RJM62
Touchdown! Greaser!
- Joined
- Jun 15, 2007
- Messages
- 13,157
- Location
- Upstate New York
- Display Name
Display name:
Geek on the Hill
Because about half the jobs I do these day involve malware removal, I'm always on the lookout for good anti-malware software. I don't really care so much whether it's paid or free: My clients can afford to pay for an antivirus suite.
Once in a while, though, I stumble across something that's good and free. I posted about Comodo a few weeks ago, and after additional testing, I have decided to use it as my default security suite for residential and small biz clients.
Like most techs, my "favorite" AV vendor has changed numerous times. I started with Norton back in the 1980's, then switched to McAfee, then Trend, then AVG, then Avast.
Typically, the problem that causes me to switch is feature bloat that slows down the machines too much. I also take note when clients whose machines have become infected were running current AV suites. A series of serious infections on machines with up-to-date versions of a particular vendor's suite is a serious black eye for that vendor.
A few months ago I decided to test-drive Comodo. Initially I installed it on a spare machine that I use for this purpose, and tried to deliberately infect it. Ultimately I succeeded, but only with difficulty. I had to ignore and override numerous warnings to do it; and it still picked up the malware on the next scheduled scan. So I installed it on one of my working machines and on selected client machines, with overall good results and relatively few annoyances. So I've finally settled on it as my new favorite security suite.
Here's my review, which is worth every penny you paid for it.
Description
All in all, I like this suite very much and believe that the advantages far outweigh the annoyances and concerns. In fact, I would rate it better than any of the paid security suites I've tried in the last few years. So I've decided to go with it for most of my users.
-Rich
Once in a while, though, I stumble across something that's good and free. I posted about Comodo a few weeks ago, and after additional testing, I have decided to use it as my default security suite for residential and small biz clients.
Like most techs, my "favorite" AV vendor has changed numerous times. I started with Norton back in the 1980's, then switched to McAfee, then Trend, then AVG, then Avast.
Typically, the problem that causes me to switch is feature bloat that slows down the machines too much. I also take note when clients whose machines have become infected were running current AV suites. A series of serious infections on machines with up-to-date versions of a particular vendor's suite is a serious black eye for that vendor.
A few months ago I decided to test-drive Comodo. Initially I installed it on a spare machine that I use for this purpose, and tried to deliberately infect it. Ultimately I succeeded, but only with difficulty. I had to ignore and override numerous warnings to do it; and it still picked up the malware on the next scheduled scan. So I installed it on one of my working machines and on selected client machines, with overall good results and relatively few annoyances. So I've finally settled on it as my new favorite security suite.
Here's my review, which is worth every penny you paid for it.
Description
Comodo Internet security is a full-featured anti-malware, firewall, and system protection suite. In addition to standard signature-based and heuristic scanning, it also monitors executable process images, protected registry keys, COM interfaces, trusted and untrusted vendors, and many other system factors.
The anti-malware and firewall components are both installed by default, but either can be de-selected during installation.
AdvantagesThe anti-malware and firewall components are both installed by default, but either can be de-selected during installation.
1. Very good detection of infected and suspicious files and processes, as well as suspicious system changes.
2. Highly configurable. Advanced users can control the way the suite works in great detail.
3. Highly sophisticated and finely configurable firewall.
4. An optional and intriguing feature allows you to use Comodo's DNS servers, which are updated in real-time to provide proactive protection by blocking connections to malicious sites and servers. (I don't know how it handles local DNS caching, however.)
5. Very lightweight and much less of a resource hog than any other comparable suite I've used.
6. Lively and candid user and support forum.
7. There is a very convenient "Installation Mode" that turns off most of the protections for a few minutes to make installing software easier, and prompts the user to switch back every few minutes until he/she does so.
8. There is an option for trusting vendors, so future installations of software by those vendors will be allowed to bypass most of the protection features. This is handy for business users who use specialized, oddball apps that are not automatically recognized as safe.
9. There is a "Training" mode that eases installation and initial configuration on PCs with a lot of oddball, proprietary software installed; and a "Clean PC" mode that tightens security on machines known to be clean.
10. Very frequent signatures updates (several times a day, in my experience).
11. Free (as in free beer) for both personal and business use! Other paid versions are available and may be more suitable for enterprise deployment, but there are no restrictions on the free version.
Annoyances2. Highly configurable. Advanced users can control the way the suite works in great detail.
3. Highly sophisticated and finely configurable firewall.
4. An optional and intriguing feature allows you to use Comodo's DNS servers, which are updated in real-time to provide proactive protection by blocking connections to malicious sites and servers. (I don't know how it handles local DNS caching, however.)
5. Very lightweight and much less of a resource hog than any other comparable suite I've used.
6. Lively and candid user and support forum.
7. There is a very convenient "Installation Mode" that turns off most of the protections for a few minutes to make installing software easier, and prompts the user to switch back every few minutes until he/she does so.
8. There is an option for trusting vendors, so future installations of software by those vendors will be allowed to bypass most of the protection features. This is handy for business users who use specialized, oddball apps that are not automatically recognized as safe.
9. There is a "Training" mode that eases installation and initial configuration on PCs with a lot of oddball, proprietary software installed; and a "Clean PC" mode that tightens security on machines known to be clean.
10. Very frequent signatures updates (several times a day, in my experience).
11. Free (as in free beer) for both personal and business use! Other paid versions are available and may be more suitable for enterprise deployment, but there are no restrictions on the free version.
1. Even set to the lowest setting, the heuristics engine is extremely sensitive and has produced a higher-than-average number of false positives. In fairness, however, most of these were on rather unusual custom scripts that I use to remove specific malware, and which make system changes that have triggered the heuristics in other AV programs, as well. But Comodo did produce more false positives than any other suite I've used.
Personally, this doesn't bother me much. It's much easier for me to restore a quarantined file and add it to the safe list on a client's computer, than it is to spend hours scraping malware from the machine when the AV misses a malicious file.
2. For some reason, the version available for download always seems to be a bit behind the most current version. This means that after installation and reboot, a rather long update process (it's taken as long as 15 minutes) has to run, after which the machine must be rebooted again. This only seems to happen during the initial installation, however. Subsequent updates are much faster.
3. The updates to the program itself and the Defense+ feature are rather frequent (once or twice a week, in my experience) and usually require a reboot. Again, this is both good and bad: It's good that they recognize problems and update frequently (especially considering the prevalence of rootkits these days), but the reboots are a drag.
ConcernsPersonally, this doesn't bother me much. It's much easier for me to restore a quarantined file and add it to the safe list on a client's computer, than it is to spend hours scraping malware from the machine when the AV misses a malicious file.
2. For some reason, the version available for download always seems to be a bit behind the most current version. This means that after installation and reboot, a rather long update process (it's taken as long as 15 minutes) has to run, after which the machine must be rebooted again. This only seems to happen during the initial installation, however. Subsequent updates are much faster.
3. The updates to the program itself and the Defense+ feature are rather frequent (once or twice a week, in my experience) and usually require a reboot. Again, this is both good and bad: It's good that they recognize problems and update frequently (especially considering the prevalence of rootkits these days), but the reboots are a drag.
1. There is no specific incoming or outgoing email scanning. The official reason for this (from the FAQs) is:
2. On one occasion since I've been testing/using Comodo, a bad update caused the program to consume 100 percent of CPU resources. The fix was out in a few hours and was simple for a tech or an advanced user to deploy. I even talked a few not-so-advanced users through it over the phone. But it would have been difficult for average users who don't even know what it means to "boot the computer into Safe Mode" to deploy the fix.
Again, in fairness, this also has happened with AV suites I've used from other vendors (especially Trend, where it was a regularly-occurring annoyance in a suite that I otherwise liked), so it's not a problem unique to Comodo.
3. The high degree of configurability may be a problem for clients who are not as competent as they believe they are. Clients who generally leave things alone once a tech installs them shouldn't have any problems, but those who like to tinker very possibly might.
4. The Defense+ feature works so well that it may confuse average users. Any time an unrecognized or unsigned app is installed, Defense+ prompts the user for approval every step of the way. This can be disabled temporarily by switching to "Installation Mode," but it also gets users into the habit of overriding warnings.
However, in fairness, when I tried to deliberately install malicious software, the warnings got more strident and positively identified the software as malicious, which I hope would lead all but the most idiotic users to not override. And even when I did override, the malware was detected and quarantined on the next scan.
SummaryComodo's philosophy here is that malware has to hit the memory or the hard drive to get activated. And those 2 parts are scanned. Al other "scanners" won't add anything to your protection level(s).
So for example if you receive an email with an infected attachment you won't get an alert, if you try to open/save it you will. This reduces resources and yet makes CIS a very fast, light & powerful Suite.
I understand the reasoning, and they're probably right. But there's something a bit unsettling to me about this approach, although I can't say exactly why.So for example if you receive an email with an infected attachment you won't get an alert, if you try to open/save it you will. This reduces resources and yet makes CIS a very fast, light & powerful Suite.
2. On one occasion since I've been testing/using Comodo, a bad update caused the program to consume 100 percent of CPU resources. The fix was out in a few hours and was simple for a tech or an advanced user to deploy. I even talked a few not-so-advanced users through it over the phone. But it would have been difficult for average users who don't even know what it means to "boot the computer into Safe Mode" to deploy the fix.
Again, in fairness, this also has happened with AV suites I've used from other vendors (especially Trend, where it was a regularly-occurring annoyance in a suite that I otherwise liked), so it's not a problem unique to Comodo.
3. The high degree of configurability may be a problem for clients who are not as competent as they believe they are. Clients who generally leave things alone once a tech installs them shouldn't have any problems, but those who like to tinker very possibly might.
4. The Defense+ feature works so well that it may confuse average users. Any time an unrecognized or unsigned app is installed, Defense+ prompts the user for approval every step of the way. This can be disabled temporarily by switching to "Installation Mode," but it also gets users into the habit of overriding warnings.
However, in fairness, when I tried to deliberately install malicious software, the warnings got more strident and positively identified the software as malicious, which I hope would lead all but the most idiotic users to not override. And even when I did override, the malware was detected and quarantined on the next scan.
All in all, I like this suite very much and believe that the advantages far outweigh the annoyances and concerns. In fact, I would rate it better than any of the paid security suites I've tried in the last few years. So I've decided to go with it for most of my users.
-Rich
