COMODO Internet Security 3.5.56968.437 released

EDIT: ATTENTION. This update appears now to have been cancelled.

http://forums.comodo.com/feedbackco...et_security_3556968437_released-t31083.0.html

No release notes yet. I suppose this must be the bugfix version to reclaim no1 rank at Matousec's.

 

Yeah, Update was pulled back. I guess we will wait till Egemen goes on the forums. There are other fixes too apart from Matousec bug.

 

yes they pull it back

hope new one popup soon

 

It now be out tomorrow (Wednesday).

 

Hi

Doesn't seem that Comodo can get anything right at the moment?

Not confidence inspiring is it?

Terry

 

I think Comodo's free offer to the pubblic is unprecedented. But i also think they should have kept the firewall and antivirus as separate products. The more code you put into one product, the more likely it gets to have bugs.

D+ already has a very complicated job to do, i don't think it helped adding a built in AV, which is still immature btw.

In any case, Comodo IS is probably the best free security product out there, as far as level of security is concerned.

Every application has bugs, it's inevitable. For me the Matousec bug is of secondary importance. I would prefer live with that bug , but have improvements in the firewall TCP and UDP performance and abbandon the extensive use of registry for rules, which is said, that is the cause of slowdown , once you make many rules in Comodo.

 

What is exactly Matousec bug? When option in software is broken it is software bug or you think only Matousec can kill it?

 

If you mean that being able to kill Comodo in not Paranoid mode is Matousec bug, I'm afraid you are very very wrong. HIPS product should be able to protect itself from termination in any mode. Also I think older tests (with default settings) were more correct. Most users use default settings and it is kinda logical that a vendor provides default settings as the best settings product can have. It would be silly not to go this way. And if default settings are not secure, then it should be clearly stated.

I just wonder, will there be a time when Comodo stops to blame others for ther own bugs ?

 

+1
Or at least have the results in the same table for the default settings.

Fax

 

Yeah, i meant the bug that was found in Matousec, relax. I was bored to explain it again, since there has been extensive talk about it, my bad.

 

I'm sorry, I meant the bug YOU guys (Matousec) Found. Sorry for the misunderstanding. BTW there hasn't been a user that has reported any problems with the default settings in CIS 3.5x/CFP 3.0x, That includes virus problems - And believe me Comodo would NOT leave you vulnerable knowingly, Despite your so called "leak tests"

So far you're the first to complain about it to be honest! Anyway I think this thread can be closed since it's a dup.

 

Why whould I believe you ? "In God we trust"

This is a problem. Most people just "believe". Also, from what I saw, most Comodo users have additional security, so Comodo theoretical fail has very low chances to be converted in a real fail.

And as IT professional I should say, there is no difference in real threats and leak tests. If you analize real threats close, you'll see that ~99.99% of them are nothing, but child toys any HIPS system can stop. But there always are the chances something new appears. For example, some time ago Comodo didn't have DDA detection (not too long ago), but you said in those times "believe me, Comodo is rock". Still without DDA detection something like Rustok could do with your computer whatever it wished. Now, when there is a correspondent DDA test, you can be sure that this vector of attack is under control. But who knows, may be there are some others ? So how can you say "believe me" ?

 

a major update popped up on CIS this morning and it asked for a reboot.
mine says 3.54.57173.439

also here is a thought. As said first i had installed it with firewall only and not defense + which is the HIPS part of the firewall.

I know find things are going slower than they did with just the firewall, but look at all the trojans getting into peoples computers now a days. Why have defense + if they are getting through anyway?

Also, with defense + if you have no clue what you are doing and you "allow" something that should not be allowed- you are defeating the purpose.

And if you stay away from the bad sites, and have webguard on like with Avira doesn't that work like a HIPS?

Do I really need the defense + if I am running Avira Premium?
I can see I would need this if I was running the free version that has no webguard.
AVG also runs webguard in their free version and their pro. So in these cases is defense + overkill?

comments?

robin

 

A webgaurd is not HIPS, you dont need HIPS unless your gonna get hit with a zero day attack (new unknown malware) but i cant predict your future - bummer

 

I think that's is normal when running a HIPS to have somewhat a slowdown. When you have hooks and tripwires everywhere, it's logical...

Those people that get all those trojans are running Comodo with D+? If so, they should read Comodo's manual, because i think that 99,999% of the cases, they let something execute and Comodo won't protect you from shooting yourself on the foot.

Yes, i don't know why, but many people run Comodo thinking that since it has a thorough HIPS coverage, it will become panacea without them doing anything. Clueless people, shouldn't be running Comodo with D+, because exactly the whole purpose of a pop up, is to be able to answer it after thinking, not after clicking for fun. So, if someone has no clue of what he is doing in Comodo, he 'd rather uninstall it and use a nice behav blocker, sandbox, policy sandbox (like DW) or Drive sentry/PrevX edge etc.

No, it doesn't work like a HIPS. But if you 're a bit lucky you won't be infected.

The whole philosophy behind running a classical HIPS, is that your antivirus may NOT have the malware you will encounter in its signature database. If it doesn't , then be it Premium , with webguard or not, it won't "see" the malware, while the HIPS will. Because the HIPS doesn't care about signatures. It is made to intercept anything for which you haven't given permission.

The problem is that webguard isn't some kind of separate entity. It is based on the same engine the rest of the antivirus is based on. If your antivirus doesn't have the signature of the malware you will encounter, webguard or no webguard, it makes no difference.

If you don't understand D+, consider using Sandboxie, Returnil, Defensewall, Threatfire, PrevX Edge, Mamutu, Geswall, Shadow Defender and the likes.

 

thanks for the answers, I plan to use defense + especially now that you explained it better. I would just like it not to slow down the web browser so much, why can't they just make it so it doesn't do this?

robin

 

In deed, in past Matousec perf TCP and UDP tests, Comodo 3 was getting about 83-85/100. So there is a slowdown. But if you look at it, there is even worse!

http://www.matousec.com/projects/firewall-challenge/level.php?num=1#level-limit

Why they don't work on this? Because, all people care is about leak tests. So software houses work primarily on the HIPS part in order to pass more leak tests. In fact, the firewalls that get 100/100 in the TCP and UDP tests, are the ones with no HIPS or that initially had no HIPS. So, these fellas, not having a HIPS, they were working exclusively on their firewall. While Comodo, OA and the like, were too busy working on their HIPS. It has been removed now, since Matouce stopped testing these 2 tests (which were the only that really interested me), but Comodo 3 was at about 83-85 in both TCP and UDP, OA was i think over 90 in TCP , but around 65 in UDP.

 

I'm not sure about Comodo ,on my PC works perfect with the large nr of connections.
OA poor,65 UDP score matches with what i've experienced on it's version 3 first release.Hope they will correct this insted of "improving" the HIPS.

 

Beta .151 scored >90%, don't know how much scores the last one

https://www.wilderssecurity.com/showthread.php?t=214178

 

So let me get this straight. Alex_S is actually Matousec? (not that i would be surprised). So he posted the UDP Perf result here instead of his site? Or it's just an "unofficial" test made by a "casual" user?


As far as i am concerned, Matousec's tests in Perf TCP/UDP match my experience. I was actually writing in this forum about how Ashampoo, Kerio 2 and PC tools were swifter before any tests came out. Comodo adds a biiiit of a lag to my browsing and slightly higher pings. OA doesn't collaborate with Emule, kad gets firewalled, so there is something wrong with UDP. But it feels a tad faster than Comodo in browsing.

Ashampoo, Kerio 2, Rising, PC tools, windows firewall, Ghostwall beat them both in swiftness.

 

Nothing is 100%. Not one vendor, or security product can guarantee 100% protection. Every vendor will have it's little bugs, obviously. Including Comodo, Online Armor, Outpost, Kaspersky etc. How can I say "believe me?" Well that's something you're going to need to TRUST for your self!

You're right, leak tests are really just "to see if your car can brake" and real threats preform REAL malware actions! Like the Comodo Leak Test Suite, They implemented real rookit, startup, etc tests in that suite << That is a great testing suite to test real malware!

Mate. "REAL THREATS" can do ANY harm. It's the leak tests that do nothing, but are child toys to "TEST" your HIPS/Firewall that are useless in real life, Comodo did the good thing and put real malware tests out in its suite using rookit techniques, etc. Real malware tests implementation is something Matousec needs to look at. Not to see (with real life scenarios):
1) Can your car brake?
2) What will happen if you turn the steering wheel?
3) is that "really" a stop sign?

That's what matousec are doing. And considering how many times they have apologized to Comodo and a few other vendors for testing wrong, Well... I'll leave it up to you guys I guess! Don't get me wrong, I wish matousec well in the future. But right now people now and in 5 years time need real malware tests, because malware is growing more rapidly then ever then "LEAK TESTS"

 

96 UDP and 98 TCP according to my three series of tests. Don't remember which version is was, though

 

Nope. Take it higher, I'm Bill Gates

 

This is my main point

If it was opensource and was not buggy it would be really great. Though it counts "Error" as "Fail" which is complely incorrect. And nobody except Comodo devs really knows what does mean "Fail". With Matousec tests you do not need "to trust", because you see in the surces what does mean "Fail", for example

I disagree. Some CLT tests are "artificial", for example active desktop, ICMP, DDE, DNS API, FileDrop. Others duplicate the tests Matou had for long. I have found only one interesting test, that is "KnownDlls". But this technique was described back in 1999. I have a feeling Comodo implemented the tests after some limited set of real malwares to test their own work, but actually real malwares use much more different techniques. But I agree, they also have some good. Just do not overestimate them. They are a small and not categorized set of not very good coded tests.

From the other side Matou "Termination tests" are really great. If you can disable security then you can do anything.

Then just take a look. I have already studied every one

 

Although the performance tests are interesting, without testing on filtering im afraid those are also misleading. Firewalls with SPI mixed with firewalls with no SPI, no connection tracking in UDP and so on..