Comodo Internet Security -- a cautionary tale?

[ewemoa]

FWIW, I failed to find uBlock Origin via searching the chrome web store (though I read claims to the contrary in a few places) -- there was a link that worked mentioned in the following though:

  https://github.com/g...ill/uBlock/issues/50

[Innuendo]

First, don't bother with any product that includes a firewall. There's really no good reason to use anything but the built-in Windows stuff... unless you're one of those paranoid enterprisey corporations, and then you'd run fascist outgoing firewalls at your internet edge, not individual machines.

-f0dder (April 15, 2015, 01:19 PM)

Generally this is very good advice *except* for when one has a need to see what outgoing connections are being made with your machine. The built-in Windows firewall can block incoming connections with the best of them, but there's no mechanism to interactively allow and block outgoing connections. Most people don't need or even care about this functionality, though. For someone who is curious to see what programs they have installed are connecting to who-knows-where behind their back, leaving the Windows firewall behind is a must.

Second, I haven't seen any good reasons to use anything but MSE for anti-malware for several years.

Then, my good sir, I must respectfully believe that you have not been looking very hard. MSE has done horribly in independent testing for the last couple years, never scoring more than 60-65%. Most testing sites do not even take MSE seriously as an anti-malware solution and have stated they only include the results as a baseline. Microsoft themselves have stated that MSE has been moved to the back-burner a long time ago.

Running MSE is like driving a car without wearing a seatbelt. You'll feel secure until something bad happens.

There was a time when if anyone ever asked for a light AV solution, everybody chimed in and said Eset NOD32. End of thread. Sadly, those days are far behind us.

[mwb1100]

To throw in my 2 cents:

I wasn't happy with MSE - my wife's machine ended up with some difficult to remove garbage while using it.

We have been using Webroot for about a year now, and I've been happy with it.  I tested it against some of the installers that infected my wife's machine, and it performed admirably.  I did have some small bit of trouble with it blocking copy/paste between programs that I wanted to copy/paste between (it has some sort of module to prevent programs from stealing credit card numbers using the clipboard or something).  It was easy enough to configure the program to stop blocking those operations but it was a pain understanding what was going on since it just seemed like the clipboard was broken, and I had no idea it was Webroot.

[f0dder]

Generally this is very good advice *except* for when one has a need to see what outgoing connections are being made with your machine. The built-in Windows firewall can block incoming connections with the best of them, but there's no mechanism to interactively allow and block outgoing connections. Most people don't need or even care about this functionality, though.

-Innuendo (April 18, 2015, 10:52 AM)

Indeed, and I haven't seen any good reason for wanting that functionality. If you're paranoid, the built-in firewall can be toggled to whitelisting mode. If you need only specific applications blocked, you can blacklist those. If you're worried about malware, well, they can just exfiltrate data through an allowed process. If you're worried/curious about new software, you should be running that in a VM along with Wireshark. I really can't find a good usecase for 3rd party firewalls - they're too confusing for Regular Joe, and they don't add anything really worthwhile for the advanced user, IMHO... just noise.

Then, my good sir, I must respectfully believe that you have not been looking very hard. MSE has done horribly in independent testing for the last couple years, never scoring more than 60-65%. Most testing sites do not even take MSE seriously as an anti-malware solution and have stated they only include the results as a baseline. Microsoft themselves have stated that MSE has been moved to the back-burner a long time ago.

-Innuendo (April 18, 2015, 10:52 AM)

Have those independent test become reputable? The last time I took a look at a couple of them, the way scores were weighed was very, very suspicious and had me pondering whether it was completely independent of cash from the AV vendors. Haven't bothered to look at them for a while, but if you have a recent link to something reputable, please entertain me - a link to MS stating MSE has been put on the backburner would also be nice. (I don't necessarily see that as a problem, anyway - there's no need for a whole lot of new features, as long as signatures are kept up to date).

[Innuendo]

Some independent sites are very reputable. However, it does all boil down to trust. What one person trusts may not be what another finds to be trust-worthy. I tend to put my faith in what AV Comparitives puts out. They take their time with their testing and while they do make money from selling comprehensive reports of their testing, they always make a basic reporting of their results free. They've been around a long time and if there were any funny business going on I would think someone would have flushed it out by now. Not only that, if they were all about the money, they'd probably be cranking out new reports for purchase monthly rather than just a few times a year.

I went on a search looking for the article I had read way back when & it's nowhere to be found (the original URL now redirects to a web page for a 2015 review of MSE...not helpful!), but thankfully I never give up and the Wayback Machine had what I needed. Here's a Wayback link to an article discussing an interview with Holly Stewart, senior program manager of the Microsoft Malware Protection Center:

Link

Here are also two articles from trusted web sites analyzing the first article    :

Lifehacker

HowToGeek

Microsoft is basically concentrating on what it considers to be the most serious threats. They still have a team of people working on understanding new threats, but they are passing that information to other vendors. MSE is now considered to be a baseline & Stewart stated that if every other AV solution is better than MSE, then they are doing their jobs right.

[TaoPhoenix]

...
I went on a search looking for the article I had read way back when & it's nowhere to be found (the original URL now redirects to a web page for a 2015 review of MSE...not helpful!)
...

-Innuendo (April 19, 2015, 09:56 AM)

Did you try the Wayback Machine? Despite its flaws, it seems to be the secret weapon a lot of "slightly lazy" companies trying to cover their tracks forget about!

[Innuendo]

Did you try the Wayback Machine? Despite its flaws, it seems to be the secret weapon a lot of "slightly lazy" companies trying to cover their tracks forget about!

-TaoPhoenix (April 19, 2015, 10:39 AM)

Did you read the sentence I wrote after the one you quoted?

[oblivion]

Just an update, for what little it's worth... I'm still using Avast Free.

I don't like it much -- occasionally it's clearly doing something behind the scenes because the computer becomes unresponsive, but it's hard to see what. One of the more positive points of Comodo Free -- however sluggish it might have been in comparison -- was that you could go and look at the tasks it was running and, if appropriate, tell them to stop. Avast, in comparison, is positively secretive.

I guess I have no right to complain about the adverts it throws up, but (and I have no real evidence for this assertion) it feels like it decides it's going to put an ad on the screen come what may, whatever else might be going on, because responsiveness will just go away entirely for a few seconds, then an ad will appear, then it'll be nicely whizzy again.

A side-issue: I've never really felt comfortable with Readyboost but I bought one of those tiny Sandisk things that hardly sticks out of the USB socket at all, 8Gb, reformatted it to exFAT (having seen a suggestion elsewhere on DC) and gave it all to ReadyBoost and it actually seems to have done something useful. The netbook is still occasionally sluggish but when Avast isn't busy doing anything in the background it actually feels faster than it's ever been. So... well, we'll see. I'm still open to suggestions!

Oh, and by the way:

https://addons.mozil...addon/ublock-origin/

[oblivion]

I have given up on free solutions, for the time being.

Mostly because the only one that even got close to being acceptable really does seem to be a bit of a pain to work with.

So I'm now trying F-Secure AV (not any of the more comprehensive solutions they offer) in trial mode.

I like F-Secure the company -- have done for years -- but have always regarded the product as more corporate- than home-friendly. But most of the other likely commercial offerings are either too bloated or past their best (or both) and some have blotted their copybooks so badly in the past that I won't go there (anything Symantec or McAfee I freely admit massive bias against!) so the available options are decreasing rapidly. So F-Secure claim to be low-impact and if that doesn't work out for me I may have to try Kaspersky, rather against my better judgement despite their popularity and apparent effectiveness (I gather it's hard to remove.)

I should say that Avast tried very, very hard to persuade me not to uninstall but went away nicely when I insisted.

[Curt]

[deleted]

[oblivion]

I've bought into F-Secure for a year. It's genuinely low-impact, doesn't annoy me too much (occasionally the deepguard program jumps up and asks me if I trust whatever program it is I've just started but it does that very rarely -- it's cloud-based so there must be quite a few people with similar tastes in weird software to me populating their "this program's okay" list.

I use Process Lasso to monitor cpu usage on here. The lowest level cpu usage drops to when the system's idle is as close to zero as I've ever seen it.

I'm aware that F-Secure isn't quite at the top of the detection tree, but despite that they have some of the most well-respected AV researchers on the planet AND the product ticks all the boxes for being unobtrusive and low-impact.

I'll come back here if I pick up a virus, or if something happens to change my mind. However, this was a lot of work and I freely admit it was more subjective than objective (if my system feels sluggish, then I'm not going to be happy even if some bit of paper somewhere tells me it ain't so). I would also say that a full-blown internet security package might well have been evaluated differently and other people might well want that rather than just AV, so I won't try to suggest this is an unqualified endorsement of F-Secure. YMMV, in other words -- but I'm happy with it so far.

[Lolipop Jones]

Last used Comodo about three years ago. 

My experience was that the false positives came at me more or less like confetti at a Mardi Gras parade, so I killed it and went to the paid version of Malwarebytes combined with the free version of Bitdefender.  Very happy with this combination and plan to continue.