Bad review by PCMAG.com [CLOSED]

alaertsxan · February 27, 2009, 4:52pm

ok guys here’s my view on it.

For the leaktests,
or he did it wrong

disabled defense+ perhaps ?
allowed pop-ups that normally shouldn’t be allowed ?
or he came upon bugs…

For the antivirus,
It could be that they tested the power of CAVS, let’s assume so, but I think they used some older samples. And in that time, CAVS wasn’t really the best. It was sometimes even outclassed by ClamAV. Anyway, CAVS is now getting better and is (I think) on shedule of becoming one of the best

Xan

system · February 27, 2009, 6:35pm

One of the things that seems to bother the most is the tester did not just block all.
Please explain how that would have been more real-world relevant .
For that matter, please explain how you can test a classic HIP’s in a meaningfull way*.
If you KNOW you are doing a test,of course you are going to block everything that pops-up.
Ever pop-up dialog is going to seem clear as a bell. (You know its malware activity,
because you just introduced it to the system!!)
And of course the result is going to be, “Ah!! Just as I thought!! My HIPS kicks ■■■■!!”
Really all that is being tested is will it alert and block.
That is not where HIP’s fail.

*But I know the responce to that one as welll:
“Because only test that matters is it keeps my machine clean!!”

who_te_fuc · February 27, 2009, 6:38pm

Being in a magazine don’t prove that you know what you are doing… And by looking at the HIPS test he apparently did not understand that a HIPS is not an ANTI VIRUS and operates differently than label stuff as viruses.

And about the criticism brought from that review, its something comodo has looked into, especially the part about popups and some users can’t understand them that well.
Thats why threatcast has been developed and comodo has pushed a huge white list and that’s why comodo is working on a new GUI to make stuff even easier to understand for everyone. Ease of use is a top priority. Also thats why CIS will be translated to other languages in 3.9, to make it easy for those who don’t know english or don’t know english that well. =)

:■■■■ :■■■■

who_te_fuc · February 27, 2009, 6:57pm

Its not like this review is bringing anything comodo did not know before about usability and stuff…
Its a review made to bash comodo period, and bring nothing of value, the usability is being worked on, and the security was bypassed by the reviewer by clicking ALLOW as he said himself, thats not a fair way of testing… Press allow on any alert in any program and you will get infected, PERIOD, this guy did not bypass smuck.

So the debate is unnecessary. Unless someone can prove comodo wrong about the CORE IMPACT tool…

metalforlife · February 27, 2009, 7:10pm

So finally, what is it? Does Comodo provide protection against “core impact penetration” or not? Please answer in a yes or no.

system · February 27, 2009, 7:18pm

No,No He should have pressed deny/block ever time.
that would have been meaningful?
What debate?
All I ever hear is Affirmations Of The Faith.
The OP asked about the CORE IMPACT tool , as you pointed out, However he ended up with pages of
of paranoid rage aginst the Anti-Comodo Infidels.
In the end prehaps he reached the same conclusion I have.
This is pointless.
If David Koresh had cultist’s of your caliber,
He would have taken over Texas!

What is this?
“Its not like this review is bringing anything comodo did not know before about usability and stuff…”
I would hope his aim would be to inform his readers,not run R&D for Comodo.

who_te_fuc · February 27, 2009, 8:05pm

Yes. According to comodo (Melih) it does… Melih base this on something, and is not trying to BS you, he has a reputation to care about. As stated earlier Core Impact System and Comdo has had correspondence previously. And Melih has probably talked to network technicians, programmers, pen testers whatever that has information how the core impact tool works, and it is probably similar to metasploit.

Never forget that comodo has a long rep of preventing all sorts of attacks, as Comodo has a home pages and is issuing SSL certificates, something that require severe security.

Those working on comodo are probably more into this than a review guy who most likely do this on a hobby basis and review a cell phone one day and a firewall the next…

Comodo has people that works Prevention all the time… And if those say that core impact won’t hurt you than it wont.

Yes, as he would if it was a firewall test. Or maby a firewall test were you click yes yes to all alerts that is not labelled “virus” is a good idea?

:■■■■

No need to get personal, Iam not a cultist of any sort… I just saying my point of view since I see this review and some posts as unfair criticism based on false/wrong facts…

system · February 27, 2009, 8:29pm

I still stand by what I say…maybe not as professional, but not bought and paid for, unless I’m to believe Norton and Eset are the best. Haven’t ran into any brad pitt fanboys there, either.

Sliso · February 27, 2009, 11:27pm

metalforlife post:57:

TThe review’s statements convey completely contrasting views from what you have assumed. As the reviewer hadn’t mentioned anywhere as such. Basing your opinions on “assumptions” won’t, and surely aren’t seeming convincing.

The main question is whether Comodo protects against the method of attack that was specified by the thread starter. It is either a “yes” or a “no” or a “don’t know”. If it is yes, then there isn’t a need for shedding light everywhere, but, in that which is the gist of the concern.
If it is no, then it is either an honest no, or the thread would potray a picture similar to this, i.e., “decievingly pirouetting around - in an attempt - to conceal the truth”. If it is a “don’t know”, then you shouldn’t be participating in this thread to begin with.

Sorry, my bad. In that post I was mistakenly referring to his malware testing where he said “I chose the allow option (the default) for any pop-up whose description didn’t mention malware. That left the antivirus free to do its work.”

I just re-read the part about ‘Core Impact Penetration’ tests, and according to the article Defense+ detected one of the tests, the rest were blocked, and only one succeeded.

I used the Core Impact penetration tool to unleash a number of exploits on a test system protected by Comodo. Defense+ noticed one of them, and all but one of the rest quietly failed. But one of the exploits managed to inject an agent into the test system. I verified that the agent could view and manipulate files.

I would not call that utterly failing, although one failure is one too many.

What the reviewer is more critical of is Comodo’s Firewall’s performance in the leak tests, which is concerning. Just out of curiosity I decided to try out some leak tests, picking 3 at random. 2 failed, but one succeded. They were all detected by the antivirus, but comodo firewall did not block the third test.
The interesting thing is that the often quoted matousec leaktests show CFP as passing that particular test.
This begs the question: is it just my PC (or something I did wrong), or are the matousec tests wrong?

I’m using Vista 32-bit if this helps.

who_te_fuc · February 28, 2009, 1:15am

Puh, Hope I don’t have to write this much again… (:LGH) (:LGH)

CIS passes this third test you are referring to just fine without the Anti-virus… I don’t know what matusec tests you are referring to… But CIS pass all of them there is to pass just fine also, if you have D+ active as most leaktests tries too hook themselves into other processes…
You are doing “something” wrong when testing…

Quote from the reviewer:

"Leak test" utilities demonstrate these techniques without actually doing anything malicious. I ran a dozen such programs to check Comodo's reactions and was not impressed. The firewall itself didn't block any of them.

This guy don’t understand a HIPS or leak tests obviously, and disqualify him self ONCE again by saying a thing like this (I hope I don’t have to explain why…) Anyway… All major testing shows that CIS is the most leak proof thing out there, much better than all of those tested… All tests there is to pass, CIS will pass… 88) CIS is technically #1 at matusec. Infecting a CIS machine is virtually impossible without the user getting alerts about it, prevention test after prevention test has shown this.

There is no known public known leaktest that bypasses CIS in proactive security. :-TU

All big testing has shown that CIS Pre3vention is top notch :-TU… yet this guy is claiming they are all wrong on everything and norton is better at this stuff. ??? Whitout providing any data whatsoever about his tests, just he “ran some leaktest he downloaded” and he just did some core tests that bypassed, and he just clicked allow to all alerts, and quite shocking CIS did not block stuff that he allowed.

But believe the guy if you want to… 88) Matusec and all that preforms some really heavy testing has proven that CIS catches everything while Norton leaks more than a … This testing shows the opposite of all other that ran similar tests. CIS don’t leak, CIS “most likely” don’t get bypassed by Core Impact Penetration tool… And you are free to believe the reviewer that Norton has “tha top notch” firewall, even if all testing preformed by thousands of others people has shown that that is not the case. 88) And that CIS prevention is bad, based on a testing were the reviewer click allow to every alert. 88)

If I was you however I would feel a bit uncomfortable with a test like this, the HIPS testing was wrongly preformed. And the conclusion that CIS leaks more than norton goes against the stream…
If you gives this reviewer right about CIS vs leaktests then you are basically saying that matusec is totally off and thousand of smaller testings, they all been wrong. :-X This is the “ONLY” review that says something like this…

I don’t buy it. But if some of you do, maby its time to buy norton, its obviously outperforms the other since 2000 according to PCmag.

:■■■■ :■■■■

thejoedoe · February 28, 2009, 1:27am

That test opens a web page, with the info, in iexplorer. Defense + detected that action

jebuchanan · February 28, 2009, 2:27am

I just ran that test. D+ picked it up before it even made the network attempt. Trapped the keyboard input, stopped it from shutting down Explorer, and stopped the second test as well. Since the result is considered a fail if you see the typed message on a web page, I can assume I passed.
Proactive mode, FW - Safe Mode, D+ - Safe Mode

jebuchanan · February 28, 2009, 2:31am

Does the Mag have $10,000 to toss out for this test software? It is definitely not cheap testware.

system · February 28, 2009, 3:01am

The bottom line is simple: The review was NOT fair, and IMO it was biased.

Comodo contacted Neil Rubenking (PC Mag Author and reviewer of this particular review of CIS) about it and explained some important facts to him, what he missed, etc. This was MONTHS ago, And yet we have a topic about this review 4 months later?

There is nothing to talk about. CIS protects you from yesterdays, todays and tomorrow’s threats - Would Comodo really leave you vulnerability knowingly? No. You were always protected, and people shouldn’t think otherwise after reading this one review which had a few “errors” in it, and as stated, Comodo contacted them about it and is ALL there is too it. And when people compare “detection” (Eg, AV’s) to CIS is just hilarious - CIS Prevents alot more!

If a malicious “thing” did bypass CIS, Then please prove it and post screen shots. Otherwise, innocent until proven guilty.

This thread is now closed, If the author wants more information or want’s to clarify anything, please don’t hesitate to contact Melih, myself or any other Moderator.

Cheers,
Josh