Give all that for FREE!!! What's the Catch? How does Comodo Make Money?

[Guest]

[TreeFrog]

Melih,
       I was curious, are you going to integrate with Linux and Mac operating systems as well?  Or are you sticking with just Windows?

[Melih]

Melih,
       I was curious, are you going to integrate with Linux and Mac operating systems as well?  Or are you sticking with just Windows?

at this moment just windows.. in future we want to support all platforms..

Melih

[cavillas]

I have been usng Comodo stuff on and of for a very long time now and find it to be superb software.  It's not often that a large company go out of their way to help normal users and your help has been very welcome to an ever growing uncertain internet.  You give a simple choice of applications that work and  are very easy to use.  I feel quoite safe using your products and have not noticed any ongoing problems with my setup. 

Well done to you all and thankyou for helping us not so rich internet users.

[beto86]

Hi, this is my first time on this forums, I got to know of your products through a friend, and from what I've read in other posts, your bussines iniciative is pretty good... it's nice to see that some people develop software "for free" (even tough I don't have any of your products currently instlled).

I have some "comments-questions".

1.- Does the Comodo antivirus scan for other threats like jokes, spyware, etc? most other AV's which have a free version, modify it, so it only detects viruses (and make their premium versions the complete ones)

2.- If you were trying to convince someone using any other AV, what reasons would you give to switch to Comodo?

3.- As I told you, I don't have Comodo installed, but, as I can see in webpages like:
http://virscan.org/
Comodo usually misses most of the viruses... maybe because bad heuristics or a too little virus database... what can you say about that?

I'll be glad to hear from you, because, my Avira Premium license is about to expire, and I'm thinking into changing to a free AV, and it would be intresting to give comodo a chance.

[panic]

G'day and welcome to the forums.

First and foremost - the current version of Comodo Anti Virus (V2) is a BETA product. It should not be used in a production environment or on any PC you deem important. Beta products can, and sometime do, cause problems, loss of data, loss of connectivity, etc. Beta software should only be used if you are cognizant of these risks and are prepared to accept full responsibility for any failings.

Whew! Having said all that, CAVS2 is a solid anti virus and I haven't experienced any problems whatsoever in around 18 months of solid usage on over 100 PCs. Just about all beta software comes with a similar warning, so please don't be put off by it. Equally, don't ignore it. 

1.- Does the Comodo antivirus scan for other threats like jokes, spyware, etc? most other AV's which have a free version, modify it, so it only detects viruses (and make their premium versions the complete ones)

Comodo do not release a crippled free version and make you pay to get the fully featured version. CAVS 2 BETA detects viruses, trojans, rootkits, adware, spyware, malware.

2.- If you were trying to convince someone using any other AV, what reasons would you give to switch to Comodo?

One of the primary differences between CAVS2 BETA and other AV products, and this relates directly to your next question, is that traditionally AVs have placed a greater reliance on detection and removal. The fundamental flaw in this approach is that it is based on the premise that the infection has already taken place. It has to exist on your system before it can be detected on it or removed from it.

In addition to the traditional two pronged detection and removal approach, CAVS2 BETA introduced a third prong - prevention. If an infection can be prevented from getting into your system in the first place, detection becomes less of an issue (not removed entirely, but certainly lessened).

Comodo are working hard to increase the size of their signature database and to improve their detection and removal rates. They are currently working on CAVS3 (therefore CAVS2 BETA may never come out of BETA stage), which will be based upon the same security platform they developed for the recently released Comodo Firewall Pro Version 3. Because of this common platform, there will be a high degree of co-operation and interoperability between the AV and the firewall (and other future modules  ). This co-operation will not make the system slower and the applications larger. Rather, it will increase speed and lower resource usage due to shared componentry and leveraged functionality. It's not here yet, but it's bloody exciting.

3.- As I told you, I don't have Comodo installed, but, as I can see in webpages like: http://virscan.org/
Comodo usually misses most of the viruses... maybe because bad heuristics or a too little virus database...  what can you say about that?

You're correct when you say CAVS2 BETA gets a low rating on these AV testing sites, but their testing methods are geared solely around the traditional two pronged approach and do not factor in CAVS2 BETA's prevention capabilities.

Imagine if, instead of starting the test with a system that was crawling with malware and just measuring detecton and removal, they started with a clean PC and measured how clean is the PC at the end of the process?

CAVS2 BETA's additional prevention layer would stop most malware from ever getting onto the PC, which would leave it, in all likelihood, just as clean as other systems protected by AVs with a far higher detection and removal rate than CAVS2 BETA.

Factoring prevention into the testing methods would vary the result greatly, but the results won't change until the testing methods do.

A lot of test sites rigidly stick to detection and removal percentages as the be-all and end-all.

Surely, the best measure, above all others, is "How clean and secure is my PC - regardless of how it got that way?".

Hope this helps,
Ewen :-)

[beto86]

Thanks for answering  , I promise I'll try the Comodo antivirus when my current AV license ends, and I'm really intrested in seeing that integration between the Comodo AV 3 and the Firewall 3.

There's only one thing which I still don't have clear:

You talk about prevention as a third pronge, but I don't understant how does it prevents malware differently from other AV'S.

Is it a sandbox feature? is it a registry guard? is it the integration with the firewall preventing external connections?

Also, then... are you somehow saying that it's harder for Comodo to clean an infested system, than to keep it clean? I believe that's not quite a good thing, because if someone is looking for an AV, it is because he has had or has an active infection.

By the way, check www.nanoscan.com  that's a really intresting technology by Panda Security. (Which I believe works, by sending a list of current procesess and their MD5 hashes, and comparing it against a list of malware, and by using a really sensitive heuristic component).

[panic]

Thanks for answering  , I promise I'll try the Comodo antivirus when my current AV license ends, and I'm really intrested in seeing that integration between the Comodo AV 3 and the Firewall 3.

As long as you end up with a security solution that you are comfortable with - thats the main thing.

There's only one thing which I still don't have clear:

You talk about prevention as a third pronge, but I don't understant how does it prevents malware differently from other AV'S.

Is it a sandbox feature? is it a registry guard? is it the integration with the firewall preventing external connections?

CAVS2 BETA incorporates a HIPS (Host Intrusions Prtoection System) module that monitors system injection vectors and alerts you to attempts to alter these.

In laymans terms, it keeps an eye on all the places that malware tries to hide itself in before it does anything bad. If something tries to wiggle into one of the nooks, the HIPS in CAVS2 BETA aleerts you and asks if this is OK. If it's not something you were doing deliberately, you would DENY and the infection would never occur.

Also, then... are you somehow saying that it's harder for Comodo to clean an infested system, than to keep it clean? I believe that's not quite a good thing, because if someone is looking for an AV, it is because he has had or has an active infection.

People don't buy alarms and door locks because they have just been robbed. They buy them so they don't get robbed in the first place. CAVS2 BETA, as stated previously, doesn't have as high a detection and removal rate as others. Similarly, others just don't have a prevention rate. CAVS2 BETA, and the some-time-in-the-future CAVS3, will have greatly enhanced detection and removal capabilities. They just don't have them yet.

By the way, check www.nanoscan.com  that's a really intresting technology by Panda Security. (Which I believe works, by sending a list of current procesess and their MD5 hashes, and comparing it against a list of malware, and by using a really sensitive heuristic component).

Heuristics are not black magic - they are just a form of signature, based around probable actions, rather than byte signatures. Nanoscan is good, as is just about every AV product out there. Nobody is trying to make a crappy product, it's just that some are taking a fresh approach to securing PCs and not seeing traditional AVs as the ducks nuts and the only things you'll ever need.

Always remember, the only person who will ever tell you "This is the only thing you'll ever need" is the salesman that only has one thing to sell. 

Ewen :-)



[/quote]

[rwlair]

Melih, first congrats for a great product. I have nearly all my non-computer-literate friends and relatives using either CFP 2.4 or 3.0. I use CFP 2.4 on my Win2K3 Server box with ClamWin AV, LavaSoft Ad-Aware 2007, and Windows Defender, and I have found this to be a nearly unbeatable combo. Iam of the school that a tightly focussed piece of software that is lightweight is the best. Now, a couple of questions, which I'll pose here on the forum necause I think others might profit from the answers. To wit:
1.   I'm an adjunct professor at a local community college, and I teach students a wide range of IT classes. I am going to be teaching a chapter on computer security in a few weeks, and I'm going to naturally feature CFP 3.0 when I discuss software firewalls. Do you have any training materials for CFP, or for that matter for your other products, that are suitable for high school or college students? For example, Sun and Microsoft both have extensive training materials available for free on-line.
2.   Do you have a certification for your software products? If I want to resell or partner with you, my clients are going to want to see I'm fully qualified to talk to them about your product range, and for most larger business/enterprises that means they want to see a cert. What are your thoughts?
3.   Lastly, with your warranty options, particularly the plus warranty, who exactly and how exactly are you going to remove all malware off a client's machine? Windows RDP?
For what it's worth, I have been and will continue to be a firm proponent for servers of using a host IPS product to control network access and then relaxing AV protections a trifle, to free up some resources. With host IPS and AV from one of the other "Big AV Companies" I have successfully reduced processor load by as much as 20% by relying on the IPS preventing connections except to those Web and intranet nodes that are absolutely necessary to serving the business owner. This is why I use CFP 2.4 and ClamWin, and why my server has no malware and almost no spyware (other than a few cookies).
Kepp up the excellent work!  (B)

[Melih]

hi Rwlair

thanks for the post

1) I am afraid we don't have that kind of material yet but i will certainly pass it to our marketing dept for them to keep that in mind.

2)No certification either yet but one can become a reseller and we will support them with training material etc.

3)Comodo experts will remotely login and remove the malware.

You are doing the right thing by going for prevention reducing the cpu load and only use AV if you are going to run some unknown programs or on demand from time to time.

thanks for you input.

Melih

[Cabloona]

Could you tell me please:

a) the national base of this company - America/Israel/Korea/Turkey etc.?

b) why I should entrust my security to a free firewall with the same relative peace of mind that attends installing one I pay for annually? 

There is no necessary connection between payment and excellence, of course, but companies charge a fee for services they believe are not available - or not available to the same extent or at the same quality - elsewhere. It is mistakes in assessing this aspect of the market which cost them profits and, eventually, their existence. Thus probablity suggests that paying for software is likely to prove a better bet than installing freeware.

I have used Zone Alarm Pro for some years. While very far from a 'techie' or computer buff I note that Zone Alarm has the endorsement of industry renegades (and geniuses) like Steve Gibson (or had back in 2004 when last I looked). His recommendation carries weight, and is such that experience tells me to accept it at least until I have evidence to the contrary.

You will say, 'Try it and see'. Unfortunately I renewed my subscription to ZAP only recently, so finding a replacement will prove a leisurely business. I AM looking to replace ZA (which is getting too expensive) but other factors command attention too. One is the length of time Comodo firewall is likely to stay free. Growing companies invariably withdraw good, free software once they have the market share they set out to achieve, and you will forgive me if I approach all the talk of trust and giving things away for nothing with a scepticism maturity and experience render unavoidable.

The fact is that most computer-ignoramuses like me would be none the wiser if corporations like yours or ZA, far from protecting us, were actually plundering every detail of our lives and logging it on their own databases for future use. I have reason to think ZA works however. My reasoning is imperfect since it based purely on taking the company's word that it operates in my best interests - i.e. I have to trust (that word again!). But I an also able to judge things by the rate at which my computer succumbs to infection.

This being the case what reason can you give to justify my abandoning ZAP for Comodo beyond the fact that Comodo is (for now) free? Does it perform better than ZAP? Are there weaknesses in ZA we aren't being told about?

Of course if you're making so much on SSLs you may not even deign to answer.......

[panic]

G'day and welcome to the forums,

Quick answers to your first two questions;

a) UK, US, Ukraine, India, China, Italy and there are a few others they have offices in.

b) This can only be answered by you, after due research and determining what level of security is confortable and workable, given your computing requirements.

CFP has been marketed, from day one, as free forever. There has been no indication from the CEO (Melih Abdulhayoglu) that this will not vary. The main thrust behind the Comodo firewall would only seem to reinforce this concept of free forever.

Bear with me for some background .....

Comodo make a reasonable percentage of their corporate income from the sale of SSL certifcates and their associated activities acting as a CA (Certification Authority). Over a few years, they wondered why, if general internet usage was growing at X%, why was internet commerce only growing at a fraction of that rate (and thereby limiting sales of SSL certificates to the same reduced rate)?

Their research concluded that it was caused by a general level of mistrust between consumers and the internet. They used it, but they didn't trust it. At the lowest level, they didn't trust their own PCs. Following this, Comodo thought that if they could increase the level of trust between a user and his PC environment by providing top quality security software free of charge, then the name "Comodo" would, in the minds of the consumers, be associated with all things safe and secure.

This would then hopefully drive the usage of Comodo protected sites upwards, which would reflect on non-Comodo protected sites, which would drive sales of SSL certificates to these non-Comodo protected sites, converting them to Comodo protected ones, thereby attracting users who were comfortable with Comodo as a security brand. Sorry for such a long sentence, but all of those references flow into the next.

This model, while unusual, is working, and as a result, hundreds of thousands of PCs are better protected than they were before (whether the user couldn't afford protection before or whether the user had a different firewall that provided a lower level of security is immaterial).

Is this sufficient justification for you to use Comodo as your next firewall?

That, my friend, is a decision only you can make. You have to be comfortable with your environment, and no-one knows your expectations better than you.

In saying that, please feel free to ask anything here. There's a great bunch of users with an extremely broad range of experience and they are, work and personal committments permitting, only too happy to help out. Comodo have a broad range of software that is free. Forever. Ask away - we'll help wherever we can.

Cheers,
Ewen :-)

[Cabloona]

G'day and welcome to the forums,

Quick answers to your first two questions;

a) UK, US, Ukraine, India, China, Italy and there are a few others they have offices in.

b) This can only be answered by you, after due research and determining what level of security is confortable and workable, given your computing requirements.

Thank you for replying Ewen. Comodo may have offices all round the world but are you an American company of origin or a Chinese company of origin or some other? That is what I wanted to know (sorry for not making myself clearer).

Also you sidestep my question with a ' horses for courses' response, but if you are recommending Comodo as at least comparable with a good deal of commercial firewall software - and you are - then it has to be because it performs as well as or even exceeds the performance of popular commercial products, usually ZAP, Norton and Macafee and so on. Thus my question stands irrespective of 'personal computing requirements', at least in a general sense - why abandon ZAP?

I'm an ordinary, technically illiterate computer user with the requirements of an ordinary technically illiterate computer user - Joe Average (and don't tell there is no such creature!). I like the way ZAP takes care of things automatically, but at the same I worry because I'm not skilled enough to avoid relying on corporate assurances as to its effectiveness. I'm told much commercial firewall software 'leaks'. Could 'IPsec policy' be used with Comodo ? Which commercial brands aren't as reliable as their marketing likes to claim?

I sense a reluctance to be seen as casting aspersions at the competition. I understand perfectly. However if you have facts to hand that would throw light on the subject - and you cannot make claims for your own software without studying and drawing certain conclusions about the opposition's - I see no harm in telling what you know.

Very kind of you to engage with me in this by the way. It's much appreciated.

[Melih]

We started life in the UK but now operate from the US.

thanks
Melih

[panic]

Also you sidestep my question with a ' horses for courses' response, but if you are recommending Comodo as at least comparable with a good deal of commercial firewall software - and you are

Am I? I thought I was just answering functional questions that others had posted. As a rule, I avoid giving my preference-type opinion of this or other software, as largely it ends up coming down to personal preference.

- then it has to be because it performs as well as or even exceeds the performance of popular commercial products, usually ZAP, Norton and Macafee and so on. Thus my question stands irrespective of 'personal computing requirements', at least in a general sense - why abandon ZAP?

I'm an ordinary, technically illiterate computer user with the requirements of an ordinary technically illiterate computer user - Joe Average (and don't tell there is no such creature!). I like the way ZAP takes care of things automatically, but at the same I worry because I'm not skilled enough to avoid relying on corporate assurances as to its effectiveness. I'm told much commercial firewall software 'leaks'. Could 'IPsec policy' be used with Comodo ? Which commercial brands aren't as reliable as their marketing likes to claim?

I sense a reluctance to be seen as casting aspersions at the competition. I understand perfectly. However if you have facts to hand that would throw light on the subject - and you cannot make claims for your own software without studying and drawing certain conclusions about the opposition's - I see no harm in telling what you know.

Very kind of you to engage with me in this by the way. It's much appreciated.

Hey cabloona,

Unfortunately, I have to joust around the topic of which is best and why you should choose Comodo and brand X will cause your genes to wither etc. I'm not an employee of Comodo, just an unpaid volunteer on these forums. As such, my opinion should have little weight and should never be taken as the official Comodo line.

I don't know you and you don't know me. If would be foolish on my behalf if I categorically told you what to use and ludicrous on your behalf if you believed me.  I don't know your experience, your expectations, your security requirements and your computing preferences. Any advice I could offer would be merely an opinion, expressed in light of personal experience in a set of circumstances that would be radically different to yours.

Whether you should entrust your PC security to this company as opposed to the company you're currently throwing money at can only be answered by Comodo. May I suggest you send a PM to Melih on this.

In terms of my personal experience, I have found CFP to be superior to every other firewall I"ve tried (which includes all thiose mentioned in your post and several others you may not have heard of). I have found it easier to define application types, rules etc. simpler to follow its logic in why things do or don't happen, incredibly powerful HIPS (Defense+), incredibly configurable and, once the dust settles after installing, not too pop-up intensive.

I like it. I recommend it. But that should carry as much weight as spit in the rain. Each individual instance of security needs to be made in the context of its intended use.

hope this helps,
Ewen :-)

[Cabloona]

Whether you should entrust your PC security to this company as opposed to the company you're currently throwing money at can only be answered by Comodo. May I suggest you send a PM to Melih on this.

I'm so sorry Ewen. I thought you were an employee.

In terms of my personal experience, I have found CFP to be superior to every other firewall I"ve tried (which includes all thiose mentioned in your post and several others you may not have heard of). I have found it easier to define application types, rules etc. simpler to follow its logic in why things do or don't happen, incredibly powerful HIPS (Defense+), incredibly configurable and, once the dust settles after installing, not too pop-up intensive.

I like it. I recommend it. But that should carry as much weight as spit in the rain. Each individual instance of security needs to be made in the context of its intended use.

Fair enough. I appreciate what you say about Comodo in relation to other firewall softwares though. Entirely subjective remarks, as you colourfully point out, but scarcely valueless.

Just a couple of final things: is Comodo easy enough for a numbskull to configure (yours truly) or does it assume a certain amount of knowledge? Second what about this 'IPSec Policy', touted elsewhere as a way of bolstering firewall software.

Thanks again for your help and apologies once more for the mistake.

[Tags:]