So where are the CIS users with viruses.

So I get around security sites. I keep seeing so-called experts saying that CAV has lousy detections.

If that is so, why do we see so few posts on the CIS virus removal help thread?

D+ would warn about it, but has no way of removing the problem., so where are all the infected users?

CIS prompts all users to join the forum to find answers to problems and there must be many thousands of them now. So if CAV is so poor, why are they not posting?


thanks James!


that’s not true, yea it isin’t he most used av afcorse but still it’s getting used by thousends of people.
go comodo (R)

That’s a bit of an exaggeration. Thousands of people are using CIS by now. And for every one person that posts about their problems on this forum, there are hundreds of satisfied users out there.

Yes, not many people are using CIS yet because it is relativity new, but CFP3 started out like that just like all other products do.

Well, D+ does a great job at alerting the users. But the users will only know what to do if they know what to do. The average user, which represents most of people, won’t know what to do when such alerts come out.

So, you ask: “So where are the CIS users with viruses.”? Well, if Comodo AV is able to detect and clean, then they will be happy. If the AV detects but does not clean, they got to report it… or should. If the AV does not detect and the alerts given by D+ could be a from a known good application, well, wouldn’t they just let it run, and who knows be a backdoor, trojan, worm, etc? Does not have to be a virus. If the AV won’t detect how the heck will they complain?

Your question makes no sense, at all. Users will only complain if they notice there is malware on their system and the AV cannot detect them, or the AV does detect, but, cannot remove.

How is CFP/CIS used by thousands? How many thousands? I would say it is used by the ones who know what to do when any alert comes out. More than 90% of people want a set and forget solution. They won’t find it in CIS, because CIS’s default settings won’t give much of protection out of the box. It needs to be tweaked, and then the alerts will come out. Again, not for the average user, and this user represents more than 90%.

I was hopping that when CAV3 was annouced that it would come with detection (of course) and behavior analisys, rather than with D+.

CIS is a great product, yes. But not for the most of the users, only for a elite of users. Of course, considering that such users want a top protection out of the box and set and forget.

Best regards

So you think people don’t notice when they have unexplained activity on their systems?

Most who seek help on HijackThis helper forums have a well known antivirus installed, but know they have a problem. There are plenty of those.

If that was the case, infections, wouldn’t go as far as they go sometimes. Why? First a certain malware gets in the system. The average user won’t know, unless the AV detects it. If the AV won’t detect, then other malware may be downloaded to the system, which could download other malware and so on. Also, not forget send private and important information to who ever controls the malware.

Of course, the situation could be the opposite. Just one malware, for example, keylogger or backdoor. Keylogger would record key strokes and backdoor, well would keep connection between infected system and the hacker. Would the average user notice this? Would the average user know how to answer to a Defense+ alert? (and I could be talking about other classical HIPS) Better, would the average user notice that a red alert from Defense+ could be in fact an alert for possible malware, among some other red alerts that we do see happening with Defense+, and that are nothing, meaning legitimate? They would just press allow and then hell comes up on earth.

Of course, if the system starts to go crazy like hell (performance), they may ask someone they know if anything is happening to the system. But they need to know someone who knows how to see if anything bad (as in malware) is happening to the system and if he/she does not know what could be wrong, then where to get help.

Now lets imagine that a certain average user (and I believe there are so many out there) doesn’t know anyone, doesn’t know where to get help online?

The only choice would probably be to go to the store where she/he bought the computer and ask them to check it out.

No, the average user has no idea of what so ever. For such user the best is a set and “forget” security suite (all-in-one or separate applications).

The next saturday I’ll be installing a new system to one of my relatives and I won’t install CIS or CFP. Why? No strong protection out of the box. I would have to set it to proactive security, but then this relative of mine wouldn’t know how to answer. Why? Simply because has no time to “waste” with such matters. Only wants is to have a strong protection without the constant alerts.

Even the system where I am right now, as soon as I get my new system will lose pretty much all the strong security (control of all processes by HIPS - Defense+) it has, which also includes CFP. I will uninstall CFP, simply because the relatives that will be using it, also have no bloody idea on how to answer to such alerts. Why? No time to “waste” either, as they have busy lives and when use the system, all they want is a strong security with minimal alerts. But, for the meantime, I’m here to keep an eye on things. Things won’t always be like that and won’t be very shortly.

So, sorry to say this, but no, the average user has no idea of how to answer to any alerts from Defense+ and alikes.

Best regards

If someone really wants STRONG security, they will have to take the time to learn and it won’t be a set-and-forget situation, because, well…is there any other option besides installing a good AV (and no AV nowadays provides very STRONG security) or installing a powerful HIPS program with many confusing alerts to answer. Am I wrong?

Is there no solution to having this STRONG security with a set-and-forget app?

Actually, you can. How? Preventive measures. HIPS, like Defense+ isn’t the only way for preventing the system from becoming infected. There are other ways, which could include smarter HIPS, such as DefenseWall, without any user interaction (pretty much none).

And do I have to take the time to learn the red alerts I keep getting from Defense+ just because I want to save files with my browser? Or just because I want to start my batch files? Or just because I want to… well… I lost count… and Defense+ won’t even remember the answer I make, either I allow it or block it?

Even I don’t have the patience for those daily and up to the minute red alerts. Those alerts come from known and trusted applications on my system, such as the browser, my batch files, etc. I know how to answer. My relatives know how to answer. But, between all this madness would they (and the average user) be aware that one of those red alerts could be a malware alert? Well, I guess they wouldn’t as these red alerts I talk about exist since first version of CIS. So, it is a routine. Then, if one of those red alerts do happen to be one alert for possible malware, then, well… only then they would know.

Also, Defense+, quite often, gives red alerts for malware (heuristics) when I open/start some applications for the first time. Wouldn’t the average user among those red alerts, such like those, just click Allow?

Defense+ should be smarter. Comodo can make it smarter. I hope they make it smarter, less intrusive. Will they? No idea…

Also… in one of my relatives the security system is pretty much all based in prevention, such as this one here. The difference is that doesn’t use CFP/CIS. Uses 1 internet security suite + all other preventive measure I use, which don’t matter for the case.

CIS is the not the only way for a strong protection (without those massive alerts) - detection + prevention. You can achive a strong protection by using a combination of preventive measures, which can totally exclude Defense+.

By the way, what would be more dangerous for the average user:

  • AV, plus other preventive measures, which can exclude Defense+/other classical HIPS and perhaps include a behavior blocker?

  • AV + HIPS, such as Defense+ and alikes and the user make a bloody mistake that could totally kill the system or even worse, the user allow a keylogger from logging the key strokes? Who knows bank account code…

Also, not all people have time to “waste” with so many alerts from HIPS such like Defense+. They just don’t have it. I know a lot of people that get up early in the morning to get their kids to school, then go to work, then get the kids, then come home and take some of the time to relax, check their e-mail. Then they go check on the kids, talk to them, help them with their studies, etc. Do you really think these people have time to waste to spend like 3 minutes just to be answering to alerts, for example, just to open their email clients, just because, in this case, Defense+ alerts them for “non-sense” things? (It happens with me… and I had to deactivate the crash reporter, 'cos either I allow or block, Defense+ just won’t remember) (One could just set the email client as a trusted application, but wouldn’t be wise, right? as such app doesn’t need that many priveligies.)

What this busy parents want is a strong protection for their systems and kids!, which by sign, CIS offers not. No parental control… Hmmm… Funny… CIS/CFP does have a password for parental control? But I see no parental control.

The relative of mine where I am going to install the system next saturday, works on shifts and studies. Between all that, do you really think that when has time for going a little bit to the internet that wants to waste time with all those alerts from Defense+ in Safe Mode? I say Safe Mode 'cos is the only way for D+ to offer a decent protection.

So, as you may see CIS is not for everyone. This is how I see it. No one has to agree. Everyone’s entitled to a different opinion, based on things we see on a daily basis. That’s why I say what I say.

we have just under 15Million (yep… fifteen million) users who actually installed and activated our product. We get on average around 1Million new users a month who install and activate our products.

I am yet to see someone who had a default setting who get infected. Not saying its impossible of course.

So if our product was not doing its job and people kept pressing yes for the alerts etc, then at some stage they would be infected and their computer would start being unusable and come to forums and complain about how many malware we let in etc.

I must say, James has raised an intriguing point which I am sure will draw much attention :slight_smile:


I’m far from saying that CIS(less the AV) is bad product, otherwise I would never use it, but couldn’t be possible that most of those people that downloaded your CFP, for example, since has more time of live compared to CIS, downloaded it because someone told them that Comodo Firewall was the best free firewall and offer a great protection (which is 100% correct)? Then people saw the alerts and then just couldn’t get the hand of it and uninstall it and install one other application that would be less intrusive? I go to many forums in my country and sometimes they say things like: I installed X or Y app because I saw so many great reviews, but, I honestly can’t get the hand of it, do you know of any other alternatives? - it is usual this happen. If people don’t get the hand of it, they just won’t use it. They won’t complain, specially if the product is free. If we were talking about a paid product, well, there are trial versions for the purpose of testing. If they don’t like them/don’t get the hand of it, ditch them. The same happens with free apps. We don’t like them or don’t get the hand of it, well, look for other alternatives.

Just because 15 million people downloads some app, doesn’t mean they’re all using it, now does it?

No, and no one said so either… If as many as 5 million (not saying that this is the case, it’s just an example of a pretty high number) uninstall Comodo, then 10 million is still quite a lot.

Sure, people may be more tolerant to free software and have patience. But still I think infected users would seek help, not the least since CIS/CFP has a link to the forum under Summary. We haven’t seen a flood of infected users looking for help.


Hi Darkbutterfly, contrary to other companies whom may offer a product with a lesser learning curve, with little regard to user feedback other than bug fixes and a well here it is now live with it until we feel it’s getting outdated attitude Comodo rather built their Firewall/Antivirus (CIS) on continual user feedback as to bugs and what they feel is lacking to maintain the current status of their product as one if not the best free software firewall available today by security experts’ standards all the while acknowledging its strength and versatility as to personal configuration options.
Life is a learning experience after all for all of us, where would all of us be if our ancestors hadn’t thought of striking two stones together to create a fire to keep them alive? Think about it…;D
Cheers :Beer
Xman (:KWL)

Of course it doesn’t.
that’s why we also measure uninstallation. Our uninstallation rate is less than 5%.

btw: these are NOT downloads, they are actual installations/activiation of the product and less than 5% uninstall the product. We do have a high retention ratio.


Come to think of it, James is right (:KWL) I’m always clicking the forum “show unread posts since last visit” and Havn’t seen anyone complaining that the have been infected while using CIS.

[ at ]Darkbutterfly. I can understand your points… But I also think your exagerating alot.
I think that CIS is set and forget… Turn your pc to training mode - run all the apps you would normally use. Or, Alternativly you could just click “Trusted Application” for your commonly used apps like games, emails, web browsers etc. Once you’ve done that you should never get a pop-up again unless installing something new.
As for the parental control… It’s simply just to stop people from tampering the settings.

Sure… Things like behaviour blockers may be good… But when you rely on your main defense being detection then malware writters simply make something that doesn’t fit the discription of what the behaviour blocker is looking for.
Anyway, In the near future CAVS is going to get something similiar to CIMA which should be a great addition to the overall protection.

Defense+ really is the heart of CIS and I hope that it never gets replaced by detection software such as a behaviour blocker\AV because then it would start failing like all the rest.

Layered approach is the way to go (Y)

P.S Does comodo plan on raising their whitelist reguarly?

The only infection I had on this machine was one attained prior to CFP installation. And it was the firewall alert that drew my attention to the virus as it ‘struggled’ to exit back to the internet.

CIS has less pop ups…

Studying further usability now. :wink: watch this space…


we are in the middle of putting some big bucks into our whitelisting infrastructure. This along with Threatcast which will be in the next version, there won’t be a half popular software we won’t know about (:NRD)