Some antivirus vendors release a new version every year, with or without the coming year as part of the product name. Others, like Comodo, follow a simple version-number scheme, releasing a new version when it’s ready. With Comodo Antivirus 10 the company took a page from Microsoft’s book, skipping version 9 and going directly from 8 to 10. The current version scored at the top in one of our tests and at the bottom in another.
Like Avast Free Antivirus 2016 and AVG, Comodo Antivirus is feature-complete and entirely free. However, paying $19.99 per year for the premium edition vastly enhances your protection by giving you access to Comodo’s GeekBuddy tech support service. This specifically means support for using the program and cleaning up malware. The full GeekBuddy service, which lists for $199.99 per year, offers help for any kind of tech support, including system optimization, device and software setup, troubleshooting, and more.
A Pretty Face
The appearance of Comodo Antivirus has changed over the years, but you don’t have to accept that change. Want it to look like the previous edition? Go into settings and choose the Modern theme. If you’ve been a Comodo fan for a long time, the Classic theme harks back even further.
I like the light, airy feel of the default Lycia theme. A big panel at left displays in serene green when all is well, but changes to red if security components are disabled. You can roll up the panel to reveal simple on/off switches for four important components. A two-by-two grid of rectangular panels occupies the rest of the window, letting you quickly launch a scan, check for updates, run a program in the sandbox, or unblock an application blocked by any of Comodo’s components. You may also like the Arcadia theme, which is similar in layout to Lycia’s.
Comodo offers free security products, but the company doesn’t turn a profit unless somebody pays, and Comodo’s upsell attempts are unusually persistent. If you just click through one of the install screens without reading it, you’ll find that it has set Yahoo as your home page, new tab, and default search engine, in all your browsers. Comodo gets a little cash from Yahoo each time this happens. Stay alert; there are two more attempts to convert your browsers to Yahoo.
Shortly after installation, a popup from the GeekBuddy service appears, offering to scan your PC, check memory, look for junk files, and so on. You’ll find, though, that clicking for a fix starts a trial mode GeekBuddy session. The GeekBuddy expert will happily chat with you, but won’t perform any remote fixes unless you pay. Likewise, if you respond to the GeekBuddy prompt that shows up on malware detection, you’ll have to pay if you want remote remediation.
I don’t begrudge any vendor the option to encourage upgrading from free to paid protection. However, the upsell activity from Comodo may annoy some users.
Lab Results Sparse
I love it when I find plenty of lab results for the product I’m reviewing. The independent labs have the resources to really delve into which products are best. I track five such labs, as well as two that specialize in certification rather than reporting test results. What’s the difference? If a product fails in a certification test, those labs keep working with the vendor until it passes.
Comodo has received certification from ICSA Labs for malware detection. However, the product tested for certification was the full Comodo suite, which has features that the plain antivirus lacks.
Only one of the testing labs that I follow includes Comodo in its product roundup, but it’s a good one. AV-Test Institute evaluates antivirus products on three criteria: protection against malware, low impact on performance, and minimal false positives. A product can receive six points in each category, for a total of 18 possible points.
This test also used the Comodo suite rather than the standalone antivirus, and the results weren’t very good. In the all-important protection category, Comodo earned just three points. A fair number of false positives meant it got 4.5 points in that category. Five points for performance is good, but Comodo’s total score of 12.5 points is the lowest from the most recent test. Even Microsoft Windows Defender 4.9 took 13 points.
Other free products do much better in this test. AVG AntiVirus Free and Check Point ZoneAlarm Free Antivirus+ 2017 scored a total of 17 points, and Avira managed a perfect 18, sharing that top score with Kaspersky. AV-Test named those two Top Products, along with Bitdefender, Quick Heal, and Trend Micro, all three of which managed 17.5 points.
One lab test and a certification just isn’t enough for me to calculate an aggregate lab test score, but Comodo’s results don’t look great. My aggregate calculation assigns a score on a scale of 10. Tested by all five of the labs I watch, Kaspersky Anti-Virus tops the list at 9.8 points. With results from three labs, Avira rates an impressive 9.7 points. And all five labs include AVG and Avast in their testing, though these two didn’t score quite as high.
Malware Blocking Sweep
There are many spots along the path to malware infestation at which an antivirus can intervene. It can keep the browser away from malware-hosting sites, prevent downloading malware, or wipe out malware after download. If malware gets onto the system some other way, the antivirus can scan and eliminate it on file access, or one last try just before it executes.
Comodo reserves Web-based protection for suite-level products, so the standalone antivirus can’t deflect your browser from malware-hosting URLs or phishing (fraudulent) URLs. However, its on-access scan proved extremely effective in testing. When I opened my folder full of malware samples, Comodo started picking them off one by one. By the time it finished, every single sample was gone. Among recent products, only Webroot SecureAnywhere AntiVirus has matched that feat, though G Data came close, wiping out all but one sample on sight.
I maintain a second folder containing hand-modified versions of all my samples. Each has a different filename, a different file size, and a few different bytes in non-executable areas. When I opened this folder, I was surprised to find that Comodo missed almost 30 percent of the tweaked samples. This suggests a signature-based detection system that’s more rigid than most.
Just to see what would happen, I launched the tweaked samples that Comodo didn’t detect. It completely ignored half of them, allowing them to install and run unhindered. Automatic sandboxing kicked in for the other half, preventing them from making any permanent changes to sensitive system areas.
I test using the same set of local samples for months, so those samples are far from new. To get a feel for how an antivirus handles the very latest threats, I use a feed of newly discovered malware-hosting URLs from MRG-Effitas. Typically these are no more than a day or two old. I give the antivirus equal credit if it blocks access to the nasty site or if it kills off the malware during (or immediately after) download.
I did get a small surprise during this test. I have a simple batch file that processes the URL feed into a form suitable for my test program. For some reason, Comodo wanted to sandbox this batch file; I didn’t let it do so.
I tested Comodo and TrustPort Antivirus Sphere simultaneously, with the same set of URLs, something I don’t usually get to do. Like TrustPort, Comodo has no component to keep the browser from accessing malware-hosting sites. Unlike TrustPort, it did a poor job of recognizing and eliminating the malicious executable downloads. Only a handful of recent products scored lower than Comodo’s 37 percent protection.
Normally I would follow this test with my antiphishing test, which compare’s the product’s detection rate with that of Symantec Norton AntiVirus Basic, and with the phishing protection built into the three top browsers. But as noted, Comodo reserves protection against malicious or fraudulent sites for the full security suite.
It’s hard to square Comodo’s varying test results. It scored very poorly in the one available lab test, it missed an unusual number of my hand-modified samples, and it didn’t handle current malware downloads at all well. And yet, it eliminated 100 percent of my malware samples on sight. I’m happier with a product like Avira Antivirus, which scored well both in my tests and the lab tests.
With one click, you can switch Comodo’s main window from its default basic view to the advanced view. This mode features, among other things, a status panel for Auto-Sandbox, HIPS (Host Intrusion Prevention System), and Viruscope.
When a process runs in Comodo’s sandbox, the system changes it makes are virtualized, meaning they’re not permanent. You can wipe out those changes by emptying the sandbox. Any program that’s not recorded in Comodo’s reputation database gets virtualized, by default.
If you want to launch a program that you’re not sure is safe, you can choose to launch it in the sandbox. Comodo puts a green border around any visible windows for sandboxed programs. There’s also an option to open a fully virtualized desktop, though you must install Microsoft Silverlight before you can use it. Silverlight seems an odd choice, given that Microsoft announced its end of life in 2012, and end of support is due in 2021.
When its active, the Virtual Desktop is very similar to the SafePay desktop in Bitdefender Antivirus Plus 2017. The desktop focuses on the Comodo Dragon browser, with icons to install numerous extensions, among them Gmail, TweetDeck, and Evernote. The point of this whole exercise is to protect your sensitive online activity. Applications in the regular desktop have no access to the Virtual Desktop. It’s an impressive bonus feature for a free antivirus.
Viruscope monitors and logs behavior by unknown processes, with the aim of identifying any that are malicious. By default, it only monitors programs that are in the sandbox. VirusScope and Auto-Sandbox are enabled by default.
Host Intrusion Prevention System
The Host Intrusion Prevention System (HIPS) is not enabled unless you actively turn it on. By default, it runs in Safe Mode, meaning it allows all activities by programs with a safe reputation and asks you how to handle unknowns. You can limit the number of popup queries by putting it in Learning mode for a while. In this mode it notes activities by your programs and creates rules to always allow those activities. Conversely, in Paranoid mode it asks you how to handle every program’s activities, even those Comodo deems safe.
The term HIPS can refer to a security component that protects against exploit attacks. I didn’t think Comodo’s HIPS worked this way, but I wasn’t sure, so I attacked the test system using about 30 exploits generated by the CORE Impact penetration tool. Indeed, it didn’t block any of them, although the antivirus component did nab one exploit’s malicious payload.
The real test of HIPS came when I tried installing 20 old utilities, programs that work by integrating tightly with Windows. In the past, Comodo’s behavioral detection has thrown tons of false positives, flagging many valid programs as suspicious. This time around, it only popped up to warn about a single program. I chose to treat that program as an installer, and it worked fine.
Comodo did report suspicious activity by a couple of my hand-coded testing tools, but that’s completely reasonable. A program that launches Internet Explorer and forces it to visit dangerous websites definitely deserves scrutiny.
Clicking the Tasks icon in the main window brings up a task-oriented view of the program’s capabilities. This is where you launch a scan, switch to the virtual desktop, clear the sandbox, and more.
On the Advanced Tasks page, there’s an option to create a rescue disk. If the regular antivirus can’t remove a particular threat, or if malware makes your system unusable, you can boot from the rescue disk to effect a cleanup. Naturally the time to create this disk is before you encounter trouble.
TrustPort’s two options for creating a rescue CD both require technical expertise beyond the capacity of most users. Comodo makes it simple. Select the target CD/DVD drive and click Start. Comodo downloads the ISO file representing the rescue disk and handles burning the disk for you. You can also choose to create a bootable USB for rescue purposes.
That’s pretty easy, but Bitdefender takes ease to the next level. You can boot into its Rescue Mode without ever needing to create a disk.
All Comodo products install the Comodo Dragon browser as a bonus. This is a Chromium-based browser with all the features you expect, plus some unusual goodies on the toolbar. As noted earlier, the Virtual Desktop centers around Comodo Dragon. You can also set Dragon to run in virtual mode by itself.
Some of the bonus features are aimed at the geeky crowd. You can tell Dragon to always force a secure HTTPS connection for the current site, for example. And you can get a detailed report on all the personal and connection data that your system leaks to every website you visit.
The Web Inspector launches a real-time analysis and report on the website you’re currently visiting. Using the Drag & Drop Service, you can highlight text and drag left to post on social media, or drag right to search for the text. Want to share the page, not just some text? Click the Share Page Service to share on Facebook, LinkedIn, or Twitter.
A couple features come into play only when relevant. If you’re viewing a video, you can use the Media Grabber to download a copy in one of several formats. And when you’re shopping, the PriceSuggester extension appears to show you better deals. Watch out, though; I found that sometimes the product it suggested was not the same as what I sought. The same was true of the similar feature in Avast Pro Antivirus 2016.
Not for Everyone
The HIPS and sandboxing features make Comodo Antivirus 10 attractive for those with serious tech expertise, but they may confuse the average user. In our tests, its results ranged from perfect to dismal. It’s free, so you can go ahead and try it. But you’d be better off trying our Editors’ Choice products in the free antivirus realm, Avast Free Antivirus, AVG AntiVirus Free, and Panda Free Antivirus. All five of the labs that I follow include both Avast and AVG in their testing, so I’m much more confident in their ability to keep you safe.