Comodo vs Crowdstrike

Comodo challenged Crowdstrike to see who can protect better.

if I had a company, protection software would be products comodo…


we are not educating all these “Cybersecurity Professionals” that in order to protect your company you don’t need to “detect”.

You can protect your computer without “detecting” thanks to our Auto containment technology!

Comodo containment, allows you to open and test applications without affecting the system…

In a world where there is an excess of over 100,000 new malware samples each day, it is simply no longer feasible to think that you can detect all new malware. You can’t, you won’t and if you just youtube AV reviews you will see that this will be made abundantly clear to you. The best thing you can do if you use detection-only based AV is to cross your fingers and hope you don’t get attacked with anything moderately sophisticated.

If this is the only approach that you take to secure yourself from malware, you may as well just get a marker out and write “hack me” on your forehead, because you sure as ain’t protected from people who are going to put effort into doing so.

In my opinion, Comodo is something alert IT teams really need to review.

The Father of Computer Science wrote a paper called the “Halting Problem” in 1936… (here is an explanation of it )

We had to take a totally different approach … chasing our tail like everyone else looked very tiring with no result!

So the AHA! moment was when we thought…what does malware need to cause damage?
Why not simply take those stuff that malware needs away from them!
just like you don’t give kids sharp knives, just in case…why are we giving Malware big sharp sword???

That’s when we figured what the Malware needs to cause damage in the main was

1-Write privilege to hard disk
2-write privilege to the Registry
3-write privilege to the COM interface

Write privilege means: the right/ability to write to hard disk…why would you want a brand new untrusted app to start writing to your hard disk??? It could simply overwrite your own good files…yep…Ransomware…
So when a new executable file comes in if its never seen before by Comodo…we say “hey kiddo…here is a really good plastic knife” :wink:
Lets say a Ransomware makes it to your computer because the user clicks anything shiny on the web…
this ransomware is now running in RAM…and says…I want to “READ” hard disk…
Comodo says:…hmm…“READ” privilege…its ok…go ahead and read it…
Ransomware says:…I want to “encrypt” this file that I just read…
Comodo says: hmm…just messing around inside RAM…no damage done…go ahead…
Ransomware says: Now I have an encrypted file…I want to delete your original file and overwrite it with just encrypted…
Comodo says:…say what?? you want to have a “WRITE PRIVILEGE” to hard disk…Don’t think so…here is a “Virtual Write Privilige to a Fake Hard disk” …
Ransomware says: oh thank you, let me write there…
All the while Ransomware is writing to a “fake hard disk” where user’s original files are untouched and safe on the hard disk.

here is a video of the explanation

some might say, how about stealing information while still operating in RAM etc…Comodo has policy settings where any unknown application running in RAM can be prevented from enumerating your Hard disk and send them to internet…why would you want an unknown app to come and take stuff and send it to some place in the internet anyway!!!

Time to Re-Think Cyber Security.

Comodo CIS has a defense philosophy that has convinced me for more than 15 years
Thank you Melih for existing and for creating Comodo :slight_smile:

Thank you ZorKas!

As ample tools are currently available for even novices to use in order to convert detectable malware to the FUD variety, relying on Detection only is indeed misguided. The strength of Comodo is Containment where FUD malware such as ransomware (delivered either by executables or Scripts) do not succeed (and God knows I’ve tried) in infecting the System. Even better, Network spread by various forms of malware is also inhibited- sort of important in the Enterprise.

However with the advent of malware using LoLbins I STRONGLY suggest that the default Auto-Containment level be elevated to at least Limited to prevent ANY untoward System changes from occurring.


Many thanks for your advice as always

I’ll second that. I thank the day I found Comodo

There are so many so called “Cybersecurity professionals” who still don’t get how Comodo works :slight_smile:

I tell them, we can protect you without having to “detect” its malware…they say …no…can’t do that!!

What do I do?

“Let’s not reason about them, but look and pass” (Dante Alighieri) :wink:

Another 40+ top Universities brought down today courtesy of Blackbaud . . . Garmin plus its flight and navigation systems down . . . Ransomware on the prowl

Here is a topic in HackerCombat

This guy called Adrian just deleted all his posts and disappeared because he was having difficulty in understanding what Comodo Technology was…Yet he advises companies on security his linkedin profile says…

I’ve had the same sort of confrontation where no matter how hard you try, no matter how many facts you tell them, they refuse to comprehend how it works, and that how you say it works, is how it actually works.

How about this…

Every week on YouTube put CIS against a random AV Client in a Virtual Machine to see how many infections each VM gets.

You can YouTube search “AV Comparison” or something similar to see what I mean.

Then see how long CIS can hold the record for 0 infections against the most popular AV’s getting marketed to people.

There is quite a big market for people who search for and watch these AV review videos, and I think it is something that you could absolutely tap into!

A certain AV vendor currently sponsors someone on YouTube to do these types of videos. I think it’s about time to let every know who watches these that Comodo will wipe the floor with its competition.

As an addition. Whenever a certain piece of Malware hits the news, you could also test that too, as people will undoubtedly YouTube search its name.

P.s. Human voice only.

good ideas…

I am baffled about how many people out there who simply don’t or can’t use their grey cells…yet they dish out advice…crazy!

Absolutely with you there!

Hi Melih,
It has been a while since i last posted in these forums, but i still hop in and read them every 1-2 weeks.
I was a member of the Usability Group many years ago.

I have an analogy that may demonstrate what i think is a psychological preference to a certain method of security:
I own a house that contains all my valuable items, and I have 2 main security options:

  1. have a guard at the entrance to my house. This guard tries to identify bad people or unknown people and keeps them out of my house (black list) and identifies my friends that i can trust and lets them into my house (white list). This is similar to detection, which conceptually keeps bad things away and lets good things in.
  2. have a guard inside my house. Anybody can come inside my house, but the guard will follow them around and make sure they don’t do anything bad (e.g. steal or break something). This is is similar to prevention (if the guard sees a malicious act, he stops it or prevents it form causing harm).

Let’s say, for the sake of this analogy, that both guards perform with 100% effectiveness, so both guards could protect my house and its contents equally well. Even with an equal level of protection, I think most people would prefer to keep criminals out of their house, so they favor the concept of detection (which is “don’t let bad people inside”). They just don’t want bad things on their property…it’s a more appealing concept and “feels” more secure than having bad people roaming around your property, even if the badness can’t do any harm.

I think the preference of “don’t let bad inside in the first place” will be difficult to change because it seems to be conceptually sound (even if may not be sound in all circumstances).

I do not emphasize that “detection” is unimportant (mainly because I think most people feel more comfortable with “don’t let bad things inside” approach). Saying detection is not important may make them feel like their comforting belief is being attacked, which would cause them to turn away immediately.

For me, I emphasize that Comodo offers good detection, and this jives well with the fact that most people favor the “don’t let bad things inside” approach. But I also emphasize that no detector is 100% accurate and that Comodo offers both guards: one at the entrance to the house, and one inside the house. So, if anyone malicious manages to get inside the house, you are still protected! The people I deal with are mostly laymen, so i don’t really explain the HIPS or sandbox in detail. I just say they are both tools the “inside guard” uses to protect the house.

I also use this analogy: If you are taking a plane flight, would you rather depend solely on security screening in the airport to hopefully detect hijackers, or would you prefer airport screening AND an air marshal riding on board the flight to help protect the flight from anyone who managed to slip by airport security? So far, everyone has said they prefer both.

These analogies seem to avoid denigrating their belief in detection, while also showing its limited capability. Also, with these analogies, people immediately realize the crucial protection offered by the “inside guard”.

I believe that Comodo’s “inside guard” is the best. I am not sure how to convince everyone else on this planet, but I certainly hope they all see the light!

Anyhow, just thought I’d share some thoughts. Thanks for all the great Comodo Products!


Hey Whoop,
of course I know and remember you :slight_smile: nice to hear from you again.

Yes indeed. difficult to re-wire people’s belief system. Defense in depth is always a good strategy. That is exactly what Comodo is saying.
Deploy defense in depth and don’t just rely on detection.