Serious Discussion Three Unpatched Vulnerabilities Plague Comodo. Documented Online.

[ForgottenSeer 123960]

My experience over the last 14 years has consistently shown that user habits are the most critical element of security. I've used a wide variety of operating systems and security suites without a single infection, which suggests that the focus on software is often misplaced. While no one is immune to threats, a proactive and educated user is more effective than any single security product. The key takeaway is that developing safe computing practices should be the primary focus for anyone looking to stay secure.

 

[cartaphilus]

Not too corrected, cuz Sectigo, even if not number one most abused, still would be in the top 3.

If you can't fix your product you just change the name. Right?

Security modification through obfuscation.

 

[Helmut]

While no one is immune to threats, a proactive and educated user is more effective than any single security product. The key takeaway is that developing safe computing practices should be the primary focus for anyone looking to stay secure.

How right you are. I don't have any "nice" tools like registry cleaners or Windows accelerators, and I don't click on tempting or cheap offers. In all these years, I haven't had any signs of identity theft (at some point, something would have happened in my name). I even have an electronic ID and use it as proof of my identity – no misuse, no indication of anything. I've only used this ID twice so far. I order online very frequently, do a lot of things with sensitive data – the police have never shown up at my door (symbolically or even actually) or with anything I didn't order. Real estate matters too – no problems, and it's always been Comodo as a protective barrier. Perhaps now it is to understand why you trust such a program. But it has to evolve with time. What good is a positive experience if things suddenly go wrong due to lack of maintenance?

 

[Andy Ful]

Yes, but the crucial question is whether the program is improved in this regard. Comodo's approach isn't bad, with its assumption that "everyone" is initially suspicious. Then they'll see who they can trust and let in. But cybercriminals, as you can see, aren't stupid either.

This is what I try to do. Comodo and its vendor are accused of many things, but people who do it do not currently use Comodo. It is like criticizing a book without reading it. They may be right, but I would rather confirm their statements. For now, I try to find out if there is solid evidence that Comodo is bad.

However, Germany, where I live, is a popular target for cybercriminals, whether businesses or private individuals. And yet I haven't fallen victim yet. I don't know what percentage of those who have become private victims are.

I agree with some MT members who pointed out that the primary defense is caution and knowledge. The best protection is probably a combination of top AV + Security by Obscurity. The second is a security layer that is unexpected for attackers. This can be system hardening, Smart App Control, Comodo Firewall, etc.

 

[Trident]

Off topic, I’ve started to research the ASR rules for my Orion Malware Cleaner (the system hardening phase), there are some nice rules. There are a few rules that will cause vey little false positives and will have high impact on protection.

Anyway, now you guys can go back to Comodo.

 

[Helmut]

This is what I try to do. The Comodo vendor is accused of many things, but people who do it do not use Comodo. It is like criticizing a book without reading it. They may be right, but I would rather confirm their statements. For now, I try to find out if there is solid evidence that Comodo is bad.

That's quite a statement! I'm extremely intrigued because you're objective, not biased, like some others here, too.

@Trident, What I still have (not for long) is Cyberlock, formerly vodooshield. Seems trustworthy.

 

[Andy Ful]

Anyway, now you guys can go back to Comodo.

Thanks, we are only halfway.

 

[Trident]

What I still have (not for long) is Cyberlock, formerly vodooshield. Seems trustworthy.

This is trustworthy, yes. The developer is highly active and works on other projects too.

 

[Trident]

Thanks, we are only halfway.

So I should expect my post to reach 35 pages debit?

 

[Pico]

@Pico
What is the source of the 100 bugs mentioned in your post?

Mod statements on Comodo forum, there is publicly visible list and internal hidden list.
Also read this, links included (not tested if they still work) Comodo CIS Bug fix policy

 

[Andy Ful]

So I should expect my post to reach 35 pages debit?

Why not? A good thread can include many posts.

 

[Andy Ful]

Also read this, links included (not tested if they still work) Comodo CIS Bug fix policy

Thanks. Those lists are still available and not deleted, as @Tridend suspected.
If you compare the bugs listed for the prior version with the list of bugs gathered for CIS beta 12.3.1.8104, then most bugs from the first list are absent on the second.
The second list includes only 40 bugs (the rest are suggested improvements). Comodo has 6 months to remove bugs, so the number of current bugs can be significantly smaller.

All of this suggests that Comodo staff worked hard and removed most of bugs from earlier versions.

 

[Andy Ful]

Here is the post about fixing 40 bugs in CIS 12.3.1.8104:

 

[Pico]

There are no Change Logs that justify the bug fixes or the "hard" Comodo work.
The famous HIPS bug is still present. To fix it CIS code has to be completely rewritten and Comodo won't do that.

Comodo test department always had and still has troubles to reproduce reported bugs.
They don't say we have fixed the bugs instead they say we can't reproduce the bugs as if the bugs have vanished themselves by not changing anything in code.

 

[Andy Ful]

They don't say we have fixed the bugs instead they say we can't reproduce the bugs as if the bugs have vanished themselves by not changing anything in code.

They said that they can't reproduce the bugs in the CIS beta 2025. I did not find the evidence that those bugs are still unpatched. Please show the evidence if you think otherwise. I confirmed that large lists of bugs were not deleted on the Comodo forum, so the info about unpatched bugs should be somewhere available.

 

[Andy Ful]

Examples of "Mental Laziness":

Presenting a false image of objectivity, disguised as "skepticism," by dismissing other people's arguments and shifting the burden of proof, forcing the victims of Comodo to prove its failures.

This is compounded by glaring passivity, where the false "objective and skeptical" character doesn't even take the time to do their own research in the more than 15 years of documents that record serious, grave, and dangerous issues with Comodo (until today).

And as the "Cherry On Top", "La Pièce De Résistance"... the false "objective and skeptical" character utters fallacies based only on a 2024 thread.

I repeat again:

As the saying goes: "There’s no worse blind man than the one who doesn’t want to see."

And others who do see, even those being so called "advanced technical users" on MT, unfortunately they irresponsibly omit the reality of 99% of users (compulsive happy clickers incapable of using "dumb blockers"), and selfishly continue promoting Comodo just because it’s useful only to themselves. They have no moral character, lose all their credibility and objectivity, and, to quote others: These MT participants should not be taken seriously.

I used the data provided by you. You used it incorrectly without any analysis.
I am sorry that the correct analysis is unexpected to you.
All your reasoning starts from an unproven assumption, so your conclusions cannot be trusted.
Try to think without the initial assumption that Comodo is bad.

 

[ForgottenSeer 123960]

Examples of "Mental Laziness":

Presenting a false image of objectivity, disguised as "skepticism," by dismissing other people's arguments and shifting the burden of proof, forcing the victims of Comodo to prove its failures.

This is compounded by glaring passivity, where the false "objective and skeptical" character doesn't even take the time to do his own research in the more than 15 years of documents that record serious, grave, and dangerous issues with Comodo (until today).

And as the "Cherry On Top", "La Pièce De Résistance"... the false "objective and skeptical" character utters fallacies based only on a single 2024 thread.

I repeat again:

As the saying goes: "There’s no worse blind man than the one who doesn’t want to see."

And others who do see, even those being so called "advanced technical users" on MT, unfortunately they irresponsibly omit the reality of 99% of users (compulsive happy clickers incapable of using "dumb blockers"), and selfishly continue promoting Comodo just because it’s useful only to themselves. They have no moral character, lose all their credibility and objectivity, and, to quote others: These MT participants should not be taken seriously.

I want to point something out about the tone and approach you’re using in your messages, especially your repeated references to others as "mentally lazy," "compulsive happy clickers," and lacking "moral character."

Whether intentional or not, this kind of language comes across as dismissive, judgmental, and self-righteous. It shuts down meaningful discussion and alienates people who might otherwise be open to hearing your perspective.

Presenting your arguments with this level of hostility and moral superiority doesn't strengthen your case, it weakens it. It gives the impression that you're more interested in attacking others than fostering a real exchange of ideas.

If your goal is to raise awareness about issues with Comodo or anything else, you might find people more receptive if you focused on the facts and allowed room for disagreement without personal attacks. Right now, the tone you're using risks coming across as toxic rather than persuasive.

 

[ForgottenSeer 123960]

Please count on my formal and registered promise here: I have the ability to express myself in the way you suggest, but after years of suffering attacks, offenses, insults, belittlements, bullying, and other plagues, I will only change when my offenders change first. Until that happens, my sincere and deep apologies, I am not the one who introduced aggression and low-level behavior to the discussions of Comodo.

I understand your frustration, but you don’t need to drink from the cup others pour. You don’t have to lower yourself to their standard. By setting your own standard, you not only rise above the negativity but also show others there’s a better way forward.

 

[ForgottenSeer 123960]

As the saying goes: 'For evil to triumph, it is enough for good people to remain silent.'

And IMHO, evil is fought with evil (especially after I have suffered and continue to suffer attacks for years and years when expressing my arguments about Comodo, whether I am right or wrong).

That said, it is important to clarify that the problem here is not 'the way' the discussion is conducted. It is irrelevant whether the discussion is polite or impolite.
The real issue here (is not "the form" is "the content") is the immorality and irresponsibility of a company (Comodo), its fanatics, and some other selfish individuals who do not think about the 99% of users.

I get your perspective, you want to fight the issue, not just how it’s discussed. I just believe the way we present things can be as powerful as the content itself. Both matter if we want change.

 

[Parkinsond]

While you are quarreling, this smart fella stopped MSD and palying online games without any AV
I need to try this method