Since I’ve already asked this in the appropriate thread and got no reply so far, I am asking it here as I believe it will attract the due attention and also because the same situation happened again, this time worse than before - Comodo got a result of 97% Protected - 3% Compromised at SE Labs results for January-March 2020.
I believe that SE Labs is probably using the default settings for Comodo, and if so this is not much of a surprise then. Or maybe those Malware samples were trusted by Cloud Lookup or Vendor List. Or maybe the testing professionals at SE Labs are commiting mistakes in handling CIS and thus leading to infection? This could be happening due to a lot of things.
Can someone from Comodo Staff check on what is happening? If possible any comments? Not trying to complain or anything like that, it is just that this situation is harmful for your product’s reputation.
Even if this might be the case, users have to worry if weak security products (like for example AVG Free) got a 100% score while Comodo Internet Security allowed 3 infections, even though the default Internet Security setting for CIS is too permissive and a lot easier to bypass, unlike Proactive Security setting for example.
Any comments from a Comodo staff on this matter would be much appreciated.
I have mine set to Proactive Security and Block Unknowns, and I don’t rely on AV’s even though I am running CIS, I know AV modules are imperfect and shouldn’t be relied upon. It is just that Comodo allowing any infection, even at default level for CIS, is too much food for the Comodo Haters out there. >:-D
So I wouldn’t advise someone to use such tests for comparison. There is a test conducted by Checklab.pl institute recently in which Comodo achieved 100% protection with default settings against 658 Malware samples - AVLab Cybersecurity Foundation which is another reason for questioning what is going on with the SE Labs test results for Comodo lately.
Even if default settings for Comodo are weaker than Proactive configuration for example, 3 infections being allowed by default settings is something they definitely should look into.
Why not? Perhaps he relies on Windows Defender alone or he don’t click on evry “nice” website/picture" and don’t open every atachment in his mails.
I don’t have “fine” PC-Tools, try this and that software a.s.o.,as a did in former times (very long ago) - result: crash every now and then, software problems. But I have been keeping my PC clean for a long time, I have a lot of software on it, but all from VERY trusted vendors. Nevertheless, I installed comodo because I searched the Internet for topics and solutions (software, data protection, business, …), but I only open websites that I believe are trustworthy.
Cis 7036 runs smoothly like 6882 on my PC, I can do online banking nearly fearlessly.
In a nutshell:
Tests - I rely on my experience with cis, the best test I can rely upon. So, I can understand when someone says: "No need for an antivir software behind my router.
What I wanted to show is that different tests bring different ratings and that a normal user is only looking for tests and his decision is based on it (and this is one of the tests). Nevertheless, the reviews are not completely wrong there, you can also find similar reviews on reputable sites. I quickly found them to be fairly new.
Then, user perhaps are reading this note and read this (in the link translated):
We are an independent comparison service that analyzes and compares providers, products and services based on different criteria. We try to make this as objective as possible. The result also includes subjective criteria such as user opinions, popularity of the provider with the user and sales rates. Furthermore, our personal, subjective opinion and experience with the provider also influence the final result. Thus, this comparison only reflects our personal, subjective opinion.
We offer this service free of charge, since the placed providers are charged an advertising fee for completed purchases by users.
Unfortunately we cannot guarantee that this comparison is complete and that all available providers are published on our site.
All information on the scope of services, prices, features, terms, ... of the providers, products or service providers presented are without guarantee. The information that is provided directly by the provider applies.
compare with this scorecard (by the Federal Police of Germany)
Sorry, from January, but it shows, how ratings can change.
Bitdefender Internet Security 2020 10,0
Kaspersky Internet Security 2020 9,5
Avira Antivirus Pro 9,5
McAfee Internet Security 8,0
F-Secure SAFE 8,0
ESET Internet Security 7,0
Avast Free Antivirus 8,5
AVG Anti-Virus Free 8,5
Panda Free Antivirus 7,5
Symantec Norton Security 8,5
Emsisoft Anti-Malware Home 7,5
Trend Micro Internet Security 8,5
Microsoft Windows Defender 7,5
Yes I agree with your point but Comodo Internet Security reputation is that it is a bulletproof and attack proof product. Infections happening even at default settings are a serious issue and should be looked into with measures implemented so it won’t happen again.
Many novice users will see such test results and think that Comodo is a weak solution because it allowed infection, they don’t know about the differences between Proactive Security and other settings, they don’t know about Cruelsister1 settings or her Youtube tests, they don’t know about Whitelisted Malware either, nor do they know about Comodo Forum members personal experience with CIS.
Such people won’t ever use Comodo after seeing the SE Labs results, since even weak solutions like AVG Free achieved 100% protection.
Plus Enterprise/Corporate users seeing those results might strongly consider not implementing Comodo AEP Product on their business. This is just bad for the product’s reputation and for Comodo company reputation as well.
This week I came across a rather pretty malicious Zoom installer. Although it had been in the Wild for about 6 days (at the time I acquired it), the VT total was 22/71.
The purpose of the malware was to allow certain folks in Lahore, Pakistan to see the the Zoom meeting. It did this using AutoIT functionality, employing Task Scheduler (via the COM API), throwing off a vbs and a Batch script, and (my favorite) a self contained Python script. Only this morning was the malware finally detected by BitDefender, WD and Eset. Avira still has no clue.
Cruel CF, on the other hand, contained the installer, blocked the connection out to Lahore, Disallowed the Scheduled Task, prevented the vbs and BAT file from running, and blocked the Python routine from even being dropped.
I wonder if SE Labs utilizes malware such as this?
First of all, such an honour you replied to this thread. Not sure if SE Labs uses complex Malware as this one you reported, but one thing we know for sure: They don’t use CruelComodo configuration for testing, they use default settings and default settings for CIS are so weak (even weaker than CFW default ‘Firewall Security’ level).
Could those 3 Malware be Cryptocurrency Mining executables? Fully Virtualized level does nothing against this. Could they attempt to encrypt files located at Downloads folder and demand a ransom? (Downloads folder is added as an exception by default as access to it is not virtualized) Or Did they try to Access Webcam, take Screenshots and then Phone Home? In default ‘Internet Security’ CIS Configuration the Firewall allows all outbound connections regardless if they come from a trusted or unknown application.
There are many flaws at default ‘Internet Security’ setting for Comodo, or those could simply be Whitelisted Malware cases, it is even possible the testing professionals at SE Labs commited mistakes in handling CIS and thus leading to infection, like starting those 3 Malicious files from Downloads folder for example.
There are multiple variables involved, however explaining this to novice users, who are not used to our usual Comodo Forums folklore will sound like “lame excuses”, even more so for those who are Comodo Haters. There are many of those over the internet, you can find some of them at the Malwaretips community for example.
I agree with you guys, we are protected with Comodo, but we KNOW how to use Comodo - Some people don’t know. For those people, the SE Labs results are a dire hit against Comodo’s reputation.