Identity being stolen via malware (resulting for example in a loan under someone's name), this is more of a myth than something happening in reality.
Should Comodo users stop using Comodo?
- Thread starter Andy Ful
- Start date
- Status
Yes. It seems that everything worked well on Comodo matters when posters tried hard to follow the rules.
Now we have a debate about censorship, which is slightly off-topic but probably more important for the MT forum.
Let me answer: It's only an example, could be Trojaner, Ransamware, Mobbing, e-mail-hacking a.s.o. - None of this happened to me with the "error-prone" Comodo.
It's the user's decision to use a product. But let's be clear, suggesting a company shouldn't fix flaws in its own software is a negligent position. When a user grants an application deep access to their computer, they are trusting the developer to maintain it. For a company to ignore that responsibility is a fundamental failure.
That said, I have developed several refined and highly accurate analytical tools that I employ regularly in my research. The following data is an excerpt from a report generated by one of these tools, focusing specifically on verifiable facts identified during a comprehensive review of the findings.
Executive Summary
This report assesses the validity of user claims that Comodo (now Xcitium for its enterprise offerings) fails to properly address Common Vulnerabilities and Exposures (CVEs) and significant usability bugs. Analysis of public vulnerability databases, security journalism, and the company's own user forums reveals a persistent pattern of delayed and inadequate responses. While the company's products, particularly their "auto-containment" technology, are praised by some users for their protective capabilities, evidence indicates significant challenges in vulnerability management and product stability. These shortcomings present a tangible risk to users who may remain exposed to known vulnerabilities for extended periods and face operational friction due to unresolved software flaws. Overall confidence in this assessment is HIGH, based on corroborating evidence from multiple independent sources over several years.
Key Findings (Facts – “The What”)
Finding 1
Multiple CVEs assigned in 2025 for Comodo Internet Security Premium explicitly state the vendor was contacted but did not respond to the disclosure. (Confidence: HIGH)
Finding 2
In July 2019, security research firm Tenable publicly disclosed five vulnerabilities in Comodo Antivirus (including a sandbox escape, CVE-2019-3969) three months after privately reporting them, as patches were not yet available. (Confidence: HIGH)
Finding 3
The official Comodo/Xcitium forums contain a large volume of user-reported bugs, including long-running threads detailing issues like high CPU usage, incompatibility with Windows 11 updates, and networking performance degradation. (Confidence: HIGH)
Finding 4
A curated list of unresolved bugs on the Comodo forum, created by users in January 2021 for version 12.2.2.8012, detailed over 15 significant, confirmed issues that remained unfixed at the time of its posting. (Confidence: MEDIUM)
Finding 5
In September 2019, Comodo's user forums were breached via a known vulnerability in the vBulletin forum software, exposing the data of over 170,000 users. (Confidence: HIGH)
Key Judgments (Analysis – “The So What”)
Judgment 1
It is Highly Likely that Comodo/Xcitium has a systemic issue in its vulnerability management process, characterized by slow patch development and poor communication with security researchers. This increases the risk that users will be exposed to exploitable flaws.
Judgment 2
It is Likely that the volume of usability and compatibility bugs exceeds the company's capacity for timely fixes, leading to a frustrating user experience and potentially causing users to disable security features, undermining the product's effectiveness.
Judgment 3
The company's standard response in its forums, directing users to create private support tickets, Almost Certainly limits public visibility into bug resolution, making it difficult for the user community to track progress and hold the company accountable.
Product Stability and Usability Bugs
The company's official forums paint a clear picture of a user base struggling with persistent usability issues.
High Volume of Complaints
The "Bug Reports" section of the Comodo forums is highly active, with hundreds of topics. Common themes include performance degradation ("CIS Helper hogs CPU"), conflicts with major software (Logitech G Hub, Microsoft Office), broken features ("Wildcards in HIPS rules not working"), and significant compatibility problems with Windows 11 updates.
Lack of Public Resolution
While company moderators do engage in some threads, the standard response is to request that the user run a diagnostic tool and open a private support ticket. This approach prevents other users from seeing the status of a bug, learning of workarounds, or knowing when a fix is implemented, fostering a sense of unresponsiveness in the community. User-created initiatives, such as the "List of current bugs" thread, underscore this frustration and the perceived need for community-driven tracking of unresolved issues.
Analytical Gaps & Limitations
Limitations
This analysis is based entirely on publicly available information. We lack insight into Comodo/Xcitium's internal bug tracking, resource allocation, and patch prioritization processes.
Intelligence Gaps
It is unknown how many vulnerabilities are reported privately and fixed without public disclosure. The exact number of users affected by the reported usability bugs is also unknown.
Source Evaluation
This assessment relies on a combination of highly reliable sources, including the National Vulnerability Database (NVD) (A1), and reporting from established cybersecurity news outlets like Bleeping Computer and PortSwigger (B2). Information from the company's official user forums is also used, while the credibility of individual posts is variable (C3), the collective volume and persistence of complaints provide a reliable indicator of user sentiment and recurring product issues.
Sources
National Vulnerability Database (nvd.nist.gov)
CVE.org (cve.org)
Comodo/Xcitium User Forums (forums.comodo.com / forum.xcitium.com)
"Concern over 'unpatched' Comodo Antivirus flaws," The Daily Swig - PortSwigger, 24 July 2019.
"Comodo Forums Breached, Data of Over 170,000 Users Up for Grabs," Bleeping Computer, 01 October 2019.
"Comodo Internet Security - DLL Preloading and Potential Abuses (CVE-2019-18215)," SafeBreach, 15 November 2019.
Gartner Peer Insights & G2 User Reviews (2022-2024).
That said, I have developed several refined and highly accurate analytical tools that I employ regularly in my research. The following data is an excerpt from a report generated by one of these tools, focusing specifically on verifiable facts identified during a comprehensive review of the findings.
Executive Summary
This report assesses the validity of user claims that Comodo (now Xcitium for its enterprise offerings) fails to properly address Common Vulnerabilities and Exposures (CVEs) and significant usability bugs. Analysis of public vulnerability databases, security journalism, and the company's own user forums reveals a persistent pattern of delayed and inadequate responses. While the company's products, particularly their "auto-containment" technology, are praised by some users for their protective capabilities, evidence indicates significant challenges in vulnerability management and product stability. These shortcomings present a tangible risk to users who may remain exposed to known vulnerabilities for extended periods and face operational friction due to unresolved software flaws. Overall confidence in this assessment is HIGH, based on corroborating evidence from multiple independent sources over several years.
Key Findings (Facts – “The What”)
Finding 1
Multiple CVEs assigned in 2025 for Comodo Internet Security Premium explicitly state the vendor was contacted but did not respond to the disclosure. (Confidence: HIGH)
Finding 2
In July 2019, security research firm Tenable publicly disclosed five vulnerabilities in Comodo Antivirus (including a sandbox escape, CVE-2019-3969) three months after privately reporting them, as patches were not yet available. (Confidence: HIGH)
Finding 3
The official Comodo/Xcitium forums contain a large volume of user-reported bugs, including long-running threads detailing issues like high CPU usage, incompatibility with Windows 11 updates, and networking performance degradation. (Confidence: HIGH)
Finding 4
A curated list of unresolved bugs on the Comodo forum, created by users in January 2021 for version 12.2.2.8012, detailed over 15 significant, confirmed issues that remained unfixed at the time of its posting. (Confidence: MEDIUM)
Finding 5
In September 2019, Comodo's user forums were breached via a known vulnerability in the vBulletin forum software, exposing the data of over 170,000 users. (Confidence: HIGH)
Key Judgments (Analysis – “The So What”)
Judgment 1
It is Highly Likely that Comodo/Xcitium has a systemic issue in its vulnerability management process, characterized by slow patch development and poor communication with security researchers. This increases the risk that users will be exposed to exploitable flaws.
Judgment 2
It is Likely that the volume of usability and compatibility bugs exceeds the company's capacity for timely fixes, leading to a frustrating user experience and potentially causing users to disable security features, undermining the product's effectiveness.
Judgment 3
The company's standard response in its forums, directing users to create private support tickets, Almost Certainly limits public visibility into bug resolution, making it difficult for the user community to track progress and hold the company accountable.
Product Stability and Usability Bugs
The company's official forums paint a clear picture of a user base struggling with persistent usability issues.
High Volume of Complaints
The "Bug Reports" section of the Comodo forums is highly active, with hundreds of topics. Common themes include performance degradation ("CIS Helper hogs CPU"), conflicts with major software (Logitech G Hub, Microsoft Office), broken features ("Wildcards in HIPS rules not working"), and significant compatibility problems with Windows 11 updates.
Lack of Public Resolution
While company moderators do engage in some threads, the standard response is to request that the user run a diagnostic tool and open a private support ticket. This approach prevents other users from seeing the status of a bug, learning of workarounds, or knowing when a fix is implemented, fostering a sense of unresponsiveness in the community. User-created initiatives, such as the "List of current bugs" thread, underscore this frustration and the perceived need for community-driven tracking of unresolved issues.
Analytical Gaps & Limitations
Limitations
This analysis is based entirely on publicly available information. We lack insight into Comodo/Xcitium's internal bug tracking, resource allocation, and patch prioritization processes.
Intelligence Gaps
It is unknown how many vulnerabilities are reported privately and fixed without public disclosure. The exact number of users affected by the reported usability bugs is also unknown.
Source Evaluation
This assessment relies on a combination of highly reliable sources, including the National Vulnerability Database (NVD) (A1), and reporting from established cybersecurity news outlets like Bleeping Computer and PortSwigger (B2). Information from the company's official user forums is also used, while the credibility of individual posts is variable (C3), the collective volume and persistence of complaints provide a reliable indicator of user sentiment and recurring product issues.
Sources
National Vulnerability Database (nvd.nist.gov)
CVE.org (cve.org)
Comodo/Xcitium User Forums (forums.comodo.com / forum.xcitium.com)
"Concern over 'unpatched' Comodo Antivirus flaws," The Daily Swig - PortSwigger, 24 July 2019.
"Comodo Forums Breached, Data of Over 170,000 Users Up for Grabs," Bleeping Computer, 01 October 2019.
"Comodo Internet Security - DLL Preloading and Potential Abuses (CVE-2019-18215)," SafeBreach, 15 November 2019.
Gartner Peer Insights & G2 User Reviews (2022-2024).
Before you respond, please carefully read through what I wrote.
US has the First Amendment which applies to government, but I was unclear about your statement above, so I copied it as stated above into ChatGPT5 and it replied: "the claim in that post is simply wrong" (bold emphasis supplied by ChatGPT). Curious for someone who asserts "use Comodo, or not" you post a lot in this thread, or perhaps more than necessary to get your point across, imofwiw. ChatGPT went on with a longer analysis... Of course I acknowledge ChatGPT could be wrong, but it did provide various citations in its analysis.
I found it funny when people argue about "unfixed old bugs in Comodo". Because my discovered CVEs could've been there since.... idk:
- Improper SSL/TLS verification: Could be from 2020. According to old change notes, "some endpoints changed to HTTPS".
- Data intergrity problem: Could've been there since Comodo has update function. It's a design problem.
- Path traversal and Remote Command Execution: The best is they were created during the "v3 engine" or whatever it was called to parse and handle XML metadata. The worst: they been there since update function used XML file for manifest data.
So if any body wants to make "big" title, it could be like "10 years old critical bugs cause remote code execution in Comodo". Yeah that sounds very funny.
@Divergent,
You complicate the topic.
Your theory is not pure mathematics, but it is based on exploitation data related to operating systems (Windows, Linux, etc.), popular software, and popular AVs. This data did not include CIS, because there is no available evidence that CIS was exploited in the wild.
Next, you can use probabilistics to make a mathematical model (your theory) for the obtained data. This model also does not include anything about CIS exploitation.
Finally, you try extrapolating your theory to CIS. Such extrapolation must be empirically validated. If the empirical data are consistent with the theory, it can be assumed that the theory can be applied to CIS.
However, we have one of two cases:
In the second case, your theory contradicts the evidence (untrue for CIS).
That is why you would lose the case in court.
You complicate the topic.
Your theory is not pure mathematics, but it is based on exploitation data related to operating systems (Windows, Linux, etc.), popular software, and popular AVs. This data did not include CIS, because there is no available evidence that CIS was exploited in the wild.
Next, you can use probabilistics to make a mathematical model (your theory) for the obtained data. This model also does not include anything about CIS exploitation.
Finally, you try extrapolating your theory to CIS. Such extrapolation must be empirically validated. If the empirical data are consistent with the theory, it can be assumed that the theory can be applied to CIS.
However, we have one of two cases:
- The empirical data are missing because no one bothered to report CIS exploitations in the Wild.
- There is no evidence of exploitation because CIS prevented the exploitation in the wild.
In the second case, your theory contradicts the evidence (untrue for CIS).
That is why you would lose the case in court.
Last edited:
"Absence of evidence is evidence of absence" fallacy, which is a dangerous stance in cybersecurity.
This a deflection. Your argument attempts to shift the burden of proof from the vendor to the user. A security company's responsibility is to proactively eliminate known risks, not to wait for proof of customer harm before acting.
An unpatched vulnerability is, by definition, an unacceptable risk. Arguing that it's not a threat because there's no public evidence of its exploitation is like arguing you don't need to fix a faulty fire alarm because the building hasn't burned down yet. The entire purpose of security is to prevent the fire, not to react to it.
@Divergent,
You complicate the topic.
Your theory is not pure mathematics, but it is based on exploitation data related to operating systems (Windows, Linux, etc.), popular software, and popular AVs. This data did not include CIS, because there is no available evidence that CIS was exploited in the wild.
Next, you can use probabilistics to make a mathematical model (your theory) for the obtained data. This model also does not include anything about CIS exploitation.
Finally, you try extrapolating your theory to CIS. Such extrapolation must be empirically validated. If the empirical data are consistent with the theory, it can be assumed that the theory can be applied to CIS.
However, we have one of two cases:
In the first case, your theory should not be extrapolated to CIS (invalid procedure of validation).
- The empirical data are missing because no one bothered to report CIS exploitations in the Wild.
- There is no evidence of exploitation because CIS prevented the exploitation in the wild.
In the second case, your theory contradicts the evidence (untrue for CIS).
That is why you would lose the case in court.
His comment was about list of unfixed bugs and responsibility of the company. Why did you changed it to "not exploited in the wild"? That was a completely different topic. Also not to mention the bounty programs, it's just the responsibility of company to receive vulnerability reports to release patches, make sure the bugs / vulnerabilities are fixed before bad guys find and exploit them. And the fact is, Comodo has a "report vulnerability" page and an email hasn't worked since... at least 2019.
So to comparison, it's either "fix it as soon as possible so it can't be exploited" or "oh nevermind it's not being exploited anyway". Your statement is simply the 2nd way because exploits are "in theory".
@Divergent,
You will not prove anything when using an invalid theory.
However, the inability to prove something, does not necessarily mean that you are wrong about it. The Cassandra from Troy was a good example.
So, let's wait. Maybe your theory about CIS exploits will become true in a few years. Good luck.
You will not prove anything when using an invalid theory.
However, the inability to prove something, does not necessarily mean that you are wrong about it. The Cassandra from Troy was a good example.
So, let's wait. Maybe your theory about CIS exploits will become true in a few years. Good luck.
You speculate. I posted the evidence that there were bugs/vulnerabilities silently fixed without identifying them as FIXED.
It is not my statement. But the statement of the Comodo staff. We cannot prove that their management of exploits is inadequate until there is no confirmed exploitation (for 15 years). It is similar to the "presumption of innocence" in the law. There are some important reasons for its existence.
In some countries, there is no murder if there is no body. Some murderers can escape punishment even though many people believe them guilty.
Even in mathematics, some true formulas cannot be proved (Kurt Gödel's incompleteness theorems).
Last edited:
That vulnerability fix was about prohibiting / blocking internet connection for applications running in containment, correct?
That fix didn't need a source code change and didn't require recompiling the source code all that was needed to fix it was a simple configuration file setting adjustment, very quick and very easy to do.
No. The silent fix was related to sandbox escape. The author of the POC confirmed that it was silently fixed in CIS.
We do not know how many bugs from the list announced in August 2024 were fixed in the last year. We only know that Comodo fixes some bugs silently, and so far, almost none of those bugs have been re-reported on the Comodo forum.
- Status
You may also like...
-
Help: Comodo 2025 - cmdguard.sys - boot fail with newer Nvidia drivers- Started by Something-x2
- Replies: 33
-
-
Why Don’t Major AV Vendors Use Auto-Containment Like Comodo?
- Started by NoveyBoy
- Replies: 23
-
Hacked, leaked, exposed: Why you should never use stalkerware apps- Started by Gandalf_The_Grey
- Replies: 0
-
Microsoft: Windows bug blocks Microsoft 365 desktop app installs- Started by Brownie2019
- Replies: 3