Comodo and Spybot


I’ve been using Comodo security software (and the System Cleaner, too) for over a year and I find it to be very good. The only major issue I had was with that version of CIS which blocked DOS programs from running. However, today I’m stopping by to report a problem.

I have all three portions of CIS (the Antivirus, Firewall and Defense+) running. Aside of this, I also have SUPERAntiSpyware and Spybot - Search and Destroy, which I use from time to time to make sure everything is clean. I also sometimes use Spybot’s immunization feature.

So, for a long time I had Defense+ disabled and reenabled it only a few days ago. I’m not sure if it was because of Defense+, Spybot or my browser (Firefox 3.5), but immunization became painfully slow and resource consuming. But this is not the problem. While immunizing, I decided to click on “Update” and download any available updates for Spybot.

After the last download was over, something weird happened. Spybot restarted itself to update its components. Since it likely meant modifying the registry etc., a Defense+ popup appeared… and immediately disappeared. The Comodo shield icon from the taskbar disappeared as well. I launched a shortcut to Comodo Internet Security and it said “Starting up the systems” or so for a while, so apparently it went down… I checked the Task Manager right after the icon disappeared - cmdagent.exe was running, but cfp.exe was not.

I’m a little worried, because I guess that security software shouldn’t get disabled in such a way, so I’m reporting this issue and asking why did it happen at all. My Spybot version is 1.6.2. The CIS version is the latest one. Also my Windows XP SP3 has all the critical updates installed. If this helps, my computer is an old machine, with AMD Sempron 2600+ and 512 MB RAM. I’ll provide any additional details as requested.

Can you post what the Windows logs tell about the crash of cfp.exe? It may be useful for the devs. Can you reproduce the problem?

The Windows logs can be found under Control Panel → Administrative Tools → Event Viewer → Windows logs → Application.

Whoops! There’s nothing about this in the logs, maybe because I had the Error Reporting Service disabled after consulting several online guides? Anyway, I have turned the service back on Automatic.

I have also tried to reproduce the problem - removed Spybot, installed it again, updated to 1.6.2 and then did the same thing as yesterday. This time CIS did not crash after displaying the popup, so maybe yesterday was just a freak occurrence. I’ll be still using Spybot, so I’ll post here if something similar happens.

All this “feature” does is add hundreds of entries to your HOSTS file, which can slow down your computer.

Hmmm, I did notice that the hosts file became very large and there are many backup files as well. Could you tell me how big exactly is the performance hit which you speak of? How often is it noticeable?

It will slow down your startup, and the fact that the HOSTS file is a non-indexed file, your machine needs to scan line by line for each URL your machine wants to connect to. Depending on the size of the file, (slow downs are said to be noticeable if your file is larger than 170KB) this can be considerable.

Many sites offering large HOSTS files as a malware prevention service recommend disabling the DNS Client service to avoid the slowdown. Of course, what they don’t tell you that instead of using cached DNS queries, your system now has to resend the DNS query even for sites recently visited. Thus increasing your network traffic and slowing down your overall browsing speed.

Not to mention that the HOSTS file is exploitable. Malware can direct your system to a HOSTS file that it installs. So it’s really not much in the way of protection.