Comodo Internet Security Pro 3.8

Comodo Internet Security Pro 3.8 (one-year, one-user license at $40; no three-user license listed as of 5/21/09) is a newcomer to the consumer Internet security suite market. And based on our experience, the suite is clearly in its infancy. (Note: As this review was being prepared for our midyear security suites roundup, Comodo released its Internet Security Pro 3.9 suite, addressing some of the performance issues we encountered in version 3.8, such as adding dynamic file inspection for the real-time virus scanner.)

Comodo made its name with its firewall (and offers a free version of it). However, when it came time to create a suite, Comodo didn’t do what ZoneAlarm did and license technology from vendors of antivirus, antispam, and parental-control software. Instead, Comodo designed its own antivirus engine, along with a handful of other malware protections.

In tests by AV-Test.org, Comodo fared poorly in the on-demand and on-access tests for the detection of 2735 files, macro viruses, and scripts, scoring 48 percent overall, and detecting macro viruses only 16 percent of the time. The results are not surprising for a new antivirus engine. Comodo did somewhat better at detecting Trojan horses, worms, password-stealers, and other nasties, identifying on average 57 percent against the 722,372 collected samples. Those results place Comodo at the back of the pack among security suites, just behind the PC Tools suite.

Comodo received its best scores for behavior-based detection of malware. In overall detection, Comodo produced a warning 93 percent of the time; detected and blocked 80 percent of the malware; and removed 53 percent–one of the higher removal rates in our tests. But Comodo also had the highest number of false positives, misidentifying 56 files out of 5000. By comparison, G-Data and BitDefender misidentified only 1 file each.

Comodo produced uneven numbers for detecting and removing rootkits–stealth malware used to hide infections from PC users and security software alike. Comodo Internet Security successfully detected 100 percent of the inactive rootkits, and 80 percent of the active rootkits. But it removed only 66 percent of the active rootkits–the lowest percentage of the security suites tested.

In proactively identifying unknown malware for which it doesn’t yet have a signature, Comodo scored well below average. In tests with two-week-old signature files, it identified only 17 percent of samples. And on four-week-old signature files it identified only 14 percent.

According to AV-Test, Comodo responds very slowly to new widespread malware attacks; it typically requires more than 24 hours to release a virus definition update as opposed to G-Data‘s time of less than 2 hours. Yet Comodo produced more signature file updates than PC Tools, issuing 46 signature updates in January 2009, 41 in February 2009, and 45 in March 2009, averaging 1.5 per day, compared with over 200 per day from the Norton Internet Security 2009 suite.

The Comodo interface uses icons for navigation and offers some interesting options, such as protecting Registry keys against unauthorized modification, and designating as safe any files from vendors you define as trusted. Most users, however, won’t know what to do with the section for grouping COM interfaces together. Compared with other suites, Comodo lacks some key features, namely antispam and antiphishing protection–surprising given the number of attacks coming from phishing sites these days.

Comodo Internet Security is nascent, and when compared against more advanced security suites, it falls to the bottom of the list. But this effort is first generation–there’s enough here that, should Comodo tinker with its antivirus engine and add new protections, it could produce a winner. But for now, better protection is found in suites offered by G-Data, BitDefender Internet Security 2010, or even the Norton suite.