Not to contradict all of what you guys told me but could you guys explain this video> Why is Windows Defender so successful? - Video | ZDNET and compare it to COMODO IS please?
My opinion: This Windows Defender “expert” is likely trying to improve his product’s reputation or sell his product (there are paid versions of MS Defender for corporate environments). I haven’t watched the video but I have read the text.
Let’s take it by parts:
- “The attacks exclusively used legitimate Windows tools to download code that executes only in memory, making it one of a growing number of so-called fileless attacks, since no executable runs on disk. Using legitimate tools – a strategy called ‘living off the land’ – also makes it harder for antivirus to detect.”
Response: Comodo already takes care of that through its Script Analysis module with its Embedded Code Detection feature which stops fileless attacks.
- “More recently, the Microsoft Defender ATP Research team explained how its machine-learning models have been hardened against a specific type of adversarial attack that did work against the detection models used by BlackBerry-owned security company Cylance.”
Response: Machine Learning is detection based and detection will always fail against new or not yet discovered malicious behavior. Comodo’s protection approach is a Default Deny based one, meaning everything that is not on Comodo’s Whitelist is a Unknown file and is blocked by Containment and HIPS modules.
- “We’re seeing the trend of advanced techniques being used to deliver commodity malware. Once the advanced technique becomes public knowledge, this next section of actors use it, like Dofoil,” Ganacharya said.
“It was a coin-miner. It wasn’t trying to steal valuable information, it was just trying to make money by mining coins.”
Response: Access Restrictions from Containment module can stop Coin Miners from hogging CPU. Also if user set Comodo to Block unknowns this problem is solved.
- “A popular method to boost clean signals is to digitally sign files with trusted but fraudulently obtained code-signing certificates. The infamous LockerGoga ransomware that wreaked havoc on metal maker Norsk Hydro earlier this year used this tactic.”
Response: Comodo provides the user with the option to Modify it’s Trusted Vendor List and disable Cloud Lookup, so users can configure Comodo to block malware using trusted certificates. Also this kind of attacks are not that common and usually they don’t target home users but rather large organizations.
Thank you for this detailed comments.
For me the subject isn’t uninteresting. So you can learn more how comodo works.
It’s more than only to klick on a button and that’s what comodo makes difficult to handle for some users.
But to activate “Proactive Security” is a good advice to protect the PC.
Something else Comodo IS does that defender doesn’t.Protects you with secure banking.Defender failed 9 out of 11 tests on this one and Comodo was one of the few that actually passed all 11 with just turning on the anti-arp spoofing.
a few years ago the CIA tested the majority of well-known
antivirus applications, but only one of them particularly got under hackers skin who worked for the agency. The
Comodo suite has gained a term of “hard to hack” antivirus.
That may be the biggest compliment ever given to Comodo. O0 (:KWL) (:NRD) :■■■■
I get hooked on this interesting topic to ask you about the differences in protection between CIS and CAV, obviously I know that the element that makes the difference is the firewall but for a non-expert user the CAV + firewall solution of Windows 10 can to go well?
I agree with what you wrote, but I would also prefer that Comodo improve the detection rate of malware more and more, containment is fine but it seems as if you just push on that. Doing tests there are many malware even days that other antiviruses recognize them while Comodo is not and puts them in the sandbox, but what’s the point if it has been for days that almost all antiviruses have declared them as malware?
In my opinion, if the antivirus module is also upgraded, the Comodo suites no longer beat anyone.
well, good points but i think differently…
for my case, only, cis need to get updates so it get fully compatible with windows 10. in fact, i dont even need the antivirus module anymore. i only install it so defender gets disabled, but i configure cis to verify for updates once in a while … the only problem with cis, these days, is that its not compatible with windows 10 1903… and things are going to get worse as windows 10 20xx is coming and lots of changes coming too… 
i only hope comodo bring some devs with knowhow to solve these problems once for all… then cis will shine again…
take in consideration all efforts from microsoft to make everyone migrate to latest windows 10, and they are accomplishing that… so, of comodo keep in shape for it or will have a lot of usrs leaving the boat…
At this point, even if I were to drop CIS antivirus (which I’m not inclined to do) I’d still keep Comodo’s firewall.
What does the firewall do differently than Windows Defender Firewall? That’s REAL easy to answer! Comodo’s firewall is a 2-way firewall that detects both inbound, and outbound traffic. With the right customizations, you can have CIS Firewall prompt the user for every application that wants access to the outside world, instead of just an occasional app here and there (which is what WD Firewall does)
It’s also much easier to configure apps, and ports in Comodo than it is in defender’s firewall. To top it off, CIS’s interface, and prompts are FAR more user friendly.
As of late, I haven’t been all that happy with Comodo’s antivirus in CIS. It’s been ignoring my exclusions list, and detecting things it shouldn’t be, but otherwise, it has protected me without fail for several years now.
I personally have automatic containment turned off, but if I have any doubts, I have the option of manually running anything inside Comodo’s containment, which is unlike anything I’ve seen in other antivirus solutions
You’ve also got HIPS protection, (which I also disable in Windows 10), which can prevent unrecognized apps from even starting, unless you add them to your whitelist.
Ultimately, CIS is a PC Security suite that I swear by, and have for some years now. Needs some improvements as of late, but still a very high quality product. Case in point… relying on prevention is better than relying only on detection. By the time detection does it’s job, the damage has already begun. Prevention keeps it out in the first place.
Comodo Firewall is a stateful inspection firewall not a two way firewall.
(CIS in General) If you guys think CIS is still better then Windows Defender, then what does CIS do that Windows Defender doesn't do?
Once, I decided to use Windows Defender with Windows Firewall because I got tired of AV’s slow down my system. Windows Defender and Windows Firewall is light weight, you don’t even notice it but it is also worth only that much. Nothing. During my time with Windows Defender and Windows Firewall my email and several online accounts got hacked and my credit card got locked for suspicious activities (fortunately this is all I know, don’t know what the hackers was trying to do exactly with the credit card).
I needed to wipe my hard drive completely. Since then, I have never considered to test this crazy idea if Windows own protection is good enough. No it is not and never be. It might be ok in an office environment where people are not allowed to browse the web and download, install software but at home I would never use it again in my life.
Since then, I was using CIS and I did not have any problem with viruses and hacks in the past 5 years, not even once and the reason is very simple. Default Deny Protection. CIS treat every single unknown application and process as suspicious and isolate it from the system and run it in a secured container and I have total control how I want it to treat these files, folders, locations. Do I want to trust it, run it limited or fully virtualized and I can also clear the container from any nasty staff they might installed in the container to avoid other apps running in the container being effected.
If you are opening and launching lots of unknown executables on your PC it can be a pain but it is also extremely secure and can be worked around by selecting a location to ignore if you are a developer for example, you can choose your development folder to be ignored and that’s it. But if you are an average home user, it makes your system extremely secure.
To be honest I’m wondering why Comodo is the only one using Default Deny Protocol. It is just makes so much sense. Unknown = Suspicious so treat it as a threat and what we do with threats? Isolate them, let us know and ask what to do. You don’t want it to be isolated, do you trust it? No problem just say it. You don’t know what is it? Leave it in the container or delete it. That’s it.
Before I was using Comodo I was also often read tests which AV performs the best and detect the most viruses and malware and choose accordingly what I use but the fact is, in order the scan find a virus and malware, they need to get in to your system in the first place without detection so then you can run a scan and detect them and this is the very last thing you want to do really to detect malicious files during a scan.
What you really want to do is keep those files outside, block them, get them contained right from the beginning, and this is what CIS is really good at.
The AV of Comodo maybe not the best, but to be honest it doesn’t need to be. I’ve been using CIS for 5 years on the same system, Windows 7 then upgraded to Windows 10, no reinstall, it is the same system running for years and I had exactly 0 infection and hacks, I also run every 2-3 months 2nd opinion scans and nothing, my system is clean like a diamond thanks to CIS and this is how I like it.
Since I use Comodo I don’t read AV tests, I trust Comodo Internet Security because it is doing an excellent job at protecting my system regardless what the AV tests saying because protecting the system is more important than detecting malicious files and this is what CIS does best.
Wondering, did you run a scan with Windows Defender after uninstalling CIS? Did it find anything? I bet it did not because CIS was protecting your system even if the AV is not that good. Is Windows Defender protecting your system as good as CIS did? I don’t think so.
The last two comments: :-TU :-TU
Containment and HIPS are enabled. In ‘Advanced Protection’ ‘Embedded Code Detection’ in ‘ScriptAnalysis’ for all the Apps listed there is enabled, too (if it makes sense or not, I don’t know).
Cruelsister’s configuration is my basic configuration i have supplemented/modified with my own entries.
No problems, very well protected, comodo runs smoothly, I’m and have been protected all the time und have none of the problems I can read about in this forum. I’m not thinking of any other software (“Don’t touch/leave anything which is and always has been good to you!”)
Offering my 2 cents on the subject…
Answer to #1;
Windows defender performance is only marginally better than Comodo’s and in an area that has little risk to end users. Therefore to me the differences are inconsequential.
Answer to #2;
Comodo’s firewall includes fine-grained network traffic controls and HIPS functionality which is in not present in Microsoft’s offering. In addition, Comodo’s suite allows for the “watch-dogging” of Windows itself, which the OS doesn’t provide functionality to do, for obvious reasons.
CIS or comodo protect me since 2006;
Tests in “AVlabs” not 100%;
Videos in youtube is more reliable, after all, are samples commonly used by cyber criminals (even though theoretically they look like amateurs);
I don’t trust a lot of the reviewers/testers on youtube but the one that I do trust and the one that brought me back to Comodo was watching Cruelsister’s video’s testing Comodo.Really miss seeing new Vid’s from Cruelsister. 
ive been using CIS since 2007 or something like that, i don’t recall having a computer that’s been infected with anything since i started using CIS.