Should your computer lack either firewall or antivirus protection, you are risking your personal data to malware. You should install security to protect both yourself and the internet community: Comodo Internet Security Suite 4.0 provides antivirus and firewall security as well as a Social Authentication toolbar for your browser. The security it provides is unconventional, however, and the strength of the constituents is inconsistent.
The firewall it provides casts all the ports in your system into stealth mode, so that it remains invisible to predators when it’s online, and its protection was verified by the use of various port scans as well as different internet based tests. This feature is not especially forward thinking however, as any firewall worth its salt does this. It runs at 5 distinguishable security levels: its highest level will block all traffic from the network, the lowest will block nothing. The 3 levels in between the 2 extremes are the interesting ones: Training Mode; Custom Policy Mode; and Safe Mode, and these determine the ways in which your firewall will respond when unidentified programs attempt to access your network.
When your computer is in Training Mode, the firewall will accept that all current programs on the system are trustworthy. When a strange program asks for any type of access to your network the firewall will not only give it access, it will actually make a new rule that allows this program access to your computer even when a more rigid firewall is in place.
Putting your computer in Safe Mode, which is the default mode, will make it work in the same manner as it does on Training Mode regarding programs creating conventional outbound network requests. Should an unidentified program attempt to behave like a server, or otherwise admit inbound traffic while this mode is in place, the firewall will pop up and ask the user what he or she would like to do.
When your firewall is in Custom Policy Mode, it will ask the user about what action to take regarding any requests from unidentified programs for connection, besides those for which the previous 2 modes have made exceptions.
Comodo will also check exactly which types of programs are allowed which types of internet and network access. Similar to the firewall the Avira Premium Security Suite, retailing at $53.95, provides, it will grant admission to programs digitally authenticated by known and trusted vendors. Whenever a pop up appears asking whether or not to trust a certain program, one that has been signed by an unidentified vendor, you are given the option to add this vendor to the trusted list, by checking a box.
The reason behind this detailed system of protection is that it ceases to inundate the user with constant, sometimes confusing, queries about the firewall. Although this is an admirable ambition, this type of implementation does render the firewall insecure in terms of harmful programs already on your computer. Norton Internet Security 2010, retailing at $69.99, has a more effective approach; it simply does not ask a user that is not qualified to do so to make complicated decisions about security. Norton will simply allow good programs, over 80 million, disallow bad programs, and decide independently on security regarding the actions of unidentified programs.
Comodo’s firewall is not able to identify or block internet based exploits, something Norton’s supplies. During testing, it was discovered that the user will have to depend on the antivirus program to locate it after it was already inside a system. None of the effects generated through the Core IMPACT penetration tool endangered the testing system, but Comodo is not responsible for that: they did not work because the entire testing system was patched fully. The 2 that managed to bypass the firewall and eventually infiltrate the testing system were immediately isolated by Comodo’s antivirus element.
Because some malicious computer programs attempt to assist themselves by disenabling system protection, or turning it off completely, and attempts were made to duplicate this inside Comodo. Opening the uncomplicated XML configuration file with Notepad and turning the features off was not difficult. In response, the Comodo contact called attention to the fact that although Notepad was permitted access because it was an acknowledged and trusty program, the unidentified program could not change the configuration files. Further attempts made using a newly written small file editor were prevented from saving any changes, and it was not possible to disenable Comodo by defeating its processes via the Task Manager.
A new feature available in the Comodo Internet Security 4.0 is its ability to run unidentified programs whilst in Sandbox Mode. These unknown programs run with the minimum privileges possible, and all of the registry and file changes are virtualized also, ensuring that strange programs are unable to make changes to the systems that are permanent.
Testing this feature was done by putting in about 20 PCMag utilities that necessitate hooking into the OS so as to function. Several of these did not work at all in Sandbox mode: BHO Cop was not even able to access the names of Browser Help Objects that have been installed, let alone control them. In the case of programs failing after Comodo has been installed, simply add the name of that program to the list of My Own Safe Files.
No action was needed when the popup notification from Sandbox comes into sight: ignore it and it will disappear. Users are able to act together with the popup before it vanishes, however, and tell Comodo that it should not Sandbox this specific program again, although this choosing this option will not have any effect on the one currently in use. It is necessary to close the program down and then restart it to enable it to run externally from the Sandbox. Files that are Sandboxed are sent to technicians at Comodo for review, and, after examination these are assigned to either a list of names of malware signatures, or the worldwide safe list.
Comodo will mechanically reject any programs that it identifies as installers or automatic update utilities from its Sandbox, while these replicate and add essential files and registry data. A lot of installers conclude by launching the recently installed program, but Comodo is clever, and won’t Sandbox the application since the installer responsible for launching it was not previously Sandbox: it will, in fact, open in Sandbox upon the next launch. The problem with this is that if a deceitful security product was put onto your computer, its initial launch will be beyond Sandbox’s control, and this could mean trouble.
Leak test programs will try to creep around the protection provided by your firewall by using furtive techniques like attaching themselves to trusted programs already on your computer, or by introducing malicious code into these. For this test, the real time antivirus had to be stopped, because it confined all of the lead test samplings that were viewable. Although all samples ran within the Sandbox, some did manage to link up to the internet and did not trigger the program control of Comodo, and this is potentially very harmful to your computer. This brings a big flaw of Sandbox to the fore: it cannot virtualize activities that take place outside of your machine.
Comodo’s Defense Plus will pop a warning up if an unidentified program attempts an action that the software considers risky. Should the program attempting this be digitally signed, it is possible for the user to opt to either permit the action or indicate that the vendor is to be trusted.
Defense Plus does not combine and examine clues based on behavior so as to better detect malware, unlike the free ThreatFire 4.5, or the technology of SONAR2 available from the Norton Antivirus 2010, which retails at $39.99. It will simply alert you via popup if a program activates a trigger, even if the program is not malicious. These alerts vary, ranging from statements that the application is an everyday one, to warning you to ensure the safety of the program, to the stronger admonition that the action being attempted is an uncommon operation for everyday programs. During the testing red popups signifying malware were blocked, and the less frightening yellow and orange popups were allowed: this averted the majority of interference with valid programs, although the blocking of 1 of the red warnings did disable the wireless card’s association connection utility.
Combining Defense Plus with the Sandbox did cause mayhem with some performance testing scripts: so as to accomplish the performance tests it was necessary to add each script; batch file and utility being used to the list of My Own Safe Programs, but the majority of users will not meet obstructions at this level.