I have a somewhat a different take here. Namely that its my responsibility as an end user to protect my self from the " the bad guys"
who write malicious code. Bottom line, my cpu is simply a box of rocks without brain or logic, that will run good or malicious code interchangeably.
If nothing else, I am not as fast as a cpu that will run malicious code within milliseconds, so therefore I must rely on other software that can prevent such code from running. Thankfully, there are a plethora of such "security" programs freely available on both a freeware and commercial basis. Some may offer better detection than others, some may be more bloated than others, but none of them are perfect. And worse yet, any security program uses cpu cycles as a form of a tax on the computer system. And because an active anti virus program guards against only the worst threats, AV's have the highest potential for bloat.
With lesser type threats being more the Provence of spyware type programs that tend to be less active and rely on after the fact removal in subsequent scans. The threats detected by an active anti virus is large enough as it is and sadly growing every day, including the vastly bigger data base of spyware type threats would mean any active anti virus would slow even the fastest computer to a crawl if it examined every incoming file for threats in its database.
And therefore I have to look at it also from the point of view of the hacker, they want to get me and I want to prevent it. So it becomes somewhat of a double risk reward problem. I can bloat my computer up with every anti malware program on the planet and thus slow my computer to a crawl while also risking my various anti malware programs conflicting among themselves, or I can go to very light or none at all, insuring my protection is inadequate, or I can try to find ways to whittle the problem down to size with a multilayered security system based on prevention and some redundancy. If one layer does not stop the threat before it gets to the cpu, one needs other layers that will.
So, IMHO a security system needs more than just a firewall, an active anti virus, and more passive anti spyware programs that will help make the life of spyware programs that slip through nasty brutish and short. And that what extra is needed is HIPs and HOST files, process control programs that will not allow new code to run without seeking user permission under the theory that if it can't install it can't infect, plus some gasp user self education on how to surf safely. And without that latter step, no amount of software programs can protect anyone. I should also mention that the OS and browsers continually needs patching, secunia can alert us to other programs that need patched for security holes, and the best single step is to web surf using a limited account with a full software restriction policy. Or one can run a virtual OS that when infected can be dumped and replaced with a clean copy.
But when it comes to the comodo firewall or the somewhat similar on line armor firewall, they are not really all that different from any other multilayered security system. They simply incorporate traditional firewall function while adding HIP Host files with process control. Meaning you get all in one program rather than having to use multiple programs. But when it comes to adding an AV to comodo, I do not think comodo antivirus part has the detection rates to be even remotely resembling competitive with any of the better commercial and freeware anti virus programs at this point in time. Maybe in the distant future comodo CIS will become a viable choice, but until then, I will continue to use the comodo firewall but will pass on the CIS. But I can sure understand that a programming team can differ on approaches, so I read nothing into Kevin leaving Comodo.
As for the security system I use, it seems to keep both my wife's and my computer free from problems for many years running. But I keep changing some things to try to get better protection while going as lean as possible. But we all still make our choices while taking our chances. And IMHO, with the huge supply of almost unprotected computers to hack, why should the bad guys work extra hard to get my computers?
But I eagerly await AVAST 5 final for my wife's computer, as for me, I still use Avira. What tips the balance in my mind is the email pre screening that Avast has and Avira personal lacks. But who know, Avast 5 may cause me to switch.