Author Topic: Feedback about recent Comodo experience  (Read 782 times)

Offline peopleinside

  • Comodo's Hero
  • *****
  • Posts: 283
  • Passionate Security
Feedback about recent Comodo experience
« on: November 08, 2019, 09:37:05 AM »
Hi,
as passionate Comodo user I want leave my experience here and write why today i trust Comodo less.

First let's say the Comodo forum has not the HTTPS forced as the screen 1 attached.
Let's say also the forum was hackered and the footer say the used version is 2..0.7 who let think the software can be old.

Also let's say currently also GekBuddy chat is under insecure HTTP protocol (see here)

Than I can talk about recent security issue on the software:
https://forums.comodo.com/news-announcements-feedback-cis/several-vulnerabilities-found-in-comodo-antivirus-t124661.0.html that seems to be fixed in the version v12.0.0.6882
https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-2019-v12006882-ndash-released-t124707.0.html

but the question is: why affected user with the previous version are not "immediately or very soon upgraded to the new version?
Seems an old version 6818 (with potential security issues) discovered different week ago still be the stable release to all users who has Comodo already installed (see this post).

Quote
On a sidenote. Comodo has not even provided 6882 to the updater. My netbook is still on 6818.

The latest Comodo version if set with all possible option active detect in quick and full scan Windows autorun components as insecure and need to be manually fixed: https://forums.comodo.com/antivirus-help-cis/quick-scan-found-threats-that-cannot-be-fixed-t124830.0.html;msg891282#msg891282

Also about this issue I asked on GekBuddy chat and the operator  has added C:/ in the scan exclusion. This solve the detect issue but doesn't expose the PC to a security risk if C is excluded from the scan? https://forums.comodo.com/geekbuddy-live-pc-support/how-i-can-report-a-suspect-agent-behavior-t124829.0.html;msg891280#msg891280

Now the Comodo version 6914 has been release and why i should consider this version as not stable when is the version that can be download from the official public website download page?
https://www.comodo.com/home/internet-security/internet-security-pro-suite.php

If this is not the last stable release than should be not downloadable from the main website but maybe only from the forum.
This version seems to be broken: cannot be uninstalled, detect a Microsoft certificate as not trust in the rating scan, if i try to run the diagnostic tool when Comodo is uninstalled fails with different errors.

Recently i done a simple security test available there: https://forums.comodo.com/install-setup-configuration-help-cis/comdoo-fail-security-test-t125052.0.html;msg892951#msg892951 and discover this program bypass totally Comodo Internet Security and are able to recording keyboard, do screenshots etc.

Other security software block this file immediately... after i discover Comodo was vulnerable i uninstalled it and tested a different software that has not done the same vulnerable job.
The reply on the forum was: the test program than i run is from a trusted developer so is not locked, stopped by Comodo.

So a dangerous behaviour is not detected and allowed just because the developer is trusted. Also why trust a test file that show you are exposed to security risk?

For all that reason I uninstalled Comodo and started to use a different software (360 Total Security) with Bitdefender and Avira Engines actives.
360 Total Security is not perfect and has some small issue that i reported but is not bad.

The PC is much more faster now without Comodo so another discovery i made is that Comodo seems use more resources. This is not a important reason for me to leave Comodo because works well but see that a new version is released in the official website (and not only in the forum) and this version is broken and still have also previous reported issue about auto-run plus new issues let me feel surprised.

Upgrade the Comodo software should be very important for fix security issue and also issue like the last version that once installed on the PC cause issues and also cannot be uninstalled without a specific tool. This kind of release should be beta release not downloadable from the Comodo official website, maybe only by the forum but but is not so.


I still love Comodo so probably i will back soon to use the program... I want just say here some considerations about the recent experience.
« Last Edit: November 08, 2019, 05:28:22 PM by peopleinside »

Offline liosant

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 1221
  • internet providers are not ready ...
Re: Feedback about recent Comodo experience
« Reply #1 on: November 08, 2019, 11:18:06 AM »
Comodo internet security is safe, but not keyboard encrypt (you tried keyscrambler?) is free;
Others suites paid fails with "antitest" (not excluded 360 total); >:-D
mozilla firefox not supported https enforce;
softwares may fails if system not updated (others suites not install - comodo install, but not start);
if users comodo in windows 7, are having problems just install update kb4474419... :-TU


Offline biteater

  • Comodo Family Member
  • ***
  • Posts: 90
  • always being used as a testuser wears out
Re: Feedback about recent Comodo experience
« Reply #2 on: November 08, 2019, 11:44:50 AM »
This is quite a letter and important thoughts from [at]PeopleInside, curious if there will be some serious answers.
All serious matters security..... 
I doubt that Comodo Staff or Development will ever answer.
PGP-ID available

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 25840
Re: Feedback about recent Comodo experience
« Reply #3 on: November 08, 2019, 12:43:57 PM »
Hi,
as passionate Comodo user I want leave my experience here and write why today i trust Comodo less.

First let's say the Comodo forum has not the HTTPS forced as the screen 1 attached.
Let's say also the forum was hackered and the footer say the used version is 2..0.7 who let think the software can be old.
The version number at the bottom is erroneous and has been for several years. We have asked more than once over the past years to update it to the actual version of the SMF software. Since you're a regular you may have noticed we stated this in public as well.

Quote
Also let's say currently also GekBuddy chat is under insecure HTTP protocol (see here)
A fix is in the works. Let's hope it gets fixed soon.

Quote
Than I can talk about recent security issue on the software:
https://forums.comodo.com/news-announcements-feedback-cis/several-vulnerabilities-found-in-comodo-antivirus-t124661.0.html that seems to be fixed in the version v12.0.0.6882
https://forums.comodo.com/news-announcements-feedback-cis/comodo-internet-security-2019-v12006882-ndash-released-t124707.0.html

but the question is: why affected user with the previous version are not "immediately or very soon upgraded to the new version?
Seems an old version 6818 (with potential security issues) discovered different week ago still be the stable release to all users who has Comodo already installed (see this post).
Comodo dropped the ball not pushing 6882 to the program updater.

Quote
The latest Comodo version if set with all possible option active detect in quick and full scan Windows autorun components as insecure and need to be manually fixed: https://forums.comodo.com/antivirus-help-cis/quick-scan-found-threats-that-cannot-be-fixed-t124830.0.html;msg891282#msg891282
When set to manual you will have manually fix. I fail to see the problem. You get what you asked for and now you're complaining you asked for it?

Quote
Also about this issue I asked on GekBuddy chat and the operator  has added C:/ in the scan exclusion. This solve the detect issue but doesn't expose the PC to a security risk if C is excluded from the scan? https://forums.comodo.com/geekbuddy-live-pc-support/how-i-can-report-a-suspect-agent-behavior-t124829.0.html;msg891280#msg891280
I stronlgy urge you to post this in the Geekbuddy board. It was a mistake. Without insight in the logs we don't know exactly how and why this mistake was made. As stated in that topic it may have been a temp workaround they forgot to remove upon ending the chat. But without logs everything is conjecture. Please post your findings in the Geekbuddy board and provide the log or other data of the chat when asked.

Quote
Now the Comodo version 6914 has been release and why i should consider this version as not stable when is the version that can be download from the official public website download page?
https://www.comodo.com/home/internet-security/internet-security-pro-suite.php

If this is not the last stable release than should be not downloadable from the main website but maybe only from the forum.
This version seems to be broken:
It's not the wisest of Comodo decisions.

Quote
cannot be uninstalled,
It's always possible. Just boot to Safe Mode and either run the unisntaller tool (that's what it's for) or disable the autoruns of Comodo drivers, services and executable. Every self respecting security program has clean up tools as shown here: http://kb.eset.com/kb146/ . You've been around here long enough to know.

Quote
detect a Microsoft certificate as not trust in the rating scan
A minor problem
Quote
if i try to run the diagnostic tool when Comodo is uninstalled fails with different errors.
We don't know how you uninstalled so we cannot comment on this. Luckily there is always the uninstaller tool to fix things.

Quote
Recently i done a simple security test available there: https://forums.comodo.com/install-setup-configuration-help-cis/comdoo-fail-security-test-t125052.0.html;msg892951#msg892951 and discover this program bypass totally Comodo Internet Security and are able to recording keyboard, do screenshots etc.

Other security software block this file immediately... after i discover Comodo was vulnerable i uninstalled it and tested a different software that has not done the same vulnerable job.
The reply on the forum was: the test program than i run is from a trusted developer so is not locked, stopped by Comodo

So a dangerous behaviour is not detected and allowed just because the developer is trusted. Also why trust a test file that show you are exposed to security risk?.
It has been noticed many times over the years that this test gets trusted skewing the result. A simple forum search would have yielded this for you.

Set it untrusted and test again and report in the other topic! You will see Comodo will block and you will see differences when using BB and HIPS.

You will see that Comodo will protect you!

You seem to lack a proper understanding of how Comodo works and seem reluctant to listen when we are explaining the workings of CIS.

Quote
For all that reason I uninstalled Comodo and started to use a different software (360 Total Security) with Bitdefender and Avira Engines actives.
360 Total Security is not perfect and has some small issue that i reported but is not bad.

The PC is much more faster now without Comodo so another discovery i made is that Comodo seems use more resources. This is not a important reason for me to leave Comodo because works well but see that a new version is released in the official website (and not only in the forum) and this version is broken and still have also previous reported issue about auto-run plus new issues let me feel surprised.

Upgrade the Comodo software should be very important for fix security issue and also issue like the last version that once installed on the PC cause issues and also cannot be uninstalled without a specific tool. This kind of release should be beta release not downloadable from the Comodo official website, maybe only by the forum but but is not so.


I still love Comodo so probably i will back soon to use the program... I want just say here some considerations about the recent experience.
You can always go back to 6882. It runs stable as has been stated several times in the release topic of 6814.

Offline mmalheiros

  • Comodo Loves me
  • ****
  • Posts: 196
Re: Feedback about recent Comodo experience
« Reply #4 on: November 08, 2019, 01:29:47 PM »
All I see here is just crying, ranting and a failed attempt to get revenge on the fact that this user can't understand how Comodo software works, so he resorted to spread false information with this thread.

Regarding Comodo against Spyshelter test, you have already been explained multiple times on why the test was failing. Please don't spread misinformation as it is not Comodo's fault that you can't understand how their software works.

It has been noticed many times over the years that this test gets trusted skewing the result. A simple forum search would have yielded this for you.

Set it untrusted and test again and report in the other topic! You will see Comodo will block and you will see differences when using BB and HIPS.

You will see that Comodo will protect you!

You seem to lack a proper understanding of how Comodo works and seem reluctant to listen when we are explaining the workings of CIS.
You can always go back to 6882. It runs stable as has been stated several times in the release topic of 6814.

About the Forum Hack, it was alrady been discussed in the Announcement thread made by Shane, that the Forum Server used was not running Windows and thus not protected by CIS, so no Cointainment, HIPS, etc in this case. It was an Apache/Debian server. Fatih Orhan had recently updated the Itarian forums to latest VBulletin version. They are taking care of this issue.

Other mentioned issues are not relevant or have already been answered in their respective threads. I see no need to bring them back here. Like I said, this is a failed revenge attempt and nothing more. Sorry, it's just my humble opinion. ;D

« Last Edit: November 08, 2019, 01:33:06 PM by mmalheiros »

Offline ReeceN

  • Comodo's Hero
  • *****
  • Posts: 399
  • Paranoid B#st#rd - CIA
Re: Feedback about recent Comodo experience
« Reply #5 on: November 08, 2019, 01:34:02 PM »
Would also like to chip in.

So a dangerous behaviour is not detected and allowed just because the developer is trusted.

The file was not doing anything dangerous. It was performing harmless tests. Therefore it should not be blocked.

In fact this just shows how effective CIS is at not providing false-positives.

Furthermore using trusted developers is how CIS works.

It is not feasible to analyse every executable file in known existence. The technology and man power just isn't reasonably available.

So to get round this limitation CIS trusts developers who create trusted software. If this changes then the trust is revoked and their software becomes untrusted. As was the case for the XBOX cert.

There is no perfect solution, however this solution is far more effective at preventing malware infections simply because most malware is produced by untrusted parties. Hardly ever, is malware produced by a trusted author.

The system works.

why trust a test file that show you are exposed to security risk?

The test file is a safe file, thus is trusted.


Offline peopleinside

  • Comodo's Hero
  • *****
  • Posts: 283
  • Passionate Security
Re: Feedback about recent Comodo experience
« Reply #6 on: November 08, 2019, 01:47:36 PM »
Hi EricJH,
from what i can understand you are using a vulnerable version of Comodo that has security issue fixed in the next versions.

How much time, you and other users that do not update manually by loosing all setting, will keept with this vulnerable software?
Why you still be at the version 68.18 when different release's of Comodo has been published not only in the forum but in the main Comodo website?

Currently every new user that download Comodo for the first time from the official website are downloading a break software.
How this can be a serious behaviour? How can people trust this?

I really cannot understand, sorry so you maybe are right: i don't understand.

I made a post here just to discuss what i see is wrong and I'm happy to see I'm not the only one.
I love Comodo once again but all this stuff happened in this days, week is really a bad experience.

Quote
The version number at the bottom is erroneous and has been for several years. We have asked more than once over the past years to update it to the actual version of the SMF software. Since you're a regular you may have noticed we stated this in public as well.
Bad.  Is a neglected aspect.

Quote
A fix is in the works. Let's hope it gets fixed soon.
Yes, let's hope in nay way is a neglected aspect regarding security of chat communications from a security company as the forum support also the HTTP.

Quote
Comodo dropped the ball not pushing 6882 to the program updater.
I cannot understand this, just think is bad the version 6882 (who seems to be the best at the moment) are not the default version pushed by update and also downlodable from main Comodo website. Also i tried the forum setup and seems to be broken: the setup fail once opened.

Quote
When set to manual you will have manually fix. I fail to see the problem. You get what you asked for and now you're complaining you asked for it?
It's a false positive that still be so it's an error as i can see. Something of trust is flagged as not trust. The fix yes is possible manually but seems at the moment has not been resolved in the future versions of Comodo.

Quote
I stronlgy urge you to post this in the Geekbuddy board. It was a mistake. Without insight in the logs we don't know exactly how and why this mistake was made. As stated in that topic it may have been a temp workaround they forgot to remove upon ending the chat. But without logs everything is conjecture. Please post your findings in the Geekbuddy board and provide the log or other data of the chat when asked.

I don't think the public forum is the right place where put logs that show a private conversation with an operator. I opened a private ticket with Comodo about this.

Quote
It's not the wisest of Comodo decisions.
Totally agree this time, with you. It's very bad put a beta version unstable and with errors as the default Comodo download. Let me think this is considered a stabled version as in the main website where the stable version should be downloaded.

Quote
It's always possible. Just boot to Safe Mode and either run the unisntaller tool (that's what it's for) or disable the autoruns of Comodo drivers, services and executable. Every self respecting security program has clean up tools as shown here: http://kb.eset.com/kb146/ . You've been around here long enough to know.
Yes, another program error that show a false positive. Something that work in Comodo previous version now is broken. This issue is something related the beta should be not downloadable as stable version in the main Comodo website.

Before release a version should be maybe tested more as seems to have serious issues that i found immediately after installed.
I was able to remove Comodo with the uninstall tools, official uninstall tools so you know the procedure.

I still not understand and approve a trusted test program for test security is allowed by Comodo and is not detected and locked.

Quote
The file was not doing anything dangerous. It was performing harmless tests. Therefore it should not be blocked.
In fact this just shows how effective CIS is at not providing false-positives.

I don't agree. Is like say you can download eicar test file and is not detected because is not dangerous.


Offline ReeceN

  • Comodo's Hero
  • *****
  • Posts: 399
  • Paranoid B#st#rd - CIA
Re: Feedback about recent Comodo experience
« Reply #7 on: November 08, 2019, 04:53:13 PM »
I don't agree. Is like say you can download eicar test file and is not detected because is not dangerous.

If a file is harmless, then it is safe.

If an AV is not smart enough to work out that a harmless file is harmless, then it shows you how much better the Comodo system is.

Offline mmalheiros

  • Comodo Loves me
  • ****
  • Posts: 196
Re: Feedback about recent Comodo experience
« Reply #8 on: November 08, 2019, 04:58:44 PM »
If a file is harmless, then it is safe.

If an AV is not smart enough to work out that a harmless file is harmless, then it shows you how much better the Comodo system is.

OP is failing to understand that Comodo CAN AND WILL block all intrusion techniques used by Spyshelter test, provided they come by an application rated as Unknown by Comodo's Whitelisting System. He was instructed on how to set Spyshelter test to Unknown reputation in Comodo software, so his point in complaining about this is a moot point.

Offline peopleinside

  • Comodo's Hero
  • *****
  • Posts: 283
  • Passionate Security
Re: Feedback about recent Comodo experience
« Reply #9 on: November 08, 2019, 05:03:38 PM »
If a file is harmless, then it is safe.

If an AV is not smart enough to work out that a harmless file is harmless, then it shows you how much better the Comodo system is.

I don't agree but i accept is your (and maybe others) point of view.
There is no problem if you are fully happy on how things works, I'm just saying my experience and my disagreement in what i see in this days.

I know you are happy and things works well for you. I can read in your message.

- I love Comodo and trusted for different years
- I still love Comodo and as i love i just reporting my point of view on what's wrong for me, i know it's not the same for you

so thanks for your (or other) point of view but i don't agree reading it's good an antivirus doesn't flag a test file as dangerous because this means for me (and not only for me) the software did not detect the file.

Eicar file it's global, also Comodo recognized it and this is good.
Is less good doesn't recognize other program that simulate risk but this is not the major issue with Comodo.

Recent bugs and the fact this bugs are present on the version everyone download from the website this is a good problem.
Another problem is Comodo program seems to be not updated since month also if in an old version a security issue is discovered.

Also on latest versions of Comodo i start to have false positive about auto-runs process and certificate and also if i know there is a manual fix for it this let me know software as little bit loosed in quality also because an update pushed by update can take more than a year as for what i said before: stable version is 6818?

How to know what is the latest stable version if in the main Comodo website the latest version users can download is 6914 full of issues also important issues?
These are the things I would like to reflect on


Offline mmalheiros

  • Comodo Loves me
  • ****
  • Posts: 196
Re: Feedback about recent Comodo experience
« Reply #10 on: November 08, 2019, 05:11:02 PM »
so thanks for your (or other) point of view but i don't agree reading it's good an antivirus doesn't flag a test file as dangerous because this means for me (and not only for me) the software did not detect the file

Comodo is not a detection based solution so no, it did not failed to "detect the file". Comodo is able to prevent and block all intrusion techniques used by Spyshelter test, if they are used by a Malware file. A malicious file is either flagged by AV component or rated as Unknown by Comodo's File Reputation system. If the intrusion attempts come from a malicious file they will be blocked by Comodo and thus users are protected.

All files that are not signed by Trusted Vendors are caught by HIPS or Containment. If you have a test file that is Trusted by Comodo, you need to manually set it to Unknown reputation so it's actions will get blocked by Comodo.

You have already been instructed on how to proceed for Comodo software to get a positive score on all of Spyshelter's tests. But you seem to keep ignoring that for some reason.

You bringing this up without setting Comodo properly for the test sounds like you trying to say that Comodo is unable to protect against Keyloggers, Screenloggers and other Malware that use the same techniques as Spyshelter, which isn't true at all. Comodo does not fail against Spyshelter test.
« Last Edit: November 08, 2019, 05:14:13 PM by mmalheiros »

Offline peopleinside

  • Comodo's Hero
  • *****
  • Posts: 283
  • Passionate Security
Re: Feedback about recent Comodo experience
« Reply #11 on: November 08, 2019, 05:15:12 PM »
Quote
You have already been instructed on how to proceed for Comodo software to get a positive score on all of Spyshelter's tests. But you seem to keep ignoring that for some reason.
I'm not interested on test this because i understand.
This is not the main issue.

Offline mmalheiros

  • Comodo Loves me
  • ****
  • Posts: 196
Re: Feedback about recent Comodo experience
« Reply #12 on: November 08, 2019, 05:19:25 PM »
I'm not interested on test this because i understand.
This is not the main issue.

Malware or any Unknown file using the same techniques as Spyshelter tests will get blocked by HIPS and Containment. Comodo users are protected.

Other issues you mentioned are already being taken care of by Comodo and you got answers in their respective threads. So I fail to see the need for this thread.

Offline peopleinside

  • Comodo's Hero
  • *****
  • Posts: 283
  • Passionate Security
Re: Feedback about recent Comodo experience
« Reply #13 on: November 08, 2019, 05:24:37 PM »
I have nothing more to add.
Have a nice week end, thanks for participating mmalheiros and for write your point of view.

Another Comodo error: In the forum footer there is the Internet Security Link: https://www.comodo.com/home/internet-security/free-internet-security.php
Click on free download and the download is not about Internet Security but about just only antivirus.
« Last Edit: November 09, 2019, 09:03:51 AM by peopleinside »

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek