I've been a registered user of NOD32 AV for a couple of years and am very happy with it. Alongside that, I used Zone Alarm Free Firewall, but dumped that last year and have been using Comodo Firewall Pro since, which has always worked well alongside NOD32 AV.

Now that ESS 3.0 is out, my question is simple really .. Would you recommend migrating my licence from just NOD32 AV to NO32 ESS 3.0 as it's a pretty decent upgrade offer and have all my eggs in the same basket so to speak.

How does NOD32 ESS Firewall compare to Comodo for instance (I've got a Netgear DG834GT Router which is what connects me to the t'interweb). I'm not too technically minded when it comes to configuring specific ports etc and just want something that does what it says on the box and keeps me nice and secure, showing me what apps are trying to connect so I can allow or deny, and logs any intrusion attempts.

Any guidance and recommendations as to whether I should stop dilly dallying and get NOD32 ESS 3.0 :)

Well the Intrussion Detection on Comodo is very basic compared to ESS. If I read the help corrected, ESS checks the content of every packet sent or received from the internet, whinch assures that it is safe, Comodo does not, It just checks for inconsistances on the protocols and stuff but not the actual packets being transmited.
On the other hand ESS won't pass any leak tests because it does not have HIPS like comodo V3 will have or like in some measure comodo V2.4 has. That being said ESS approach is not to let you download or run anything that compromise your security so that you don't need a HIPS because everithing on your machine is safe.
Personaly I'm using ESS because it is just a service and a process and that is all to secure your system, not to forget that nod V3 does not get along with Comodo very well on my personal experience.
Others might say that having an all in one suit is a risk because if the suite gets killed then your on thin air, but NOD never got killed on my machine and I have no reason to believe ESS will.

MasterTB comodo does the same checking of packets ess does. It is just not default or used much.

{QUOTE-> ESS checks the content of every packet sent or received from the internet, whinch assures that it is safe, <-QUOTE}This would infer "deep packet inspection". Are you sure of this? Are or you thinking of "HTTP AV monitor (web av)"?~~ (there is a big difference)

{QUOTE-> MasterTB comodo does the same checking of packets ess does. It is just not default or used much. <-QUOTE}Checksum check (IMHO) should be done by any SPI firewall.

Malware can have a verified checksum. This in itself is not protection.

{QUOTE-> MasterTB comodo does the same checking of packets ess does. It is just not default or used much. <-QUOTE}

Well actually not. The firewall Engine in eset checks the content of every packet not the packet checksum those are two different things.
If I did not read the help wrong, by integrating the firewall and the AV, every packet allowed in is checked to verify not only integrity but also malignous code, and that is something that comodo cannot do becuase it does not have an antivirus built in.

{QUOTE-> Checksum check (IMHO) should be done by any SPI firewall.

Malware can have a verified checksum. This in itself is not protection. <-QUOTE}

Agree, that's why I say that Intrussion Detection in Comodo is very simple compared to ESS. Not to mention Kerio.

Can anybody suggest a HIPS program that would be compatible with running ESS 3. ?

Hey galloot, try DefenseWall ( www.softsphere.com ).

I am also interested in ESS 3.0 compared to the upcoming Comodo 3. I have been using NOD antivirus for coming up to 2 years and liking it. I don't understand all the real technical stuff about firewalls. Tried Comodo 2.4 some time ago and had problems getting it to allow my other computer to connect to the internet through internet connection sharing. Perhaps if I'd persevered for longer. I wonder how easy ESS is to set up to work over a network with internet connection sharing and file shares. I'm also interested in which provides the best protection.

{QUOTE-> Well actually not. The firewall Engine in eset checks the content of every packet not the packet checksum those are two different things.
If I did not read the help wrong, by integrating the firewall and the AV, every packet allowed in is checked to verify not only integrity but also malignous code, and that is something that comodo cannot do becuase it does not have an antivirus built in. <-QUOTE}
Can you please provide some proof about this? Have you read it anywhere, have you tested it, or it is something you suspect?

I hope that you are not reffering in this:
{QUOTE-> Infiltration detection
CodeRed worm detection – detects the CodeRed worm
SqlSlammer worm detection – detects attacks of the SqlSlammer worm
RPC/DCOM attack detection – if checked, the program will block attacks exploiting the Microsoft RPC DCOm vulnerability
Sasser worm detection – detection of the Sasser worm
DNS Poisoning attack detection – through DNS poisoning method, hackers can trick DNS server of any computer into believing that the fake data they supplied are legitimate and authentic. Read more about this type of attack in the glossary.
Port scanning attack detection – this method is used to find unprotected ports on your computer, which can be attacked later. Read more about this type of attack in the glossary.
SMB Relay attack detection – a type of attack enabling a remote attacker to modify messages exchanged between two communication endpoints. Read more about this type of attack in the glossary.
TCP Desynchronization attack detection – attacks exploiting desynchronization of communication. Attacks are targetted onto servers. Read more about this type of attack in the glossary.
Reverse TCP Desynchronization attack detection - attacks exploiting desynchronization of communication. Attacks are targetted onto client computers.
ICMP protocol attack detection – attacks exploiting the weaknesses of the ICMP protocol. <-QUOTE}

ps. For achieving what you described, SS3 has to be capable of Cross Packet Inspection (XPI).

{QUOTE-> Can you please provide some proof about this? Have you read it anywhere, have you tested it, or it is something you suspect?

I hope that you are not reffering in this:

ps. For achieving what you described, SS3 has to be capable of Cross Packet Inspection (XPI). <-QUOTE}

This article here: http://www.winplanet.com/article/3847-.htm
Says that:
"ESET Smart Security's firewall will have aggressive scanning as data go up and down the wire, since so many forms of malware seek to get around firewalls by using certain ports or applications. The NOD32 engine will inspect all traffic going in and out of the computer through the firewall in real time without impacting performance, according to Andrew Lee, chief research officer for ESET. " // "A lot of firewalls are rather static. They give port access to an application and then don't check the content coming through," he told InternetNews.com. "The network is our area of focus since everything goes through it. We inspect all network traffic with the antivirus engine." Also: "Different levels of security can be applied to applications. For example, Microsoft Word can have a normal level of security or ESET Security Suite can treat it as if it were a browser and apply the same kind of scrutiny to its disk and network activity as it would Firefox or Internet Explorer."

If that is not what I understood then sory, but I think it is pretty clear that all trafic allowed by the firewall is scanned for content with the antivirus engine... that is more that what Comodo can do or any other standalone firewall I have used. (remember that I am no expert, just a user)

{QUOTE-> Personaly I'm using ESS because it is just a service and a process and that is all to secure your system, not to forget that nod V3 does not get along with Comodo very well on my personal experience.
Others might say that having an all in one suit is a risk because if the suite gets killed then your on thin air, but NOD never got killed on my machine and I have no reason to believe ESS will." <-QUOTE}To answer your comment about NOD V3 and Comodo not getting along, that's incorrect. Comodo didn't object a bit when v3 moved in.
As for the suite issue, I think we debated that to death, and the fact is that there's a first time for everything, and after using ZA suite for a few years I can state with experience that stand alone's are the best way to go. Having said that, I will say that if I didn't know better I'd go for ESS for the reasons you gave.:)

Hey man...nothing is perfect, my Ess 3.0 got cracked up by beagle two weeks ago...I had the beta version

so Ess 3.0 beta CAN be easily killed...dunno if ess3.0 is still vulnerable to this attack..and notice that the infected file was scantime detectable but not runtime...so the file let it come in...and the av let it install, even if they both knew it was a virus...Which make me think...

{QUOTE-> That being said ESS approach is not to let you download or run anything that compromise your security so that you don't need a HIPS because everithing on your machine is safe. <-QUOTE}

Sorry, but that is a short-sighted approach to security. What you talk about is an ideal state that is unreachable in reality. Even the best AV (which NOD32 is) can NOT catch every new unknown virus. It is impossible (you may get to 99% but not to 100%). The advanced heuristic module can catch unknown new malware, but according to independent retro tests, it catches only about 80-90% (which is very impressive, but still not 100%).

So, there will always be some malware that makes it to your machine in spite of your antivirus.

What to do next? First of all, you need to have a leak-proof outbound firewall, so that the malware cannot send your data to the net and cannot receive commands from hackers. That's called pro-active layered security.

It is absolutely naive to believe that AV will catch 100% of malware and so allow one to tolerate weaknesses in the firewall. You need additional layers of different kinds of protection. That includes an excellent 100%-leak-proof firewall (plus HIPS to prevent installation of then unknown kernel-space malware and possibly using VM sandboxing to isolate mission-critical private data).

It is imperative that ESET makes their firewall as leak-proof as possible. Otherwise, their firewall is useless. Seriously.

ronjor closed my thread without answering my question and only referring me to this thread.

My question is:
Has anyone TESTED Comodo Firewall 3.0 with NOD 32 3.0 and compared the tests to ESET ESS 3.0 AV+Firewall? Will such a test be done later if not already done?

I am looking for actual tests/facts.

Thanks.

{QUOTE->
It is imperative that ESET makes their firewall as leak-proof as possible. Otherwise, their firewall is useless. Seriously. <-QUOTE}

Agreed, but I think they don't feel the same way. Look at AVG and Panda for example, they both go the same way Eset is going...

{QUOTE-> Agreed, but I think they don't feel the same way. Look at AVG and Panda for example, they both go the same way Eset is going... <-QUOTE}

Well, if that's true, I'll keep using NOD32 + a good firewall from competition. I won't bother buying ESS (although I'd love to, because NOD32 is the best AV in the world and I'd really love to use a firewall created by the same team).

Does that make the opinion that Comodo IS far better than ESS Firewall or not?

Looking at Comodo, with ESS firewall off, I seem to have the same problem as I had with ZA, everytime a component contacts to the web I get asked should I allow, fine but I've just allowed FF 12 times, so thats not fine.

There are a few issues with ESS leaktests, but when out of 10 tests the first one failed on automatic detection, but passed on interactive, that proves to me interactive is better firewall. Most the other tests got blocked as virus's anyway.

Comodo just looks a touch to complicated and reminds me of the nightmares I had with ZA last year.

{QUOTE-> Does that make the opinion that Comodo IS far better than ESS Firewall or not? ....
Comodo just looks a touch to complicated and reminds me of the nightmares I had with ZA last year. <-QUOTE}

I wouldn't go that far. I think the firewall in ESS has a much better Inbound protection, and since it is integrated with NOD32 antivirus it has the potential for a great protection. What comodo brings to play is the HIPS, which ESS has not, but you can add a 3rd party HIPS without having to install Comodo.
Personally I'm using ESS for now, until the V3 of Comodo is up and running, then I'm going to make up my mind but for noww Comodo has too many issues for me to use it.
And like I say if you want that absolute control on your system just Install a HIPS alongside ESS and that's all you'll need.

{QUOTE-> I wouldn't go that far. I think the firewall in ESS has a much better Inbound protection, and since it is integrated with NOD32 antivirus it has the potential for a great protection. What comodo brings to play is the HIPS, which ESS has not, but you can add a 3rd party HIPS without having to install Comodo.
Personally I'm using ESS for now, until the V3 of Comodo is up and running, then I'm going to make up my mind but for noww Comodo has too many issues for me to use it.
And like I say if you want that absolute control on your system just Install a HIPS alongside ESS and that's all you'll need. <-QUOTE}


Any recomendation for a HIPS? ideally free.

I'm sory but I can't recomend one, I have tried a lot of them but eventually they all fall short. The only HIPS I know that work really well are the ones included in Online Armor firewall 2.0 and Comodo V3 (still in testing RC1 was released a week ago).
Unfortunately those come with a firewall, which kinda sucks if you want to use ESS.
As for me, at the time I run ESS along with Comodo Boclean, it seems to be a great combination and since I'm behind a Router I think I'm pretty much covered, of course not every one will agree....

You should be able to install COMODO, disable the firewall and then install ESS.

{QUOTE-> Any recomendation for a HIPS? ideally free. <-QUOTE}
As for a HIPS, you may want to keep an eye on this thread-

http://www.wilderssecurity.com/showthread.php?t=190712

It looks like someone is going to try ESS and Online Armor 2 with the OA firewall disabled. This may turn out to be a good combo assuming you are not trying it on Vista.

{QUOTE-> This article here: http://www.winplanet.com/article/3847-.htm
Says that:
"ESET Smart Security's firewall will have aggressive scanning as data go up and down the wire, since so many forms of malware seek to get around firewalls by using certain ports or applications. The NOD32 engine will inspect all traffic going in and out of the computer through the firewall in real time without impacting performance, according to Andrew Lee, chief research officer for ESET. " // "A lot of firewalls are rather static. They give port access to an application and then don't check the content coming through," he told InternetNews.com. "The network is our area of focus since everything goes through it. We inspect all network traffic with the antivirus engine." Also: "Different levels of security can be applied to applications. For example, Microsoft Word can have a normal level of security or ESET Security Suite can treat it as if it were a browser and apply the same kind of scrutiny to its disk and network activity as it would Firefox or Internet Explorer."

If that is not what I understood then sory, but I think it is pretty clear that all trafic allowed by the firewall is scanned for content with the antivirus engine... that is more that what Comodo can do or any other standalone firewall I have used. (remember that I am no expert, just a user) <-QUOTE}
Thanks for that. :)

From the description seems more like some kind of extented HTTP AV monitor to all the ports.

ps. I do not think that this adds more security. NOD32 AV standalone version can detect those too. It seems more like a publicity article to me. (nothing wrong with that ;) )

{QUOTE-> Thanks for that. :)

From the description seems more like some kind of extented HTTP AV monitor to all the ports.

ps. I do not think that this adds more security. NOD32 AV standalone version can detect those too. It seems more like a publicity article to me. (nothing wrong with that ;) ) <-QUOTE}

The signature your post has attached to it doesn't give it very much credibility. It shows bias. In case you change it, the signature I see now is "http://forums.comodo.com/"

By the way, Comodo hasn't passed several Matousec leak tests. There are two other firewalls that passed it though.

{QUOTE-> The signature your post has attached to it doesn't give it very much credibility. It shows bias. In case you change it, the signature I see now is "http://forums.comodo.com/"

By the way, Comodo hasn't passed several Matousec leak tests. There are two other firewalls that passed it though. <-QUOTE}

You make it sound like comodo is a low leak blocker. Last time i checked 2 failures arent several?

Also he does not work for comodo. Just a moderator who gained it by being a knowledgeable user like stem. So if i put that link in my signature it means bias. Let me guess you hate norton? :D.

{QUOTE-> The signature your post has attached to it doesn't give it very much credibility. It shows bias. In case you change it, the signature I see now is "http://forums.comodo.com/"

By the way, Comodo hasn't passed several Matousec leak tests. There are two other firewalls that passed it though. <-QUOTE}
He does not work for comodo....And missing 2 tests is several?

"We inspect all network traffic with the antivirus engine"

It is just an http scanner. Avast has had this technology for a while....*puppy*

"The NOD32 scanning engine uses a heuristics scanning engine called ThreatSense, which ESET claims has not missed an in-the-wild-virus in Virus Bulletin VB 100 testing in the past nine years, while producing only one false-positive during that time."

They are saying it is not possible to start missing?

So the article is saying this firewall is different from the rest because its http monitor uses threatsense? I see problems in the future....letting an av heuristic look at bits of tranfering?

{QUOTE-> The signature your post has attached to it doesn't give it very much credibility. It shows bias. In case you change it, the signature I see now is "http://forums.comodo.com/"

By the way, Comodo hasn't passed several Matousec leak tests. There are two other firewalls that passed it though. <-QUOTE}
Although I really do not have to, I'll answer to your comments.

1. As Coolio10 said I am a volunteer moderetor at the comodo forums.And I do not use different knicks on every security forum that I am member. (my signature over there point to returnil in case you are interested).
2. Most of my posts here are related to FD-ISR, Rollback-RX and ShadowDefender. Not about comodo products.
3. Since you are a new member, you probably do not know that here in the wilders if you change your signature it will affect only the new posts and not the old ones.
4. I did not comment if ESS firewall is better than comodo firewall. I only explained what that article means. [Personallly I am not aware of any soft firewall with Cross Packet Inspection (XPI)]
5. By the way Comodo passes all the leaktests if you:
a. disable "do not show any alerts for the applications certified by comodo)
b. move component monitor to "on" instead of "learn mode".
Actually it was the first firewall to pass all the leaktests a year earlier (the others could reach similar results only recently).
6. The fact that you are a pretty new member, that all your posts are Nod32 related and that your nick (SecMonk) is extremely similar with the that of the thread starter (MrMonk), give even less credibility!

Anyway, I would invite all of us to remain on topic.

Panagiotis

Hey Master TB, have you had a chance to test the firewall in ESS and come
to any conclusions? Please detail if you have time. Thanks.
[Private messaging not working!]