An Overview of Free Antivirus Programs – Part III – Comodo Antivirus 2.0 Beta

This is the third installment in our series on free antivirus programs. Be sure to also see:

Up for examination today is Comodo Antivirus. Review version: 2.0 Beta (build 2.0.17.58)

Product link: Comodo Antivirus

Installation – No registration is required, though you may optionally submit your e-mail address as an ID. Even if you do not provide an e-mail address, the program is still “activated” for life. A reboot is required after installation.

Interface – I don’t think the interface will win many design awards, but it doesn’t take long to figure it out. Here is the main screen:

comodo_main.png

As you can see, the buttons across the top control most of the navigation, while you can easily enable or disable elements of the program from the main window. Here is what scanning looks like:

comodo_scan.png

Updating – Manual updates are easily handled by clicking the “Update Now” button on the main window. Comodo also comes with a seamless “automatic” update feature that will automatically download and install updates as needed, making it a good “install and forget” program.

Footprint and Scanning – Thankfully, Comodo is light on system resources, and on my system it feels no heavier than AVG. I did not notice any “hangs” or slowdowns in opening files or applications.

Comodo offers a number of scanning options, ranging from a complete scan to isolating specific folders/files. I applaud the inclusion of a memory scan as well.

Upon running a complete scan, imagine my surprise when Comodo reported that the scan only took about 6 minutes on my system (over 400 GB of files)! Six minutes? Surely there must be a mistake here.

There is. An isolated scan of just one of my hard disks takes nearly 7 minutes. How can the “full” scan take less time than that? Somehow, Comodo’s “full system” scan does not even come close to scanning the full system. I’m still scratching my head about it.

That said, Comodo’s scanning speed is still very impressive. Even if I combine the time it takes to scan each of my hard disks, Comodo far outpaces AVG and PC Tools by a long shot. Admittedly, Comodo did run an initial scan just after installation to help set up its Host Intrusion Prevention System (HIPS), so perhaps there’s some aggressive caching going on. Or maybe it’s just a bug. 🙂

Types of Protection – Like the other two programs reviewed thus far, Comodo features an on-access scanner, an on-demand scanner, and an e-mail scanner for users of POP3 programs such as Thunderbird and Outlook. Quick scanning of individual files is integrated though the”right-click” explorer menu.

If you use the HIPS Application Control feature, Comodo will require some training in which applications are safe to use. In the picture below, I have just launched my Finale music software.

comodo_finale.png

Just like setting up a software firewall, Comodo will “learn” which programs are authorized and never bother you again about them. Though initial setup can be tedious, HIPS Application Control can come in handy to stop a rogue virus or trojan from even executing.

EICAR TestHere is a link where you can download a harmless test file that should be detected as malicious by antivirus programs. As I’ve mentioned before, it is NOT a real virus. In order to test the effectiveness of a program, I download the EICAR test file to my desktop and start counting to see how long it takes the antivirus program to find it. Sooner is always better than later. Let’s see how Comodo fares.

I downloaded the file and waited… and waited… and waited. Nothing happened. Uh-oh.

Bad news. Comodo does NOT automatically detect the test virus, even though the on-access scanner is active. Clicking the file does not trigger the scanner either. In fact, only by right-clicking the test virus and choosing to manually scan it did Comodo finally provide an alert.

comodo_eicar.png

Fortunately, the Comodo “Repair Wizard” was able to successfully delete the file, but it is still disturbing that the on-access scanner did not detect the test virus at all.

Update: Comodo’s on-access scanner finally found another copy of the EICAR virus that I manually deleted… 12 hours after I first deleted it! Maybe the on-access scanner was just on an extended coffee break.

comodo_eicar_recycle.png

Final Thoughts – I really want to like Comodo, and there are a number of things that the program does well. Not only is scanning blazing fast, Comodo is the first program that I have reviewed so far that does not have any nag screens or banners urging me to upgrade to a paid version.

Still, this is Beta software, and there are a few quirks, such as the “not-so-full” scan issue. A more minor issue is that the Windows Security Center does not recognize Comodo as a valid antivirus program, and by default will leave an annoying icon in the tray asking you to install a valid program. This is easily remedied by going to the Security Center and checking the box next to “I have an antivirus program that I’ll monitor myself.” Still, I hope this will be addressed later.

Of course, there is also the glaring issue of detection rates. Given how Comodo fails to quickly find the EICAR test virus, I worry about its overall effectiveness in detecting real viruses. As it stands now, I am not comfortable using this version of Comodo as my primary line of defense against viruses.

If these issues are addressed, Comodo has the potential to become a leading figure in the free antivirus software arena. A glance through their forums shows mention that a beta of a completely-rewritten version 3 should be on the way soon. I look forward to testing it.

Stay tuned for more entries in this series.

Subscribed to my feed yet? It’s free!

8 thoughts on “An Overview of Free Antivirus Programs – Part III – Comodo Antivirus 2.0 Beta

  1. Great information – this is exactly the kind of thing we need to put our efforts into the context of reality.

  2. COMODO Antivirus Beta 2
    Does not support switching between users in Win XP Home SP2. If you try to you get a message to this effect from the program.

  3. Mmm… nice. Just what I wanted to hear.

    I had to reload XP after a trojan/Virus loop/rootkit/some or the other thing. So I must ma’wait for your next review.

    By the way. Nothing catched that thing I had. And by nothing I mean nothing, no online scaners, nor the spywaREZ scanners, nothing. AVG 7.5 only smeared the Virus loop over the screen 2 seconds after being self-downloaded (8 times in 3 weeks).

    And the reload, Comodo Firewall got updated and removed the HIPS blocking I placed on the file. Some sort of dll that hooked (global/rootkit type) itself to every running file including the login interface.

    So I’m running AVG 8, but with Comodo for now :-(.
    Need to figure out how to get AVG and Online Armour talking and not bashing each over the screen. Mmm… Mike is going to have his hands full.

    PS I still have a possible JPG exploit/virus in a AVG vault if you might be interested.

  4. As far as I know, COMODO does not scan .txt files. If you’ve downloaded a .txt file, it won’t be detected. Now, real viruses don’t come as .txt files do they? If you’ve downloaded it as a .com, .exe, .bat, etc. file, that’s a different story.

  5. The test file is, as Trend Micro describes it, an “inert text file with a .com extension”. Because it has a .com extension, Comodo ought to test it automatically. Perhaps Comodo already “knows” it isn’t a real virus? But if so, why then does it report it as infected when it is manually scanned? The HIPS feature was willing to let me allow it to run, and it didn’t flag it as infected until I specifically ran the manual scan on it, as the reviewer did. Well, I have installed Comodo’s free AntiMalware product, BOClean, alongside the Comodo Antivirus as an additional line of defense. I’ll wait and see how it performs over time, and of course I’ll switch to Beta 3 when that’s released.

    I have to admit, I do have my reservations about the validity of using “dummy” virus test files. Any antivirus vendor out there can tell their software prodduct to ‘make sure’ it catches that. How hard is that? If Eicar would change the name and the signature monthly or even weekly to prevent that, then I think that would hold more water, so to speak.

    My thanks to the reviewer and to the site for posting a relevant review, and for it being short as well!

  6. I downloaded EICAR test file. Comodo Antivirus detected it and moved it to vault once I hover the mouse over it.
    Good work, at least they fixed that issue you’ve written about.

Comments are closed.