We pick up the Security for Everyone series this week with the free Comodo Internet Security. Comodo entered into the security arena in 2001 with their personal secure email certificate. In 2005 Comodo added desktop security to their portfolio with their firewall product. In 2008 the Comodo Internet Security suite was introduced adding another option to the firewall, antivirus and antispyware space. How does this relative desktop security newcomer stack up?
The Comodo Internet Security installer weighs in at just under 60 MB. The install is pretty straight forward and doesn't introduce any toolbars or third party applications. The install gives you the opportunity to install both the firewall and antivirus product together, or separately. For this review both products were installed. A couple of other install questions include whether or not you'd like to join the ComodoThreatcast community and if you'd like to use their secure DNS servers. The install completes quickly, largely due to no initial scan being required, and does require a reboot.
After a reboot Comodo detects the network and gives you an opportunity to allow file and printer sharing or stop detecting networks all together. The system then encourages the initial scan. My initial scan took just under 45 minutes to complete and identified a couple of network troubleshooting utilities as suspicious, and rightfully so. Once the initial scan is complete there are no further configuration prompts or wizards to run through.
The summary screen displays plenty of useful information without over doing it. The balance of status, antivirus and network information gives one the impression that Comodo has the system well under control. The summary screen also does a nice job of showing which programs are requiring the most of your network traffic. This bit of knowledge coupled with the ability to easily stop all connections can go a long way toward making your grandmother feel like she has a bit of control too. Let's see if Comodo holds up beyond the summary screen.
Ease of Use and Configuration
As with most desktop security products, the real configuration begins once the first application or network access is blocked. The notification window displaying the alert and associated actions will often set the tone for how easy the application will be to work with. Most Comodo alerts include the option to allow, block or sandbox the application or network request prompting the alert. The notification window also provides the opportunity to create a system restore point or send the suspect file along to Comodo to be analyzed. The necessary option of remembering your response also exists. Along with the well crafted notification is a good explanation of why the alert is displayed. If your grandmother can be shown the importance of reading these system alerts the job of choosing the proper response becomes much easier.
Accessing the main areas of configuration is pretty simple with the tab style interface. Antivirus options are easy to understand and provide the ability to run a scan, update the antivirus database, schedule a scan (the default is weekly), define scanning profiles and change the virus scanner settings. The virus scanner allows for three types of real time scanning. On Access, Stateful and disabled. The default is stateful and claims to take less system resources since it only scans those files that have not been scanned since the last virus database update. It should also be noted that is also easy to add file or directory exclusions from the virus scanner settings.
The firewall common tasks and advanced settings present far more options and may be more than dear Grandma will want to bother with. Two needed common tasks that do exist are defining a new trusted application and defining a new blocked application. What is missing is the ability to edit those applications that may have been allowed and since thought less of. To change or remove one of these predefined rules it's necessary to access the advanced settings and select Network Security Policy. From here one is met with a list of rules and the ability to add, edit and remove. This interface could have been made less intimidating for the novice user considering the fact that wandering into it is almost unavoidable. Additional firewall tasks include Stealth Ports Wizard and easy access to active network connections.
The Defense+ settings are where things get meaty. Here one can define protected files against unauthorized modification, identify safe executables, protect registry keys and much more. Defense+ is also where the sandbox settings are defined. The sandbox is a feature that sets Comodo apart from some of its competitors. The ability to run a questionable application in a sandbox space is very nice. While this may not be an area Grandma would visit often, the prompts displayed when an application should possibly be sandboxed are well formed and, if nothing else, should prompt a call to her favorite geeky niece or nephew.
One aspect that I did not enjoy so much is the fact that Comodo Internet Security has poor UAC integration. For example, if you want to uninstall it, clicking on the uninstall shortcut won't work - it will return an error that you need to be administrator in order to remove it. To make it work, you have to right click on the shortcut and then select 'Run as administrator'. Definitely not helping the casual user such as grandma.
The Comodo firewall settings offer very little for the novice user. This is rather unfortunate since the firewall is pretty locked down from the onset. This means there are plenty of alerts being displayed that require a response. The more this type of thing happens the less likely Grandma may be to read an alert and respond correctly, thus forcing the need to venture into the firewall settings which likely won't end well. Probably the most used functions of the firewall are accessible from right clicking the tray icon and adjusting the firewall security level.
The firewall does appear to do a pretty good job in its role of protector. Nmap scans displayed very little information and in some cases no information at all. The firewalls ability to learn the behavior of programs and executables also proved to be sufficient. It's important to mention that stopping and disabling the Comodo service was easily done. Upon reboot the service remained disabled with the summary status message noting the system was trying to start. The ease with which this was accomplished was surprising.
Another less positive aspect is the fact that Comodo Internet Security doesn't turn off the Windows Firewall when it gets installed. Therefore, you have to manually disable it yourself. Otherwise, you will end up with two firewalls being active.
Antivirus and antispyware features
The antivirus and antispyware features of Comodo do not measure up to most in the industry. I was not able to find any authoritative comparisons or tests to truly measure how effective the applications are. In my own test system I was able to download and execute a rogue Anti spyware application whose origins begin in 2009. This doesn't bode well. Comodo did identify and clean the executable after a reboot but by then the damage may have already been done and the previously mentioned ease around disabling the Comodo service does not lend much comfort.
Comodo has a relatively strong background in internet related security. I believe this consistent direction means the desktop security suite will mature into an application to pit against competing products. The application does need to mature however. There needs to be formal testing done by reputable organizations to determine the effectiveness of the antivirus and antispyware offering. To the best of my knowledge Comodo has yet to release the results of its own antivirus testing.
Comodo is doing several things right in the interface like providing access to help text at just about every turn. The Defense+ has several compelling features that could do well to differentiate it. For the novice user though, the interface needs to be refined to bring focus to those basic functions that make or break a positive and secure experience. For the time being, this solution deserves only the 'BUY for Geeks!" award. If you want to try it out yourself, you can download it from here.