Comodo Antivirus 7 review

Comodo Antivirus 7 scored well in my hands-on malware blocking test, but not in my malicious URLs test. It doesn't score all that well with the independent labs, either. You can do better.
Photo of Comodo Antivirus 7

A PC with no antivirus protection is a PC in danger. It has no defenses against a Trojan designed to steal data or drain your bank account. It could easily get conscripted into a botnet. With free antivirus products widely available, there’s no excuse for skipping protection. Comodo Antivirus 7 isn’t our top choice for free antivirus, but it has some good points.

Technically Comodo’s free products don’t have version numbers, but they do get updated in parallel with the paid products. Since last year, Comodo has switched from using the year to a straight version number. Since the paid products are version 7, I’m identifying the latest free product as version 7 too, to avoid confusion with earlier reviews.

Many Shared Features
The main window of Comodo Antivirus is almost indistinguishable from that of Comodo’s free personal firewall. Both are composed of various-sized tiles that report overall security status. You can click some of the tiles for more detail. The only real difference is that the tile called “Network Intrusions” in the firewall becomes “Detected Threats” in the antivirus.

I’ll briefly summarize the features shared between the two products, but you’ll definitely want to read my extensive review of Comodo Firewall 7 for full details.

Clicking a link on the main window flips the window over to reveal a task list on the back. The task lists are the same for the two products, except that the antivirus omits a page of firewall-specific tasks.

Both products offer an advanced view that puts more detail in the tiles, and both can be “skinned” to use the same interface as the previous version. Both include a Host Intrusion Prevention System (HIPS), Behavior Blocker, and sandbox technology, all of which work together to prevent unknown programs from endangering the protected system.

You can launch the virtual desktop for a secure session isolated from programs running under your normal desktop. Switch back and forth as you wish; when you close the virtual desktop all trace of your session vanishes. Comodo Dragon is a hardened, secure browser with a built-in Do Not Track tool and a website inspector.

Both products include a new feature named Viruscope, which attempts to identify malware by detailed analysis of program behavior. If it concludes that a program is malicious, it can roll back all actions that program took, much in the style of Webroot SecureAnywhere Antivirus (2014)’s journaling feature. In both the antivirus and the firewall, Viruscope is disabled by default.

The File Rating scan, present in both products, reports Comodo’s trust level for every running process, and for every process configured to launch at Windows startup. From either product you can launch a cleanup-only scan with Comodo Cleaning Essentials. If malware still persists, you can create a bootable rescue CD on a clean system.

The powerful Killswitch utility offers extremely detailed monitoring of all running processes and includes a variety of experts-only features. Its Autorun Analyzer identifies every program that launches at startup, in any possible way, and it can quickly repair a damaged Windows configuration. Once again, my review of Comodo Firewall 7 offers full details about all of these features.

Configuration Differences from Firewall
The Web filtering component, which aims to block access to phishing URLs and malware-hosting sites, is present only in the firewall. Given the firewall’s dismal performance in my antiphishing test, that may be no great loss. Of course Comodo Antivirus includes full-scale antivirus protection and lacks a firewall, but there are significant differences in the way the two products use the features they do share.

The firewall comes pre-configured with the HIPS system enabled, running in what it calls Safe Mode; in the antivirus, HIPS is turned off by default. The Auto-Sandbox feature, which isolated unknown programs, is initially on in the antivirus, off in the firewall. Specifically, the antivirus runs any unknown program as “Partially Limited,” meaning it’s not allowed to modify specific protected file and Registry areas, or to perform privileged action like loading drivers.

I really saw the effect of this different configuration when I tried installing 20 antique PCMag utilities. Under the firewall, the HIPS system generated a ton of popup warnings asking me to allow or block specific behaviors. It averaged more than five popups per utility, and installation failed if I didn’t keep clicking the Allow button.

When I attempted the same installations under Comodo Antivirus, the results were quite different. To start, it quarantined two of the utilities as malware; that’s just wrong! Seven of the installers failed to execute when isolated. Four utilities installed OK, but when Comodo isolated the utility itself, it failed to run. Six of the installers reported errors during the installation process, but the programs ran OK. Finally, exactly one utility installed and ran without any issues.

If you only use well-known applications, you may not see the auto-sandboxing, behavior blocking, or HIPS features in action. If, on the other hand, you’re prone to installing the latest, edgy new software, these features are likely to be in your face quite a bit. I’m not a big fan of alerting the user to every little potentially-risky behavior. I favor the more holistic approach taken by Webroot, which looks at all of a program’s behaviors to determine whether it’s malware.

Effective Malware Blocking
When I opened my folder of malware samples, Comodo went into a feeding frenzy. Within a few minutes, it had wiped out 94 percent of the samples. That’s very, very good, though VIPRE Antivirus 2014 wiped out every single sample on sight.

To get a different view, I opened a folder containing hand-modified versions of those same samples. I renamed each file, appended nulls to change the size, and tweaked a few non-executable bytes. To my surprise, Comodo missed a third of these, possibly indicating that its antivirus signatures aren’t as flexible as they might be.

Comodo detected all of the few remaining samples when I tried to launch them. Initially it ran them in isolation; shortly thereafter it reported them as malware. It did pop up a window offering to have one of Comodo’s GeekBuddy technicians eliminate the threat, but since GeekBuddy is only free for paid users, I didn’t take the offer. Even without GeekBuddy help, Comodo scored 9.9 of 10 possible points on this test, surpassed only by VIPRE.

AVG AntiVirus FREE 2014 and Avira Free AntiVirus (2014) also did well on this test, each with 97 percent detection and a score of 9.4 points. For a full explanation of the way I conduct and score this test, see How We Test Malware Blocking.

Comodo Antivirus 7 Malware Blocking Chart

Blocked Few Malicious URLs
About six months ago I added a new test, one designed to see how well each antivirus handles brand new malware variants. I start with a feed of malicious URLs supplied by MRG-Effitas, then select those that point directly to executable files. I launch each URL in turn, noting whether the antivirus blocks access to the URL, wipes out the file during or after download, or simply misses it.

Of course, even though these URLs are just hours old, some are already defunct. I persist until I have about 100 samples. Each antivirus runs into a different 100 programs, but in every case they’re among the very newest malware variants.

Comodo Antivirus blocked just 20 percent of the malicious downloads. That’s a good bit below the current average of 33 percent, but it beats the 17 percent blocked by ZoneAlarm Free Antivirus + Firewall 2015. The antivirus doesn’t have the Web filtering found in Comodo Firewall, though Comodo’s Secure DNS feature did block one URL. The rest of those it caught were detected at some point during the download process.

Scores vary widely on this test, from eight percent by Outpost Antivirus Pro 9.0 to the current high score of 79 percent, earned by avast! Free Antivirus 2014.

Varied Lab Results
Getting tested by the independent labs costs money, enough that some free antivirus vendors don’t make the investment. The well-regarded cleanup-only Malwarebytes Anti-Malware 2.0 is an example. Others, like AVG and Avira, manage not only to participate, but to earn very good scores. Comodo falls somewhere in the middle.

Comodo only participated in two of the last twelve malware-detection tests by Virus Bulletin, and in both cases it failed to achieve VB100 certification. West Coast Labs and ICSA labs both certify Comodo for virus detection, but not virus removal.

AV-Test rates antivirus products on how well they protect a test system against attack, how little impact they have on system performance, and how much false positive interfere with usability. With six possible points in each category, Comodo earned 5.5 for protection, 4.0 for performance, and 4.0 for usability. That lower score for usability reflects a problem with false positives; I experienced the same thing in my hands-on testing. Taken as a whole, Comodo’s lab results aren’t the best.

For an explanation of how I boil down results from six different labs into the rating categories in the chart below, please read How We Interpret Antivirus Lab Tests.

Comodo Antivirus 7 Lab Tests Chart

The Good and the Bad
Comodo earned a very high score on my hands-on malware blocking test, but the independent labs, with much greater resources than I have, gave it some low ratings. In both the lab tests and my own tests, it mistakenly identified valid programs as malware. The default auto-sandboxing of unknown programs wreaked havoc with my attempted installation of 20 old PCMag utilities.

Comodo Antivirus 7 does a decent job, and it comes with a number of very advanced security utilities, tools that would be great for an expert but not for Joe User. If those tools are what you want, I’d suggest getting them as part of Comodo Firewall 7 and adding a different free antivirus. Our current Editors’ Choice for free antivirus is AVG AntiVirus FREE 2014. Bitdefender Antivirus Free Edition (2014) is also impressive.

Specifications
Tech Support Online, community-based, paid live support
OS Compatibility Windows Vista, Windows XP, Windows 7, Windows 8
Type Personal
Free Yes

Verdict
Comodo Antivirus 7 scored well in my hands-on malware blocking test, but not in my malicious URLs test. It doesn't score all that well with the independent labs, either. You can do better.
Published under license from Ziff Davis, Inc., New York, All rights reserved.
Copyright © 2012 Ziff Davis, Inc