An Inconvenient Truth

Why did you close znix’s thread? I was looking forward to Melih coming back to the thread to assure us that they will tackle the Core Impact issue, as Rich_S said. Is there something for Comodo to hide about it? Do you want to disgrace and lower this forum to OA forum’s level where all negative or inconvenient posts are immediately deleted?

Again, we’d just like Comodo to deal with the issue. znix was clearly a Comodo fan and on Comodo’s side. In her/his last post, znix just got frustrated as s/he repeated her/himself over and over but Comodo and Melih kept ignoring the requests. The requests were legitimate! The reaction was natural! You can’t blame her/him for that.

Anyway, after seeing Comodo’s and some forum mods’ poor handling of the Core Impact issue and znix’s thread, I began to lose my faith in Comodo!

Up until znix’s post, I had never seen any negative or critical comments removed from this forum. Is this really what Melih wants? Melieh used to fight back against all kinds of criticisms and negative comments on his products, and never walk away or give in! He even let “Trusttoolbar” threads and unmerited rant by trolls and OA fanboys stay posted. That brave attitude always helped me feel confident and secure with his products.

But, this time, some of the mods here removed znix’s post and closed her/his thread and Melih kept ignoring znix’s user’s requests, unlike usual. It has made me feel as if Melih and Comodo were running away from the Core Impact issue and has given me the impression that they had admitted that they were not capable of handling it this time.

BTW, some people insisted that Comodo had alredy looked into this issue before. Well, if it were true and we didn’t need to worry about the Core Impact attacks, why wouldn’t Melih have assured us of that as usual, instead of asking us to prove and show that the Core Impact attacks are a serious threat to CIS? If Comodo had already contacted Mr. Rubenking, why wouldn’t Melih or someone from the CIS team have tell users concerned about it and how Mr. Rubenking responded to it? Strange isn’t it? We are not stupid! So yes, it’ll be most likely that these are products of the posters’ imaginations and none of them has happened yet. Don’t push what you want to believe on us, please!

Also, I don’t believe that it’s what Melih meant but some people in the thread demanded users concerned about the Core Impact issue to prove that the Core Impact tools can bypass CIS and post the screenshots. Are they serious or is it a joke? Most of us are not experts on this. We don’t have ability and resources to reproduce the tests Mr. Rubenking ran. Everyone knows that, why not they?

Plus, the term “innocent until proven guilty” is irrelevant in this case. Even if it were, referring to expert opinions, as znix did, should be sufficient enough for us to prove that the Core Impact attacks are a serious threat for CIS users, as all we, novice and inexpert “average people”, can do is to trust experts. I don’t think that we are required any “burden of proof” to worry about the issue. If proving it is the only way to get Comodo and the CIS team to work on it, we are most likely to ditch CIS and turn to an alternative. Be careful with its "TPO (time, place, occasion) when you use such a big word. Otherwise, we will take your words lightly.

Also, some people called Mr. Rubenking biased and tried to hurt his credibility. But, average people don’t trust the expertise of those calling Mr. Rubenking biased is greater than that of Mr. Rubenking. Unlike Mr. Rubenking, they are nobody outside of this forum. Even I don’t know who they are and what they do. Anyway, PCMag has hired Mr. Rubenking and not them. For average people, the fact alone makes Mr. Rubenking more of an expert than them.

Besides, this is Comodo forum! Obviously many people here favor Comodo. People outside this forum will consider that it is those calling Mr. Rubenking biased who are actually biased. Also, reviewer-bashing is a fairly typical response on a company’s official forums or fan websites when their product or favorite gets a bad review. So, nobody outside of the group take it seriously.

Oh, in case you don’t know, Mr. Rubenking always gave CFP a near perfect score and picked it as the editors’ choice! (http://www.pcmag.com/article2/0,2817,1969207,00.asp, http://www.pcmag.com/article2/0,2817,2236657,00.asp) Many people here were happy about it and Comodo are advertising it. So, how could you call him biased, really?

Thus, those “Rubenking-bashers” tend to trust only things favorable to them but ignore things unfavorable to them. For another example, some of them implied that PCMag is bribable and, at the same time, insisted that Matousec and AV-Comparatives are more trustworthy than PCMag. Do they really not know that Mike Nash has paid Matousec for a re-test to improve his score(, and, unfortunately, our Melih did this cheat a year ago). AV-Comparatives charges a lot of money for their certifications. So, aside from their expertise (BTW, are they really sure that Matousec and AV-Comparatives guys’ expertise are superior to Mr. Rubenking’s. I thought that both guys are pretty young and, according to his profile, Mr. Rubenking seems to have a lot more experience), how could they say that Matousec and AV-Comparatives are more trustworthy than PCMag?

So, now, do you really think that average people will take those “Rubenking-bashers” seriously? To me, they look like a pathetic joke. IMO, nobody outside their circles takes them seriously. So, no matter how hard these people try to convince us to believe that Mr. Rubenking is wrong about it and CIS can protect us from the Core Impact attacks, only people who want to believe that their favorite security solution is always perfect and flawless buy this sugarcoating. Most people won’t believe it or care!

To sum up, We, average PC users, trust PCMag’s review than they trust just a comment posted by an anonymous person on an open public forum like here. Also, many of us heavily rely on third party reviews like those in PCMag when making a decision on our security software. So, average PC users are concerned when a review like one at PCMag.com says our security software failed the tests. We will get more worried when we see the developer running away from the issue and make no attempt to address it.

So, Melih or someone from the CIS team, please come here and assure us that this issue would be taken care of. I know CIS is freeware. Part of me feel like it is too much to ask. But providing best-in-class security solutions available free of charge is part of your commitment, and you have proven it and we’ve felt secure and confident with your products so far. We truly appreciate all your hard work, dedication and commitment to make those great products available for free. I really hope you keep it up and and address the Core Impact issue soon! We’re counting on you! Please don’t disappoint us.

Regards.

• Lisapan

First of all, hello

Second, the post was closed because : It was talking about a really old review and we were talking about other things the original poster was talking about.

• for your core security tech, can I sujest you read further then the first line : here’s what it says :

[b]Non-vulnerable packages[/b] BitDefender Antivirus 2008 builds available through automatic updates, posterior to January 18th. [b]Comodo Firewall Pro 3.0[/b] Rising Antivirus 20.38.20

2. COMODO FIREWALL PRO (BID 28742, CVE-2008-1736)

The vulnerability is fixed in Comodo Firewall Pro 3.0, available at: http://www.personalfirewall.comodo.com/download_firewall.html

I’m sorry I didn’t read through all your posts first, but I want to be the first to reply, so it can’t evolve to such a thread like before …

Xan

The question : if it’s biased or not ? I’ll leave that open. But there are some things I’m wondering about.

CFP passed all his leaktests, the same CFP but then integrated into CIS doesn’t ??? Could it be because it’s now internet security → Norton competitor, while it wasn’t a competitor when it was just a firewall 88)

I’ll see if I can take a look at his forum, but again, it’s a pretty old test

Xan

After rereading his review, there is another thing I don’t understand :

[b]Bottom Line[/b] For free security Comodo's firewall is still a sound choice, but the antivirus and antispyware parts of this suite just don't do the job. If you need free security, [b]get the firewall alone[/b] and add avast! or AVG for free virus/spyware protection.

[b]Cons[/b] Defense+ monitor reports suspicious behavior by valid programs. [b]Firewall vulnerable to "leak test"[/b] techniques and exploits. Antivirus is not certified. Antispyware failed malware cleanup and prevention tests. More impact on performance than expected.

Xan

edit: sorry for the multiple posts also, but they’re all just thoughts…

• I’m gonna eat now, so it could take some time before I will reply again

I myself have wondered about those mag. reviews myself because sometimes some of them give the best review to something that I myself have had problems with and have found out things to be the other way around so its like hm this says this but me I have found out the reverse hm how odd it kind of makes you wonder and go though the mag. and say hm oh has this review here been supported one of the companies that are being reviewed in it or how would when I have found out stuff to completely contradict what it says here and this is not even just software I have found this out with hardware in some of the mags. sometimes I will have like the printer that there reviewing or something close to it and well there stuff doesn’t match what I have found at all

I’m not a Comodo fanboy, nor a security genius…

But I can definitely see the flawed logic of simply clicking ‘allow’ on all the warnings your security application is asking you about and then saying the application failed the test.

Oh boy. Who the heck is PC Mag? An IT magazine? It has advertising pages? If yes sooner or later it will be biased. That magazine could tell me that Windows firewall is the best firewall in the world. I don’t care and I don’t listen/read, even it’s true.
I’ve stopped readings IT magazines long time ago. For me are useless. I have Internet and multiple sources to compare something that is in my interest range.

About bashing CIS. I don’t care what that man says. I do care how it works CIS for me. I’m a long time Comodo firewall user and from 3.8 version I’m a CIS user. That is, all suite with all option enabled. Every checkbox. Zero problems. Some FP’s and that it. Flawless.
I have 41 years and ~17 years in IT environment. I believe that I know what I’m doing with a computer. I read every alert and think what’s about. After that I click Allow or Deny.

I don’t say that Comodo is flawless, but is the only product that I’m aware which is under alert development and which devs listen to the people.
Oh, and I almost forgot, it’s a free product.

What is further insinuating is how the Defense+ module is feebly advertised as an “impenetrable security shield”, without any legitimate proof.

In my honest opinion, users such as we - myself, the thread starer and the like - are never elucidated into assurance, is due to the lack of clear elucidation itself. The main reason for which I believe is the quality of responses from the so called “help staff”. Replies like “Comodo rocks”, “The test is clearly biased.” “Comodo is invincible, because I say it is.” never really “HELP” much. Unless truly knowledgeable members - who are familiar with all the computer jargon and are technically equipped to comprehend the subject in question - come forward and present their own honest views; anything and everything that is an opinionated voice will be considered nonsensical.

How can we be sure that the developers are listening when there is zero correspondence from their side?

Melih don’t have a responsibility to answer just because someone said he probably will. He is a busy guy.
He answered, Yes it passes the core impact tests, and Core impact and COMODO do have correspondence.
He knows this stuff…
And he do have a lot of skilled people that are well qualified and know if CIS passes those tests.

The problem with this reviewer was that the reviewer was shown wrong on point after point, the discussion was meaningless, but apparently a lot of people did not read the responses and keept asking the same BS. 88) 88)
He “bypassed” CIS by clicking “allow” to all alerts CIS raised… What kind of testing is that… really…?? And the conclusion that Norton has a stronger firewall than CIS, and prevention?

That totally BS, all knows that.. All the major tests has shown the opposite, ALL tests shows the opposite… :-TU

And don’t worry lisapan this was not a try to hide a flaw… Comodo knows that won’t work in the long run. Someone with the tools would point it out than and make comodo look bad… If COMODO did not take leaks and such seriously it would never gotten where it is today… Technically #1 at matusec, and been top three many testings in a row… You are safer with CIS than you are with norton… That review was baised, period.

Well no posts has been made of anything that can penetrate CIS, or the D+ module in very long… those are extremely rare at least… While bypassing norton or kaspersky and such is made every day by new viruses…

here are 2 youtube videos… if you feels like watching them… CIS PREVENTION:
Part1:

http://www.youtube.com/watch?v=yVs16zyXSV0&feature=channel

Part2:

http://www.youtube.com/watch?v=-gdIlKPcShE

Also that it is Number one at matusec is a big thing… I don’t think some understands how much that shows about a products capabilities… Those are some harsh tests, and are much more advanced than the stuff most viruses, trojans and such out there would ever try… :-TU :-TU

Where did Melih say yes it passes the core impact tests? Sorry, missed so could give a reference? Also missed where magazine says they clicked allow on everything-just that they click allow on things not hinted as maliware?

[quote author=Monkey_Boy=)

Also that it is Number one at matusec is a big thing… I don’t think some understands how much that shows about a products capabilities… Those are some harsh tests, and are much more advanced than the stuff most viruses, trojans and such out there would ever try… :-TU :-TU
[/quote]
I have read about more powerful HIPS programs such as the Malware Defender and the EQSecure. Since I am no computer wizard, I have no clue as to how much those statements hold true.

If you are gonna be picky, he said it with a agreeing smiley…
https://forums.comodo.com/feedbackcommentsannouncementsnews_cis/bad_review_by_pcmagcom_closed-t35217.0.html;msg253427#msg253427
witch ofc could mean something else… But probably not…

I don’t feel like answering these stuff anymore as I apparently fail at reaching out to you great people in a 5 pages discussion I will probably fail now also ;). And I don’t feel like playing the hate part.

Lets just say, here are some other stuff CIS scores perfect on, for you doubting about its protection…

https://forums.comodo.com/comodo_memory_firewall_beta_corner/buffer_overflow_testing_application-t12541.0.html

Feel free to test this products against any other suite, it won’t score perfect on all, with some you won’t score prefect on even half… While with CIS you will score perfect on all… If properly configured… CIS is the boss against tests… its the Winner… And the leader at matusec… and this reviewer claims that he found flaws all other missed, and that CIS is really sucky and not up to norton, and he shows no data about his testing… BAH!

CIS at least works for me… And is not bypassed by new malwares on a daily basis.

=)

Guys, I’m wondering : Why are you still talking about that core thing while I and Melih already gave you the answer. Comodo passes !
If anyone missed my reply, you can reread it here :
https://forums.comodo.com/feedbackcommentsannouncementsnews_cis/an_inconvenient_truth-t35956.0.html;msg255841#msg255841

Now are there any other questions ?

Xan

Well, i’ve had my post deleted before, which actually got me kinda grumpy, since they only added links to the youtube video’s i found. Was something about some reviews i wasn’t able to find and was asking where to find them, and had alot of examples on which i found…

https://forums.comodo.com/overview_cis/video_review_of_comodo_internet_security_how_to_use_it-t31198.0.html

Strange, I can’t find your post back anywhere ??? Not even in the deleted section …
Thanks for reposting it

Xan

I think your link above refers to the wrong reply. When clicked, your reply #5 pops up, which says nothing about you and Melih already giving the answer to the core thing. I believe the link should be to your first reply #3, two posts earlier, at:
https://forums.comodo.com/feedbackcommentsannouncementsnews_cis/an_inconvenient_truth-t35956.0.html;msg255837#msg255837

Nothing in either of your linked replies indicates that Melih is involved in the conversation on the core impact issue. The quote posted in your first linked reply is not attributed to anyone, so there is no way of knowing who said it. You did preface the quote with the statement “- for your core security tech, can I sujest you read further then the first line : here’s what it says :”, but having read this entire thread, I can’t tell what that statement is referring to. Perhaps it was referring to something in the original thread, which has been closed.

I don’t mean to sound argumentative, but there is nothing in either of your linked replies to support the statement: “Why are you still talking about that core thing while I and Melih already gave you the answer?”.

ok, I’ll try to find the link to the website again.

Melih, well, it wasn’t a direct answer, but do you think he would have replied that way when CIS isn’t protected against core impact ?

Xan

Here’s the link

http://www.coresecurity.com/content/Insufficient-firewall

Xan