Comodo might come back from the grave

[Trident]

It is clear you do not like comodo ("is a quiet (sic) shitty company"). To me you seem somewhat scattered re forum reading. You say to only read about comodo at comodo forum and then you say you cannot really trust the comodo forum due to censorship and deleted threads. So far I have not seen a link to an independent lab testing CF, but vaguely recall this might have happened in past. And many of user here take the reviews of independent labs with a 'grain of salt'. So you do not like comodo, but when comodo says CF is updated & compatible with win11, use it if you like? I have no strong opinion about comodo as a company. I question the logic of some of your posts. You seem more of a comodo anti-fanboy? I understood the point of this thread is we all agree CF has not been updated, but does that in itself mean CF is breached and no longer secure. @cruelsister say it is secure, you disagree. Got it!

Well essentially this is what forums are for.
For people to doubt, discuss and share.
Everyone decides who to believe. The problem for me is I have no real evidence of this super secure design and I haven’t seen any product that can’t be evaded one way or another. For some it’s inflated (padded) samples, for others its signed, for third it’s scripts.
And these are constantly updated products.

Claims that a seemingly abandoned product with technology from the early 2000s can not be bypassed in any way seem first of all unrealistic and second of all, no evidence is attached to that.

Such claims mislead users and give them false sense of total security that doesn’t exist anywhere. There is always one vector that is not covered.

 

[ForgottenSeer 98186]

Well essentially this is what forums are for.
For people to doubt, discuss and share.
Everyone decides who to believe. The problem for me is I have no real evidence of this super secure design and I haven’t seen any product that can’t be evaded one way or another. For some it’s inflated (padded) samples, for others its signed, for third it’s scripts.
And these are constantly updated products.

Claims that a seemingly abandoned product with technology from the early 2000s can not be bypassed in any way seem first of all unrealistic and second of all, no evidence is attached to that.

Such claims mislead users and give them false sense of total security that doesn’t exist anywhere. There is always one vector that is not covered.

Where on this forum, anywhere at any time, did anyone say "Comodo cannot be evaded or not bypassed"?

Nobody is making that claim. So why is it even in your mind? It is really, really odd.

I already know whose post you think claims "Comodo cannot be bypassed," and that is cruelsister's statement of "It (CF) works for me." It is absurd that you would extrapolate her statement to "She is telling everybody here that Comodo cannot be bypassed." You are putting words into people's mouths and assigning false meaning to others' posts.

 

[Decopi]

You don’t have evidence on anything you say

You're totally right.

you just perform a keep-alive on the argument with no real proof on anything.

You're totally right, again.
I said similar thing in the very beginning: The Chosen One never was interested in evidences. He only wants to gain the debate, at any cost.
The Chosen One knows that normal people are not going to waste their time with the stupid things that are being said here, and at some point normal people (tired) will give up. And finally The Chosen One will have the last word. He counts on that!

You’re also contradicting yourself regularly.

Absolutely right. The list of his contradictions grows at every single comment he makes.
But The Chosen One doesn't care.
He is an obsessive having pleasure by systematically bulling each argument against his arguments. If at any point people get tired and stop arguing with him, then The Chosen One will start to attack Comodo, just for the sick of the pleasure of bullying someone saying something against him.

Or as I said, perhaps he is just a simple worker, gaining his daily payment from Comodo or from whatever.

 

[simmerskool]

Therefore, any opinion about Comodo should only be based on Comodo Forum or Comodo page.
...So, at Comodo forum you really can't see the whole dangerous problem with their products.
Even worse, as censorship, Comodo unilaterally deleted the 3 years old thread where lot and lot of users posted hundreds of bugs... and Comodo did that without updating its products.
...Firstly, please, read again my answer above, Comodo deletes threads, so you never will know the proportion of bugs.
...
Comodo is a quiet shitty company.

It is clear you do not like comodo ("is a quiet (sic) shitty company"). To me you seem somewhat scattered re forum reading. You say to only read about comodo at comodo forum and then you say you cannot really trust the comodo forum due to censorship and deleted threads. So far have not seen a link to an independent lab testing CF, but vaguely recall this might have happened in past, although many here take independent lab tests with a 'grain of salt.' So you do not like comodo, but when comodo says CF is updated & compatible with win11, use it if you like? Ok. I have no strong opinion about comodo as a company. I question the logic of some of your posts. You seem more of an anti-fanboy than a neutral observer. I understood this thread was about whether CF was dead due to lack of updates such that it is no longer secure and protective. @cruelsister chimed-in that it remains secure and safe. You disagree. Got it.

 

[Trident]

@Oerlink bypassed and evaded is essentially the same, but let’s leave my thesaurus and focus on various statements in this discussion.

It has been implied more than once in this discussion that Comodo can not be worked around, as nothing can escape its virtualisation.

I do not see any whitepaper being shared that explains the technology in-depth, but if it is developed as most default-deny and reputation monitoring technologies, a class 3 signature would automatically assign trust to the file.
Unfortunately, class 3 signatures can now be obtained by impersonating companies, breaches, cert dumping and various other methods.

There is a vast majority of malware that is signed and this is supported by Trend Micro research which covers code signing abuse pretty well.

The statement that “nothing will escape virtualisation” is hence incorrect and the statement that Melih made in a video where he cut his credit card “when there is a new virus you not gonna know about it but containment will help” is false too.
So is your statement that “there is no evidence that protection mechanisms don’t work”.

 

[ForgottenSeer 98186]

When somebody claims they are sweating in hard work on their product, yet you see their product is very similar to what it was when Norton 2009 was in beta and Avast had a car player UI skin, you can only assume they are lying.

You are vastly exaggerating the current state of CF\CIS, but it fits in with your other factually-incorrect statements.

As I've stated multiple times, CF\CIS does not have a dedicated development team. The engineers were working on Xcitium for a long while and before that they were working on other projects. CF\CIS is a freeware product and Melih is not going to devote an entire development team to it full-time. When there is time, he will direct them to work on CF\CIS. Otherwise he needs them to work on projects at his MSSP company and on the enterprise side.

"you can only ASSUME that they are lying."

No. This statement is based upon ignorance and bias. You have willfully ignored the explanations that Melih provided, because you are not interested in it. You are anti-Comodo, and that is fine, but nobody can take your odd opinions and baseless statements seriously.

 

[Pico]

Why would you want Comodo to change for the worse?

Do you call product improvements change for the worse?
You like to vote conservative instead of progressive and being afraid of moving forward for some unknown reason.

 

[ForgottenSeer 98186]

It has been implied more than once in this discussion that Comodo can not be worked around, as nothing can escape its virtualisation.

This is not true. Nobody on this forum implied, anywhere, that Comodo cannot be "worked around."

I do not see any whitepaper being shared that explains the technology in-depth, but if it is developed as most default-deny and reputation monitoring technologies, a class 3 signature would automatically assign trust to the file.

Comodo has released whitepapers repeatedly, not that it is necessary. You didn't even bother to look. It took a 5 second Google search to locate this (the technology is identical in CF\CIS):

https://enterprise.comodo.com/whitepaper/AEPWP_2WEB112216.pdf?track=8994

a class 3 signature would automatically assign trust to the file.

lmfao, no. Just no. That is not how Comodo works. You don't even know how Comodo interprets file signatures. You are just speculating with utter nonsense. Comodo does not grant signed files "known good" or "allow" status just because the Authenticode signature is from a valid certificate authority.

Unfortunately, class 3 signatures can now be obtained by impersonating companies, breaches, cert dumping and various other methods.

This has been true since before 2000, so what is your point? While it is possible, it happens infrequently. Nobody said that Comodo could not be bypassed with stolen legitimate certificate, but it takes more than just a valid signature. So It is bizarre that you are even making this argument. This very issue was discussed years ago on the Comodo forum and here.

You are referencing Trend Micro research (which nobody disputes), but then speculating and misapplying it to Comodo because you do not even know how it works.

 

[goodjohnjr]

For a while now, I think that this thread has sadly become a circular argument(?) that will not progress any further:

Fight Fighting GIF By LLIMOO:



I think that those who have decided to ignore certain evidence / arguments / et cetera clearly have sadly (I was especially curious for some of the response(s) of some esteemed members, which did not happen, sadly), those who have decided to share their points-of-views / beliefs / experiences / evidence / et cetera have, those who have decided to learn things / open their minds have, those who have decided to keep their own version(s) of reality have, et cetera.

The Shield Fighting GIF By WWE:



Cultmodo Comodo as a topic is pretty powerful, I see that has not changed, I was once caught up in it too years ago, years ago I was ready to replace all of my software with each new Comodo product; I used to be amazed to see that a CEO would sometimes comment in the forums, I still respect that.

It was interesting getting an update on the state of things after all of these years thanks to this thread.

I think that we should take what we learned here and move on, for now, as we continue to watch what Comodo does or does not do in the near future.

I would like to thank those who have contributed to this discussion, especially those who presented evidence and actually responded to evidence instead of ignoring it, whether we agreed or not.

 

[ForgottenSeer 98186]

Do you call product improvements change for the worse?
You like to vote conservative instead of progressive and being afraid of moving forward for some unknown reason.

Comodo is making product improvements. Melih said multiple times that they will be making an update release in the future.

So that's the kind of person you are... you're going to bring politics into a discussion about software?

 

[simmerskool]

Well essentially this is what forums are for.
For people to doubt, discuss and share.
Everyone decides who to believe. The problem for me is I have no real evidence of this super secure design and I haven’t seen any product that can’t be evaded one way or another. For some it’s inflated (padded) samples, for others its signed, for third it’s scripts.
And these are constantly updated products.

Claims that a seemingly abandoned product with technology from the early 2000s can not be bypassed in any way seem first of all unrealistic and second of all, no evidence is attached to that.

Such claims mislead users and give them false sense of total security that doesn’t exist anywhere. There is always one vector that is not covered.

Right but one of the posters was saying do not read about comodo at MT?? I don't recall @cruelsister saying that CF "cannot be bypassed in any way" but only that her tweaks make it secure for her and provides videos with text for users. Long ago, I tried CF on win7 & win10 and it worked for me, but I would not claim "perfectly" but also did not get infected. If anything, CF put apps in sandbox that did not need to be in sandbox. Agree updates would be nice if they don't bork. Security is a moving target. Meanwhile is it safe to use CF, some say yes, some no. MS won't let this pc update to win11 so that part of the discussion is not relevant for me, and it would be irresponsible for me to comment about CF on win11, ie, no experience w/win11.

 

[Chuck57]

When somebody claims they are sweating in hard work on their product, yet you see their product is very similar to what it was when Norton 2009 was in beta and Avast had a car player UI skin, you can only assume they are lying. And again, you have no evidence this protection mechanism is perfect. You don’t have evidence on anything you say, you just perform a keep-alive on the argument with no real proof on anything.

Have you downloaded every piece of malware you could find and tested Comodo against it?

You’re also contradicting yourself regularly. In previous posts you said “who said Comodo doesn’t need updates” and stated “nobody said the product is perfect”. Now you are claiming no updates are necessary.

Security software is not do-once-and-forget. It is an ongoing commitment. Commitment Comodo apparently hasn’t made.

Cruelsister has hammered Comodo firewall with a LOT of malware of all types through the past few years, trying to beat it. She says she hasn't been able to yet, and would be the first to admit it if/when she does. I believe her and her word is good enough for me.

 

[Trident]

@Oerlink so you are claiming that Comodo virtualises everything in a 0-trust manner, without ever looking at file signatures and without excluding anything whatsoever?
How does Comodo interpret signatures?
And do you have any evidence black on white, published by Comodo

Btw what you’ve link is not a technical paper but a marketing solution brief. Have you got anything else to support your claims that “this is not how Comodo interprets signatures”?

 

[ForgottenSeer 98186]

@Oerlink so you are claiming that Comodo virtualises everything in a 0-trust manner

I never said that.

without ever looking at file signatures

I never said that.

and without excluding anything whatsoever?

I never said that.

How does Comodo interpret signatures?

You do not even know? So that is why you talk so much nonsense about "digital signatures will automatically bypass Comodo."

And do you have any evidence black on white, published by Comodo?

There are whitepapers on the Comodo website. You can find them.

 

[Trident]

I’m not gonna browse Comodo’s outdated website looking at them. You claim we don’t know how the product interprets file signatures. I know very well how it interprets them, but I am waiting for your evidence. I asked you for a whitepaper on how the technology works in-depth, where is it?

Or is it just that Comodo never published any?

Supply your evidence now, showing that “we don’t understand Comodo’s technology and this is not how it interprets file signatures”. Otherwise your statement will automatically be deemed a lie, just like all your other statements so far.

 

[ForgottenSeer 98186]

I’m not gonna browse Comodo’s outdated website looking at them.

If you are not willing to read them, then how can you know what you are talking about?

I asked you for a whitepaper on how the technology works in-depth, where is it?

It is in the Comodo documentation. The documentation is over 1000 pages. Then there are the whitepapers.

True or False - - CF\CIS has a setting to turn off the Trusted Vendor's list?

True or False - - the user can delete the Trusted Vendor's list?

True or False - - Comodo will remove digital signatures from the allow list that are suspicious?

Otherwise your statement will automatically be deemed a lie, just like all your other statements so far.

You’re just upset because the truth hurts.

 

[brambedkar59]

Comodo I always found aggressive but above all dangerous...it once crashed a machine because it prevented Windows from doing its updates! As soon as I had this incident, I uninstalled it.

Had to do Win 10 clean install once because CF refused to uninstall properly. I think I stopped using CF sometimes after that incident.
Found the post.

 

[ForgottenSeer 97327]

True or False - - the user can delete the Trusted Vendor's list?

True, but after cleaning up (removing signatures of vendors not on your system), an update would reinstall the default list again. Luckily this bug is not annoying anymore because Comodo gets no updates.

That is why I switched to WDAC using a slimmed down signatures whitelist.

 

[oldschool]

an update would reinstall the default list again. Luckily this bug is not annoying anymore because Comodo gets no updates.

 

[Trident]

True, but after cleaning up (removing signatures of vendors not on your system), an update would reinstall the default list again. Luckily this bug is not annoying anymore because Comodo gets no updates.

That is why I switched to WDAC using a slimmed down signatures whitelist.

And then if there is no list it will be madness

This is fanboy’s suggestion on how to achieve protection with the “magical security solution” with technology from 2003 that doesn’t need updates.

You go and delete the trusted vendors list or wait for Melih to finish cutting his credit card on YouTube, then search VirusTotal for signed files and revoke the signatures one by one manually.

This is a magical security solution indeed and it truly doesn’t need any changes or updates. “It just works” should be their slogan — suggest it to your ex-boss.

Now we can trust the evidence consisting of “she said it works”, “he said update was coming”, “they said it was great and unbeatable” and all that.

Thank you for enlightening us!

Btw with that attitude you won’t make a good support worker neither at AppGuard (or whatever your legal name is), nor anywhere else.
You don’t need to get over-excited at all times and jump around. We are not here to annoy you, we are here for the truth.