Comodo Internet Security Premium (2013) Review

By  |  0 Comments

The free Comodo Internet Security Premium (2013) combines firewall and antivirus, and adds a number of advanced features that techies will love. Its Behavior Blocker earned a clean sweep in my malware blocking test, but that same technology trashed installation of valid programs. If you can’t afford a commercial suite, you’ll get reasonable protection from Comodo.

(4 out of 5)

Pros

  • Powerful malware blocking
  • New, friendlier interface
  • Handy desktop widget
  • Includes hardened browser, DNS protection, sandbox

Cons

  • Trashed installation of valid utilities
  • Firewall yielded to direct attack
  • Phishing protection ineffective
  • Noticeable slowdown in some performance tests

It’s not hard to find free firewall protection, or free antivirus, but a free security suite that combines both is a rare bird. Comodo Internet Security Premium (2013) is one such. In addition to firewall and antivirus protection, it offers some interesting bonus features including sandboxing, a secure DNS replacement, and a Comodo-themed browser.

Like the standalone Comodo Antivirus, this suite has gotten a serious makeover for 2013. It main window, previously a bit busy, now focuses on a big security status icon and a rectangular landing zone. It looks almost the same as the firewall. The main difference is that dropping a program onto the landing zone scans it for malware, while in the firewall doing so runs the program within the sandbox.

If you want to know more about security status than just “it’s green,” you can click the Tasks link. This visibly “flips” the main window, revealing tasks arranged in four groups: General, Firewall, Sandbox, and Advanced. A few essential tasks, including scanning for malware, get their own buttons on the main window.

Functional Firewall
The firewall protection in Comodo Internet Security is exactly the same as what’s found in Comodo Firewall (2013). Do please read that review. I’ll summarize here.

The firewall stealths all ports, making your system invisible to outside attack. It automatically configures Internet access permission for trusted programs. When it encounters an unknown program trying to access the Internet, it asks you, the user, whether to allow it. As with Outpost Security Suite Pro 8, in addition to allowing or denying the connection you can choose a functional preset like Web browser or email client.

The dozen leak test program I tested slipped right past the firewall’s program control, but the Behavior Blocker detected suspicious activity in every case. Even so, some of them managed to make an Internet connection.

Like ZoneAlarm Free Antivirus + Firewall, Comodo didn’t detect any of the thirty exploits I threw at it. Unlike ZoneAlarm, it caved to some of my direct attack techniques. The firewall could use a little toughening up.

Other Shared Features
The Behavior Blocker, turned off by default in the standalone firewall, blocks access to critical system areas and offers to run suspicious programs in the sandbox as “partially limited.” This restricts the program’s ability to make permanent changes to the system.

In previous years, Comodo’s behavior-based detection system generated a deluge of popups color-coded red, orange, yellow, and green. With the 2013 remodel, the popups are both fewer and less garish. However, just as in previous years, both good and bad programs get slapped down by Behavior Blocker.

I tried to install twenty older PCMag utilities and noted Comodo’s reaction. In all but two cases it found the installer suspicious and offers to sandbox it. Five installers thus treated failed utterly, and most of the rest ran into problems saving files, registering DLLs, or updating the Registry. Only seven managed to install and run correctly. If you’re totally sure a program is valid, don’t let the Behavior Blocker sandbox it.

Comodo re-routes your system’s DNS lookup through Comodo Secure DNS to protect against pharming and other DNS-based attacks. Secure DNS also aims to steer you away from malicious or fraudulent websites. However, in testing it hardly blocked any phishing sites, with a detection rate 91 percentage points below Norton’s and 47 percent below Internet Explorer 8 alone. See the article How We Test Antiphishing for a full explanation of my antiphishing test.

Comodo Internet Security Premium (2013) antiphishing chart

Comodo’s Dragon browser, installed with the suite, is a hardened version of Chrome. Dragon adds a couple of handy button that let you evaluate the safety of the current page or easily share it on social media sites.

The optional desktop widget keeps you apprised of security status and offers links to launch your browsers in the sandbox. A sandboxed program can’t make permanent changes to the system, so even if you’re hit by a drive-by download or other malicious website, your system remains safe. For desired changes, like legitimate downloaded files, Comodo provides a shared folder that’s accessible both inside the sandbox and out. A green border around sandboxed program windows serves as a reminder.

For even more security, you can invoke the Virtual Kiosk, a fully sandboxed and isolated environment. You can leave the Kiosk and re-enter it with your virtualized changes intact, or wipe it back to its initial state if you suspect a problem. As noted, all of these features are also found in the standalone free Comodo Firewall.

Malware Fights Installation
Comodo installed without incident on most of my malware-infested test systems. In a couple of cases the installation reported a problem but managed to diagnose and fix it. A quick scan performed as part of the installation detected elements of over 40 percent of the samples, though in most cases a subsequent full scan found more to clean.

Active malware prevented Comodo from updating its virus definitions on two systems. Comodo Cleaning Essentials, launched from the Advanced Tasks page, fixed those two. Comodo repeatedly hung before completing a full scan on another system; Comodo Cleaning Essentials fixed that one too. One test system only runs in Safe Mode due to invasive ransomware. For that system I had to download Comodo Cleaning Essentials separately; its cleanup allowed installation of the full program.

Everything was going so well that I finished all but one of the installations in a single afternoon. However, that last one gave me serious grief. Comodo’s scan wiped out an essential file. Without that file my browsers wouldn’t launch, the system lost connectivity, and Comodo’s own user interface was damaged. Comodo Cleaning Essentials didn’t help, nor did a scan with the bootable Comodo Rescue Disk.

If this were one of Comodo’s commercial products I could have invoked the GeekBuddy help service to get the problem solved. Without that option I went back and forth with tech support via email and eventually solved the problem.

Good Malware Cleanup
Between the antivirus itself and the cleanup-only tool, Comodo detected 82 percent of the malware samples. However, in quite a few cases it left behind one or more executable files, or left behind 100 percent of the non-executable malware traces. Its overall score of 6.2 points for malware removal is good. Top scorers in this test, with 6.6 points each, are Webroot SecureAnywhere Complete 2013 and Norton Internet Security (2013).

About a third of current products detected 100 percent of the samples that attempt to hide using rootkit technology. Comodo detected 80 percent, and scored 7.2 points for removal. Best in this test was Kaspersky Internet Security (2013), with 9.4 points. For a full explanation of my malware removal test, see How We Test Malware Removal.

Comodo Internet Security Premium (2013) malware removal chart

Asterisked Malware Blocking
When I attempted to download my current collection of malware samples again, the majority were no longer available. Of the still-valid URLs, Secure DNS blocked one completely and the antivirus wiped out all of the others during the download process. That’s a good start!

I continued my test by opening a folder containing copies of those same samples downloaded earlier. Comodo wiped out over 80 percent of those  immediately, leaving just a handful for further testing.

When I repeated this test using hand-modified versions of the same samples, I got some peculiar results. My simple tweaks caused Comodo’s signature-based real-time scan to miss fully a third of the samples it previously caught. However, it caught two samples in tweaked form that it missed in unmodified form. Peculiar!

Comodo’s Behavior Blocker flagged and isolated every single remaining threat; not a single one managed to install more than a few non-executable files. On that basis, Comodo scored a perfect 10 for malware blocking. But there’s a problem. As noted earlier, this same Behavior Blocker interfered with installation of many perfectly valid programs. That means you, the user, must decide whether a given program is safe or malicious. It’s hard to give Comodo full credit.

I repeated this last test with the Behavior Blocker turned off. Comodo still did pretty well, with 95 percent detection and 9.1 points overall for malware blocking. Note, though, that Webroot detected 100 percent of threats and scored 9.9 points without any damage to valid programs.

Without Behavior Blocker, Comodo detected 80 percent of the rootkit samples and scored 8.0 points. The majority of current products didn’t miss any rootkits, and almost half scored a perfect 10 for rootkit blocking.

So what’s the appropriate score for Comodo? I decided to allow it a perfect 10, but with an asterisk, and also included its more realistic score without the Behavior Blocker. See How We Test Malware Blocking for an explanation of how I carry out this test.

Comodo Internet Security Premium (2013) malware blocking chart

No Help from the Labs
While my hands-on malware blocking and cleanup tests give me valuable experience with an antivirus program, they’re by necessity not as extensive as tests performed by the major independent antivirus labs. I always check the labs to see how well their results jibe with mine. In Comodo’s case, they’re not much help.

AV-Test and AV-Comparatives perform innovative tests that do their best to match real-world user experience, but neither includes Comodo in their testing. West Coast Labs and ICSA Labs certify Comodo for virus detection, but not for cleanup. And in all the times Comodo’s technology has undergone testing by Virus Bulletin, it has receive the VB100 award just once. Just looking at the available results, it seems Comodo did better in my hands-on tests.

Please read How We Interpret Antivirus Lab Tests if you want more information about the labs and their tests.

Comodo Internet Security Premium (2013) lab tests chart

Some Effect on Performance
Comodo doesn’t include the full range of components found in other suites, but it still had a measurable effect in some of my performance tests, more than its previous edition did.

My automated boot time test calculates the time elapsed between the start of the boot process (as reported by Windows) and the time the system is ready for use. When the system has gone for ten seconds with CPU usage at or below five percent, I call it ready. Averaging 100 runs with no suite and 100 runs with Comodo installed, I found the boot time increased by 25 percent. That’s nearly double the average of current suites. On the other hand, you probably don’t boot up more than once per day.

Real-time protection features in some security products slow down day-to-day file operations; not Comodo. My file move/copy test took 8 percent longer under Comodo’s care, and the file zip/unzip test took 7 percent longer. The averages for those two tests are 22 and 16 percent, respectively.

I did identify another slowdown in my browsing test, which measures the time to full load 100 websites. With Comodo’s various components working to protect my browsing activity, this test took 35 percent longer than with no protection, almost twice the average. I actually noticed this during my antiphishing test. I repeatedly launched websites near-simultaneously on three test systems, and Comodo’s was frequently the last to load.

Even so, you needn’t worry. The average suite these days doesn’t have a big effect on system performance. While Comodo isn’t as lightweight as, say, Webroot, you’re not likely to notice a performance drag.

For more details on how I test security suite performance see How We Test Security Suites for Performance.

Comodo Internet Security Premium (2013) performance chart

Free Is Good
With its Behavior Blocker enabled, Comodo aced my malware blocking test, but that same feature trashed the installation of valid utilities. On the plus side, the plethora of popups from this feature in Comodo’s previous edition have been seriously toned down.

Not everyone can afford $70 or so for a full-scale commercial security suite. If your budget won’t stretch to paid protection, you can get the essentials from Comodo Internet Security Premium (2013), along with some features aimed more at techies than at the average user. But if you can scrape up the cash you’ll be better off with one of our Editors’ Choice suites. Norton Internet Security (2013) is a full-featured traditional suite, while Webroot SecureAnywhere Complete 2013 packs unusual protection into a ridiculously small package.

Sub-ratings:
Firewall:
Virus removal:
Virus blocking:
Performance:
Antispam: n/a
Privacy:
Parental Control: n/a

By Neil J. Rubenking, PCMag

Specifications

    • Type: Business, Personal, Professional
    • Free: Yes
    • OS Compatibility: Windows Vista, Windows XP, Windows 7
    • Tech Support: Online support, live support and community support.


    Leave a Reply