Sunday, November 2, 2008

Comodo's Free Internet Security - Is it any good?

On October 28th last month, Comodo announced the release of Comodo Internet Security, a complete security package of an anti-virus and their widely acclaimed firewall application. Comodo's security suite comes in two editions - a free and a Pro which costs $39 per year. The Pro edition offers some extra utilities like a PC tune up, remote installation and support. Let's take a quick look at what the free edition has to offer.

Comodo Internet Security has three components under it's hood - an anti-virus, a firewall and a proactive defense. During the installation of the program you are allowed to choose which components you want to install, except proactive defense. So you can either install only the anti-virus or only the firewall or both. Also pay attention during the installation because it tries to install a browser toolbar and change the homepage. Deselect those options if you don't want to install them.

The program's main window gives a bird's eye view of the security status of the system - updates, network traffic, number of connections and the status of the proactive defense. Each of the three components of the application provides plenty of configuration options, which is something I always like. 

CIS-main CIS-firewall

The firewall needs no introduction. Comodo's firewall is one of the best in the market. When you launch the firewall the first time, it will automatically determine which applications are trust worthy to access the network and which are not. While these rules will work fine for most novice users, an experienced user might want more control. You can grant or revoke access to any application to use the network. Create rules based on ports and protocols. Create trusted or blocked zones and configure the way firewall tackles any request from other computers on the network.

The other component of CIS is Defense+ which protects your critical operating system files, registry entries and personal data from malware, root-kits, key-loggers, Trojans etc. This proactive defense provides an extra layer of security to your computer. The user can specify which programs, files and registry keys need to be protected and any modification attempted on these protected files will show a warning. Without permission from the user, no unauthorized application can make any changes to the protected files.

 CIS-defense CIS-antivirus

Defense+ automatically identifies which areas need to be protected and which applications are legitimate and grants them access accordingly. Any application that Defense+ fails to identify gets added to the pending list. The user needs to review the list and set permission for it. Defense+ does a great job in protecting your system but it's too intrusive, like Vista's infamous UAC. It's so intrusive that it will get on your nerves and you will end up disabling it.

CIS's anti-virus has all the usual tools like scanning selected partitions and folders, updating database, scheduling scans etc. But they are just some  tools and you can't tell much from it. I needed an infected PC to test the anti-virus. So, I took CIS on a pen drive and went to one of my friends' place whose PC, I know, remains infected all round the year.

Running the scan on his PC, I noticed that it was slow. Horribly slow. It took more than 2 hours to scan the hard drive with around 60 GB of data. But then, it found 67 infected files! That's good news. After the scan was completed and infected files deleted, I restarted the PC. Oh-oh! What's that? Another virus found after restart. I deleted it and restarted the PC once again. Guess what? The same virus warning pops up again. This never ended - every time the PC restarted, the virus was there. Comodo wasn't able to clean the PC completely.

When I brought my pen drive back, I installed Windows XP on a virtual machine and installed CIS on it and then ran a scan on the pen drive. This is the result of the scan. Clean.

CIS-scan

I then ran another scan, this time with the anti-virus software I'm using -NOD32. Here is the result of the scan.

nod32-scan

The difference is obvious. Comodo anti-virus failed to detect eight infected files. Also notice the time it took to scan. It's three times slower than NOD32. Another difference you will notice is the number of scanned objects. The reason NOD32 had a higher number of scanned objects is because of it's ability to scan files inside archives and packaged installers. I had several application installers on the pen drive.

Verdict - The firewall is good, as expected, but the anti-virus is miserable. It's slow and it can't clean. There is only thing to do with it - avoid it. If it can't detect and remove run-of-the-mill viruses, how can we trust it to protect us from in-the-wild viruses and worms? There are far better anti-virus solutions like Avira and AVG available for free, and NOD32 and Kaspersky if you are willing to spend some cash.

0 comments:

Post a Comment