The PC security world is a tough one. It’s hard to make your suite stand out from the crowd. Most vendors appear to believe that the answer is to cram in as many features as possible, but Comodo, interestingly, take a very different approach.
Buy Comodo Internet Security Pro 5 and you won’t get a Registry cleaner, for instance. There’s no password manager or disk cleanup tool, no parental controls, or even a spam filter. Instead the company have focused just on the security fundamentals: malware detection and removal, a firewall, intrusion detection, sandboxing and wifi encryption. But is this enough? Let’s see.
This simplicity perhaps helped with the installation process, which provided quick and easy, not even insisting on a reboot. We restarted our trial PC for safety, anyway, and after Windows had reloaded, Comodo Internet Security Pro 5 introduced itself to us with a flurry of pop-up warnings. Which was a slightly alarming way to say “hello”, but the news wasn’t quite as bad as it seemed.
The component responsible for our alerts was Comodo’s Defense+. This is a “host intrusion prevention system” that allows only trusted processes to run uninterrupted on your PC, while monitoring everything else for suspicious behaviour and alerting you to potential problems.
While this sounds (and is) very useful, the warnings themselves aren’t exactly novice-friendly. We were variously told that “svchost.exe is trying to receive a connection from the internet”, another app was “trying to access a protected pseudo-COM interface” while a third was trying to set up a “global hook”, for instance. Suspect behaviour, or just ordinary software working as it always has? Even Windows experts might struggle to tell.
And the program also fails to recognise some very common files as “trusted”, for example warning us about the dubious nature of QuickTime’s QTTask.exe.
Still, this should improve, and quickly. One new feature in this release is that white listing of files and vendors is now cloud-based. As more people use the program, so the database of trusted files will increase, cutting down on false alarms and improving the reliability of these alerts.
And even without this, just like a regular firewall, Defense+ will question most applications only once. This will keep you busy for the first few minutes, as you run your major apps and respond to any Comodo pop-ups, but after that life soon settles down.
The system is a little noisy, then, but only because it’s looking out for you, which is no bad thing.
And if you’re still not happy then you can always reduce the Defense+ security level (there are four options available), tweak exactly what it monitors, or turn the system off altogether.
So while PC beginners are likely to panic at the initial warnings, they’re really just a result of the default settings. If the alerts don’t reduce to a level you find acceptable, then adjusting these should quickly create a quieter PC with the minimum of pop-ups, and that works for us.
Sandboxing and the Cloud
Defense+ isn’t just about watching the behaviour of programs. It’s also able to run unrecognised software in a sandbox, an isolated environment which reduces their security privileges, and allows them to write only to a virtual Registry and file system, making it extremely difficult for malware to infect you PC.
If you think this might also cause problems with some legitimate programs, then you’re right. Our standard test for these situations is to run an old copy of Paint Shop Pro 8, an entirely safe program but one that does some unusual things internally, and sure enough on launch it displayed a “Failed to update the System Registry” error message.
This type of issue shouldn’t crop up quite as often as it did, though, because Comodo has introduced a default “Partially Limited” isolation level in this version of Internet Security Pro. The company say this allows programs to access “all the Operating system files and resources like the clipboard”, improving compatibility.
And if you still run into difficulties then they’re easily fixed. Defense+ tracks all “unrecognised” applications, displaying them on request, and if you recognise a program that you know is safe then it can be moved to the Trusted Files list in just a few clicks.
You’re not left alone with these decisions, though, as Comodo Internet Security Pro 5 now includes both scanning and behaviour analysis in the cloud.
If you try to run a program that isn’t recognised ,then the program will automatically submit it to Comodo’s File Lookup server to see if it’s known to be safe, or dangerous. This is very quick, and means you get the protection of the very latest Comodo virus definitions, even if your local definitions are out of date.
And even better, these unrecognised files will also be transmitted to the Comodo Instant Malware Analysis (CIMA) server, where they’ll be run in an isolated environment and checked for the presence of malicious code. If the results are positive then your PC will be alerted, the file quarantined or deleted, and it’ll also be added to the known “dangerous” list, which means other Comodo users will be protected immediately with their cloud scanning.
And so the more people use the program, the more reliable it will become, and the quicker you’ll be alerted to even the very latest outbreaks. Which sounds like very good news to us.
Cloud-based antivirus scanning is all very well, but of course you’ll need to run local on-demand checks occasionally, too, and Comodo Internet Security Pro caters for that with a more traditional malware scanner.
Explorer integration means that, at the most basic, you can have any file or folder checked for threats by right-clicking it and selecting “Scan with COMODO Antivirus”.
You’re also able to run one of three default scan profiles: “Critical Areas” for speed, “My Computer” for thoroughness, on an enhanced “Spyware Scan” to quickly check for and remove signs of infection. And we do mean quickly: it concentrates on only the most commonly infected areas of your PC, which on our test system meant scanning 84,547 objects in a mere 81 seconds.
If this isn’t enough then you can create new scan profiles of your own, to scan whatever files and folders you like.
And of course there’s both real-time scanning, and the option to schedule scans whenever appropriate. These all work well enough, although we noticed that there’s no option here for scanning when your PC is idle, a convenient feature that’s increasingly appearing in other packages.
Scanning accuracy was only average, with the program detecting and removing 80% of our malware samples. However, Comodo Internet Security is more about preventing unknown malware from running or doing damage to your PC in the first place, so that isn’t the problem it might be with other packages.
Resource use was relatively high, however, with the various COMODO components using anything up to 240MB RAM. And while CPU use was generally around 4 or 5%, it spiked at over 40% on a couple of occasions. Our PC was noticeably slower while scans were running, and showed some lags at other times, too.
We don’t think any of this would cause great problems with most modern PCs, but if you’re thinking of running Comodo Internet Security Pro 5 on an underpowered system or laptop then be sure to check its performance with the trial version, first.
The Internet Security Pro firewall recognised our network connections during installation, and set them up correctly, hiding our PC online while leaving it accessible to other systems on our local network.
The module also did a reasonable job of identifying the applications we were using, allowing most known safe apps online without displaying any pop-up alerts.
The firewall is also very configurable. This starts by choosing one of 5 security levels, ranging from “Disabled” to “Block all traffic”. And you can choose the frequency of alerts you’d like to receive, ranging from one per application, to alerts for incoming and outgoing requests, TCP and UDP protocols, every IP address and every port.
There are interesting abilities hidden away in the settings dialog, too. The program is able to perform protocol analysis, for instance, checking all incoming and outgoing packets to confirm that they look normal. It’s a welcome bonus feature but is turned off by default, perhaps because it will use quite a few system resources.
This isn’t the most unobtrusive firewall we’ve seen, then. Competitors like Norton Internet Security do a better job of minimising alerts, and figuring out what can (and really should not) be allowed to make and receive internet connections.
However, if you take just a few minutes to set up the firewall to suit your needs then it will do a good job of keeping you safe online.
Comodo Internet Security Pro 5 now also includes a Game Mode, which turns off Defense+ and firewall alerts, as well as suppressing resource-hungry tasks like scheduled scans or database updates. Which is good news, though spoiled a little by the fact that it doesn’t kick in automatically. You must instead enable it yourself from the COMODO system tray icon, disabling it again when you’re done, which apart from being a minor hassle also means there’s at least a chance you might forget to turn your security back on.
You also get access to TrustConnect, a VPN service that will encrypt your internet traffic, perfect for accessing the web from wireless hotspots.
Comodo provide Secure DNS servers, which now block known malware sites, an important development as Internet Security Pro didn’t until now have any other form of browsing protection.
And you can still benefit from Comodo’s excellent Live Support. If you’ve a problem setting up the program, removing malware or resolving a network issue, then one click on the Get Live Support issue will launch a chat tool where an expert will talk you through the problem. When we tried this with a network issue, “Peter” responded within seconds, listened to our query and provided an intelligent answer immediately. Which sure beats the emails and support forums you might have to go through with other suites.
As we pointed out earlier, then, this isn’t the most complete of security suites. There’s no spam filter, no parental controls, no online backup or identity theft protection (though the last two are available in the Comodo Internet Security Complete 2011).
And this emphasises the fact that Comodo Internet Security Pro 5 won’t be suitable for total PC beginners, even with the excellent support. There are too many alerts, there’s too much configuration required to make the program run as you’d like.
There’s a vast amount of protective power in Defense+ and the sandbox, though, now greatly enhanced with the new cloud features. Even if you happen to run a brand new, previously undiscovered threat, the chances are that you’ll remain safe, and that’s a benefit worth having. New goodies like active DNS protection are also welcome, and if the Live Support helps you solve one big issue a year then it could be worth the subscription all on its own.
So, if you’re tired of overweight security suites, looking for something a little focused, and are happy to spend 10 minutes setting things up, then you’ll discover there’s a lot to like about Comodo Internet Security Pro 5.
But if you’re sure you won’t need TrustConnect or Live Support, then keep in mind that Comodo Internet Security Premium is still available for free, amazingly – one of the best security bargains around.