Here is the link

http://forums.comodo.com/index.php/topic,9588.0.html

cool, as soon as I have backuped my sys, I will check it.

Pics now! Not the one that was out already, we need new pics !:wacko:

Yeah, we want to know what´s new in comodo firewall 3 and some pictures, thanks.

OK, here we go. The "summary" window:

190640


Firewall - common tasks and advanced setup:

190641

190642

You can now create preconfigured rulesets for web, email, ftp so you can refer to a ruleset when prompted (something like in Jetico).The firewall is fully functional. There are other features that are missing...

Application and IP (global) rules, separated in tabs:

190643

Creating port sets

190644


Defense+ (HIPS)

190645

190646


Full name is COMODO Firewall Pro v1.0.0.0. The install package is (a bit) smaller than 2.4 version. Installation is identical (only colors are different), passed fine, rebooted. I installed on fresh XP (updated + drivers), and I do remember 2.4 gave me a little delay on bootup, but not this firewall, all went smooth and without any delay. It seems pretty stable, although I didn't throw anything heavy on it yet (like P2P). Two processes (the same as in v2), around 3-4 megs each, very light. There is a "COMODO Firewall Pro Helper Service" in services. No network slowdowns, no system impact. There is password protection now. Many functions are disabled (like stealth configuration, updates, diagnostics) and the help is missing, so there is no much practical use for this product in this stage. But if you consider that only 10 files are installed in program folder, that's understandable. I admit that I didn't like v2, but I'm starting to like this. Very promising, good job Comodo. Well, that's about it for now, we'll see later.

Oh yes, this is the taskbar icon (no animation there).

190648

Cheers.

Thanks Nick for posting the pics. Looks interesting and has a lot more features than 2.4. It's a totally different animal. I wish they would ditch the green thou :dry:. How do you like the 'view firewall events' and 'view active connections'? I hope those features are improved/working with this version. That is one thing that 2.4 lacked. I'm a bit of a newbie, but I like to see my connections and I like good logging.

Cheers, innerpeace

hope they can roll out alpha's for vista soon..

-{ Quote: "I wish they would ditch the green thou :dry:.
Cheers, innerpeace" }-


Agreed sir. Maybe get back to the bluish theme. But the interface looks sexy. Hope it's as powerful as it looks. But I'd rather have a lean machine without bugs than a feature-loaded app that's bloated. I'm excited about this. :thumb:

IMPRESSIVE FIREWALL!!! , better than I thought, I hope this one is going to be stable very soon.http://www.wilderssecurity.com/images/smilies/eek.gif
:o

The Seer did u say that v3.0 doesn't stealth all the ports?

as you stated here "Many functions are disabled (like stealth configuration, updates, diagnostics) and the help is missing, so there is no much practical use for this product in this stage"

Pretty low memory usage. Using 8MB here.

It looks good but also more complex than current version 2.4. I reckon the average user might need to be quite skilled to be able to use it properly. That would let me out heh.

GUI is neat but a bit washed out!

-{ Quote: "Pretty low memory usage. Using 8MB here." }-

Put all the advanced options on.

Open:

- ftp
- irc/chat
- web
- mail
- some rss/tickers
- p2p / 700-1000 half-open conns

Let it rip for 3-8 hours.

Check mem / cpu again.

I think there'll be a noticeable difference.

Not that it's necessarily unforgivable. Advanced features come with advanced requirements :)

I'm currently running the alpha and let me say, I'm impressed. As far as the washed out green, looks like when they release it you will be able to change the themes.

U means support for skins? It will be really nice.
BTW it seems to have a lot of features.
File protection
Registry protection etc
Are there any policy restrictions( sandboxning)?

I read on their forums that there will be skins to choose from, not bad!! So far I like the look, and can't wait to have it on my computer when it's out of alpha and beta!;D ;D

Comment:

Well, it certainly looks interesting. I will install onto a VM to play.

indeed interesting. i wonder if this means there is sandboxing :o
The help files are not implemented yet, but one can start dreaming :)

I tried to test it with P2P. Few DPC CPU usage, unlike Kaspersky. However, I couldn't get incoming connections to work. Even if the rule was there, it would block uTorrent inbound unless I set it into Allow All (all applications).

I set it to allow all outbound TCP & UDP for uTorrent to any IP and port. I set it to allow all incoming from any IP and port TCP & UDP to the uTorrent's listening port. It didn't worked. It kept blocking it.

-{ Quote: "However, I couldn't get incoming connections to work." }-

190680

I had to make a global IP rule to forward the port, then it worked. Due to network SPI, that port is blocked (according to logs) when not using P2P. BTW, the logs have some issues. In detailed view, my internal IP is reversed to "4.0.0.10".

-{ Quote: "did u say that v3.0 doesn't stealth all the ports?" }-

No, there is an option in firewall settings "Stealth configuration wizard" which is not functioning (like many others). I haven't tested it for "stealth" yet, I would have to install it on a different PC to check that. But I'm sure it can be configured to be "stealth" if it's not out-of-the-box already.

Cheers.

-{ Quote: "190680

I had to make a global IP rule to forward the port, then it worked. Due to network SPI, that port is blocked (according to logs) when not using P2P. BTW, the logs have some issues. In detailed view, my internal IP is reversed to "4.0.0.10".



No, there is an option in firewall settings "Stealth configuration wizard" which is not functioning (like many others). I haven't tested it for "stealth" yet, I would have to install it on a different PC to check that. But I'm sure it can be configured to be "stealth" if it's not out-of-the-box already.

Cheers." }-

SPI? I don't know what that means. I've had the same problem with the current version of Comodo (2.4). I've never had problems configuring firewalls before, not Eset's, not Kaspersky's, not Windows', not Jetico, etc.. I don't know why Comodo is giving me such trouble.

By the way, there is a tool called Slipfest (http://slipfest.cr0.org/), by France Telecom, used to test HIPS. Comdo's HIPS isn't that steller. That tool can do a lot of things. Comodo does not stop it.

I never understood why security product vendors insist on skinning their apps. No skinned app looks better than a native app. Some are uglier than others. I was actually surprised by Eset Smart Security. Though, it's skinned, it looks pretty good, which is a total 180 turn from the current interface. Kaspersky went from a good-looking, native interface (v5, v6) to a skinned app in v7. It looks pretty bad. Comodo's skin is extremely ugly. The colour scheme is just terrible.

SPI - when a packet arrives from the Internet, the firewall must decide if it should be forwarded to the internal network. In order to accomplish this the firewall "looks" to see what connections have been opened from the inside of the network to the Internet. If there is an opened connection that corresponds to the packet that has arrived from the Internet then it will be allowed through, otherwise it will be rejected.
I am not an expert on Comodo, but I think that it's IP rules work as a sort of software router. You have to forward a port just like on a router.

-{ Quote: "Comdo's HIPS isn't that steller. That tool can do a lot of things. Comodo does not stop it." }-

Try to put Defense+ in maximum security mode. It can be very informative/annoying. I tried to knock some leaktests against it and it passed them all. Not the Screenshot2 of AKLT though...

Cheers.

-{ Quote: "SPI - when a packet arrives from the Internet, the firewall must decide if it should be forwarded to the internal network. In order to accomplish this the firewall "looks" to see what connections have been opened from the inside of the network to the Internet. If there is an opened connection that corresponds to the packet that has arrived from the Internet then it will be allowed through, otherwise it will be rejected.
I am not an expert on Comodo, but I think that it's IP rules work as a sort of software router. You have to forward a port just like on a router.



Try to put Defense+ in maximum security mode. It can be very informative/annoying. I tried to knock some leaktests against it and it passed them all. Not the Screenshot2 of AKLT though...

Cheers." }-

Wait a second! Are you saying that first you have to open the port in the Global Rules, then open the port in the application rule? I already have a router. Someone needs to learn the DRY principle.

As for Defence+, it does not block all leaks. (http://forums.comodo.com/index.php/topic,9601.0.html) Also, try the France Telecom program.

-{ Quote: "Are you saying that first you have to open the port in the Global Rules" }-

Yes. But it's very early to make any conclusions regarding leaktests or any tests with this alpha. We'll definitely see many improvements here, and so far I like the concept of this firewall. I'll try that France Telecom program, thanks... ;)

Cheers.

I install it two days ago, and find it completely new, with a better GUI, much better resources using, great new interesting features, but had a few problems with connections, so I have to uninstall it because I'm using my notebook for work and don't have much time for testing now...

But at least, very impressive!!! ;D

-{ Quote: "I install it two days ago, and find it completely new, with a better GUI, much better resources using, great new interesting features, but had a few problems with connections, so I have to uninstall it because I'm using my notebook for work and don't have much time for testing now...

But at least, very impressive!!! ;D" }-
This thread explains it: Network Rules vs Application Rules. (http://forums.comodo.com/index.php/topic,5372.0.html).

The Seer, it's not a bug, v2.4 behaves the same way. I don't see the point of network rules yet. But, that is the first layer of defence. Application rules work within network rules. So, a port must be opened in the network rules before setting it in the application rules. You have to repeat yourself. That is the security model.

I guess this was done for public wireless networks. It imitates the behaviour of you being behind a router inside your home.

SpookyET,

Thanks, but I already know how to use CFP, since one year ago... ;)

Regards

Hello SpookyET.:)

-{ Quote: "The Seer, it's not a bug, v2.4 behaves the same way. I don't see the point of network rules yet. But, that is the first layer of defence. Application rules work within network rules. So, a port must be opened in the network rules before setting it in the application rules. You have to repeat yourself. That is the security model.

I guess this was done for public wireless networks. It imitates the behaviour of you being behind a router inside your home." }-

Yes, I remember reading about that a few months ago. Stateful inspection works on a network level, so it's like a complete little SPI router. Nevertheless, I like this alpha for now. We will see the final version before long.

Cheers.

-{ Quote: "Wait a second! Are you saying that first you have to open the port in the Global Rules, then open the port in the application rule? I already have a router. Someone needs to learn the DRY principle.

As for Defence+, it does not block all leaks. (http://forums.comodo.com/index.php/topic,9601.0.html) Also, try the France Telecom program." }-



Yeah, it wont pass all of them yet, but according to Melih it will do.;)

"With simple additon of protected registry keys in the GUI, all registry tests could be passed. We have not included a default configuration which provides a maximum defense right now. But in the final release, without any doubt, all will be included.

As I mentioned before, the architecture is designed so that you can simply add registry keys for protection and they will be protected.

We haven't had time to add all the security.. we will in the final version"-from Melih.

For the people who complain i'm not against you but i have one word which may sway your thinking.

A-L-P-H-A! This is not even a beta and its been stable on every computer it's been tested on so far. Well according to forums knowone has complained about stability yet so that's impressive for an alpha. I noticed the alerts don't give you any information and if your a first firewall user you may get confused. But im sure this alpha was made just for a look at the firewall and to fix major bugs( even though we haven't found any yet).

I just hope they put in a configuation wizard at installation because when i ran my system after an install of cpf i got constant alerts for 10-15mins lol. Must be the defence+ feature. If there isn't a configation feature and these settings stay standard than many newbies will run as fast as they can away from cpf.

Wow, this is a bit exciting, seems to be a very advanced HIPS, a serious new contender in the HIPS market, no doubt. But at the moment I´m not really happy about a couple of things, the GUI must become a bit better, and for some reason it doesn´t give a lot of info when registry keys are being modified. Of course I´m confident that this stuff will become better and I will keep my eye on this one. :)

-{ Quote: "Wow, this is a bit exciting, seems to be a very advanced HIPS, a serious new contender in the HIPS market, no doubt. But at the moment I´m not really happy about a couple of things, the GUI must become a bit better, and for some reason it doesn´t give a lot of info when registry keys are being modified. Of course I´m confident that this stuff will become better and I will keep my eye on this one. :)" }-

I think comodo disabled a lot of features such as actual warning information until
the beta comes out. Because even firewall alerts don't give you any information.

-{ Quote: "I will install onto a VM to play." }-Currently this release(Alpha) is crashing on my VM(on boot). The dumps are a little confusing,.. is anyone running this release on XPsp2 with an Athlon processor OK? (I will also try a different VM program when time permits)

It doesn't get along with Virtualbox (crash -> dump), I installed it on my trash computer without any problems (Windows SP2/Athlon 3500+).

-{ Quote: "Currently this release(Alpha) is crashing on my VM(on boot). The dumps are a little confusing,.. is anyone running this release on XPsp2 with an Athlon processor OK? (I will also try a different VM program when time permits)" }-

I am running it in a Vmware (version 6 build 45731) session, XP sp2 and I do have Athlon 64x2. it runs just fine in my machine. No problems at all concerning stability.

Hello.

I initially installed this Comodo in FDISR snapshot, but have now tried it in VMware, the same version and on same CPU as sukarof, with bridged networking, and Comodo runs fine. Tried to put some transfer through it, created some rules, and it works... I have now noticed that XP's security center still doesn't recognize Comodo v3 Alpha (I have this service normally disabled).

Cheers.

Thank you "Sogno", "sukarof" and "The Seer" for the feedback.
I did install onto VM~ the latest version of "Virtualbox", so this is possibly the problem.
I will load up VMware to try. (I currently have no spare actual hardware to install on)

I'm with the Vista 32 bit version of Comodo, and get a BSOD when I attempt to access the internet. This also happens with Eset Smart Security. Could it be my adapter starting at the same time as the firewall service? Hope someone has a suggestion.

This new version sounds interesting.
Especially, Sukarof's screenshot showing "isolated application" as an option.

-{ Quote: "Currently this release(Alpha) is crashing on my VM(on boot). The dumps are a little confusing,.. is anyone running this release on XPsp2 with an Athlon processor OK? (I will also try a different VM program when time permits)" }-

I ran it in a rollback rx snapshot just to test it out and it worked fine on my AMD Athlon XP. Windows XP SP2 installed.

-{ Quote: "U means support for skins? It will be really nice.
BTW it seems to have a lot of features.
File protection
Registry protection etc
Are there any policy restrictions( sandboxning)?" }-

Aigle i noticed the isolate option and it seems similar to geswall so maybe you could dump geswall and use cpf3 when it comes out.

Seems very stable for an Alpha release. memory usage is low (12+3 MB), only CPU usage was very high during ports scan at ShieldsUp!
That product may become one of the best security products for Windows.

-{ Quote: "Aigle i noticed the isolate option and it seems similar to geswall so maybe you could dump geswall and use cpf3 when it comes out." }-
May be. So far GeSWall,s policy restrictions are much much stronger.
If they implement such a feature it might take some time to mature but ofcourse they might more chances to take it to a mature level than GeSWall( more users, more bug reports, more resources etc).

It will be ultimately somthing like Tiny FireWall or CoreForce. Let,s wait and see.

The Vista version still has a ways to go. Besides the BSOD, it prompts too much.

Hello,

For those who have given a try to Comodo 3 alpha....

There is something I cannot afford in Comodo v2.x, it's the lack of log in the application rules.
It's OK for network rules. There is a check box to create a log entry.
But for application rules ?
AFAIK, a entry is created when a rule blocks something.
But if I want to create a log on a allowed rule application ? There is no way to do that.

What about Comodo v3 regarding this issue ?

Thanks for your reply.

This firewall is exactly what I like. Look @ this, 5 times better then zone alarm,
beating aak 3.7 and all other useless anti-keylogger:

http://i13.tinypic.com/6ceatqg.png


2 Crashes while closing process list and once while blocking something of k-meleon.

BTW what type of checksum hash they are using? SHA1 or MD5 or still older one?

CRC32? That would be disappointing... I have no idea, I ditched the snapshot with CFP3, but my guess is MD5. How can this be checked?

-{ Quote: "Aigle i noticed the isolate option and it seems similar to geswall so maybe you could dump geswall and use cpf3 when it comes out." }-

isolate is just a security policy option that is there out of the box, you can make more policies and name it whatever you want. I looked at the settings given by "isolated applications" it's not very isolated. :)

Really I don't like it

The HIPS is so Simple and use CPU very much in BT

-{ Quote: "use CPU very much in BT" }-

Hmm, sounds familiar... I would have to try to reproduce that as well. Could you please try to disable "monitoring DLL injections", see if that helps... (I don't have this v3 installed at the moment)

Cheers.

-{ Quote: "I'm currently running the alpha and let me say, I'm impressed. As far as the washed out green, looks like when they release it you will be able to change the themes." }-

Let's hope the vomit green isn't one of the themes. LOL :)

-{ Quote: "Really I don't like it " }-

http://i7.tinypic.com/4l92o90.png

Hm, in some way we have problems, the ě rootkit has stepped inside. http://i10.tinypic.com/5xfu3vs.png

Appinit.dll method is risky.

But there is hope! SystemIdle Intrusion has been blocked! The Linux based view is great!

http://i13.tinypic.com/6gvbjpj.png

SJ in English please.

-{ Quote: "SJ in English please." }-

Maybe you need glasses or do you belong to the part of profs that are called the 100%´ter, this here is no school class and there is no grammar controler.

Information is the only thing that count. Understand or was that chinese in your decoding brain system?

Ok, I just want to know when this is coming out of Alpha or any idea when it'll be? Thanks

It is only first version of an Alpha.
Then it has has to go through Beta versions.
Then Release Candidates.
It will months or several months (maybe even up to a year)
before the Final is released.

The attackers only needed 3 days to make comodo pro alpha totally useless,
all hooks were there, everything looked fine on desktop surface, but Comodo turned into zombie, no more reaction, absolutely nothing. All apps were able to communicate with internet, the latest beast comes from system idle process.

-{ Quote: "The attackers only needed 3 days to make comodo pro alpha totally useless,
all hooks were there, everything looked fine on desktop surface, but Comodo turned into zombie, no more reaction, absolutely nothing. All apps were able to communicate with internet, the latest beast comes from system idle process." }-

This is interesting... can you elaborate more?
Direct connection to internet? Router?
Local or remote exploit?

Usually such claims will need to be backed up with some details of the attack, otherwise most will think this is just trolling...

Thanks,
Fax

-{ Quote: "This is interesting... can you elaborate more?
Direct connection to internet? Router?
Local or remote exploit?" }-

I use Router. No not trolling, probably polymorphic infector, I am still occupied in doing research.

One thing is for sure Pid 0 is the key problem. I actually don´t understand how this thing is able to persist in Pid 0.

Actually I uninstalled and reinstalled Comodo 3 Alpha and know it works again so far.

-{ Quote: "I use Router. No not trolling, probably polymorphic infector, I am still occupied in doing research.

One thing is for sure Pid 0 is the key problem. I actually don´t understand how this thing is able to persist in Pid 0.

Actually I uninstalled and reinstalled Comodo 3 Alpha and know it works again so far." }-

Thanks for the info...
Fax

look, maybe fp, but it´d enforce my worries:

http://i7.tinypic.com/5y2nu6w.png

Beside Gmer seems to be incompatible to comodo alpha pro, always receive bsods.

Jotti found 0 related to wudfhost. But Sandbox took long time so they gave a attention signal. (eventually malware)
Packprog: PE_PATCH.

Here again, after some reboots, silently bypassed, no unhooking, nothing.. spooky silent bypass.

http://i11.tinypic.com/6g0ta3r.png

So how is Comodo Alpha 3 doing for you guys so far? I just want everyone to give me some up-to date stories and info, thanks!;D

Nobody scared about my posted screen?

Some stealth Keylogger easily bypass Comodo 3.

I would be scared/concerned if it happened in one of Comodos' RCs.

-{ Quote: "Nobody scared about my posted screen?

Some stealth Keylogger easily bypass Comodo 3." }-

Did you test the same on Comodo 2.4 ?
I should be scared if the keylogger bypasses Comodo 3, and not 2.4

-{ Quote: "Did you test the same on Comodo 2.4 ?
I should be scared if the keylogger bypasses Comodo 3, and not 2.4" }-

Shouldn't it be the other way around?

Did you notice the word "alpha"? Do you know the giant difference between an "alpha" and "Final"

3 is an "ALPHA" and 2.4 is a "FINAL".

-{ Quote: "I would be scared/concerned if it happened in one of Comodos' RCs." }-

Lol;D ;D ;D

-{ Quote: "Did you notice the word "alpha"? Do you know the giant difference between an "alpha" and "Final"

3 is an "ALPHA"" }-

Maybe I should include this distinction in my further thoughts.;D ;D

Something I wonder if there´s no better way of hooking, then appinit? Actually every security suite uses appinit, so if I want to use two different apps that may produce more problems especially because appinit is easy to erase by other apps so the protection may also be very easy to kill.

Glad to see you have a sense of humor SystemJunkie ;D . I can appreciate that. This version of Comodo has high expectations. I would also take your tests seriously after the final is released. I'm willing to bet that they will pass all 'leak tests' by default. That's just my opinion.

I don't know about all the hooking. It's way above my head. I am starting to get concerned about all these security programs digging deeper and protecting themselves. I sense some sort of conflict eventually. Again, just my opinion and not based on anything factual Lol. Call it a gut feeling ;) .

-{ Quote: "Nobody scared about my posted screen?

Some stealth Keylogger easily bypass Comodo 3." }-


Not really surprising, this is known since sometimes...
Very few HIPS pass all AKLT test.

http://www.firewallleaktester.com/news.htm

Cheers,
Fax

-{ Quote: "Glad to see you have a sense of humor SystemJunkie . I can appreciate that. This version of Comodo has high expectations. I would also take your tests seriously after the final is released. I'm willing to bet that they will pass all 'leak tests' by default. That's just my opinion.

I don't know about all the hooking. It's way above my head. I am starting to get concerned about all these security programs digging deeper and protecting themselves. I sense some sort of conflict eventually. Again, just my opinion and not based on anything factual Lol. Call it a gut feeling ." }-

;D ;D ;D yes, very funny, haha, I hope we all will be able to regain a new kind of (gute) good feeling ;D ;D as the time may come (sometimes) when security apps become solid and bullet proofed.

-{ Quote: "Not really surprising, this is known since sometimes...
Very few HIPS pass all AKLT test." }-

Don´t focuss only on AKLT, I mean latest commercial stealth keylogger.
It´s not useful if the firewall can block aklt but in realtime attacks is
bypassed easily by commercial software. But let´s wait until the next beta.

Beside Gmer is actually incompat. to Comodo Pro Alpha:
BSOD: 0x00000005 / INVALID_PROCESS_ATTACH_ATTEMPT