Author Topic: Comodo Internet Security  (Read 7221 times)

cozofdeath

  • Guest
Comodo Internet Security
« on: May 23, 2012, 11:26:13 AM »
I guess I'll start with Comodo. I've used them for a while and preferred them over most others until recently. I've installed the newest free version of Comodo Internet Security on a fresh Window 7 x64 installation and things are going horribly. The newest Masm32 package doesn't install at all with it. It creates the Masm32 directory and as it copies the first file it's detected as malware so the process is terminated. If you ignore or add to the exclusion list, Comodo locks the folder so it can't be modified. Safe mode is of no help and neither is disabling or exiting Comodo. The only thing I could think of is to uninstall it. To make matters worse, it detects almost every executable compressor/packer and it wanted to delete a lot of my past masm projects even though they have nothing to do with malware. The defense settings also cause subtle problems when trying to compile programs with and win32 read/write functions. They will just fail unexpectedly but work in downloaded or already installed files. It's getting tiring scanning my computer and seeing 97% or more of the malware being false positives.

Can someone please recommend a simple, efficient, and dependable security suite that is free or somewhat cheap???

P1

  • Global Moderator
  • Member
  • *****
  • Posts: 63
Re: Comodo Internet Security
« Reply #1 on: May 23, 2012, 12:36:07 PM »
Can someone please recommend a simple, efficient, and dependable security suite that is free or somewhat cheap???
"cheap" is a relative term.

I have Norton 360, it killed only a couple of .exe files, when I re-loaded lately.  Have you tried MSE ???

Regards,  P1   8)

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 4812
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: Comodo Internet Security
« Reply #2 on: May 23, 2012, 12:54:38 PM »
If you really must have AV scanners on your computer, at least use a classy one, Eset's NOD32 or Kaspersky, you will save yourself a lot of grief. Sinsi reports that the Microsoft version also works fine so you don't have to suffer the irritations of the crappy end of AV products. If you must surf in risky places, do it in a sandbox (Microsoft Virtual Machine or similar) and keep a backup of the disk image file for it.

The real trick is to secure your computer yourself, scan your email on the server and don't download it if you don't know what it is. Ensure your router has both NAT set up and the firewall running and only ever run AV scanners on demand. This way they don't interfere with your normal development software. I use MalwareBytes (another of Sinsi's recommendations) when I need to scan a drive.

Final trick that cannot be beaten is a disk imaging program like Acronis, Norton Ghost and a host of other free versions.

Get this right and you are free from AV hassles and you have a far more secure computer.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :biggrin:

dedndave

  • Member
  • *****
  • Posts: 8734
  • Still using Abacus 2.0
    • DednDave
Re: Comodo Internet Security
« Reply #3 on: May 23, 2012, 10:47:08 PM »
do away with all those AV scanners
i use MalwareBytes - on demand
i also use Kaspersky's TDSS Killer - on demand

cozofdeath

  • Guest
Re: Comodo Internet Security
« Reply #4 on: May 24, 2012, 02:00:38 AM »
Thanks for the responses.

Quote
Have you tried MSE ???

Yes, I have always. It comes as an automatic update and it seems to work better than most AVs. It never falsely detects files. I'm definitely going to stick with it.

Quote
do away with all those AV scanners
i use MalwareBytes - on demand
i also use Kaspersky's TDSS Killer - on demand

That's what I'm beginning to notice. MalwareBytes and MSE have always been on track. Great at detecting, low profile, and low false detections. Kaspersky's TDSS killer is a must for rootkits or hard to get rid of infections. There is none I would rely on more. Especially, their downloadable recovery CD. There are very few around like it that can even support x64 rootkits.

And hutch, thanks for the advice and the great forum.

Last night I gave the free version of Outpost Security Suite a shot and again it's detecting all packed/compressed files as malware. So pecompact and upx files (in Masm32 installation) are at risk again. But at least with this product you can just click add to exceptions and it still works. These AVs seem to hate anything that isn't a normal executable compiled in a common language.

Anyway, this fresh OS install was brought about by a ZeroAccess infection that Comodo couldn't take care of. It was a newer version of ZeroAccess identified as Sirefef.XX. The XX (I forgot the real letters) part didn't seem to be searchable online so I'm assuming it's new. Nothing seemed to completely erase it just like a previous java infection that used a x64 rootkit that only Kaspersky's TDSS killer worked on.

I'm just going to keep it simple now and keep a cloned image and virual os near by.lol My previous OS was like Quagmire's underwear. Dirty and riddled with STDs. (I'm a Family Guy fan)

qWord

  • Member
  • *****
  • Posts: 1454
  • The base type of a type is the type itself
    • SmplMath macros
Re: Comodo Internet Security
« Reply #5 on: May 24, 2012, 02:35:36 AM »
do away with all those AV scanners
Sorry, but this advice is rash, especaially because you don't know his user behavior.
I'm also using COMDO since 2 years (paranoid mode  :biggrin:) and there was several situation it hindered (real) infections...
MREAL macros - when you need floating point arithmetic while assembling!

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 4812
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: Comodo Internet Security
« Reply #6 on: May 24, 2012, 02:53:20 AM »
I just did a remote control repair on a computer by telephone tonight. A friend in the country installed an update on NOD32 which trashed the machine, after it rebooted from the update it would not start again. When I built this machine a few years ago I installed Acronis 9 on it and fortunately she had made a disk image recently so it was simply a matter of booting the box (an old PIV 3 gig Prescott) off an Acronis CD, run the image over the boot drive and BINGO, it was perfect again and ran normally.

Moral to the story, keep a disk image of your boot drive or repair it the hard way that often does not work ALA reinstall Windows.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :biggrin:

Vortex

  • Member
  • *****
  • Posts: 1704
Re: Comodo Internet Security
« Reply #7 on: May 24, 2012, 03:36:46 AM »
I agree with Hutch. Compared to reinstalling everything, imaging the partition hosting the operation system is a better solution. Here is a Linux based backup tool :

http://redobackup.org

With Redo Backup, I was able to backup and restore a Windows XP installation and a CentOS 6.2 machine.

qWord

  • Member
  • *****
  • Posts: 1454
  • The base type of a type is the type itself
    • SmplMath macros
Re: Comodo Internet Security
« Reply #8 on: May 24, 2012, 04:10:24 AM »
A backup image is a good thing, but it doesn’t help you to detect an infection.
MREAL macros - when you need floating point arithmetic while assembling!

Greenhorn

  • Member
  • **
  • Posts: 93
Re: Comodo Internet Security
« Reply #9 on: May 24, 2012, 05:36:54 AM »
I've used COMODO a few years ago and I made very bad experiences with it.
The AV-Scanner has very bad results and the Firewall is corruptable very easy.
By the time I used this "Security Suite" I wondered why I couldn't start GDB (GNU Debugger) and found out that "Guard32.dll" was responsible for that (part of the Firewall).
So I kicked COMODO Internet Security out from my system and installed another AV-Scanner. After the first scan I made big eyes what were found.
Never use COMODO !!!

And never use a third-party Firewall. They tear big holes in your system and annoy the user with their "Hu-Hu, here I am, it's all OK"-messages.
You need only an AV solution with real-time protection.

I'm not sure if it is a good advice to use NO AV-Scanner with real-time protection.
The times when one can catch malware only on porn or warez sites are long time ago.

BTW, Desinfec't is a good project from the c't to scan your system externally.
http://www.heise.de/ct/projekte/Desinfec-t-1213110.html

Also I agree that Acronis is a good tool to save trouble and time.

Regards
Greenhorn

cozofdeath

  • Guest
Re: Comodo Internet Security
« Reply #10 on: May 25, 2012, 08:03:22 AM »
Thanks for the suggestions guys. I did a fresh install and made a back image of all my partitions in case of future problems. I'm also relying on less intrusive AVs. I do know that I need anti-malware software though. They have saved me several times. But there is always that one that gets by. Currently it seems these newer rootkits can do what they please, including disabling most types of anti-malware suites. I also downloaded a tdl-rootkit-detector.

Greenhorn, Guard32.dll was also responsible for most of my problems as well. When it installs all the hooks in the applications I would run, the default defense setting would return bad results and wouldn't even popup a message telling me why. It happened on winapi read/write functions. So randomly installers wouldn't be able to write their files or it would lock directories and no matter the permission or user you couldn't do anything. Very frustrating and the worst thing is it gives absolutely no clues. It may have things it does well but I just cannot use it anymore.

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 4812
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: Comodo Internet Security
« Reply #11 on: May 25, 2012, 03:27:47 PM »
Greenhorn,

A word of wisdom from an old fella, never EVER allow anything from the internet to scan your computer, some of them may be OK but many are scams to lock up your computer to try and get you to pay for "fixing" it. If its worth doing on a computer, know where it comes from and run a normal win32/64 binary.

If you accidently go to a site that has a popup that you cannot close that wants to scan your computer, do a CTRL ALT DEL to shut it down rather than take the risk.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :biggrin:

Adamanteus

  • Member
  • **
  • Posts: 180
Re: Comodo Internet Security
« Reply #12 on: May 25, 2012, 05:45:04 PM »
If you accidently go to a site that has a popup that you cannot close that wants to scan your computer, do a CTRL ALT DEL to shut it down rather than take the risk.
I'm in such cases are using EProc, no need to shutdown and from console it's better works than windows task dispatcher 8)

Greenhorn

  • Member
  • **
  • Posts: 93
Re: Comodo Internet Security
« Reply #13 on: May 25, 2012, 07:31:14 PM »
Hutch,

thank you for the advice. ;o)

I never use Online-Scanners. The Project I'd hinted to isn't an Online-Scanner. It's a Live-Linux (Ubuntu) with licences for Kaspersky, BitDefender and Avira (Linux versions, licenses for one year). Additionally it uses ClamAV. To scan the system this way with a Live-Linux from an USB-Thumb-Drive or a CD you are also able to find rootkits, because Windows is not running and so they can't hide themselves.
You may know Heise as "The H".
http://www.h-online.com/

I also recommend NoScript for Firefox, very good tool.

A few weeks ago a friend of mine came to me with his rig. His (young) nephew reinstalled Windows (XP) on his Computer. He reformatted the HDD - of course without saving the personal documents  :icon_mrgreen: - and installed only Windows and Kaspersky "Security" Suite, nothing else (also no drivers). The problem was that Kaspersky always got disabled and the system wasn't operable.
I took the Desinfec't and scanned the system and ... Bingo! A JavaScript was found wich was resposible for the trouble.
The only choice I had was to reinstall Windows again.
Before I tried to recover his vacation photos with Photorec, but after 150,000 found images I cancelled the task. Nobody wants to inspect such an amount of images for the right ones.  :icon_mrgreen: