How much would you pay to protect your PCs from viruses and other malware? How about nothing? There are plenty of free antivirus utilities available, and some of them are very good, as proven by their high scores in independent lab tests.
Comodo AntiVirus is free, but it doesn't have the lab scores to back up its efficacy, and it earned low scores in our hands-on tests.
Yes, it comes with a raft of bonus features, but many of these require tech expertise that's beyond what the average user brings to the table.
Like Avast Free Antivirus and AVG, Comodo Antivirus is feature-complete and entirely free.
However, paying $19.99 per year for the premium edition enhances your protection by giving you access to a focused version of Comodo's GeekBuddy tech support service.
What you get is support for using the program and cleaning up malware.
The full GeekBuddy service, which lists for $199.99 per year, offers help for any kind of tech support, including system optimization, device and software setup, troubleshooting, and more.
Appearance Unchanged
It's been two years since I put Comodo Antivirus on the rack for testing, but its appearance is almost completely unchanged.
A big status panel still dominates the left side of the main window, usually displaying a serene green.
If something's wrong, it turns yellow or red, and offers a button to fix configuration problems.
Four large buttons let you launch a scan, unblock a quarantined application, check for updates, or run a program within the sandbox containment system.
You really have to dig to find visible differences in the current product.
Labels now reference the sandbox containment system using the words "containment" and "container" rather than "sandbox." Some buttons are placed differently.
But for the most part it's unchanged.
If you've been relying on Comodo for ages, you may long for the good old days, interface-wise.
Don't worry; you can go back to the good old days.
Use the Settings window to choose the Modern theme, restart Comodo, and you'll see an earlier interface.
Choose the Classic theme to go even farther back in time.
Sparse Lab Results
I'm always pleased to find plenty of lab results for a product I'm reviewing.
The independent labs have the resources to really delve into which products are best.
I track four such labs, and quite a few products, including free products, show up in reports from all four.
Comodo isn't one that appears in lots of lab results.
Only AV-Test Institute includes Comodo in its current reporting.
This lab rates antivirus products on three criteria: protection against malware, low impact on performance, and minimal false positives.
A product can receive six points in each category, for a total of 18 possible points.
Lab Test Results Chart
This lab's researchers rated Comodo's full security suite, not the free standalone antivirus, but I assume the antivirus would score about the same.
In the all-important protection category, Comodo earned the full six points.
With some measurable draw on system resources, it took five points for performance.
And in the usability category, which refers to avoiding false positives, Comodo earned 5.5 points, for a total of 16.5 points.
AVG and Microsoft Windows Defender Security Center did better in this test, with 17.0 points.
Both Avira and Avast earned 17.5 points, enough to get them the Top Product designation.
In the latest round of testing, only F-Secure, McAfee, and Norton managed a perfect 18 points.
When I have results from at least two labs, I run the figures through an algorithm that generates an aggregate score.
About a third of the products I've reviewed have no scores at all, though, and another fifth have just one score.
With a single score, Comodo belongs to the last group, and hence does not receive an aggregate score.
Tested by all four labs, Avira Antivirus has the current top aggregate score, 9.8 of 10 possible points.
Also tested by all four labs, Kaspersky managed 9.6 points and Avast 9.3.
Even Microsoft got an aggregate score of 8.7.
Just because a product is free doesn't mean it can't earn kudos from the labs.
Scan Choices
As soon as you install Comodo, it updates its antivirus definitions and launches a full scan.
That makes sense.
You want to root out any malware that made itself at home before you installed your antivirus protection.
I canceled the on-install scan so I could run a full scan under controlled circumstances on a clean test system, with no malware.
That full scan took almost two hours, just a bit faster than Avast and AVG AntiVirus Free, which needed slightly more than two hours.
That's quite a long scan, given that the current average is about 45 minutes.
Some antivirus tools use the initial scan to optimize the system for faster subsequent scans; not Comodo.
A repeat scan took just as long.
As with most antivirus tools, Comodo also offers a quick scan that just checks memory and system locations commonly inhabited by malware.
Comodo's quick scan finished in less than two minutes.
Once you've completed an initial full scan, you should be fine relying on real-time protection and the occasional quick scan.
Like Symantec Norton AntiVirus, Comodo maintains an online database that tracks file reputation.
In addition to data from Comodo's database, a file's reputation rating includes such factors as its age and whether it runs automatically at startup.
You probably shouldn't run any file that has a seriously bad reputation, even if the antivirus doesn't flag it as known malware.
In testing, this scan ran in seconds, and found only trusted files.
If the malware scan can't seem to totally wipe out the problems it found, you can bring out the big guns.
Click Tasks, click Advanced Tasks, and click the option Clean Endpoint.
This launches Comodo Cleaning Essentials, an aggressive cleanup-only tool that can sometimes outperform the basic antivirus.
Sometimes a persistent malware infection prevents you from booting Windows, installing antivirus, or running a scan.
You can root out such entrenched malware using Comodo's bootable Rescue Disk.
On a clean system, click Tasks, click Advanced Tasks, click Create Rescue Disk, and supply a CD or USB to serve as your Rescue Disk.
When you boot the infested system from this disk, it runs its own operating system, thereby denying the malware any opportunity to fight back.
Quite a few antivirus companies offer a similar rescue disk, either created from within the antivirus program or downloaded from the company website.
Bitdefender takes ease of use up a notch, with no need to create a disk.
You just reboot the system into Rescue Mode and start killing off malware.
Mixed Malware Protection Results
With just one set of lab results available, my hands-on testing becomes more valuable.
To start my malware protection testing, I open a folder containing malware samples that I've collected and analyzed myself.
Comodo immediately started wiping out the samples it recognized, quickly eliminating 83 percent of them.
Continuing the test, I launched each sample that wasn't wiped out in the initial massacre.
Comodo quarantined one as a PUP (Potentially Unwanted Program).
I also got to see the sandbox containment system in action for one sample that generated a lot of notifications.
Comodo started by putting it in isolation as a suspicious file.
It quarantined one component as malware.
And the containment system blocked execution of yet another component.
My analysis showed one executable malware component running, but once I emptied the container it was gone.
Comodo detected 93 percent of the samples, most of them on sight but some after execution, and earned 9.1 points.
That might sound pretty good, but Webroot caught 100 percent of this same sample set, and eight other products, including Sophos Home Free, outscored Comodo.
I maintain a second set of samples, hand-modified versions of the originals.
For each, I change the filename, append zeroes to give the file a different size, and modify some non-executable bytes within the program.
Some antivirus programs wipe out all or most of the same samples in this modified set; Comodo missed almost two-thirds of them.
Five ransomware samples were among those that Comodo missed in their tweaked form.
I took this as a handy opportunity to see the automatic sandboxing system in action.
Given that I created the tweaked samples myself, they should have been unknown to Comodo's database, and hence subject to automatic containment.
Alas, as with Panda Free Antivirus, most of the hand-modified samples slipped right past Comodo.
Comodo did block one tweaked ransomware sample, quarantining it as suspicious and running one component in the sandbox.
But the rest, including the virulent disk-encrypting Petya, did their dirty deeds despite Comodo's efforts.
The file-encrypting ransomware attacks all encrypted my files and posted a ransom note before I got any notifications from Comodo.
It did automatically restrict some processes, but did so too late.
Emptying the container did nothing to bring back my encrypted files.
That's not what I expected from the sandboxing system.
Malware Protection Results Chart
Comodo Antivirus does not in itself prevent your browsers from visiting malicious or fraudulent websites, but Comodo Online Security is available as a free browser extension for Internet Explorer, Firefox, and Chrome.
An Edge extension exists, but it's hung up waiting for Microsoft.
To continue my testing, I installed Comodo Online Security.
Malware defense can happen at many levels, but the very first line of defense is simply keeping the browser away from malware-hosting sites.
If antivirus doesn't fend off the site itself, eliminating the malware payload is the next possible defense.
My malicious URL blocking test exercises both defensive layers.
I start with a feed of very new malware hosting URLs supplied by MRG-Effitas, usually no more than a couple days old.
I launch each and note whether the antivirus diverts the browser from the page, quarantines the malware payload, or sits idly, doing nothing.
The URLs are different in every test, but they're always the latest, and I aim for 100 data points, to get a representative sample.
I got through 25 verified malware-hosting URLs without ever seeing access blocked by the browser extension.
At that point, for a sanity check, I repeated that part of the test with a different browser.
Changing browsers didn't change the results.
Throughout this test, I never once saw Comodo Online Security block access to a dangerous URL.
In the end, Comodo defended against 56 percent of the verified samples, all of them by quarantining the malware payload.
That's very, very low.
Bitdefender, Norton, and Trend Micro Antivirus+ Security($29.95/Year at Trend Micro Small Business) caught 99 percent, using a combination of blocking dangerous URLs and quarantining malicious downloads.
Sophos and McAfee managed 97 percent.
Avast, Avira, and AVG all scored above 90 percent.
Ineffective Phishing Protection
The description of Comodo Online Security promises protection against both malicious websites and phishing sites, fraudulent pages that masquerade as sensitive websites and trick visitors into giving away their login credentials.
Specifically, it says the browser extension "instantly blocks dangerous and fraudulent websites." In testing with real-world phishing pages, this component proved ineffective.
After my experience with the browser extension not blocking any malware-hosting URLs, I decided to run a sanity check using the Antiphishing Test Page on the AMTSO (Anti-Malware Testing Standards Organization) website.
Participating security companies agree to detect this page as fraudulent, letting users verify that their protection is active.
Alas, Comodo is not a participant, so it didn't block the test page.
To prepare for my phishing protection test, I comb phishing analysis websites for URLs that have been reported as fraudulent, making sure to include some that are too new for the blacklists.
I launch each in a browser protected by the antivirus under test, and simultaneously in instances of Chrome, Firefox, and Internet Explorer protected only by the browser's built-in antiphishing.
I discard any URLs that don't load correctly in all four browsers, and any that don't show all characteristics of a phishing fraud such as trying to capture login credentials.
Phishing Protection Results Chart
Not all antivirus tools distinguish between malicious and fraudulent URLs, so I give equal credit no matter the reason offered when a product blocks a site.
However, it was clear in testing that every time Comodo blocked a phishing URL, it did so because its file-based antivirus detected malicious code in the web page.
It never once identified a page as fraudulent.
Its score of 10 percent protection is among the lowest I've recorded.
At the other end of the spectrum, Kaspersky and McAfee AntiVirus Plus($19.99 at McAfee) managed 100 percent detection, using a combination of blacklisting and heuristic page analysis.
Avast and AVG came close, with 98 percent detection.
Comodo users, I advise you to leave your browser's phishing protection turned on, and practice detecting phishing scams on your own.
See How We Test Security Software
Keeping Programs Contained
With one click, you can switch Comodo's main window from its default basic view to the advanced view.
This mode features, among other things, a status panel for Auto-Containment (formerly Auto-Sandbox), HIPS (Host Intrusion Prevention System), and Viruscope behavior-based protection.
Comodo's containment system isolates the processes that run inside it.
It virtualizes system changes, meaning that the changes seem real to the process, but aren't permanent.
You can empty the container to terminate contained programs and wipe out their changes.
The Auto-Containment system takes charge of any program that doesn't appear in Comodo's reputation database.
On determining that a program might be unsafe, most users would simply refrain from launching it.
If you're the kind of person who'd launch the suspect program regardless, you can protect yourself by launching virtualized in Comodo's containment system.
That way it can't make any permanent changes.
Comodo flags programs running in this mode by giving them a green border.
You can also open Comodo's full-fledged Virtual Desktop, which is similar to the SafePay desktop offered by Bitdefender, though
