(Note: As this review was being prepared, Comodo released its Internet Security Pro 3.9 suite, addressing some of the performance issues we encountered in version 3.8, such as adding dynamic file inspection for the real-time virus scanner.)
Comodo made its name with its firewall (and offers a free version of it). However, when it came time to create a suite, Comodo didn't do what ZoneAlarm did and license technology from vendors of antivirus, antispam, and parental-control software. Instead, to build Comodo Internet Security Pro 3.8 Comodo designed its own antivirus engine, along with a handful of other malware protections.
In tests by AV-Test.org, Comodo Internet Security Pro 3.8 fared poorly in on-demand and on-access tests for the detection of 2,735 files, macro viruses, and scripts, scoring 48 percent overall, and detecting macro viruses only 16 percent of the time. The results are not surprising for a new antivirus engine.
Comodo Internet Security Pro 3.8 did somewhat better at detecting Trojan horses, worms, password-stealers, and other nasties, identifying on average 57 percent against the 722,372 collected samples. Those results place Comodo at the back of the pack.
Comodo received its best scores for behaviour-based detection of malware. In overall detection, Comodo Internet Security Pro 3.8 produced a warning 93 percent of the time; detected and blocked 80 percent of the malware; and removed 53 percent - one of the higher removal rates in our tests. But Comodo also had the highest number of false positives, misidentifying 56 files out of 5,000.
Comodo Internet Security Pro 3.8 produced uneven numbers for detecting and removing rootkits - stealth malware used to hide infections from PC users and security software alike. Comodo Internet Security successfully detected 100 percent of the inactive rootkits, and 80 percent of the active rootkits.
But it removed only 66 percent of the active rootkits - the lowest percentage of the suites tested.
In proactively identifying unknown malware for which it doesn't yet have a signature, Comodo Internet Security Pro 3.8 scored well below average. In tests with two-week-old signature files, it identified only 17 percent of samples. And on four-week-old signature files it identified only 14 percent.
According to AV-Test.org, Comodo responds very slowly to new widespread malware attacks; it typically requires more than 24 hours to release a virus definition update . Yet Comodo produced more signature file updates than PC Tools, issuing 46 signature updates in January 2009, 41 in February 2009, and 45 in March 2009, averaging 1.5 per day, compared with over 200 per day from the Norton Internet Security 2009 suite.
The Comodo interface uses icons for navigation and offers some interesting options, such as protecting Registry keys against unauthorised modification, and designating as safe any files from vendors you define as trusted. Most users, however, won't know what to do with the section for grouping COM interfaces together. Compared with other suites, Comodo Internet Security Pro 3.8 lacks some key features, namely antispam and antiphishing protection - surprising given the number of attacks coming from phishing sites these days.
Comodo Internet Security Pro 3.8 is nascent, and when compared against more advanced security suites, it falls to the bottom of the list. But this effort is first generation - there's enough here that, should Comodo tinker with its antivirus engine and add new protections, it could produce a winner.