COMODO Internet Security 3.9.76924.507 Released!

Hey Guys.

I quickly skimmed through the thread, So I'll try and answer everything best I can.

Version number, Why is it so big? I do not have the answer to this question, But I can always ask a developer.

Can you install BOClean stand a lone in CIS? No, you can't. It is a totally integrated memory scanner that works with CAV. Gets same updates as BOClean off course too. PLEASE be aware though... The CURRENT stand a lone boclean will have last update on 26th May, 2009 the product has already been discontinued, but signature updates will continue until the date.

Comodo skips a few Advanced checks (Defense+) Settings! why?: I will explain this in more detail:

Why keylogger for example is NOT being monitored by Defense+?

Think of a keylogger not caught by the AV:

All keyloggers try to install themselves permanently. If they try to do so, they will be prevented by CIS.

Assume keylogger is executed and by chance at the same time, there is banking information entered in a web site, the firewall will catch it anyway.

Here the point is, permanent damage needs to be prevented. And all the checkpoints are kept to prevent the permanent damage.

Sure, But what about the others such as DNS/RPC Client, Window Messages, Image Execution Control, Monitor, and Disk?

All the viruses, unlike Comodo leak tests, try to make themselves permanent first. No exceptions. Thats why CIS will catch these immediately. There may ofc ourse be exceptions but Comodo does assume these are rare.

All of those checks(DNS/RPC Client, Window Messages, Image Execution Control) are disabled because of the fact that all viruses attempt to make themselves permanent first and hence will be caught. So COMODO Internet Security policy is a balanced policy with acceptable security and acceptable user experience. It is there to complement the AV.

Let's look at Proactive Security policy: This policy REPLACE any AV for an experienced user. Until Comodo reduce the popups, they will have to keep this balance for average users.

This is only detailed information when you install full CIS. You install Just Firewall, Then Comodo Firewall Policy will be applied, and so on... CIS is still strong either ways - That's why there is 4 default configurations. IF anyone is aware that a REAL threat in the wild can exploit CIS's default configuration (Eg Internet Security with some checks not ticked), And does permanent damage, please post this at the forums) - But don't be confused between Inconviences and threats. Internet Security Configuration focuses on threats, NOT inconviences such as locking the mouse or playing a JOKE you can easily get rid of when you reboot. It's not simply "lets uncheck some default D+ Settings and reduce pop ups!" - So please read all the above I wrote. It is acceptable security and user experience, and BOTH is taken into consideration, well should be, for any software vendor...

I re irriate: Please post at Comodo Forums if a threat does bypass the default configuration in CIS and causes permanent damage. Then Comodo can re evaluate this configuration for CIS.

P.S - Database size is a top priority right now. It will be taken care of.

Cheers,
Josh

 

I totally agree.

 

True, true. I have downloaded the installer, sooner or later i will install it. But i 've been messing around with Vista in the last day and should take a brake from "experiments" for a while.

Hi 3xist, thanks for the info. By "skip" you mean that not all options are ticked right? And as i understand this isn't an issue if you use only the AV...

Anyway, the way i see it, if you choose to use Comodo, you may as well use the AV too at this point. Because it lesses the pop up number and the work of D+. I think i will try the AV too. If cpu usage is low, i may leave it realtime and put Twister on demand.

 

Yes. AV as detection is a huge difference, Make Prevention more usable (Its always been prevention your first line of defense, detection second) - Which is how CIS works. AV Detects something (Either at file/download level or execution level (Memory Scanner), D+ does not annoy you about it. Making more pleasant usable experience...

Next version will see a great improvement in detection, With Family Signatures and off course less memory and database size. It's been said 1 signature can catch 23K malware - But action speaks louder then words so we will wait until that version comes, which is before v4...

Cheers,
Josh

 

Thanks Josh.

I hope they make it. It would be wonderful for freeware users to have such a suite. Let's hope that it will also remain low on cpu... If it does, it will become a very attractive offer for medium to expert users. (I still think that an average Joe who has trouble even to understand something like AVG free, would have ever more trouble understanding Comodo's options and alerts).

 

Np Fuzz.

COMODO is aiming CIS for both from the Computer Nerd, To your Mother! I also forgot to mention that next version will also have a new mode called Silent Mode (Or Smart Mode) Where certain requests can be automatically allowed or denied without ANY user input. This version hopefully (Again before v4.0 and with Family Signatures and reduced DB Size) Will also be usable on mothers PC's.

As you can see with v3.9, There are already less Alerts thanks to extended whitlist and trusted vendors, And the pop up lay out is now simply Allow or Block, And thats one click allow, one click block. So usability is going forward and going strong...

Cheers,
Josh

 

Without user input? I hope it doesn't contact some online database and things like that.

I haven't installed 3.9 yet, so i didn't see that change. You mean there is no "treat this application" as installer/trusted... ? Does this stand for the firewall only version too (without AV)?

Hmm... I think i may try it sooner than i thought...

 

Default pop up layout is just Allow/Block...

You can click more options and have the original lay out (Treat As, Etc) But its encouraged to use the default for just one click allow/block. Yes its for Firewall without AV too.

No it wont connect to a online DB/Server. There will be strict rules to define what to auto allow, what to allow denny (Example: Malware trying to modify unserinit.exe, Can be auto dennied) - stuff like that can be auto blocked.

Cheers,
Josh

 

Thanks Josh, i just tried it. I 've mixed feelings about the new "Allow". Although it can help, for me, it's a bit counterproductive. I do prefer such an approach for D+, but for the firewall, i have customized and high security, because i want to control more. And in the firewall i do prefer the "treat as outgoing only" or "blocked" etc.

I understand it's now better for the inexperienced user, but for me, it just means that i have more clicks to do what i want...

I am uncertain on whether to keep running it or go back to OA free. Oh well...

The auto-rules sound nice.

 

Is the "Smart Mode" going to be default when going v4?

 

Smart Mode, Family Signatures, Improved Memory Consumption for AV Updates and Reduced Database Size is in the next version BEFORE v4.0. I am not sure if Smart Mode will be the default...

Cheers,
Josh

 

There seems to be something in D+ (proactive, all options checked) which hinders the Crystal Disk Mark to run properly. Normally if you click "all", 3 batches of benchmarks for the Hard Disk will be performed automatically. In my case, the 2nd failed, but did run if i manually launched it. Same for the 3rd.

I also noticed that it didn't ask me "are you sure your PC is clean" during installation. Without importing older configuration , this resulted in having in D+ rules only a handful of applications (asking for the rest).

 

You might also want to add the My Documents folder to My Protected Files by default so that, out of the box, CIS can defend against ransomware, e.g., malware that encrypts all of My Documents and demands payment to decrypt the ransomed files. There may come a time when the entire C drive must be in My Protected Files. Who knows what tomorrow's malware may do? I sure hope CIS evolves to keep up with evolving malware.

 

Thanks, Josh. So, does Smart Mode apply to all "asking thingies" P) incl. D+? Does the user ever have to answer any prompts from the AV not related to heuristical detection?

Speaking of heuristics... what about the FPs even on low heuristic settings that I've mentioned in the other topic? If I remember correctly there were even multiple in the low setting...

 

What is the meaning of the CIS logo? What does it show?

 

Who cares how big the installer is? The real test is performance and memory usage. I can tell you the performance is great and the memory footprint extremely small. (ranging from 4 to 10 megs at most.) The installer is bigger because of the inclusion of the av DB and the ability to prescan before the installation completes. I was using NIS2009 and was very pleased with it but due to recent financial problems I was reluctant to pay $50 to renew. I decided to try Comodo which is free and I'm not sorry I did. The new version just out is even better than 3.8 and does a much better job of recognizing safe apps therefore greatly reducing popup alerts. The only problem I was having with 3.8 was that my defrag performance was very slow when the AV was turned on. That problem is also gone in 3.9.

 

Ditto!

 

Do you have any problems with your combo? (prevx+cis)

 

No, so far CIS 3.9, PrevX 3.0 and Zemana AntiLogger all playing well together.

 

Best Comodo version so far
And who cares about installer size and memory consumption? RAM is extremely cheap just like big HDDs, broadband internet is standard. Still CIS is the lightest AV / IS, with stateful exclusions it became even faster than 3.8. Also defragmenting with Perfect Disk and so on is not a problem anymore.
And the build number...
A good ersatz for the pink dot in the upper left corner of CIS' window?

One thing that annoys me: While the AV is updating the guard doesn't scan anything
I hope this will be fixed with later 3.9 versions...

 

Excellent comodo, the best firewall+hips that i have ever try, needs less resources than outpost or OnlineArmor

 

Comodo does not updatee itself in my machine it stops at 30 %

 

Thx

 

Very nice Comodo. I'm back in the mix.

Ice

 

Very nice indeed!
Best version yet.
Running it with GesWall free also.
Seems to be a very good pair together.