading. You say to only read about comodo at comodo forum and then you say you cannot really trust the comodo forum due to censorship and deleted threads. So far I have not seen a link to an independent lab testing CF, but vaguely recall this might have happened in past. And many of user here take the reviews of independent labs with a 'grain of salt'. So you do not like comodo, but when comodo says CF is updated & compatible with win11, use it if you like? I have no strong opinion about comodo as a company. I question the logic of some of your posts. You seem more of a comodo anti-fanboy? I understood the point of this thread is we all agree CF has not been updated, but does that in itself mean CF is breached and no longer secure. @cruelsister say it is secure, you disagree. Got it!

 

[ForgottenSeer 98186]

Why don't you want Comodo to change?

Why would you want Comodo to change for the worse?