Why the Comodo hype?

[motox781]

I know per say, it doesn't have crazy hype, but why do some people like Comodo? Here's the simple way I look at Comodo technologies in a nut shell:

Default Deny that sandboxes unknowns...

Now correct me if I'm wrong, but if their detection lacks (which I've seen it do for years)...how can someone trust that their known list of good programs is accurate (false positives on newer good programs, etc)?

If the above is somewhat true, why not choose a company that has a more accurate 'up-to-date' list of known good files for default deny protection, which blocks the file instead of running it in some sandbox that doesn't allow the file to run properly half the time anyhow?

Idk, my two cents. Thanks.

 

[XIII]

With the right settings, it's the opposite of relying on their list of good programs being accurate. If you set the auto-sandbox to restrict untrusted applications and clear your trusted programs list, no programs are trusted unless you explicitly tell Comodo to trust it. You create the list of good programs. That and being free, I think it's a pretty good firewall/security suite.

 

[Wave]

The point is that if you sandbox all untrusted/unknown programs, then they won't be able to harm your system should they end up to be malware. However, the important thing that it seems Melih (Comodo CEO) is oblivious to (since all he talks about is how the sandbox is so amazing on his forums), is that if malware is executed in a sandbox (no matter how powerful it is), it still gives it a shot - in terms of exploits, the sandbox can be exploited and lead to the system becoming compromised by the attacker. Attackers have found ways to compromise software such as VMWare Workstation before from the Guest OS, very sophisticated, also using real virtualisation techniques via hardware utilisation, therefore Comodo Sandbox can also be exploited (theoretically, nothing is 100% secure and everything can be exploited one way or another, even if it seems impossible at the start).

In reality, Anti-Virus software is not actually dead, since they still have a chance at detecting malicious software before it gets to actually execute (which would then give it at least a 1% chance of exploiting any security software techniques such as sandboxing). Even though detection methods such as checksum scanning is now obsolete and has been for quite some time, in my opinion at least, heuristics is a big thing when it comes to AV development and can always kick in and be helpful with positive detection's, too. Web-blocking is also a huge factor when it comes to security software, since you can block the downloads before the malware is ever downloaded onto the system in the first place, or before an exploit page has successfully finished with the web requests to the browser to load and execute the exploit.

If possible, prevent the threat from ever making its way onto your system. The best line of defense in reality is actually you, and additional security software or browser extensions are just your backup friend - watch what websites you visit, watch what you download and watch what you run. That being said, never trust an e-mail without verification of the sender should attachments be handled or links be involved (since attackers can spoof the sender email via altering the email header for example). Just apply good online practises, and be careful when handling things offline (such as removable disks), and you should be fine with or without any security such as Anti-Virus/Internet Security.

Comodo Sandbox is very good if used correctly, but it's not as good as some people make out, most security software is overrated since it's just people handing out opinions on which software they like - and this is natural and normal on a forum, all forums actually. Use the software you are comfortable with using, but just remember that no matter what you do, you're not 100% secure and malware/hacking techniques are evolving every single day, you never know what is around the corner waiting for you the next day!

 

[AtlBo]

Why, after reading the comments here, do I feel like Comodo should back off everything in CF but the sandbox? I mean, just completely ditch the rest. Make it so that any configuration of the sandbox currently possible can be used. So much of CF as it is seems like it's out of place or part of a malnourished design philosophy.

If Comodo went this route, the devs could 100% separate themselves from the current program and work freely on connection and behavior monitoring, and they could do this in two separate clean and new programming environments. Ultimately, users would get a simple GUI for a sandboxing program that does what it says it does, sort of like VoodooShield. It would probably get better, too, with Comodo better able to focus on it singularly, making it more difficult to bypass or circumvent.

Maybe I'm wrong about this. I mean, I almost installed CF today, but I decided to wait. Then I was going to post some questions about CF v VoodooShield and also about the depths of the unknown with the deeper CF settings. Looked again at cruelsister's most recent video showing how CF blocks ransomeware and decided to back off of that, because her settings are so simple. I couldn't think of a reason to really get into the deeper issues of CF based on my experiences with the program in the past and then considering how much so cruelsister's settings work better than anything I tried. I felt doubtful that anyone really knows the program with a serious degree of expertise.

For me, the reason I don't know the deeper things of CF is that the wording of settings and their placement don't make sense to me. It's not clear what's there. Help files are vague and not technically specific and concise in nature. Again, for me, it's as if CF turns into a weed infested jungle for anything beyond cruelsister's settings.

idk, I run Private Firewall. It's not the greatest settings layout, and it has too many shortcomings to name pretty much. I mean, any malware that targeted it could turn it off. That's just the beginning, but it's frustrating not knowing what to do next. I do feel like firewalling is for me, but I just can't seem to put the pieces together. Worst of all, I can't shake the feeling that Comodo is on the right track. That said, isn't it finally time for a breakthrough with the program? At the least they could cut to what is known with the sandbox and begin from there with a new plan to bring the program back together at a later date. The new program would most certainly reveal updated and refined user settings interface flow and language...and plenty of creative/clever/intuitive design. For some reason, I still feel like we're going to see this at some point in the future from Comodo.

 

[jamescv7]

Honestly Comodo Autosandbox has a good concept, in such common activity usage the sandbox will automatically virtualize any unknown programs correctly.

But in order to achieve long term effect, the list should be manually configure by user. The problem for Comodo is maintaining the ruleset which cause instability operation.

 

[shmu26]

1 Yes, COMODO whitelist is fallible.

2 No, there is no better whitelist for default/deny

bottom line: if you want a default deny that helps to make your decisions for you, you have a choice between COMODO and VoodooShield. Both have bugs.

 

[Solarlynx]

I use Comodo Firewall because it has HIPS. As HIPS gives real control over the system. I wouldn't regret if they ditch the Auto-sandbox though it seems they value the Auto-sandbox over the HIPS.

 

[shmu26]

I use Comodo Firewall because it has HIPS. As HIPS gives real control over the system. I wouldn't regret if they ditch the Auto-sandbox though it seems they value the Auto-sandbox over the HIPS.

also the COMODO HIPS is susceptible to the same issue of possibly whitelisting a bad file. Because if a file has trusted status, you won't get HIPS prompt for it when it executes.
Admittedly, this problem doesn't seem to happen very often. It is rare enough to be newsworthy, and people talk about it gleefully for days...

 

[Evjl's Rain]

I use Comodo Firewall because it has HIPS. As HIPS gives real control over the system. I wouldn't regret if they ditch the Auto-sandbox though it seems they value the Auto-sandbox over the HIPS.

the problem is you may allow something via HIPS and you may get infected + too many HIPS prompts may break the usability of the computer. It's rather annoying than protecting
autosandbox doesn't have any prompt or with single prompt so it it's better for most users. You don't wanna click to allow or deny something several times

 

[_CyberGhosT_]

CF has far more bugs than VoodooShield, lets get that straight now.
And HIPS while good, increases the attack surface=(advanced users will understand this)
Comodo, no part of it is on my radar for having and
maintaining an advanced setup for security. To me it
would be a step backwards.

 

[shmu26]

Why, after reading the comments here, do I feel like Comodo should back off everything in CF but the sandbox? I mean, just completely ditch the rest. Make it so that any configuration of the sandbox currently possible can be used. So much of CF as it is seems like it's out of place or part of a malnourished design philosophy.

If Comodo went this route, the devs could 100% separate themselves from the current program and work freely on connection and behavior monitoring, and they could do this in two separate clean and new programming environments. Ultimately, users would get a simple GUI for a sandboxing program that does what it says it does, sort of like VoodooShield. It would probably get better, too, with Comodo better able to focus on it singularly, making it more difficult to bypass or circumvent.

Maybe I'm wrong about this. I mean, I almost installed CF today, but I decided to wait. Then I was going to post some questions about CF v VoodooShield and also about the depths of the unknown with the deeper CF settings. Looked again at cruelsister's most recent video showing how CF blocks ransomeware and decided to back off of that, because her settings are so simple. I couldn't think of a reason to really get into the deeper issues of CF based on my experiences with the program in the past and then considering how much so cruelsister's settings work better than anything I tried. I felt doubtful that anyone really knows the program with a serious degree of expertise.

For me, the reason I don't know the deeper things of CF is that the wording of settings and their placement don't make sense to me. It's not clear what's there. Help files are vague and not technically specific and concise in nature. Again, for me, it's as if CF turns into a weed infested jungle for anything beyond cruelsister's settings.

idk, I run Private Firewall. It's not the greatest settings layout, and it has too many shortcomings to name pretty much. I mean, any malware that targeted it could turn it off. That's just the beginning, but it's frustrating not knowing what to do next. I do feel like firewalling is for me, but I just can't seem to put the pieces together. Worst of all, I can't shake the feeling that Comodo is on the right track. That said, isn't it finally time for a breakthrough with the program? At the least they could cut to what is known with the sandbox and begin from there with a new plan to bring the program back together at a later date. The new program would most certainly reveal updated and refined user settings interface flow and language...and plenty of creative/clever/intuitive design. For some reason, I still feel like we're going to see this at some point in the future from Comodo.

look, if COMODO would be both easy and effective, they wouldn't be able to sell their premium tiers. They have to either make it hard, or charge for it.

 

[shmu26]

CF has far more bugs than VoodooShield, lets get that straight now.
And HIPS while good, increases the attack surface=(advanced users will understand this)
Comodo, no part of it is on my radar for having and
maintaining an advanced setup for security. To me it
would be a step backwards.

I guess it depends which kind of bugs bug you the most.
If I am running COMODO autosandbox, I can boot up my computer without getting alerts about obviously innocuous Windows processes. Can't say the same about VoodooShield.

 

[cruelsister]

The amount of bugs seen in Comodo is directly proportional to how complicated you want to make it by screwing with the settings.

The simpler you set it, the closer to Nirvana you get.

 

[Solarlynx]

The amount of bugs seen in Comodo is directly proportional to how complicated you want to make it by screwing with the settings.

The simpler you set it, the closer to Nirvana you get.

Hehe, that's why your Comodo setup is rather simple - it's Nirvana setup!

the problem is you may allow something via HIPS and you may get infected + too many HIPS prompts may break the usability of the computer. It's rather annoying than protecting
autosandbox doesn't have any prompt or with single prompt so it it's better for most users. You don't wanna click to allow or deny something several times

I agree with you fully.

also the COMODO HIPS is susceptible to the same issue of possibly whitelisting a bad file. Because if a file has trusted status, you won't get HIPS prompt for it when it executes.
Admittedly, this problem doesn't seem to happen very often. It is rare enough to be newsworthy, and people talk about it gleefully for days...

Yeah, that's true. That's why it's useful to delete TVL and switch off cloud scan.

 

[Evjl's Rain]

Hehe, that's why your Comodo setup is rather simple - it's Nirvana setup!


As for HIPS - I agree with you fully.

Sorry, idk what is HIP.


Yeah, that's true. That's why it's useful to delete TVL and switch off cloud scan.

sorry my mistake, HIP = typo, I meant autosandbox, sorry edited

 

[Deleted member 2913]

look, if COMODO would be both easy and effective, they wouldn't be able to sell their premium tiers. They have to either make it hard, or charge for it.

Free/Paid doesn't matter as the core protection mechanism & functioning is the same.

 

[Andy Ful]

@motox781
If you think that you get a definitive answer here, you are wrong. Comodo products (CF, CIS) have some genuine security solutions and some very irritating bugs. The best you can do is to try it. You must be cautious with Comodo Autosandbox. After Windows Updates, the list of safe files should be also updated, because some new system files may be flagged as Unrecognized. There may be a problem with Windows 10 Home, because you have no control over update start. Please, take @cruelsister advice seriously. Many users gave up, after creating complicated settings. Wish you luck.

 

[Deleted member 2913]

I guess it depends which kind of bugs bug you the most.
If I am running COMODO autosandbox, I can boot up my computer without getting alerts about obviously innocuous Windows processes. Can't say the same about VoodooShield.

I find VoodooShield easy to use compared to Comodo especially for average users.
Both can block average users software But I find VAi is good especially with average users software And VAi verdict with VT results helps users taking action on alerts.VS initial whitelist/snapshot is good for proper functioning of critical/required stuffs.

As said both can block users programs or require input. In VS case, vulnerable processes alerts could be a prob for average users.
Once VS 3 stable is released, options will be implemented that you can enable to make VS more easy & set it for average users (AutoPilot Mode).
Lets see what all options will be available in the free version.

 

[Wave]

@motox781 Personally I wouldn't bother with it if I were you... Just make sure UAC/SmartScreen is enabled, enable Windows Defender as your primary AV, install VoodoShield and use Sandboxie/Virtual Machine for new unknown programs manually (along with online malware analysis services and VT). Be careful, watch what you do and you'll be fine.

You can add an ad-blocker such as uBlock Origin (extension) or Adguard to improve your protection, to help protect against malvertising attacks.

I don't think Comodo is worth the trouble, I installed it a few weeks back in a VM after not having tested it in a few months, to find it locked out any programs from running. A bug which was meant to have been fixed years ago.

 

[shmu26]

Sooner or later, you will be forced to make decisions about certain programs/processes that you want to run -- whether you use Voodoshield or COMODO or anything else. You can't get away from it. Believe me, I've tried. You gotta take responsibility for what you install/run, like it or not.

So you might as well use NoVirusThanks EXE Radar Pro. It's just as free, it's a lot less buggy, and it really works. You just have to learn how to edit a command line. That's merely a matter of putting an asterisk in the right place. That is a lot easier than troubleshooting bugs...