The system was infected as shown by IE being manipulated. As to reboot I saw none, and I’m not sure what CIS would do then.
What system malfunction or instability have you observed against CIS to make such a claim?
Sir. Please do not place words in my speach. I kindly solicit you to reappraise your powers of interpretation.
As yet respectfully,
Jose.
As long as you have image execution prevention turned on you will able to block everything. The rest is just if you allow something through and it then starts to do stuff to your system.
Hi the default configuration is less secure as shown by these tests:
http://malwareresearchgroup.com/forum/viewtopic.php?t=80
So hopefully Comodo will fix this in v4.
Cheers
Hi Smage,
The Zero day test results (your 1st link) relate to CIS 3.9 and the current version is 3.13 so there have been security improvements since that test. It’s annoying that the Malware Research Group results don’t state the version of CIS tested.
At any rate, improvements are constantly being made to protect users. The Internet Security Configuration is to provide the everyday user with the best possible protection with minimal hassle to that user.
You get a lot more pop-ups with Proactive Security as much as 3 or 4 times the amount that you get with Internet Security and although it provides more protection to your system the average user who might not understand what all the pop-ups mean is going to find it confusing.
Newer versions will provide higher security with minimum fuss/pop-ups.
Don’t forget, the BoClean integration and BufferOverflow integration both enabled by default also provide further protection if your system does become infected.
Let’s hope Version 4 Beta comes out soon.
Personallly, Internet Security is enough protection for me.
E
Hi Eric,
Thanks for these explanation.
I’m glad to hear that Comodo is improving with each new versions being released.
Please note that I’m not saying that CIS default is not secure, because if you look at the results of the above tests, it is still one of the best.
Hopefully with the integration of a behaviour blocker in v4, usability will be enhanced and CIS will start topping in these tests like it does at Matousec.
Cheers
All bow on the alter of the holy shield. :a0
ROLF >:-D
I’m actually with Jose and The Joker on this. I’d much rather use Proactive than Internet as the config.
Are you going to explain why??
There is a simple test that we can do for seeing the difference, CLT test.
As we can see (attached screen), most dangerous activities are also blocked in Internet Security, however to have a global protection is necessary to pass to the Proactive Security.
[attachment deleted by admin]
I already knew, but to satisfy you I ask them. Follow:
www.matousec.com - Support <support[at]matousec.com> Mon, Nov 23, 2009 at 09:25
To: _____________
Hello,
Thank you for your message.
In case of COMODO IS, its Proactive Security configuration was used.
Kind Regards,
–
www.matousec.com Support
Different Internet Experience Ltd.
Good morning Mr. Dadid Matousec!
Firstly, I’d like to say a big thank you for your hard work on security testing software!
The reason I’m here is because there is a doubt in COMODO Forums about wich security setup is used for COMODO Internet Security tests. Is
it “internet security” or is it “proactive security”?Excuse my bad english, and thanks!
Because I looked at the protection settings in all configs and decided that Proactive suited my environment the best.
IMHO, Internet config is good. Proactive config is better.
Ewen 
But, how does one get Proactive Security to run? Every time I try it freezes the PC - even a reboot doesn’t work.
Does PS give the same protection (or better) as IS?
Hi giraffe.
I do not know why you can not switch to Proactive Security; However, you could try to reinstall CIS, and after you choose “Install COMODO Firewall (Recommended)” in the next window choose “Firewall with Maximum Proactive Defence+”. This should set you up as Proactive Security. The downside is that you can not import your settings since these are set as Internet Security, so you would have to start new, sorry.
IMHO Proactive Security is the best of all just because everything is checked in CIS. I know this way CIS would pop up more, but I see it as an old professor of mine who loved to drive me crazy with questions. At the end, I was more prepared for my classes. I learned more and finally he just stopped to question me every time he could.
Now I have CIS with firewall in Custom Mode and High Alerts. Also Block All Incoming Connection stealth port to everybody. Defence+ in Paranoid mode and all checked. Image Execution in Normal with executable files to be checked.
It has been a while since I have seen a pop up alert and if I am going to install a new program just switch to Installation Mode and may be I see one or two pop up alerts at the most. So I am very please with Comodo at the moment. :comodorocks:
Thanks for that, iroc9555, I might have a go at it when I have the time.
BTW, I see that you’re using Avast 4.8; v%, although Beta, seems to be working well, although there are some threads on SSL for e-mail (I had to work around that).
You are welcome giraffe.
I am not that brave. I will wait for the full version of Avast 5 and still wait a little.
!ot!
BTW did you reas this:
Description:
A [less critical] vulnerability has been discovered in avast! Home/Professional, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges.
The vulnerability is caused due to an error in aswRdr.sys when processing IOCTLs. This can be exploited to corrupt kernel memory via a specially crafted 0x80002024 IOCTL.
Successful exploitation may allow execution of arbitrary code with SYSTEM privileges.
The vulnerability is confirmed in avast! Home version 4.8.1356. Other versions may also be affected.
Solution:
Restrict local access to trusted users only.
You can check this out here:
Ah, that explains the update that I saw on some RSS feeds; presumably v5 isn’t affected.
!ot!
Yeap!
From 4.8.1356 to 4.8.1367
Version 4.8.1367
November 25, 2009
improvements in the malware URL blockers
solved a vulnerability in aswRdr.sys (CVE-2009-4049)
Did mine already.