4 Computer Heaven

COMODO Internet Security 4.0 Review

by on Mar.14, 2010, under Malware, Review

The new, improved, and upgraded dragon is back…


Overview & New Features:

Recently COMODO has unveiled it’s brand new 4.0 Internet Security suite. CIS 4.0 has been in the works for quite some time, and has a few mighty changes:

NEW! Integrated Sandbox
Proactive Defense i.e. Defense+ now includes a built-in sandbox which combines file system/registry virtualization and least-privileged user account principle in order to combat with unknown malware.

IMPROVED! Default Deny Protection
Defense+ now automatically sandboxes all unknown applications/executables until they are analyzed.

IMPROVED! Significantly fewer number of popup alerts
Defense+, with the help of new sandboxing technologies, has a more powerful default security policy while having significantly fewer number of alerts compared to previous versions.
Also in this version, Defense+ and Firewall, by default, do not create automatic rules for already known safe applications.

IMPROVED! Popup alerts layout
The new popup alerts now include additional options which allow the users to take COMODO Time Machine snapshots or set Windows system restore points, submit suspicious files for immediate analysis.

IMPROVED! Antivirus Engine
Antivirus engine is improved for better detection and cleaning. The new engine now has disinfection support for the infected files.

-

The Sandbox:

COMODO features 4 different presets for you to adjust a sandboxed program with via a slider. Those presets are:

Unrestricted –  No Operating System restrictions will be applied – meaning the application will be allowed to access all the Operating system files and resources like clipboard. Still the restrictions on usage of system memory, operation with virtual file system and registry and execution time defined in  Advanced Settings will be imposed.

Limited –  Only selected Operating System resources can be accessed by the application. The application will not be allowed to execute more than 10 processes at a time and will be run with out Administrator account privileges. The restrictions on usage of system memory, operation with virtual file system and registry and execution time defined in Advanced Settings will be imposed.

Restricted – The application will be allowed to access very few Operating system resources. The application will not be allowed to execute more than 10 processes at a time and will be run with very limited access rights.The restrictions on usage of system memory, operation with virtual file system and registry and execution time defined in Advanced Settings will be imposed. Note – Some of the applications like computer games may not work properly under this setting.

Untrusted - The application will not be allowed to access any of the Operating system resources. The application will not be allowed to execute more than 10 processes at a time and will be run with very limited access rights.The restrictions on usage of system memory, operation with virtual file system and registry and execution time defined in Advanced Settings will be imposed. Note – Some of the applications that require user interaction may not work properly under this setting.

-

Advanced Settings include:

Limit maximum memory consumption – You can define how much of the system memory can be allocated for the application on execution by selecting this checkbox and entering the memory (in MB) in the combo box beside it.

Limit the program execution time - You can define how long the program can be allowed to run by selecting this checkbox and entering the time (in seconds) in the combo box beside it.

Enable file system virtualization -The sandboxed applications are not permitted to modify the files in your ‘real’ file system. Enabling file system virtualization instructs the Sandbox to create a virtual file system in your system. The application added to the sandbox  will write any data only into the created virtual file system, instead of affecting and potentially causing damage to your real file system. If you disable this option, the application may not function correctly because it will not be able to create the entries that it needs too.

Note for advanced users: The virtual file system will be created  inside the Sandbox working folder (e.g. c:\sandbox\<application name>) to execute the application within this file system.

Enable registry virtualization –  The sandboxed applications are not permitted to access and modify the entries in your ‘real’ Window’s Registry hives. Enabling registry virtualization instructs the Sandbox to create a virtual registry hive in your system. The application added to the Sandbox will write any entries pertaining to it only into the created registry hive, instead of affecting and potentially causing damage to your real registry hives. If you disable this option, the application may not function correctly because it will not be able to create the entries that it needs too.

Automatically run unrecognized programs inside the Sandbox – If you attempt to run any executable which is not recognized by COMODO, the application will be automatically executed within the Sandbox to safeguard the other files/applications in your system.

Automatically detect the installers/updaters and run them outside the Sandbox – On execution of an Installer or an Updater, the application will be run outside the Sandbox.  Select this option only if you are going to run installers/updaters from trusted vendors.

Automatically look-up for/submit the pending/unrecognized programs online to COMODO for analysis – Instructs the Sandbox to monitor the file/applications in My Pending Files and all unrecognized files in your system and to initiate the file submission process automatically.  The files will be analyzed by experts in Comodo and included in safe list or black list accordingly.

Automatically trust files from trusted installers – Files that are generated by trusted  installers are also trusted. This means that they will not be sandboxed.

-

Should you execute an unsafe file, COMODO’s Defense+ will spring into action, place the file in a sandbox, and you will receive the following message:

-

Anti-Virus Test Results:

Malware Research Group recently conducted a test of CIS 4′s anti-virus using 10,000 malware samples, the results:

COMODO missed 101, giving it a detection ratio of 98.99%. COMODO removed all but 2 infections detected.

Trojan.Win32.FraudPack.achf
Backdoor.Win32.Inject.dbw

PLEASE NOTE that COMODO 4.0 was still in the beta stages when this test was conducted.

*The original article can be found here

-

Leaktest Results:

COMODO passed 84/84 tests in matousec.com’s “Proactive Security Challenge” scoring a 100% protection rating.

-

Personal Tests:

Today I put CIS 4.0 to the test… of web browsing, with a sandboxed Mozila Firefox.

I visited 82 crack/warez websites. Downloaded 67 legit malware samples. Managed to be hit by 7 drive-by downloads. Two additional hours of browsing to pick up tracking cookies. Visited 40 “free screensaver” type websites (no download).

I emerged with a clean PC, I enabled my anti-virus and it made quick work of the files in the sandbox.

To reassure myself, my PC was afterwords scanned with the following:

Norton Security Scan. MalwareBytes. A-Squared. Hitman Pro. Panda Cloud. Avira. Avast!. Spybot S&D. ClamWin. DrWeb. Blacklite. Gmer. And HijackThis was run.

All returned clean results.

-

Resource Usage:

As mentioned in my previous COMODO review, the resource usage will not be included in this review. Many PC users will determine whether or not a program is “heavy” or “light” on the system based solely on the amount of memory/RAM the program uses. This is a common and inaccurate practice, one must take the boot-time, program launch time, and other everyday tasks into account in order to determine whether a program is “heavy” or “light” on the user’s computer.

Remember now, RAM is there for you to use, most of us have more than enough.

-

Final Opinion:

I will give COMODO Internet Security 4.0 my full approval, 10/10. Again I recommend you do not install the Anti-Virus, and use another one you prefer.

Although not recommended, you may disable the Defense+ if you become bothered by the pop-up alerts, however, this will severely decrease your level of protection.

:, , , , , , , , , , , ,

1 Comment for this entry

Leave a Reply

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...

Archives

All entries, chronologically...