Comodo Internet Security 6.0 beta experience

I tried many, many commercial and free antimalware tools (hardware and software) - mostly enterprise level, but also home use versions, and I currently work with (non Comodo) security software and hardware. I use Comodo 5.10 at home since I find it the best among the free home antimalware programs today.

I just tried Comodo 6.0 beta and must say it went well above my expectations and I wanted to share it with you.

Pros:

• Very low resource demands (around 11-16MB RAM on my system)
• Very fast scanning (Full scan is quite fast (but I have SSD). Once you make full scan - all other scans are much, much faster
• Very good AV (above 85% hit rate on a very new malware (48h old)) - something that Comodo was always lacking, but now I think people will have to change perception.
• Full virtualization of apps (and you can have a green border on the virtualized windows - so you know it is virtualized) and Kiosk virtual desktop where you can do whatever you want.
• I like safe:// and kiosk:// urls where it automatically virtualizes the browser process that opens url.
• It is very light on system messages and not obtrusive.
• You can easily scan or sandbox anything by drag and drop into the Comodo window.
• You can place most important Comodo system settings and apps into the some kind of Quick access bar and have like shortcuts for advanced stuff.
• Killswitch is now a part of Comodo IS. In my opinion it is one of the best process explorers. Imagine Russinovich's Process Explorer masterpiece and add security stuff in it.

Cons:

• First beta - rough edges - not for a production machine.
• Not happy with the new GUI. I find it more complex than the old. But it could be me.

To download it you must be a member of Comodo forums.

Please check Bugs: https://forums.comodo.com/beta-corn...curity-602528292560-bug-reports-t87325.0.html

And I read somewhere that the new beta will come by the end of next week.


This is what I did:

First I made a full partition backup on a external disk. Do that if you wanna try what I did. It is ok to do testing in a virtual machine, but I wanted a reallife scenario on my main machine with my settings and software.

As a test I started Kiosk mode (fully virtualized desktop - AV is not catching anything here) and went to a 0day malware domain list (you don't want to try this if you don't know what are you doing) and tried like 50 links mostly plagued with Black Hole, Zeus and other very recent malware kits. Now check this: IE9 with only tracking protection on and disabled Activex survived 50 0-day links packed with exploit loaders and showed only one suspicous behaviour - once I saw a dialog asking me whether I want to leave the page for no apparent reason. Nothing crashed or anything. I went back to normal windows and no change to the Windows system. So Kiosk works as advertised.

Then I tried without kiosk or virtualization. Only IE9 (not virtualized) but with Comodo checking everything. Around 25 links were caught either by Microsoft SmartScreen Filter (and that was really good for Microsoft) or Comodo DNS filter, but from loaded pages NONE could do anything! Killswitch actually did show some new running processes, but Comodo either sandboxed it or immediately got rid of it, and nothing was changed on my system. I checked with Malwarebytes, HitmanPro, Emsisoft - and there were some partial temps, registry traces (perhaps from some time before - since I did it on my real machine that I use for over three years now), but nothing new was installed or changed - no rootkits, no autoruns, no new processes in memory. My system survived. I actually still didn't formatted my disk and restored backup partition!

I haven't tested dowloaded viruses (but I checked online and people are reporting numbers well over 80% for a very new malware), PUPs or adware. For that please see this: Languy99's Software Reviews - YouTube




And yes I uninstalled 6.0 beta eventually since I have only one machine that I use and as I said I saw some bugs. But version 6 will be a must have upgrade.

 

Comodo 6 is going the right direction I think for performance. But the UI is terrible. It's too simplistic and the feature I want to work doesn't. The exclusions don't work. Put a file or directory to be excluded, keeps on being a pain in the butt.

Comodo is all about prevention. But I don't care how great it's sandbox or HIPS is. The best prevention is me. The only thing I want is for the firewall to detect an intrusion and block it. If I happen to install something by mistake, I want that AV to detect it immediately and then allow me the decision, quarantine it, delete it, or add it to exclusion. Comodo instead treats everything as if it's malicious and runs it in sandbox and then immediately quarantines anything with it's endless false positives. More false positives than any program I've used so far.

What I really don't understand is that anyone running a network today doesn't even need this anymore. At least I would have every station setup as a terminal and running cloud/VM. Making Comodo 6's HIPS/Sandbox pointless. I just don't understand it.

Overall, I liked the speed. But I want something simple. Gimme a really fast, really lightweight AV and a powerful firewall that does it job without being annoying. You want to see me become a pissed off hulk? Then install Comodo Internet Security on my PC.

Because with me being the best prevention, I'd prefer to run without a AV/Firewall if Comodo 6 is the only choice. So if I do have a security software running, it better be really fast, let me be the decision maker cause I don't trust it to just put everything in a sandbox and me off, and run in the background as if it's not even there. Comodo 6 always let's me know it's there in the most annoying manner possible.

Overall I give Comodo 6 a 1/10 for being annoying. It's not the focus or center of my PC. Comodo 6 is the self-entitled child who is always crying for attention.