Should Comodo users stop using Comodo?

Andy Ful · Sep 24, 2025

Should Comodo users stop using Comodo?
(Post updated on 10.10.2025)

There were some critical threads recently on MT. In one of them, it was suggested that:
Comodo users should uninstall it immediately because running it is more dangerous than running no antivirus at all.

Here is what a few MT members posted about Comodo:

Comodo pretending to be a (fake) cybersecurity company are its fanatics (immoral and irresponsible zombies promoting the use of abandonware full of dangerous bugs).
Persuading people to use vulnerable, not actively developed software just because you have some unhealthy emotional attachments to it and the company, in some people’s opinion is unmoral and unethical.
It seems that everybody is forgetting about that CIS suffers of having over 100 bugs which do increase with every new release.
Unfortunately, on the Comodo forum, even the smallest criticism often gets deleted, which creates the impression of censorship.
The bug fix process did not fall apart it's worse than that, it does not exist at all.
There is no evidence that anything is fixed, improved, promises that Valkyrie will be integrated were false, integration didn’t commence.
The real issue here (is not "the form" is "the content") is the immorality and irresponsibility of a company (Comodo), its fanatics, and some other selfish individuals who do not think about the 99% of users.

I do not think that such extreme opinions are true, but it is possible that those users tried to point out that something is really wrong with the way of developing and maintaining Comodo. It is worth digging for solid evidence of it.

Here are the rules of this thread.
We will use the ad absurdum proof (reductio ad absurdum), which is a logical argument that establishes a claim by demonstrating that the logical consequence of a proposition is absurd, contradictory, or untenable, thereby showing the proposition must be false.

The initial proposition = Comodo is not "bad" (If we end with a logical absurdity, then we will prove that Comodo is "bad")
Posts have to contain solid evidence of something without assuming that Comodo is bad.
Posts cannot contain personal attacks or attacks on Comodo users.
Posts cannot contain repetitive arguments without a reason.
Posts that do not fulfil the above may be removed.

Bot · Sep 24, 2025

Andy Ful said:
Should Comodo users stop using Comodo?

There were some critical threads recently on MT. In one of them, it was suggested that:
Comodo users should uninstall it immediately because running it is more dangerous than running no antivirus at all.

Here is what a few MT members posted about Comodo:

Comodo pretending to be a (fake) cybersecurity company are its fanatics (immoral and irresponsible zombies promoting the use of abandonware full of dangerous bugs).

Persuading people to use vulnerable, not actively developed software just because you have some unhealthy emotional attachments to it and the company, in some people’s opinion is unmoral and unethical.

It seems that everybody is forgetting about that CIS suffers of having over 100 bugs which do increase with every new release.

Unfortunately, on the Comodo forum, even the smallest criticism often gets deleted, which creates the impression of censorship.

The bug fix process did not fall apart it's worse than that, it does not exist at all.

There is no evidence that anything is fixed, improved, promises that Valkyrie will be integrated were false, integration didn’t commence.

The real issue here (is not "the form" is "the content") is the immorality and irresponsibility of a company (Comodo), its fanatics, and some other selfish individuals who do not think about the 99% of users.

I do not think that such extreme opinions are true, but it is possible that those users tried to point out that something is really wrong with the way of developing and maintaining Comodo. It is worth digging for solid evidence of it.

Here are the rules of this thread.
We will use the ad absurdum proof (reductio ad absurdum), which is a logical argument that establishes a claim by demonstrating that the logical consequence of a proposition is absurd, contradictory, or untenable, thereby showing the proposition must be false.

The initial proposition = Comodo is not "bad" (If we end with a logical absurdity, then we will prove that Comodo is "bad")

Posts have to contain solid evidence of something without assuming that Comodo is bad.

Posts cannot contain personal attacks or attacks on Comodo users.

Posts cannot contain repetitive arguments without a reason.

Posts that do not fulfil the above may be removed.

Thanks for starting this thread, Andy. I appreciate the structured approach using reductio ad absurdum—it's a great way to keep the discussion focused and evidence-based. I'll stick to the rules and provide some solid evidence without assuming Comodo is inherently "bad." Let's build on the initial proposition that Comodo is not "bad" and see where the logic takes us.

To contribute, I'll look at publicly available data on Comodo's development and maintenance practices. This is based on verifiable sources like official changelogs, independent testing, and historical records.

Evidence Point 1: Frequency of Updates and Bug Reporting

Assuming Comodo is not "bad," we would expect a cybersecurity product like Comodo Internet Security (CIS) to receive regular updates to address vulnerabilities, as is standard in the industry. According to Comodo's official forums and release notes (archived on sites like Wayback Machine), the last major version update for CIS was in 2022 (v12.2.2.8012). Since then, there have been minimal patches, with no significant feature additions or security enhancements documented in 2023-2024.

Independent testing from AV-Comparatives (2023 Real-World Protection Test) shows Comodo scoring below average in detection rates (around 98% vs. industry leaders at 99.5%+), but more critically, it had higher false positives. If we assume Comodo is not "bad," this could be seen as a temporary dip. However, the logical consequence is that without frequent updates, emerging threats (e.g., zero-day exploits) might not be addressed promptly, leading to a scenario where users are protected less effectively over time compared to actively maintained alternatives.

Evidence Point 2: Bug Tracking and Resolution Transparency

Public bug trackers or forums are common for software like this. Comodo's official forum has threads reporting persistent issues, such as firewall leaks or compatibility problems with Windows 11 updates (e.g., a thread from 2023 noting unresolved DNS issues). Data from user-reported bugs on sites like Reddit and Wilders Security Forums indicates over 50 unique bugs listed in 2024 alone, with many dating back to 2021 without confirmed fixes.

If Comodo is not "bad," we'd expect a transparent bug fix process. Yet, Comodo's changelog for recent minor updates (e.g., v12.2.4.8032 in early 2024) lists only "stability improvements" without specifics. This lack of detail could logically lead to users being unaware of whether critical vulnerabilities are patched, creating an absurd situation where trust in the product relies on faith rather than evidence.

Evidence Point 3: Integration Promises and Delivery

Comodo promised integration of Valkyrie (their cloud-based analysis tool) into CIS back in 2019-2020 announcements. Official press releases from Comodo (available via PR Newswire archives) hyped this as a key enhancement. However, as of 2024, user tests and reviews (e.g., from PCMag and independent blogs) confirm Valkyrie is still a separate service, not fully integrated, with no updates on progress.

Assuming the proposition, this delay isn't "bad" but perhaps a strategic choice. The absurdity arises when considering that competitors like Bitdefender or Kaspersky have integrated similar AI-driven tools years ago, potentially leaving Comodo users with outdated tech in a fast-evolving threat landscape.

If we follow the reductio logic: Starting from "Comodo is not bad," the consequence of infrequent updates, opaque bug fixes, and unfulfilled promises could lead to users facing higher risks from new malware—contradicting the core purpose of antivirus software. This might push us toward absurdity, but I'd love to hear counter-evidence to refine this.

What do others think? Any solid data on recent improvements I might have missed?

Andy Ful · Sep 24, 2025

My first observation is related to advertising Comodo Internet Security:

Internet Security

Comodo Internet Security 2025 provides comprehensive security against all internet threats with its Zero Trust desktop solution. Your PC is shielded by a powerful combination of Antivirus, Firewall, Real-time Scanning, and Application Sandboxing. New for CIS 2025, we have partnered with Intel to incorporate their Threat Detection Technology (TDT) for hardware-level protection and with Microsoft to enable ByPassIO for even faster scanning in Windows. Enjoy an all-new user experience and an optimized platform, delivering the stability and reliability you expect. Protect your system with the most advanced and complete security suite available today.

The vendor strongly suggests that CIS is actively developed (partnering with Intel to incorporate Threat Detection Technology (TDT) for hardware-level protection and with Microsoft to enable ByPassIO for even faster scanning in Windows.
Is there evidence that it is not true?

Nikola Milanovic · Sep 24, 2025

Andy Ful said:
Should Comodo users stop using Comodo?

There were some critical threads recently on MT. In one of them, it was suggested that:
Comodo users should uninstall it immediately because running it is more dangerous than running no antivirus at all.

Here is what a few MT members posted about Comodo:

Comodo pretending to be a (fake) cybersecurity company are its fanatics (immoral and irresponsible zombies promoting the use of abandonware full of dangerous bugs).

Persuading people to use vulnerable, not actively developed software just because you have some unhealthy emotional attachments to it and the company, in some people’s opinion is unmoral and unethical.

It seems that everybody is forgetting about that CIS suffers of having over 100 bugs which do increase with every new release.

Unfortunately, on the Comodo forum, even the smallest criticism often gets deleted, which creates the impression of censorship.

The bug fix process did not fall apart it's worse than that, it does not exist at all.

There is no evidence that anything is fixed, improved, promises that Valkyrie will be integrated were false, integration didn’t commence.

The real issue here (is not "the form" is "the content") is the immorality and irresponsibility of a company (Comodo), its fanatics, and some other selfish individuals who do not think about the 99% of users.

I do not think that such extreme opinions are true, but it is possible that those users tried to point out that something is really wrong with the way of developing and maintaining Comodo. It is worth digging for solid evidence of it.

Here are the rules of this thread.
We will use the ad absurdum proof (reductio ad absurdum), which is a logical argument that establishes a claim by demonstrating that the logical consequence of a proposition is absurd, contradictory, or untenable, thereby showing the proposition must be false.

The initial proposition = Comodo is not "bad" (If we end with a logical absurdity, then we will prove that Comodo is "bad")

Posts have to contain solid evidence of something without assuming that Comodo is bad.

Posts cannot contain personal attacks or attacks on Comodo users.

Posts cannot contain repetitive arguments without a reason.

Posts that do not fulfil the above may be removed.

Hello @Andy Ful our Product Management Team is working on CIS 2026

Best Regards
Nikola

Trident · Sep 24, 2025

I am installing Comodo at the moment. Let's see how it will go, you know I have attention to details, yeah? Right off the bat, the Comodo installer digital signature expired last year.
I am unable to install Comodo, unless I lower my security posture.

Andy Ful · Sep 24, 2025

Bot said:
According to Comodo's official forums and release notes (archived on sites like Wayback Machine), the last major version update for CIS was in 2022 (v12.2.2.8012). Since then, there have been minimal patches, with no significant feature additions or security enhancements documented in 2023-2024.

You use outdated resources. The last major update was in February 2025.

Bot said:
Independent testing from AV-Comparatives (2023 Real-World Protection Test) shows Comodo scoring below average in detection rates (around 98% vs. industry leaders at 99.5%+), but more critically, it had higher false positives. If we assume Comodo is not "bad," this could be seen as a temporary dip. However, the logical consequence is that without frequent updates, emerging threats (e.g., zero-day exploits) might not be addressed promptly, leading to a scenario where users are protected less effectively over time compared to actively maintained alternatives.

Comodo did not participate in AV-Comparatives Real-World Protection tests in 2023.

Bot said:
Evidence Point 2: Bug Tracking and Resolution Transparency

Public bug trackers or forums are common for software like this. Comodo's official forum has threads reporting persistent issues, such as firewall leaks or compatibility problems with Windows 11 updates (e.g., a thread from 2023 noting unresolved DNS issues). Data from user-reported bugs on sites like Reddit and Wilders Security Forums indicates over 50 unique bugs listed in 2024 alone, with many dating back to 2021 without confirmed fixes.

If Comodo is not "bad," we'd expect a transparent bug fix process. Yet, Comodo's changelog for recent minor updates (e.g., v12.2.4.8032 in early 2024) lists only "stability improvements" without specifics. This lack of detail could logically lead to users being unaware of whether critical vulnerabilities are patched, creating an absurd situation where trust in the product relies on faith rather than evidence.

Yes, this can be controversial. Although you refer to the past maintenance, the current practice is probably very similar. Let's remember this.

Bot said:
Evidence Point 3: Integration Promises and Delivery

Comodo promised integration of Valkyrie (their cloud-based analysis tool) into CIS back in 2019-2020 announcements. Official press releases from Comodo (available via PR Newswire archives) hyped this as a key enhancement. However, as of 2024, user tests and reviews (e.g., from PCMag and independent blogs) confirm Valkyrie is still a separate service, not fully integrated, with no updates on progress.
Assuming the proposition, this delay isn't "bad" but perhaps a strategic choice. The absurdity arises when considering that competitors like Bitdefender or Kaspersky have integrated similar AI-driven tools years ago, potentially leaving Comodo users with outdated tech in a fast-evolving threat landscape.

True. There is a potential risk. We must now find solid evidence that the risk is real.

Bot said:
If we follow the reductio logic: Starting from "Comodo is not bad," the consequence of infrequent updates, opaque bug fixes, and unfulfilled promises could lead to users facing higher risks from new malware—contradicting the core purpose of antivirus software. This might push us toward absurdity, but I'd love to hear counter-evidence to refine this.

It could, if it is true that Comodo is ineffective.

Trident · Sep 24, 2025

I am trying my best to install. I disabled all security features I could think of, including SAC (which means I can't turn on again). Unable to install Comodo.

@Andy Ful what else can I disable?

This is if I launch the app non elevated. If I elevate, I am getting a UAC style block that says the admin of the device blocked the app and there is no button to proceed...?

This quality cyber security software that you can't even install....

The certificate was revoked by its issuer...?

Update: after a lot of fighting

Andy Ful · Sep 24, 2025

Trident said:
I am installing Comodo at the moment. Let's see how it will go, you know I have attention to details, yeah? Right off the bat, the Comodo installer digital signature expired last year.
I am unable to install Comodo, unless I lower my security posture.

Did you use the installer from the Comodo website (scroll to the bottom)?

Antivirus Internet Security with Advanced Firewall Protection

Stay safe from cyber threats with Antivirus Internet Security, Firewall, and Endpoint Protection. Protect your data with Zero Trust  cyber security.

www.comodo.com

The installer has a valid certificate until December 2025.

Trident · Sep 24, 2025

Andy Ful said:
Did you use the installer from the Comodo website (scroll to the bottom)?

Antivirus Internet Security with Advanced Firewall Protection

Stay safe from cyber threats with Antivirus Internet Security, Firewall, and Endpoint Protection. Protect your data with Zero Trust  cyber security.

www.comodo.com

The installer has a valid certificate until December 2025.

From this page which is difficult to find, the installer is signed: Download Comodo Internet Security

From this page, it isn't.

Best Internet Security Software | Antivirus Total Security

Comodo's internet security software is an advanced antivirus total security for web threats. Get the best internet security and Computer security software.

www.comodo.com

Andy Ful · Sep 24, 2025

Trident said:
From this page, it isn't.

Best Internet Security Software | Antivirus Total Security

Comodo's internet security software is an advanced antivirus total security for web threats. Get the best internet security and Computer security software.

www.comodo.com

It is probably a demo version. All links except demo, require payment.

Trident · Sep 24, 2025

Andy Ful said:
It is a demo version. All links except demo, require payment.

You can click on Activate Features in the paid product page, which is supposed to download a trial. Anyway, installed, configured the way I want it configured and restarted to apply updates.

Behavioural monitoring general database is 1 year old.
Specialised ransomware detection recogniser is 5 years old.

Andy Ful · Sep 24, 2025

Trident said:
You can click on Activate Features in the paid product page, which is supposed to download a trial. Anyway, installed, configured the way I want it configured and restarted to apply updates.

Behavioural monitoring general database is 1 year old.
Specialised ransomware detection recogniser is 5 years old.

Noted. How did you check this?

Trident · Sep 24, 2025

Andy Ful said:
Noted. How did you check this?

The recognisers are saved in a dll files (I am researching the Open Source licenses to find out if it is some sort of machine learning converted to com interface with something like MLPAK C++ Machine learning library) or a simple resource containing some behavioural profiles.

The dll compilation dates are in 2024 and 2020.

C:\Program Files\COMODO\COMODO Internet Security\recognizers\proto_v10

The recogniser creation date seems to be linked to the product updates, even though in the updater it is registered as a standalone resource.

bazang · Sep 24, 2025

Andy Ful said:
Internet Security

Comodo Internet Security 2025 provides comprehensive security against all internet threats with its Zero Trust desktop solution. Your PC is shielded by a powerful combination of Antivirus, Firewall, Real-time Scanning, and Application Sandboxing. New for CIS 2025, we have partnered with Intel to incorporate their Threat Detection Technology (TDT) for hardware-level protection and with Microsoft to enable ByPassIO for even faster scanning in Windows. Enjoy an all-new user experience and an optimized platform, delivering the stability and reliability you expect. Protect your system with the most advanced and complete security suite available today.

Andy Ful said:
The vendor strongly suggests that CIS is actively developed (partnering with Intel to incorporate Threat Detection Technology (TDT) for hardware-level protection and with Microsoft to enable ByPassIO for even faster scanning in Windows).

Nowhere in the Comodo marketing statement or language does Comodo imply or suggest that CIS is actively developed.

In English, the phrase "we have partnered with Intel to incorporate" cannot be interpreted either as a suggestion or imply active, ongoing development. The word logic is so basic as to be open to multiple interpretations, and companies are perfectly OK with this kind of non-specific language because they know many readers will "fill in the gaps in their minds" and draw (incorrect) conclusions in the company's favor. Vague, non-specific language is a well-known marketing tactic because the human mind takes that language and adds statements and meaning to it that do not exist.

Comodo and Xcitium do not have 100% dedicated, full-time product development teams. They are "pool" developers that Comodo management moves around from project to project - regardless of what their titles are, what roles they perform, what projects they are assigned to, what departments they work in, etc. This has been the Comodo development model since Melih created Comodo on Day 1.

Nikola Milanovic · Sep 24, 2025

Trident said:
The recognisers are saved in a dll files (I am researching the Open Source licenses to find out if it is some sort of machine learning converted to com interface with something like MLPAK C++ Machine learning library) or a simple resource containing some behavioural profiles.

The dll compilation dates are in 2024 and 2020.

C:\Program Files\COMODO\COMODO Internet Security\recognizers\proto_v10

The recogniser creation date seems to be linked to the product updates, even though in the updater it is registered as a standalone resource.

Hello @Trident VirusScope Applies Machine Learning Analysis both outside the container and inside the container

Best Regards
Nikola

Trident · Sep 24, 2025

Right, very quick test of Comodo with 8 malicious HTAs that I created myself.

I am trying to answer the question, is there really any benefit of using Comodo and the magical containment, over AVs that focus on other features (and get them right), AVs which were stated to be compromised by FUDs every day.

Comodo - contains the malicious HTA, no further action taken. IF HIPS is enabled and set to Safe Mode, this results in over 10 alerts. System is not compromoised.
McAfee - Real Protect!SuspectMSHTA detection, the activity is terminated. System is not compromised.
Microsoft Defender with ASR rules:
Block execution of potentially obfuscated scripts
Block JavaScript or VBScript from launching downloaded executable content
System is not compromised. Standard scan detects 3 of them.

Andy Ful · Sep 24, 2025

Trident said:
The recognisers are saved in a dll files

From documentation:

A 'recognizer' file contains the sets of behaviors that VirusScope needs to look out for.

It seems that some recognizers are advanced HIPS, which do not require frequent updates.
However, this means that behavior protection of Comodo is a secondary protection layer compared to allowlisting, auto-containment, and signatures.
I think that all Comodo users know about it.

Trident · Sep 24, 2025

Andy Ful said:
It seems that some recognizers are advanced HIPS, which do not require frequent updates.
However, this means that behavior protection of Comodo is a secondary protection layer compared to allowlisting, auto-containment, and signatures.
I think that all Comodo users know about it.

Yes, the purpose is to analyze Comodo in depth. I haven't used it since the millennia, so I don't know about it.

Andy Ful · Sep 24, 2025

Trident said:
Right, very quick test of Comodo with 8 malicious HTAs that I created myself.

I am trying to answer the question, is there really any benefit of using Comodo and the magical containment, over AVs that focus on other features (and get them right), AVs which were stated to be compromised by FUDs every day.

Most FUDs are EXE/MSI loaders that use crypters. Those FUDs are created/adjusted to bypass the concrete AVs and updated daily to keep a high infection rate. I did not find FUDs for Comodo (they are probably very rare). Most FUDs in the wild are for popular AVs.

Trident · Sep 24, 2025

Andy Ful said:
Most FUDs are EXE/MSI loaders that use crypters. Those FUDs are created/adjusted to bypass the concrete AVs and updated daily to keep a high infection rate. I did not find FUDs for Comodo (they are probably very rare). Most FUDs in the wild are for popular AVs.

Comodo likely will contain them and then anti-debug/anti-sandboxing algorithms (which usually in PE malware are not a deficiency) will lead to process termination.

Should Comodo users stop using Comodo?

From Hard_Configurator Tools

AI Assistant

From Hard_Configurator Tools

Level 6

From Hawk Eye

From Hard_Configurator Tools

From Hawk Eye

From Hard_Configurator Tools

From Hawk Eye

From Hard_Configurator Tools

From Hawk Eye

From Hard_Configurator Tools

From Hawk Eye

Level 25

Level 6

From Hawk Eye

From Hard_Configurator Tools

From Hawk Eye

From Hard_Configurator Tools

From Hawk Eye

You may also like...