Comodo: What do they need to do, to improve their product line?

BTW what other possible alternatives? Except Sandboxie I don't know anything (I even don't consider Geswall and Bufferzone).

 

Ya, GesWall is discontinued/died, and BufferZone gives conflicts with other security softwares. I say AppGuard, for example, or DefenseWall.

 

No they are more restriction/HIPS than sandbox they cannot erase their sandboxes (or I'm wrong?). So only Sandobxie and CIS's sandbox can satisfy me in this sense.

 

HIPs programs are unusable for a vast majority of PC users. That's just the facts.

 

True, HIPS is not good for the masses and develeopment should target the many not the few. Simple businness perspective and the law of survival in a very competitive market. Prevx (back to version 2) was one of the first to experience this (with support of factual data from its user base). Look at them now

 

remove sandbox
signature name

 

Sure, I said in a view of protect the system, not only to isolate the browsers.

 

This is the reason for many excellent security programs, and other promising too, died: System Safety Monitor, Online Solutions Security Suite... but Comodo claims that his suite will be always freeware: so it could to point to best security mode.

 

I'd say it depends on wich company that has developed it, some vendors does it way way better than others, a well coded one shouldn't slow down your internet speed at all, and should work with all browsers. The URL Blocker and HTTP Scanner is the first layer in todays AV's (well not Comodos) and I would never use an AV without these layers. If they slow you down try another product or ask them to improve the performance, or in Comodos case implement one.


But Comodos biggest issue is their AV database, it needs to be streamlined ASAP, they have talked about that since V3 when I tried it but not much has improved in that area IMO. I am not talking about detection rates but the lack of generic sigs etc etc.

 

They have generic signatures and have done for the past 3 years.

 

Yes but they should have started even before that. And the database would be in a better shape today and earlier.

 

That is indeed true.
Over 20million signatures and counting lol

 

Wow I didn't knew it had grown that much....But that's what I am talking about, late 2009 when I used V3 the sig number where 9 Million and people complained that it was getting bigger and bigger and it needed to stop increasing that fast. They promised that with the use of Generics, and Heuristics they would decrease the Sigs down to around 5 Million "at least" but it appears it went the other way.

 

Chatty HIPS are intriguing to the security conscious geeks until such time as you need to get a lot of different stuff done in a hurry,whereby they become a pain ~ Snipped as per TOS ~

 

There have been a lot of improvements to comodo since v3.
The av i think is very good now and amongst the main players.
There are some new features coming to the cloud back end too at some point.
You really should not judge the av performance from the 2009 version.
Its worth a look.

 

I know that very well, but I didn't judge the AV's capability of detecting or whatever, I was only talking about the way they have handled their AV database from then to today and what it have become. And what they said they would improve going forward.

 

Here is something I would like to see as well.

For them to update Comodo Antivirus for Mac

 

And all the stuff they make but never update again

 

+1 on that

 

Go back to topic

What should they improve ?

-Application whitelisting : manually whitelisting is certainly not the way to go. Even MyDefrag was unknown...not only MyDefrag ofc...

-Once a user submits a FP from the program, maybe they should fix it ? On a french forum, a user installed V6, his program was still getting detected even though he "submitted has FP" years ago...

-Stop starting new projects without finishing what is already being developped?
I mean DACS,Valkyrie,CCAV,...But what about Comodo Time Machine, Programs Manager, Backup, System Utilities..

-This is also something I'd like them to improve : For example if you'd like to get news for valkyrie, well it's impossible. Ask on the forums, no one will bother to reply you. To get a simple PM reply (which was really vague) I had to ask another employee to ask the head of antivirus to reply to my pm. Is that normal ?

 

Sounds rather normal, if they start answering to all single requests by users then there will be not time left to dedicate to their core business, i.e. software/AV update and development

 

Check the valkyrie forum, last post from Fanny is dated from Aug 2011. So no that's not normal

 

There's an option in the KillSwitch "Send to COMODO" -"Report FP"/"Report Suspicious", I wish it worked. I used it several times with no effect in months.

 

And rather COMODO must find a way around their sandbox and HIPS bypasses rather I still see people in thread who are indirectly trying to claim "COMODO is 100%" But hey look at their forum itself.Whatever you say CIS v6{I still like COMODO I have used it 2 times in the past} is more vulnerable than CIS V5.Personally,I liked CIS v5 more than v6 there is component called Behaviour blocker which only does the job of sandboxing so what's the point in having it!? just merge it into the sandbox menu and when the real BB comes make a different option rather than trying to confuse most of the users with that name "Behaviour Blocker"

Meh:
http://forums.comodo.com/leak-testi...search/weakness-of-the-gpcode-t65960.135.html
http://forums.comodo.com/leak-testi...tially-limited-limited-and-hips-t95939.0.html
http://forums.comodo.com/leak-testi...ypass-cis-v62-fully-virtualized-t95943.0.html
http://forums.comodo.com/leak-testi...ally-limited-limited-restricted-t96245.0.html

These bypasses...some even before v6 some since v6.1 and still the first is not fixed and the rest are persisting since v6.1 and not fixed.In my test,I dont see to find any piece of ransomware getting past defaul comodo so IDK..there is got to be some custom made ransom varient there.

So I guess CIS must work first to fix their holes and then proceed ahead with doing the rest of the stuff.

Apart from that,I like CIS very much and btw its great suite

 

egemen: "This case and a few other cases reported before rely on the same technique. We fixed it but haven't issued the update yet."