So comodo is meant to be the best free firewall, yet I ask the question, why?
I've had nothing but trouble, hassle and annoyance from it. Various programs not working and plenty of 'non valid win32 applications' messages.


Limewire couldn't connect, yet with sygate, no problem.

2 weeks ago, I bought a DVD writer and couldn't install the Nero 7 essentials disc that came with it. I posted on a DVD software messageboard and they said it was to do with my virtual drives conflicting. It wasn't that. Because tonight, the disc installed without a hitch, since installing sygate. There were no alerts in comodo so I had no idea it was being blocked.

Comodo might be great for some people, but I wil never install it again, and I've said this to the people on the comodo forum too. What is your opinion of comodo, am I being too harsh?

Comodo is not meant to be the best free firewall, Comodo is meant to be the best firewall.;D

{QUOTE-> Comodo is not meant to be the best free firewall, Comodo is meant to be the best firewall.;D <-QUOTE}

Well as far as I'm concerned, they can stick it where the sun doesn't shine :P

I don't feel the need for a software Firewall but if I did sygate would be the one.

I don't know if it's fair to pick solely on Comodo. This sort of thing can and does happen with HIPS programs also. Anything that tries to watch and protect everything happening on the system to that degree is bound to be not only annoying, but even buggy and problematic. If you're looking for hassle-free living, then it's probably best to stick with the simple apps and approaches to security, and rely more on your street smarts to keep yourself out of trouble.

If you switched to Sygate, that means you don't want/need Defense+. Did you try it without Defense+? Heck, i don't use it.

{QUOTE-> Well as far as I'm concerned, they can stick it where the sun doesn't shine :P <-QUOTE}
Well as far as I'm concerned, I having it installed and perfectly happy with it8)

Well,

never say never, but if it not usable for you now... forget about it and move on.
You will find posts like yours about really every firewall or (security) program.
But it is not that you are made for a single program, very much programs are made and you can choose the one which fits your needs.

Maybe in this case it's also because everyone is very proud to say: I use the biggest and best FW, better than the rest and you are a real security expert if you can handle it.
Most often it is just swank from scared adolescents, the typical comodo user.

So look out for another Sygate replacement if you like, many options around here.
Or keep sygate and add for example a behavior blocker.

Cheers

{QUOTE-> If you switched to Sygate, that means you don't want/need Defense+. Did you try it without Defense+? Heck, i don't use it. <-QUOTE}

Nah, didn't even know you could turn it off. I was just so fed up with alert after alert after alert for every goddamn little thing, I was actually shouting at my computer. :argh: Even after I switched to installation mode I'd still get some alerts. ::) And the fact that comodo didn't even make me aware that it was blocking Nero was the final straw for me. I'm happy with sygate, apart from one thing. It won't let me activesych anymore with my pda, but apparently there's a phone registry edit for that.

{QUOTE-> Well,

never say never, but if it not usable for you now... forget about it and move on.
You will find posts like yours about really every firewall or (security) program.
But it is not that you are made for a single program, very much programs are made and you can choose the one which fits your needs.

Maybe in this case it's also because everyone is very proud to say: I use the biggest and best FW, better than the rest and you are a real security expert if you can handle it.
Most often it is just swank from scared adolescents, the typical comodo user.

So look out for another Sygate replacement if you like, many options around here.
Or keep sygate and add for example a behavior blocker.

Cheers <-QUOTE}

Yes, good post, subset. I agree.

On the comodo forum, I posted in their feedback forum saying thanks for all their help ( because certainly they were very nice and helpful to me over the last year and a half,) and goodbye.
Yet I got a few condescending replies suggesting I didn't read the FAQ's, didn't learn enough about comodo, etc. Well frankly, I'm not even interested in firewalls, it's just a necessity. I just want one that works in the background and doesnt keep tugging at my shirt every 2 seconds for attention and blocking programs I don't want blocked. I think comodo is actually for people who are interested in messing around with firewalls, not average users like me. I like sygate. And before comodo, I liked PC-Cillins' internet security firewall. I found that pretty effective and easy to use and non intrusive.

{QUOTE->
Maybe in this case it's also because everyone is very proud to say: I use the biggest and best FW, better than the rest and you are a real security expert if you can handle it.
Most often it is just swank from scared adolescents, the typical comodo user. <-QUOTE}
:-* :-*

My I.Q. was too low to use Comodo Firewall. I use Sygate now. :)

Hi, folks:

Comodo f.w is not made for everyone. So true are all other applications.

Therefore, the course of smart action is to select the ONE fits your needs. There are no such things as the BEST. You either use a better one or enlist an average one. At the end of day, they all provide you protection required. No sweats.

Comodo is not a rubbish, just not to your linking that is all. Do not stir up another war(?) here please. Be happy.

Of the numerous firewalls I have used, Comodo has performed the best for me. I don't care about hips, nor do I use hips. As just a firewall it suits me just fine. I have just recently purchased a one year license for Avira A/V, after trying numerous A/V's, free or paid. I'm just happy that Comodo firewall is free. I would like to try Online Armor, but it's not Vista compatible, after all this time. If a better firewall came along, I would certainly try it to see if it was true.

Hi,

Because most people want teh best security and think they are experienced they start to use Comodo full swing, then you will be getting telephones from these PC experts: hey do you know. . . . ? My initial response was this post http://www.wilderssecurity.com/showthread.php?t=207773 (Or in simple terms finding a reasonable quiet D+ setup.

Thanks to BIGC (Thank you Thank you :thumb: :thumb: ) I now show them his post on Vista FireWall and the smart Vista FireWall COntrol utility. Together with LUA (in quiet mode) a decent AV and Threat fire it is a no hassle set up

So please STEM/BIGC post another few testimonials for easy set up, so Wilders Members bugged by friends wanting to use a FW which is over their head can say, but the real experts say . . . . ;)

Regards Kees

Vista Firewall Control is excellent software. Couldn't get an easier firewall. Either disable, allow outgoing, or allow all.

The original poster raised a good point. Firewalls are a necessity to have now because of how the internet turned out. In an 'ideal world', we wouldn't need something to slow down our connection, throw a ton of popups our way, make us think while we're trying to zone out.

Comodo suits those who demand knowing every detail going on with their system.

If you can handle nagging from the wife/girlfriend every minute, Comodo is for you. If you can just handle 'take the garbage out' a few times a day from the wife/girlfriend before your head explodes, stick to something simple like Vista Firewall Control or Sygate. ;D

Let me give my reason on why I also uninstalled Comodo. Comodo might be raved as the best free FW well and truly that might be ok, but it was a FW that needed constant baby sitting. I think I got more pop ups from Comodo in a day than emails in a week, and even when a pop up window from Comodo came up and I clicked allowed ( a program that I trusted), that same pop up will come up again and again. It was just pop up after pop up one after another. I know all FW's will have this pop up and users have to respond to it, but this just went overboard honestly and it was constant baby sitting. Infact to be honest I found far less popups in V2.0 than 3, meaning V2 didn't need all this baby sitting and had a mind to think for itself, not like 3 which needs 24/7 365 a year attention.

Well after all this saga I uninstalled V3.0 and reverted back to ZA Pro in which I love and personally think its one of the best FW's ever made no matter what any one else says. I'd been using ZA Pro in the earlier days when I was using Win 2000 Pro SP4 and it worked without a hitch plus it intergrates superbly well with my NOD32 AV and thought I do get a pop up window now and again, it does not annoy me with one after another pop up window like what Comodo did.

I'm not here to rant and rave and say Comodo is bad, but sorry it did not agree with me and my liking.

combo also block my RADMIN server >:( sh*ity fw it is

{QUOTE-> Let me give my reason on why I also uninstalled Comodo. Comodo might be raved as the best free FW well and truly that might be ok, but it was a FW that needed constant baby sitting. I think I got more pop ups from Comodo in a day than emails in a week, and even when a pop up window from Comodo came up and I clicked allowed ( a program that I trusted), that same pop up will come up again and again. It was just pop up after pop up one after another. I know all FW's will have this pop up and users have to respond to it, but this just went overboard honestly and it was constant baby sitting. Infact to be honest I found far less popups in V2.0 than 3, meaning V2 didn't need all this baby sitting and had a mind to think for itself, not like 3 which needs 24/7 365 a year attention.

<-QUOTE}

100% agree mate. You nailed it, it DOES need babysitting, and my experiences are exactly the same as yours. I too had a better experience with V2 than V3. Once v2 was set up and I'd made various allow rules ( which I found complicated but the comodo team helped me through it ) it seemed to be fine. I wish I'd stuck with V2.

{QUOTE-> 100% agree mate. You nailed it, it DOES need babysitting, and my experiences are exactly the same as yours. I too had a better experience with V2 than V3. Once v2 was set up and I'd made various allow rules ( which I found complicated but the comodo team helped me through it ) it seemed to be fine. I wish I'd stuck with V2. <-QUOTE}


Version 2.4 is still available for download.
http://www.personalfirewall.comodo.com/download_firewall.html#fw2.4

{QUOTE-> Y
Yet I got a few condescending replies suggesting I didn't read the FAQ's, didn't learn enough about comodo, etc. Well frankly, I'm not even interested in firewalls, it's just a necessity. <-QUOTE}

Not reading the HELP file is the usual reason of why people can't understand Comodo... Comodo is useless and extremely frustrating without having read the help file for every one of its sections.



{QUOTE-> I just want one that works in the background and doesnt keep tugging at my shirt every 2 seconds for attention and blocking programs I don't want blocked. <-QUOTE}

This is where your mistake was. Comodo isn't shining as a firewall, but as a firewall + very powerful HIPS combo. If you just want a firewall for packet filtering, Comodo should be the last place to look for, since it also cuts a bit of your network speed, while "simple" (aka non-including HIPS) firewalls, perform better.



{QUOTE-> I think comodo is actually for people who are interested in messing around with firewalls, not average users like me. <-QUOTE}

It's for people that want HIPS on their PC and instead of installing 2 applications, they prefer using one that works as firewall and HIPS at the same time.

{QUOTE-> I like sygate. And before comodo, I liked PC-Cillins' internet security firewall. I found that pretty effective and easy to use and non intrusive. <-QUOTE}

Sygate is fine as long as you don't encounter the local proxy vulnerability. If you like Sygate, you may also like Zone Alarm free, Fort Knox Firewall and AShampoo free (which doesn't stealth ports though, but closes them). If you are a bit more expert, try Kerio 2 and PC Tools firewall.


{QUOTE-> I think I got more pop ups from Comodo in a day than emails in a week, and even when a pop up window from Comodo came up and I clicked allowed ( a program that I trusted), that same pop up will come up again and again. <-QUOTE}

This is a classical case of not understanding how Comodo works. If you click "allow" for an application in Comodo, it WILL pop up again, as soon as it will perform an action that wasn't IDENTICAL to the one you allowed. This applies to the connections part too. For example, you allow Opera to execute? Fine. When you will try to download something, you will get most likely an alert that Opera tries to write in a directory. You must give new permission. The best way to get rid of such things is to go to advanced properties for Opera and manually add the allowed directories. At the same way, if Opera pop up asking connection to IP xxx.xxx.xxx.xxx port 80 and you hit "allow", it will allow it but ONLY for remote port 80. When Opera will need to connect to remote 443, you WILL be asked again. The alternative is to avoid this is to use "treat as browser". Similarly, if you don't want D+ to ask you for every single action an .exe performs, you should NOT select simply "Allow", but "treat as trusted" (if you trust the exe).

If you don't read every single help file in Comodo (there is one in every page), you will NEVER understand how it works...


This said, YES, Comodo can be annoying. But, it's how HIPS are supposed to be. Still, as a HIPS, it is more convenient than "older" HIPS, like Process Guard full or SSM Free, which don't have any "treat as trusted" option when you get a pop up.

Comodo is perfect for total control of your PC. But as with everything advanced, it needs some reading from the user's side.

{QUOTE-> Even after I switched to installation mode I'd still get some alerts. <-QUOTE}

Installation mode, is made so that it will spare you the hassle of clicking "allow" for every step that your installer does (temporary files, driver installation etc). It does NOT automatically trust the new executable. Is this annoying? Yes. But then why did they make it so? Because, what if your installer is infected ? If all the new exes were automatically trusted upon installation, the malware would be trusted too. On the contrary, with Comodo's way, you will STILL have a chance of understanding that the newly installed program is doing something weird and block it.


To put it in 2 words, you can't have it all for nothing. You can't have a PC locked down like Fort Knox, without having "checkpoints" that ask for your "identification and fingerprints".

{QUOTE-> What is your opinion of comodo, am I being too harsh? <-QUOTE}

Unless Comodo has stability problems with your PC, then yes, i think you are being harsh. Otherwise, everyone would be complaining about the same issues. If you haven't read and understood Comodo's help files, it's useless to try and run Comodo, because it will drive you crazy. It's like people that have never driven manual clutch cars and they blame the car when they first try it and can't drive. It's not the clutch's fault, its the driver's that doesn't know how to drive on manual gears.

Comodo wasn't designed to be "best firewall", but "most secure" firewall, that's why it has HIPS. The best firewall is anyway the one you understand fully. If you ask me, PC Tools firewall is much less secure than Comodo, but performs much better on internet speed, that's why i run it. You like Sygate and understand it? Then that's the best firewall on the earth for you. Just not as secure as Comodo (not regarding the packet filtering part, but the HIPS one).

Best regards.

{QUOTE->
This is where your mistake was. Comodo isn't shining as a firewall, but as a firewall + very powerful HIPS combo. If you just want a firewall for packet filtering, Comodo should be the last place to look for, since it also cuts a bit of your network speed, while "simple" (aka non-including HIPS) firewalls, perform better.
<-QUOTE}
I agree with your post overall, only don't quite understand you here. What major thing is CFP missing? Don't install D+, compare it to Sygate. What's missing, detailed logging?

{QUOTE-> I agree with your post overall, only don't quite understand you here. What major thing is CFP missing? Don't install D+, compare it to Sygate. What's missing, detailed logging? <-QUOTE}

For me, there is a certain lag i have with internet and Comodo. Barely noticeable, but it's there. This "lag" increases if you use p2p. It's like the firewall is having more difficulty in handling many connections compared to "simple" firewalls. With PC Tools i can feel it. See Matousec's latest TCP and UDP performance test. There is a 20% drop in both with Comodo.

It's not strange either you know. When was the last time you saw in the changelog something improved in packet handling? Until a few years ago, when firewalls had no HIPS, each company used to work for YEARS in their firewall driver, trying to fix bugs, improve stability, connectivity, etc. Ok, one may think that Comodo has perfect record there, so there is no need to do such improvements. But i simply don't have that impression when i compare Comodo with PC tools for example, which feels faster in everything.

The logging etc, are features that one may want or not. Personally i LOVED Sygate's logging system, but nobody seems to care about logs these days. All they care is HIPS. But i am not referring to such features. I would be very happy with Comodo even with its current logging system, if it would be so performant on my PC as the "simple" firewalls, internet-wise.

My only problem commenting is that i don't use XP that much these days. So, i didn't try Emule or anything on latest v3.
Did you really uninstall Defense+? Defense+ makes a big difference. I, although for different reasons, don't use Defense+, and find it light.

CFP is the most logical firewall for me, rules based, and creation of rules is simply easy. It needs further improvements on those very advantages (alert very high should be specific to ICMP messages for instance, and source ports), but there's not many firewalls that open and logical.
LnS is good, but application control doesn't quite fit me. Jetico would require more time (possibly would like it then), as well as CoreForce :)
All others severely miss something or show bugs as time goes by. Kerio 2.1.5 won't let my laptop hibernate :(

I agree on one thing: too much attention is being given to D+, and not the firewall proper. It's what i've been saying in the Comodo forum.
Obviously they can't neglect D+ either, bugs and all that.
And the firewall did get good improvements from v2 to v3, just not much between v3 builds.

Hello,

I don't think Comodo is rubbish - but it is not a firewall for games or p2p-ers. It is a firewall for people who:

1. Do want an interactive firewall - and can handle the prompts.
2. Don't mind the performance compromise in return for whatever extra they might be getting.
3. Want a free solution.

I'd still say got for Sygate or ZA before Comodo, but I would also recommend it. It may not be ideal for you or me, but it will do its job. And for people who only surf a little and email, the slowdown will not be noticeable.

Of course, I could not possibly bear it, with 500-800 p2p connections :)

Mrk

I personally think CFP is a real shitty firewall but hey to each their own preferences. There are a lot of better firewalls.

{QUOTE-> I personally think CFP is a real shitty firewall but hey to each their own preferences. There are a lot of better firewalls. <-QUOTE}
{QUOTE-> My I.Q. was too low to use Comodo Firewall. <-QUOTE}
Maybe my I.Q. is higher than I thought. ;D ;D ;D ROFLMAO. Instead of having D+, I might get an A+

{QUOTE-> My only problem commenting is that i don't use XP that much these days. So, i didn't try Emule or anything on latest v3.
Did you really uninstall Defense+? Defense+ makes a big difference. I, although for different reasons, don't use Defense+, and find it light. <-QUOTE}

No, i have never tried the firewall with D+ disabled. For me, the main reason for running Comodo, is D+. Otherwise, i like Kerio 2 and PC Tools much more. D+ adds a lag on the system, for example opening quickly folders. But i accept that, it's a price to pay for a HIPS. And overall, Comodo isn't CPU or RAM hungry even under p2p. BUT, i CAN feel a difference in browsing and in browsing while doing p2p. I mean, what Matousec found "scientifically", is something that i could "feel" too.

{QUOTE-> CFP is the most logical firewall for me, rules based, and creation of rules is simply easy. It needs further improvements on those very advantages (alert very high should be specific to ICMP messages for instance, and source ports), but there's not many firewalls that open and logical.
LnS is good, but application control doesn't quite fit me. Jetico would require more time (possibly would like it then), as well as CoreForce :)
All others severely miss something or show bugs as time goes by. Kerio 2.1.5 won't let my laptop hibernate :(

I agree on one thing: too much attention is being given to D+, and not the firewall proper. It's what i've been saying in the Comodo forum.
Obviously they can't neglect D+ either, bugs and all that.
And the firewall did get good improvements from v2 to v3, just not much between v3 builds. <-QUOTE}

I don't have big complaints with Comodo's interface either, but i do prefer Kerio's 2 or PC Tools firewall on the fly rules. For example, Comodo's preset "browser" rule isn't suitable for many live streams or internet tvs and since in its rule it has "block all other", you need to edit it, or it won't even ask. Kerio and pc tools also automatically do DNS resolving, giving you the domain name, which is quite helpful often, instead of seeing an IP and having to do the whois yourself. Both Kerio and PCTools can make on the fly rule for specific port on specific IP. Comodo's "allow" will make a rule for both TCP and UDP for that port but for ANY IP. If you don't like it, you must go find the rule and manually modify it, while in KErio 2 and PC tools, you do it on-the-fly.

So, i think there is room for improvement in Comodo in its firewall department. But, they seem to be concentrated on adding new HIPS features.

That said, i DO like Comodo overall and it's great freebie and if i get in the mood of running a firewall with HIPS, which is CPU-easy even with p2p, i will certainly choose Comodo. It's not bad with p2p either. I get very high speeds. It's just that it seems that my browsing gets "heavier" compared to the "simple" firewalls at the same speeds. There must be something in the way it handles connections. Also my pings seem a bit lower now compared to Comodo.

Alcyon, can you be more vague?
{QUOTE-> No, i have never tried the firewall with D+ disabled. For me, the main reason for running Comodo, is D+. Otherwise, i like Kerio 2 and PC Tools much more. D+ adds a lag on the system, for example opening quickly folders. But i accept that, it's a price to pay for a HIPS. And overall, Comodo isn't CPU or RAM hungry even under p2p. BUT, i CAN feel a difference in browsing and in browsing while doing p2p. I mean, what Matousec found "scientifically", is something that i could "feel" too. <-QUOTE}
Defense+ is not the main reason for me, to the point that i don't use it.
You should try it without Defense+ if you revisit CFP. You can't compare these firewalls when you use Defense+. It will do a lot more than those firewalls, and it has to use more resources, it's a no brainer.

PCTools? Sorry, it doesn't run with DEP! :P
{QUOTE->
I don't have big complaints with Comodo's interface either, but i do prefer Kerio's 2 or PC Tools firewall on the fly rules. For example, Comodo's preset "browser" rule isn't suitable for many live streams or internet tvs and since in its rule it has "block all other", you need to edit it, or it won't even ask. Kerio and pc tools also automatically do DNS resolving, giving you the domain name, which is quite helpful often, instead of seeing an IP and having to do the whois yourself. Both Kerio and PCTools can make on the fly rule for specific port on specific IP. Comodo's "allow" will make a rule for both TCP and UDP for that port but for ANY IP. If you don't like it, you must go find the rule and manually modify it, while in KErio 2 and PC tools, you do it on-the-fly.
<-QUOTE}
I don't use the browser rules, but if that's true, it's a matter of reporting to Comodo.
What i use that substitutes Kerio's custom rules is setting the alert level the way i want it. Alert level Very High is specific to IPs and ports. You then edit the rule to generalize for instance, firefox port 80 to any IP. You're in charge.
The rules are grouped per executable. It's easy once you understand it.

If PCTools is like LnS, perhaps you can explain something: i allow Firefox, what happens? Then, can you see what are the rules for Antivir, in one place (not look for them)?

Cheers, i enjoy these discussions :)

{QUOTE->
Of course, I could not possibly bear it, with 500-800 p2p connections :)
<-QUOTE}
One of these days i'll load my folder in Emule, and start it. We'll see! muahahaha

Hello,
If you are used to firewalls that make 0 impact on traffic, like sygate, kerio, iptables, even windows firewall (actually a VERY good firewall!), then you'll be unpleasantly surprised.
Mrk

{QUOTE->
I don't use the browser rules, but if that's true, it's a matter of reporting to Comodo.
What i use that substitutes Kerio's custom rules is setting the alert level the way i want it. Alert level Very High is specific to IPs and ports. You then edit the rule to generalize for instance, firefox port 80 to any IP. You're in charge.
The rules are grouped per executable. It's easy once you understand it. <-QUOTE}

That's exactly what i mean. You have to edit the rule again manually, instead of having "once" on the fly rule. I prefer the more direct approach, found in Kerio, PC Tools or even Outpost.

It's not bad, there are much worse out there than Comodo, just my wish. Their browser preset has the "common" needs, which isn't bad (http,https,ftp). But, the thing is, that exactly since they don't have on the fly rules and because they have included the "block any other" rule, you have to edit manually everytime you need a different port. For example, i want to go to an online TV site and for that site ONLY, i would like Opera to use port 3400 and 3442. With on the fly rules, it's very easy. With Comodo you must go and edit quite a bit, having noted down the site's IP of course. So, in Comodo at the end i quit any such effort, and just use "outbound only" preset. Although i am thinking of modifying the "browser" preset and delete the "block all else" rule and see if it will ask me. That might work...

{QUOTE->
If PCTools is like LnS, perhaps you can explain something: i allow Firefox, what happens? Then, can you see what are the rules for Antivir, in one place (not look for them)?

Cheers, i enjoy these discussions :) <-QUOTE}

PC Tools is said to be based on LnS, but i haven't run LnS in ages, so i don't know if the GUI is the same. When Firefox wants to connect, you get a pop up saying that Firefox.exe wants to connect to www.wilders.com port 80. From the pop up you can click customize rule and can edit ANY of the above as well as direction (outbound or inbound). So you can create a rule on the fly, for Firefox to allow on ANY IP port 80 OR only for wilders.com port 80, OR simply connect to ANY TCP (no matter what port) outbound. It's very convenient.

On PC Tools firewall, there is the application window, where you see all the apps names. To see the exact rules, you have to click on each application (you can't see the rule directly or all the rule for all apps at once).

{QUOTE-> Hello,
If you are used to firewalls that make 0 impact on traffic, like sygate, kerio, iptables, even windows firewall (actually a VERY good firewall!), then you'll be unpleasantly surprised.
Mrk <-QUOTE}


Comodo isn't that bad with p2p. I 've seen much worse. And most important, doesn't eat CPU at all. Oddly enough, Sygate eats MUCH more CPU with p2p on my PC than Comodo. Maybe doesn't like dual cores?

As a matter of fact, i have just reinstalled Comodo and running it with Emule and it's does feel to "struggle" more in browsing, but as i said, i 've seen worse... I am trying to understand what's causing random reboot on my PC, so i have uninstalled PC Tools firewall for now.

Hello,
It's all relative.
Mrk

Before anything else, uninstall Defense+ so you can test it properly!
The major missing things are :
-MD5 or better for applications, though it does monitor and block changes. The default will allow explorer.exe though... hate that :ouch: . It's like Defense+ isn't really off, and not really on either. But hey, SSM free does the rest..
-The alerts "act as server" for localhost. That is, the AV connects to websites, and mysteriously the browser goes localhost to whatever port.
We know what's going on, but i hate that too.. There are no rules that allow IN for the AV on localhost. 2.4 has a small victory there.
{QUOTE-> But, the thing is, that exactly since they don't have on the fly rules and because they have included the "block any other" rule, you have to edit manually everytime you need a different port. For example, i want to go to an online TV site and for that site ONLY, i would like Opera to use port 3400 and 3442. With on the fly rules, it's very easy. With Comodo you must go and edit quite a bit, having noted down the site's IP of course. So, in Comodo at the end i quit any such effort, and just use "outbound only" preset. Although i am thinking of modifying the "browser" preset and delete the "block all else" rule and see if it will ask me. That might work... <-QUOTE}
It will work.
On the Opera example, i just allow it and remember. I don't need to edit anything, although i always do for all programs (or most), which is source port - NOT - restricted ports.
I would welcome very much the custom rule feature from Kerio 2.1.5 indeed. I do believe it's in the "wishlist".
But it doesn't make or break CFP, for me.

Oh, thank you for the PCTools preview :) , i really appreciate it. Maybe someday i'll disable DEP just so i can try it. Then uninstall so i can secure it again .. hehe

{QUOTE-> Hello,
If you are used to firewalls that make 0 impact on traffic, like sygate, kerio, iptables, even windows firewall (actually a VERY good firewall!), then you'll be unpleasantly surprised.
Mrk <-QUOTE}
How can i test it? I mean, how do i remove (most of) my subjective observation.
TIA

Hello,

By monitoring logs, cpu, memoery usage, browser response, page loads, ping, etc over a long period of time - incl. average, peak, overhead etc, once for comodo, once for something else (a light firewall).

Hell, you can use my Design of Experiment thingie to check it out.

I tested Sygate and Comodo in that experiment. Firewall impact on system response was almost identical. Sygate was better for low RAM, Comodo gave a better show for higher RAM.

I admit it was a limited test, a specific hardware platform, using only two outputs. The AV and RAM are far, far more critical in that regard.

I did a separate test on my own with p2p - as it takes quite a long time. Almost a week to get it done. I tested quite a few parameters, most notably page loads, cpu usage and memory usage.

While you may call the Comodo results acceptable, because it sure did not cripple the machine, it showed 5-10% average load, the cpu spikes - up to 60%, memory load 70-80MB, and page loads that took on average ~ 1sec. This for approx. 500 simultaneous connections.

Sygate held steady at 2-3% with spikes less than 10% cpu, 13MB memory and ~ 0.35sec page loads.

So, can you live with it? Yes. Should you? Well, if you want a modern firewall with all the leaktest thingies, then that'syour choice.

If you are a minimalist and want a pure firewall, don't compromise and go for light solutions like Sygate, Kerio 2.1.5 etc.

I think performance is no.1 issue, so it's always the fastest and lightest for me.

One thing I could not fully test is stability over time. I can say, though, that I did find some bugs with Comodo - small and all that - in abut 2 months total time testing, but I've never had them with Sygate in approx. 5 years. That says a lot.

The only other firewall that never crashed on me (Windows) was the Windows firewall. ZA got its logs erased on hard reboot and Kerio 4 had an occasional BSOD when shaken, not stirred. I tested Kerio 2.1.5 for too short a time to claim, but it was quite nice... and so forth ...

P.S. Tested was Comodo 2.4, so I can't say what goes today.

Mrk

{QUOTE-> Kerio 4 had an occasional BSOD when shaken, not stirred. <-QUOTE}
;D
{QUOTE->
P.S. Tested was Comodo 2.4, so I can't say what goes today.
<-QUOTE}
Yes, it has to do better at least. I do notice differences, and i don't use Defense+ (this is the HIPS part, leaktest passer and all that).
Without Defense+, it's just a packet filter (Global Rules) and per application rules.
It's not iptables, but it does the job.

Thank you for the reply, i'll see when i can load Emule in XP.

{QUOTE->
P.S. Tested was Comodo 2.4, so I can't say what goes today.

Mrk <-QUOTE}

Ah, this explains it. Comodo 2,4 was going insane in CPU with p2p. Comodo 3 is completely different and in my PC beats the crap out of Sygate in CPU time. Of course the indisputable champion, remains Kerio 2. It just won't eat CPU time...

Just a basic test but rather a revealing one I've tried is using Wireshark to capture packets when surfing to 4-5 of my favourite websites. Under Windows using one of a few software firewalls, the number of bad tcp packets is enormous. However, under Linux (using PCLinuxOS 2007 currently) with only its built-in iptables, the number of bad tcp packets is tremendously lower than that seen using Windows. I'm behind an old D-Link router in all cases.

You know, you can get your PC tuned up and get it expert installed now at comodo, it did me real good. It was a lot faster, even on paranoid mode.

For MrkVonic, a glimpse on Comodo 3.

Running emule from 18:59 to 23:25

Of course i agree that Comodo 2.4 by now would be eating alive my CPU. Reason for which i never used Comodo 2.4 for more than 10 minutes. ;D

But with Comodo 3, although i feel browsing more sluggish,

http://img397.imageshack.us/img397/1903/23323432ni7.png

http://img397.imageshack.us/img397/5074/42852265cg3.png

Can't complain about dl speed either. ;D (i have fragmented packets protection OFF, because emule generates an amount which seems useful to it and my router lets them pass anyway).

http://img397.imageshack.us/img397/4632/62640142ct1.png

{QUOTE-> Just a basic test but rather a revealing one I've tried is using Wireshark to capture packets when surfing to 4-5 of my favourite websites. Under Windows using one of a few software firewalls, the number of bad tcp packets is enormous. <-QUOTE}What are you classing as bad packets?
If you are referring to checksum errors then your NIC may be set to "checksum offload" which will then show packet errors in Wireshark.

Comodo firewall, with D+ active, will give you superb protection. It is a firewall plus HIPS with an extremely broad scope of protection and an extremely stupid AI (artificial intelligence). If you accept & adjust for the stupid AI, your computer can enjoy a nearly bullet-proof protection.

Here is one way to get there IF & ONLY IF your computer is clean.

1- Install Comodo firewall, inclusive of D+.
2- Right-click the Comodo icon in your system tray then (a) set the firewall to "training" mode, then (b) set defense+ to "training mode"
3- Right-click the Comodo icon in your system tray then click "Open"
4- On top row of GUI (showing Summary Firewall Defense+ Miscellaneous) (a) click "Defense+". Then (b) click "My Own Safe Files". Then (c) click "ADD". Then (d) click "Browse Files". Then (e) Browse to My Computer > C > Program Files.
(f) Then add the entire folder of each individual "clean" application to your safe files. Click "apply". (g) repeat steps c-f until you have added all the folders for all clean application to "My Own Safe Files."

5- Do updates for all your security apps then Right-click the Comodo icon in your system tray then (a) set the firewall to "Safe Mode".

6- Leave Defense+ in training mode for several days then Right-click the Comodo icon in your system tray then (a) set Defense+ to "Safe Mode".

7- After a couple of weeks, Right-click the Comodo icon in your system tray then (a) set the firewall to "Custom Policy Mode", then (b) set defense+ to "Paranoid mode"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The above process will give you a very secure computer with VERY few pop-ups -- IF & ONLY IF your "clean" computer is truly clean to begin with, AND you stay in safe waters during the two weeks of getting set-up in this manner.

NOTE 1: I have it on good authority (but not incontrovertible) that it is safer to categorize a file as "Safe" (My Own Safe Files) than it is to categorize it as "trusted." For example, a Trusted Application can modify any protected file without alert, while a Safe Application that tries to change a protected file will generate an alert.

NOTE 2: As to "Step 4" in the above suggested process, this is what ProSecurity does AUTOMATICALLY during installation. To my knowledge, ProSecurity is the only HIPS that accomplishes that step for you, automatically, & thereby makes it MUCH easier to learn & use than is true for most other HIPS. Unfortunately, ProSecurity appears to be abandoned-ware, for the moment, whereas Comodo is vigorously maintained up-to-date. If Comodo were to enable autiomatic set-up, along the same lines as ProSecurity, then Comodo would be easier AND better than it is now. On the other hand, if ProSecurity's developer got to work again, ProSecurity would probably leave every other HIPS behind it in a cloud of dust. Until that happens (if it ever does) there is Comodo.

{QUOTE-> PCTools? Sorry, it doesn't run with DEP! :P <-QUOTE}Data Execution Prevention?
I have run the latest version of PC tools firewall with hardware DEP enable (for all programs) without problem.

'noexecute=AlwaysOn' ?

{QUOTE-> What are you classing as bad packets?
If you are referring to checksum errors then your NIC may be set to "checksum offload" which will then show packet errors in Wireshark. <-QUOTE}

I beleive that's what they are. It's been quite a while since I tested on Windows. However, I use the same pc with the same NIC for the tests when i run Linux, and I see very few of these "bad" packets under Linux. Somewhere in these forums I posted on this, so I'll check for the thread a while later when I get time.

Hi wat0114,

It would depend on driver support in linux if such offloads are allowed, but would say to disable the "checksum offload" in windows for the NIC when using wireshank.

{QUOTE-> 'noexecute=AlwaysOn' ? <-QUOTE}Such an option would make what difference?

Dep is enabled on all. If such execution is made, then either the DEP is bypassed or intercepted with alert, or, the program attempting such will crash.

That would be logical, yes. Unfortunately, that's not how Windows acts.
http://blog.fabriceroux.com/index.php/2007/02/26/hardware_dep_has_a_backdoor?blog=1

A lot of programs don't work with DEP.

{QUOTE-> That would be logical, yes. Unfortunately, that's not how Windows acts. <-QUOTE}That is why I mentioned the possible "bypass"
I have known about that for quite a while, but it is like any other security, nothing is infallible

{QUOTE-> A lot of programs don't work with DEP. <-QUOTE}I agree, I know a number of legit programs that will fail due to DEP, but, PC firewall is not one of them on my setup.

{QUOTE-> That is why I mentioned the possible "bypass"
I have known about that for quite a while, but it is like any other security, nothing is infallible
<-QUOTE}
It's not about being fallible, MS put that intentionally, for whatever reason.
The guy on the link suggests an alternative, which is hex editing. Personally, i prefer not to.

Try it. Edit the boot.ini file, trade "OptOut" for "AlwaysOn". Save and reboot.
PCTools Firewall, at least the GUI, won't work, or my computer has something weird.
There could be a warning, i don't remember. Some programs simply don't open, Windows doesn't warn.

{QUOTE-> What are you classing as bad packets?
If you are referring to checksum errors then your NIC may be set to "checksum offload" which will then show packet errors in Wireshark. <-QUOTE}

Stem,

I started a thread on this here (http://www.wilderssecurity.com/showthread.php?p=1256232#post1256232) so as not to continue disrupting this one.

{QUOTE-> For MrkVonic, a glimpse on Comodo 3.

Running emule from 18:59 to 23:25

Of course i agree that Comodo 2.4 by now would be eating alive my CPU. Reason for which i never used Comodo 2.4 for more than 10 minutes. ;D

But with Comodo 3, although i feel browsing more sluggish,

http://img397.imageshack.us/img397/1903/23323432ni7.png

http://img397.imageshack.us/img397/5074/42852265cg3.png

Can't complain about dl speed either. ;D (i have fragmented packets protection OFF, because emule generates an amount which seems useful to it and my router lets them pass anyway).

http://img397.imageshack.us/img397/4632/62640142ct1.png <-QUOTE}

Hello,

How many connections? What about the upload?

Did you try pinging a few sites just for fun, so see if there's any difference?
Again, a snapshot of the processes usage is not enough, you have to measure over a long time.

But it is quite possible the product improved. Except that I see there are quite a bit of problems with this D+ Z- thingie.

Mrk

Hi,

First let me state that more people like the reputation (as best free firewall) more than learning how to master this FW (read the manual/help), also most people dissappointed in Comodo are to unsecure about their system state to just set it a week in training mode.

I do not install Comodo any more as stated iin this post on request of friends http://www.wilderssecurity.com/showpost.php?p=1255596&postcount=15, I rather install Vista Fire Wall control.

I used to be a COmodo critic, but Comodo in this mode http://www.wilderssecurity.com/showthread.php?t=207773, even without the registry improvements in combination with TF (XP, Vista 32) or PRSC (Vista64) makes an excellent security combo.

My son is a fanatic gamer (two years ago, at age of 15 he once had the highest kill stats in the Netherlands in Battlefield 2). When he installs a (legitemate) new game, sets it in learning mode. He uses it in combo with PRSC on a Vista64 rig. He is very fanatic on 'ping', but he is very happy with Comodo on Vista64. After SP1 he told me that he did not even had to compensate for delay, meaning he can aim at an opponent in stead of shooting a little in front of the guy. This means that he has virtually no ping delay.

Off course we are behind a router and have "fragmented packet filtering off", he also manually fine tunes rules of the FireWall, limiting ports/protocols. Our router only has SPI on message header level (no DPI). In speednet.tes his ping times are better (on cable) than the family PC box with only XP firewall (on wireless). In my oponion you either use a software FW for [better traffic control (DPI)[ or[ limiting ports/protocols/applications and protecting your system integrity]. When someone knows a free product offering both, without trafiic delay, please mention it (do not think it can be made that way).

I think Comodo/D+ is a great product, only limit it on intrusion detection of image, file, registry and pseudo com and use a smart behaviour blocker to deal with the rest.

I was a Comodo critic, I found 2.4 a dragon of an application, only focussed on post infection bells and alarms, V3 really protects before infection. I am now positively critical.

No it-product can compensate the lacking compentences of a user (a FW) or an organisation (a CRM application), so don't blame the product, move on to a product which suites you better. Threads like this have a post trauma healing effect on the people who have to move on. So enjoy this thread. :P

Regards Kees

{QUOTE->
First let me state that more people like the reputation (as best free firewall) more than learning how to master this FW (read the manual/help), also most people dissappointed in Comodo are to unsecure about their system state to just set it a week in training mode.
<-QUOTE}
Comodo is for a small group of knowledgeable users and will never have a change in the large group of average users and who is going to spend a week on configuring a firewall, it doesn't even have an automatic configuration, based on the installed softwares.
I wonder what the developpers had in mind, when they created such an unpractical firewall. So much programming work for a small group of users. No wonder it is free, no one will buy such a firewall.
The art of creating successfull softwares is making it look very easy on the screens and very complicated behind the screens. Simplicity is always brilliant. :)

{QUOTE-> Hello,

How many connections? What about the upload?

Did you try pinging a few sites just for fun, so see if there's any difference?
Again, a snapshot of the processes usage is not enough, you have to measure over a long time.

But it is quite possible the product improved. Except that I see there are quite a bit of problems with this D+ Z- thingie.

Mrk <-QUOTE}

Here are the connections:
http://img237.imageshack.us/img237/148/29319960id4.png

Oh, there is nothing wrong with upload speed, it's "stuck" at the levels that i put it (32).

Don't remind me of pinging. Weird things happen when i ping. In speedtest.net, i usually get 480-530 ms (!) ping. While when i ping a site manually (command line), i get around 57ms. I *think* that with Comodo some emule servers appear with slightly higher ping (+10ms?) than with PC Tools, but nothing scary. On the bright side, with Comodo i get some very high individual file speeds (could have been a coincidence though).

MrkVonic, i have been using emule for 10 years and know the CPU consumption by heart. Believe me, i know when a firewall is eating more CPU than another and Sygate on my PC eats more than Comodo. ;D 10 years of experience are enough. ;D I could uninstall Comodo and run Sygate for 1 hour less, with the same files in dl and Sygate would still eat more CPU Time.

D+ can be annoying but IMHO, it doesn't cause trouble if you don't make it cause trouble. After all, it's a "dumb" hips, so you decide. And if you don't like D+, you disable it...

{QUOTE-> Comodo is for a small group of knowledgeable users and will never have a change in the large group of average users and who is going to spend a week on configuring a firewall, it doesn't even have an automatic configuration, based on the installed softwares.
I wonder what the developpers had in mind, when they created such an unpractical firewall. So much programming work for a small group of users. No wonder it is free, no one will buy such a firewall.
The art of creating successfull softwares is making it look very easy on the screens and very complicated behind the screens. Simplicity is always brilliant. :) <-QUOTE}

I have to agree. I can pretty much use any firewall, but i remember that when i first installed Comodo 3, i was puzzled especially with D+. I didn't know what i was doing until i read ALL the help files. It also took me some time to figure out how the preset rules were working and that i could modify them and add mine. Average Joe won't bother reading help files and unless he has a very fertile imagination which will help him to figure out everything on his own, he will just think that Comodo is crap.

Hello,

Cheers! I've been using p2p slightly less than 10 years ... And for me, best results come from Sygate ... :) But like I said, haven't tested Comodo 3.

What is important is that you have a firewall that suits you and all problems solved.

Mrk


On a side note, I noticed quite a few people spell Mrkvonic with capital V. I assume that my username becomes Mr.K + Vonic in most people's minds :) :)

Which is kind of: if you don't wanna go sub-sonic, try mrk-vonic ... :)

{QUOTE-> Hello,

Cheers! I've been using p2p slightly less than 10 years ... And for me, best results come from Sygate ... :) But like I said, haven't tested Comodo 3.

What is important is that you have a firewall that suits you and all problems solved.

Mrk <-QUOTE}

Ideally, the firewall i would like doesn't exist. It would be a hybrid of Kerio 2 rule making and lightness, Sygate's logging and maybe D+. But, it's OK and MAYBE PC Tools is the reason that my PC reboots, i have to wait and see. So for now i stay with Comodo. One thing that i can say though, is that cmdagent, in the first v.3 releases wouldn't eat any CPU time. Now it does. Prolly with all the bugfixes they make, they touched something there too.

What annoyes me with Comodo is that they make new versions too often. It seems that there are always importan bugs around. Anyway, this version doesn't do anything odd to my PC...

Sygate used to be my fav p2p firewall too. But when i had 256 kbps line. It seems that with speed line increasing, it eats a lot of CPU time. Sygate on my dual core runs between 2-5% all the time with often spikes to 10%, which is unacceptable for me. It's the main reason i don't use OA free either. Too CPU thirsty with p2p. Cpf.exe runs at 0% most of the time, up to 1%. Comodo 3 IS a different beast compared to v.2 with p2p. It has been confirmed in many fora in the internet.

{QUOTE->
On a side note, I noticed quite a few people spell Mrkvonic with capital V. I assume that my username becomes Mr.K + Vonic in most people's minds :) :) <-QUOTE}

LOL! True! Sorry about that!

{QUOTE->
Which is kind of: if you don't wanna go sub-sonic, try mrk-vonic ... :) <-QUOTE}

We could set a new internet speed limit too. Sub-vonic or hyper-vonic. ;D

P.S.: In emule the firewall and number of file sources is only a parameter as you know. Much of the difference make the number of files in dl (put many), the hard limits, the half open connections (TCPIP patch), the new connections per sec setting etc. Some people put too low, some too high and their connections is "strangled" trying to make a gazillion connections which is actually reducing their performance in dl.

The problem with this type of FW/Hips is that the average user or "noob" user is the one who needs the most protection. But the average user cant answer all popups correct, even experienced users dont know what to do with cryptic alerts. If an user can exactly answer all popups then in my opinion he doesnt even need this type of HIPS because he has too much knowledgde and wont be infected anyway. So the users needing the most protection cant handle the product and experienced users dont need it.

{QUOTE-> The problem with this type of FW/Hips is that the average user or "noob" user is the one who needs the most protection. But the average user cant answer all popups correct, even experienced users dont know what to do with cryptic alerts. If an user can exactly answer all popups then in my opinion he doesnt even need this type of HIPS because he has too much knowledgde and wont be infected anyway. So the users needing the most protection cant handle the product and experienced users dont need it. <-QUOTE}
Good logical thinking. I wished the developpers would have done this and put their time in something else.

Well, I've just uninstalled Sygate and installed PC Tools Firewall Plus. The only reason being that Sygate has a problem allowing my pda to activesync
with my pc. Short of a registry edit on my phone which I discovered is the only solution for others, ( and I can't get any replies on another forum about which reg editor to use ) I decided to try pc tools, especially since I'd downloaded it the other day and I wanted to see what it's like.
Well, it lets me activesync very easily and and generates application rules automatically, so, even better than sygate where I'm concerned. :)

{QUOTE-> So the users needing the most protection cant handle the product and experienced users dont need it. <-QUOTE}
But the users who cant handle it turn down every slider and turn off every advanced feature...
and feel still impregnable because of using the most advanced and secure product of all.

Cheers

{QUOTE-> But the users who cant handle it turn down every slider and turn off every advanced feature...
and feel still impregnable because of using the most advanced and secure product of all.

<-QUOTE}

In a Dutch PC magazine the previous comodo version with D+ disabled leaked more than old Sunbelt Kerio FireWall of PC Tools FW !

The magazine's main editor felt obliged to show this to the readers, because they (the redaction) thought this was the greatest downside of Comodo (users using wrong configuration and feeling very secured). They rated Comodo as the nr 1 FW for power users. They compared early rule/application FW's with Comodo now. A few years ago Kerio/Sygate were the best posisble software FW's, but attracted a lot of users who had trouble getting their filters/rules right. They claimed that next generation FW's now have the same riks on the HIPS part of the FW (Also doubted the rational of a leakless FW, when after a router with build in FW and running LUA in Vista). They also claimed that IE7 in protected mode was safer than Firefox or Opera (when running in Vista).

{QUOTE-> In a Dutch PC magazine the previous comodo version with D+ disabled leaked more than old Sunbelt Kerio FireWall of PC Tools FW !

<-QUOTE}

Not a surprise. Without D+, Comodo has no particular security whatsoever. It can't even warn about application changes (something available even in Kerio 2, because keeps MD5 hashes).

There is no reason why one should use Comodo over other "simple" firewalls, with D+ disabled.

{QUOTE-> 2 weeks ago, I bought a DVD writer and couldn't install the Nero 7 essentials disc that came with it <-QUOTE}
Ah okay, now I know why Nero8 doesn´t work.:thumbd: My mood becomes more and more bad towards UK!!

{QUOTE-> plenty of 'non valid win32 applications' messages.
<-QUOTE}


That was the problem myself and others had with it as well and why I won't use it. Apparently the Defense+ is not a big fan of video game emulators. I tried to make rules to allow my Mame32 emulator, to no avail. So I figured I'd just disable Defense+ all-together temporarily and that's when it really flipped out. Everything on my computer was supposedly "not a valid Win32 application" then.

IMO Comodo 3 is still a buggy program and I wouldn't recommend it to anyone. The 2.4 version is a very good, stable firewall. I would go back to it in a pinch.

{QUOTE-> IMO Comodo 3 is still a buggy program <-QUOTE}Agree, still beta now since 3.0.25 with Adware Askbar.

{QUOTE-> Comodo is for a small group of knowledgeable users and will never have a change in the large group of average users and who is going to spend a week on configuring a firewall, it doesn't even have an automatic configuration, based on the installed softwares.
I wonder what the developpers had in mind, when they created such an unpractical firewall. So much programming work for a small group of users. No wonder it is free, no one will buy such a firewall.
The art of creating successfull softwares is making it look very easy on the screens and very complicated behind the screens. Simplicity is always brilliant. :) <-QUOTE}
Well said. I think default install of CFP should have two options:

1- Dummy mode - no pop ups, no Defence plus, all automatic like Norton FW
2- Advanced mode - with all Defence plus n FW pop ups

And ... Yes, no tool bar in either case.:P

{QUOTE-> Not a surprise. Without D+, Comodo has no particular security whatsoever. It can't even warn about application changes (something available even in Kerio 2, because keeps MD5 hashes).
<-QUOTE}
Is it really true? That,s so bad.

I am curious if this issue has been discussed at their forums.

{QUOTE-> Is it really true? That,s so bad.

I am curious if this issue has been discussed at their forums. <-QUOTE}

I haven't tried to verify it, but is known, that Comodo with D+, doesn't keep application hashes, because D+ is supposed to monitor in real time any such changes and block them. So, i think that one can logically expect, that Comodo without D+, can't "see" application changes, because has neither hashes nor D+ monitoring in real time.

And yes, it is bad. But as i said, if one was to use Comodo without D+, then there are other better and lighter firewalls out there.

I would not complain to much about D+, every better FW have integrated HIPS like feature, D+ is transparent and you can clearly see what is it doing, problems can be with other FWs where HIPS is not transparent so when you disable it some parts of it are still active (e.g. self protection), D+ can be tweaked to protect every single part of your system or non at all or some, users decision.
Default set of protected area should be taken as a template, nothing more and nothing less.

It's what i said earlier about Defense+ not being completely off.

Change explorer rule to ask in Defense+, and modify firefox.

I found a bug in latest 3.0.25, Vista 64 sp1. When Taskeng accessing wsqmcons
if you click on details Comodo crashes totally.::) Probably a critical thing.
I reinstalled backup, now the first time that Comodo works with ease, except this bug,
no compromise actually, keyhooks are prevented, great.

Additional info: GUI crash also happens with other pop ups, just click on details of the right process,
CPF 3.0.25 will crash.

{QUOTE-> Is it really true? That,s so bad.

I am curious if this issue has been discussed at their forums. <-QUOTE}

Are you using CFP without or with D+ ?

{QUOTE-> Is it really true? That,s so bad. <-QUOTE}

{QUOTE-> And yes, it is bad. <-QUOTE}

No, it's not. Of course this can be discussed but IMO, a true firewall should be controling network traffic, and like Comodo and many similar, tying this traffic to a process.

Process checksum calculation is job for another tool. I think Comodo team actually nicely separated firewall from HIPS.

{QUOTE-> Not a surprise. Without D+, Comodo has no particular security whatsoever. <-QUOTE}

What about packet filtering? TCP SPI?

{QUOTE-> No, it's not. Of course this can be discussed but IMO, a true firewall should be controling network traffic, and like Comodo and many similar, tying this traffic to a process.

<-QUOTE}

Funny speaking of "true firewall", in the sense of barebone firewall, while being in a topic about Comodo. But anyway, yes, Comodo can be a "true firewall" too.

{QUOTE->
Process checksum calculation is job for another tool. I think Comodo team actually nicely separated firewall from HIPS. <-QUOTE}

Which tool is that? Yes, once upon a time (pre-2000), firewalls were application filtering applications only. But since then, most if not all of the firewalls, even the free ZA, do have a checksum calculation, because it is a basic mode of detecting infection in real time. Ok, i admit, that for you the checksum calculation may be "exotic" in a firewall and like Comodo as it is. It is a matter of personal taste and of what each persons thinks that "basic firewall" should have.

But with the same mentality, Comodo shouldn't have HIPS, cause that is a job for other tools, same goes for the malware scanner. Since when "pure firewalls" need malware scanner? Hey, that would bring Comodo's installation folder from 70MB down to what? 10? Would be nice.


{QUOTE-> What about packet filtering? TCP SPI? <-QUOTE}

It has SPI available (not sure how good). By security i meant in the HIPS part.

P.S.: There are plenty of free firewalls out there with SPI (for those that still don't have router), small system impact, checksum calculation and some basic but non too intrusive antileak abilities (which Comodo lacks with D+ disabled).

{QUOTE-> D+ can be annoying but IMHO, it doesn't cause trouble if you don't make it cause trouble. After all, it's a "dumb" hips, so you decide. And if you don't like D+, you disable it... <-QUOTE}

As to "disabling D+" -- the situation as I see it is this:

1- If you WANT to use a classical HIPS, then recognize that the alerts generated by a properly trained D+ are neither simpler nor more complex than the alerts generated by other classical HIPS such as ProSecurity (PS), System Safety Monitor (SSM), & Online Armor (OA).

2- D+ covers the full spectrum of threats that are the domain of classical HIPS. On the other hand...

a- SSM lacks file protection (Vitali is predicting that a future update of SSM will include that capability by late summer).

b- OA lacks registry protection

c- PS has it all, but appears to be abandoned by its developer (Jei). If Jei ever reappears and GOES TO WORK on PS, then (in my opinion) PS is by far the best & easiest of all classical HIPS. In the meantime it is abandoned-ware.

d- On the other hand, D+ covers all of these threats including but not limited to registry protection, file protection, parent-child, etc. D+ also covers Buffer Overflow (BO) BUT ONLY IF you install Comodo's crappy adware/toolbar, which I refuse to do. None of the other classicals listed above include BO. Threatfire DOES cover BO, but it is a semi-intelligent Behavior Blocker, not a full classical/dumb HIPS.

e- Furthermore, both SSM & PS are one-man operations. Therefore it is difficult for them to achieve & sustain "state-of-the-art status" versus the constantly changing nature of threats. D+, on the other hand, has (AFAIK) a multi-person staff at its command, as evidenced by the fact that it has been vigorously updated ever since its inception.

3- As I see it, the alternatives for those wanting full-scope classical HIPS coverage include but are not necessarily limited to the following...

a- D+ and its tool bar (for BO coverage)

b- D+ and Threatfire (for BO coverage and more)

c- OA plus RegWatch (http://www.jacobsm.com/mjsoft.htm#rgwtchr) (for registry protection) plus Threatfire (for BO coverage and more)

d- SSM plus Sensive Guard (http://www.sensiveguard.com/) (for rudimentary file protection) and Threatfire (for BO coverage and more)

e- ProSecurity and Threatfire (for BO coverage and more)

{QUOTE-> it is a basic mode of detecting infection in real time. <-QUOTE}

Am I missing something? Firewalls do not detect infections, they filter traffic.

{QUOTE-> Comodo shouldn't have HIPS, cause that is a job for other tools
<-QUOTE}

HIPS is the "other tool". Comodo 3 is actually a semi-suite.

{QUOTE-> There are plenty of free firewalls out there with SPI (for those that still don't have router), small system impact, checksum calculation and some basic but non too intrusive antileak abilities (which Comodo lacks with D+ disabled). <-QUOTE}

Do not disable D+ then. Or use the "other firewall".

{QUOTE-> Ok, i admit, that for you the checksum calculation may be "exotic" in a firewall and like Comodo as it is. It is a matter of personal taste and of what each persons thinks that "basic firewall" should have.
<-QUOTE}

Please note the "IMO" in my previous post.

{QUOTE-> Am I missing something? Firewalls do not detect infections, they filter traffic. <-QUOTE}

Well, nowdays they detect infections too, but anyway... The use of checksums in firewalls (even in Kerio 2), was introduced, so to avoid that a malware, with the name of a "trusted" application, could fool your firewall and connect out. A firewall with checksum control, will alert you that for example your iexplore.exe has changed from the last time you used it, allow it or not? If you have performed some update it will be reasonable to believe that there is nothing wrong. If not, you should better scan your PC to avoid a hijack. With Comodo without D+, you won't know the difference. The malware will happily be allowed to connect out. With the 2002 era Kerio 2, it won't...



{QUOTE-> HIPS is the "other tool". Comodo 3 is actually a semi-suite. <-QUOTE}

Ah, i agree! In deed, with D+ turned on, there is no problem. The problem is with those that have it off and still would like this basic form of protection which even ZAF provides.



{QUOTE-> Do not disable D+ then.. <-QUOTE}

Yes, i was answering to a poster about what happens with D+ disabled.

{QUOTE-> Or use the "other firewall" <-QUOTE}

And in fact, if you look some posts earlier i wrote:

"There is no reason why one should use Comodo over other "simple" firewalls, with D+ disabled."



{QUOTE-> Please note the "IMO" in my previous post. <-QUOTE}

I noticed i think, why do you think i didn't? I wrote:

"Ok, i admit, that for you the checksum calculation may be "exotic" in a firewall and like Comodo as it is. It is a matter of personal taste and of what each persons thinks that "basic firewall" should have."

{QUOTE-> Well, nowdays they detect infections too, but anyway... <-QUOTE}

well, they can make an irish breakfast if the vendor feels the need for this feature and still be branded as firewalls ::)

{QUOTE-> Yes, i was answering to a poster about what happens with D+ disabled. <-QUOTE}

You install a different kind of HIPS, one that is more "user friendly". Most HIPS (if not all) come now with checksum calculation.

{QUOTE-> I noticed i think, why do you think i didn't? <-QUOTE}

It was an agreement statement. Confronting different opinions on what is "basic" in most cases ends with a draw.

Understood. I agree that today it's all bloatware. As a matter of fact, i never liked Comodo having malware scanner too (not to mention a toolbar), because it is becoming bloatware too, even for a HIPS-firewall combo.

I can install a different hips, but the main problem with those that disable D+, is because they are annoyed by answering to pop ups, so installing another HIPS, isn't as good as a solution. Even the "old" MD5 hash check, was allowing even "average Joe" user to suspect that there was something wrong, without using HIPS, which , are an expert tool. And checksum control doesn't generate any pop ups under normal circumstances, so far less annoying.
So for a user that doesn't understand or doesn't want to use HIPS, IMO, a checksum control is a good "basic" extra firewall defence.

It's not that i don't like Comodo. I think higly of it as firewall-HIPS combo, for reasons that Bellgamin described. But i think that without D+, it becomes nothing extraordinary. The old Sygate 5.5 is more secure (assuming you don't use local proxies) and has better logs for example.

{QUOTE-> But i think that without D+, it becomes nothing extraordinary <-QUOTE}

In a sense that it misses checksum verification as a superflous feature (in my opinion lol), it is closer to a packet filter (a definition of firewall I like to use), and it is the packet filter itself that is nothing extraordinary. Adding D+ does nothing to benefit the inbound protection. But I guess Comodo team was going by an assumption that almost everybody is behing a NAT now, so they didn't bother with SPI much.
As I see as a strong point, you are not forced to use Comodo checksum verification and you can install the "other app" which will do this. Freedom of choice is always a good thing, and Comodo allows this to a cetrain point.

But if I were to use Comodo, it would be the other way round - I'd ditch the firewall and use D+ only. If they ever separate the two, I may even become a Comodo user. You never know.

Again, please re-read what i said. It doesn't do MD5, but it blocks changes in real time. Change explorer rule in D+ to ask...
And i got a Q: what's wrong with the SPI, you guys tested it? And UDP pseudo SPI? (yes, this is present since 2.x ..)

{QUOTE->
It's not that i don't like Comodo. I think higly of it as firewall-HIPS combo, for reasons that Bellgamin described. But i think that without D+, it becomes nothing extraordinary. The old Sygate 5.5 is more secure (assuming you don't use local proxies) and has better logs for example. <-QUOTE}
Yes, pity the localhost problem...
Why is it more secure?

{QUOTE->
Why is it more secure? <-QUOTE}

Just to avoid further misunderstanding, i am referring to Comodo with D+ turned off.

200613

Better to have, than have not, IMHO.

I understood what you meant, and i still can't see, i mean objectively, why it's more secure. You can have your opinion though.
{QUOTE->
Better to have, than have not, IMHO. <-QUOTE}
That's not a reasonable argument. Some other guy will say the same regarding Defense+, better to have than not. :)

I do believe Sygate is a good firewall. But, just looking at some boxes to tick, i can't really say it's more secure.
It's also related to why i prefer to see actual rules, and don't mind learning.

I'm not saying Sygate doesn't do those things well, i just have no idea, nor how they work. Why are those settings better than Comodo's? I'd have to ask Stem.
I'd like some of those features in CFP (if they aren't in CFP already with another name), granted, but i'd also like Sygate to see localhost.

I don't know which is most secure, i'd have to test them (and know how).

{QUOTE-> Am I missing something? Firewalls do not detect infections, they filter traffic. <-QUOTE}

I'm not sure the answer to this but the question has come up before. Firewall's incorporating Deep packet inspection (http://en.wikipedia.org/wiki/Deep_packet_inspection) or a network gateway solution such as Sonicwall, Watchguard or the free Untangle (http://www.untangle.com/) (I want to try this out someday :) ) can apparently scan for infections in the network traffic. Maybe this is also done via DPI?

{QUOTE->
That's not a reasonable argument. Some other guy will say the same regarding Defense+, better to have than not. :)

I do believe Sygate is a good firewall. But, just looking at some boxes to tick, i can't really say it's more secure.
It's also related to why i prefer to see actual rules, and don't mind learning.

I'm not saying Sygate doesn't do those things well, i just have no idea, nor how they work. Why are those settings better than Comodo's? I'd have to as Stem.
<-QUOTE}

I agree that one could say "better have D+". That's why i tried more times to specify that i speak about Comodo WITHOUT D+.

The main difference between the 2 being, that Sygate, has these options that are far less annoying (as in frequency of user input requested) and more understandable.

By all means then, ask Stem. My ignorant's impression about Comodo, is that it is a packet filter allright, with optional SPI that can be activated, after which, all its security is thrown on the shoulder's of D+.

Back at Sygate's time, devs were concentrated only in the firewall features and everyone was trying to find bugs and vulnerabilities in the actual packet filtering. Sygate's "boxes" are proven to work fine. Nowdays, who cares of doing that? Everyone looks just for a way to bypass D+.

Less annoying? Lets see. Comodo's default (without Defense+) will allow known programs, and for the rest its yes or no questions.
Only you, the user, can ask for more, how much, and where. The default is very few pop-ups.
If you believe it's not secure with defaults, then i'd have to point the same regarding Sygate, which is, i believe, 'server rights' included.

BTW, i don't see the option to turn SPI on or off..

I can agree with you that the firewall isn't getting much attention, but then again, people who tested Sygate for "bugs and vulnerabilities in the actual packet filtering", can do the same with CFP.
Defense+ is not an issue, don't install it. After that, it's a rules based firewall.

I still believe Egemen will come sooner or later with some long awaited features. I can think of reverse DNS which has been requested for a long time. And the GUI..

{QUOTE-> BTW, i don't see the option to turn SPI on or off.. <-QUOTE}Nor do I.

Where or where can it be?

{QUOTE-> Less annoying? Lets see. Comodo's default (without Defense+) will allow known programs, and for the rest its yes or no questions. <-QUOTE}

Yes, you 're right, i got confused at the end with people talking about D+ while i was not and i ended comparing it with D+.

{QUOTE-> Only you, the user, can ask for more, how much, and where. The default is very few pop-ups.
If you believe it's not secure with defaults, then i'd have to point the same regarding Sygate, which is, i believe, 'server rights' included. <-QUOTE}

"Secure" is relevant. Is there drivel level protection,checksum checking, anti-spoofing or dll authentication in Comodo without D+? It's secure allright, just not as secure outbounds. The server rights is true, they put it to reduce alers, but can be a bad thing, so you need to untick it.

{QUOTE->
BTW, i don't see the option to turn SPI on or off.. <-QUOTE}

In Comodo they don't call it SPI, they call it "Protocol analysis".

{QUOTE-> I can agree with you that the firewall isn't getting much attention, but then again, people who tested Sygate for "bugs and vulnerabilities in the actual packet filtering", can do the same with CFP. <-QUOTE}

Yes, they CAN, but nobody bothers, because D+ is the target to bypass. I simply have difficulty to believe that up to a few years ago, programmers were idiots, so their firewalls had vulnerabilities which they made them work on the filtering part for years, while nowdays, programmers are geniuses which make the perfect firewall, while they can't quite do the same in HIPS, which they have to bugfix every month.

{QUOTE-> Defense+ is not an issue, don't install it. After that, it's a rules based firewall. <-QUOTE}

I would rather install PC Tools firewall than Comodo without D+.

{QUOTE-> I still believe Egemen will come sooner or later with some long awaited features. I can think of reverse DNS which has been requested for a long time. And the GUI.. <-QUOTE}

Well, these are details. The important is to have the malware scanner and the toolbar (already done) and Threatcast.

{QUOTE->
"Secure" is relevant. Is there drivel level protection,checksum checking, anti-spoofing or dll authentication in Comodo without D+? It's secure allright, just not as secure outbounds.
<-QUOTE}
You either care for leaktests, or not. On the most basic application control, checksum (you mean hash), i told you, CFP does not turn D+ completely off. It blocks changes in real time.
My opinion on it goes completely to the bin if we can't get past this :P
{QUOTE->
In Comodo they don't call it SPI, they call it "Protocol analysis".
<-QUOTE}
That's something else.
Easy for you to check. Turn that off, and you will see CFP will not create any IN rules for TCP, or UDP for that matter.
{QUOTE->
Yes, they CAN, but nobody bothers, because D+ is the target to bypass.
<-QUOTE}
It's not my problem. Or rather, it is, but indirectly. I will benefit of any flaws anyone finds for CFP's filtering. I'd like very much to read Stem finding flaws. That would mean Comodo would fix them.
{QUOTE->
I would rather install PC Tools firewall than Comodo without D+.
<-QUOTE}
By all means, you chose what you prefer. I MUCH prefer CFP to PCTools FW. It runs with DEP. After that, it's beyond discussion for me.
When it's compatible, i'll tell you the rest of the reasons. :)
I'd use Jetico before that, no doubt. It's the firewall that makes me think twice regarding CFP. The only one.
{QUOTE->
Well, these are details. The important is to have the malware scanner and the toolbar (already done) and Threatcast. <-QUOTE}
I'd prefer it didn't exist, indeed. But the solution is ridiculously easy: don't install it.

{QUOTE-> You either care for leaktests, or not. On the most basic application control, checksum (you mean hash), i told you, CFP does not turn D+ completely off. It blocks changes in real time.
My opinion on it goes completely to the bin if we can't get past this :P <-QUOTE}


Things aren't black or white you know. There actually many degrees of anti-leaking. Some people, just like many other firewalls, don't care of having 100% leak-proof firewall, prefering usability instead.

Sorry about the hash check, i didn't know Comodo does that. Until now i was believing Comodo's moderators.

{QUOTE->
Topic: "If the program hash changes no alert is generated"


You would need to have Defense+ enabled to receive alerts about applications. The firewall merely reports on traffic, not applications.

Ewen :-)
http://forums.comodo.com/empty-t22333.0.html
<-QUOTE}

Thanks for the heads up.

{QUOTE-> I'd prefer it didn't exist, indeed. But the solution is ridiculously easy: don't install it. <-QUOTE}

Uh, ok. I will do even more. I will stop commenting Comodo alltogether! There is no point in discussing about "like it or leave it", is there.

I mean don't install the toolbar..

{QUOTE-> I'm not sure the answer to this but the question has come up before. Firewall's incorporating Deep packet inspection (http://en.wikipedia.org/wiki/Deep_packet_inspection) or a network gateway solution such as Sonicwall, Watchguard or the free Untangle (http://www.untangle.com/) (I want to try this out someday :) ) can apparently scan for infections in the network traffic. Maybe this is also done via DPI? <-QUOTE}

I am certtainly not an expert on DPI, but I guess it would be a case of how is DPI in a firewall implemented. Some will check for viruses, and the others would do other things (checking different kinds of patterns). But yes, I agree, a DPI can be designed to protect form malware (or do other numerous things). I can only imagine how this task can be resource consuming, especially when checking multiple connections, so DPI is not really designed to be used in such systems most of us (practically every member on Wilders) have. A dedicated gateway PC is needed, - that said, I heard great things about Untangle.

My statement was in the scope of software we're discussing here - CFP, PCTFW, OA and the likes. These I believe will hardly ever have malware checking on packet level, as they are meant to be used on a personal system. If we speak of a personal firewall checking on malware then this will act as a proxy firewall. So can I change my statement from "firewalls" to "personal firewalls"?



{QUOTE-> And i got a Q: what's wrong with the SPI, you guys tested it? <-QUOTE}

no, not yet. But I am in the process of building a gateway, as I have recently got me a second connection (cable). I have only one PC connected to it now, but I plan to add others (I'm missing some hardware) soon. The learning curve is still steep, but I do have some assumptions on Comodo as you may of noticed. I only question the point of doing this (checking packet filtering) as I have pretty much the same feeling about all the popular firewalls (those checked by Matousec i.e.).

{QUOTE->
My statement was in the scope of software we're discussing here - CFP, PCTFW, OA and the likes. These I believe will hardly ever have malware checking on packet level, as they are meant to be used on a personal system. <-QUOTE}

True, and I don't think I'd want to see this additional overhead added to these or other personal fw products. There's already enough going on with the HIPS already incorporated into them.

{QUOTE-> If we speak of a personal firewall checking on malware then this will act as a proxy firewall. So can I change my statement from "firewalls" to "personal firewalls"?
<-QUOTE}

No need to :) though I agree this concept should be restricted to appliance fw's such as Untangle or similar products.

{QUOTE-> Let me give my reason on why I also uninstalled Comodo. Comodo might be raved as the best free FW well and truly that might be ok, but it was a FW that needed constant baby sitting. I think I got more pop ups from Comodo in a day than emails in a week, and even when a pop up window from Comodo came up and I clicked allowed ( a program that I trusted), that same pop up will come up again and again. It was just pop up after pop up one after another. I know all FW's will have this pop up and users have to respond to it, but this just went overboard honestly and it was constant baby sitting. Infact to be honest I found far less popups in V2.0 than 3, meaning V2 didn't need all this baby sitting and had a mind to think for itself, not like 3 which needs 24/7 365 a year attention.

Well after all this saga I uninstalled V3.0 and reverted back to ZA Pro in which I love and personally think its one of the best FW's ever made no matter what any one else says. I'd been using ZA Pro in the earlier days when I was using Win 2000 Pro SP4 and it worked without a hitch plus it intergrates superbly well with my NOD32 AV and thought I do get a pop up window now and again, it does not annoy me with one after another pop up window like what Comodo did.

I'm not here to rant and rave and say Comodo is bad, but sorry it did not agree with me and my liking. <-QUOTE}


Agree I think ZA is the best firewall ever made =\ been useing it sence 99

{QUOTE-> Agree I think ZA is the best firewall ever made =\ been useing it sence 99 <-QUOTE}ZAs time is over for a long time already always in relation to Comodo. Comodo is top of the notch and all other firewalls must and are forced to challenge with Comodo. But as a matter of fact no established firewall will redesign from the scratch, so many weak points remain and they can´t adapt to the speed of Comodo.

{QUOTE->
2- D+ covers the full spectrum of threats that are the domain of classical HIPS. On the other hand...

a- SSM lacks file protection (Vitali is predicting that a future update of SSM will include that capability by late summer).

b- OA lacks registry protection
<-QUOTE}Very interesting.

{QUOTE-> . D+ also covers Buffer Overflow (BO) BUT ONLY IF you install Comodo's crappy adware/toolbar, which I refuse to do. None of the other classicals listed above include BO. Threatfire DOES cover BO, but it is a semi-intelligent Behavior Blocker, not a full classical/dumb HIPS.
<-QUOTE}Bellgamin, there are solutions for this problem, catch two gnats with one swatter. ;D

{QUOTE-> Therefore it is difficult for them to achieve & sustain "state-of-the-art status" versus the constantly changing nature of threats. <-QUOTE}This will be touchstone and end of the road all in one for many many security companies and tools. A one man show has to cope a devilish/inhuman work to stay on the train.

{QUOTE-> D+, on the other hand, has (AFAIK) a multi-person staff at its command, as evidenced by the fact that it has been vigorously updated ever since its inception <-QUOTE}Exactly, comodo has the best staff as it seems.
Extremely well organised, fast reactions. I really wonder why it took so long until a serious enterprise came into
the field. It still has a lot issues and I consider it still as beta software but it is the most advanced security tool that was ever in existence if they had the chance to get AntiVir or Avast as AV scanning engine they would become much stronger in one step.

{QUOTE-> Are you using CFP without or with D+ ? <-QUOTE}
With D Plus.

I actually liked Comodo and it did not affect my system performance. It is certainly NOT rubbish!
I have to agree with posters who consider the constant pop-ups - even after training etc.), just too much for an average computer user in day to day uncomplicated surfing.
Without wishing to start invidious comparisons, for these reasons, I decided to switch to Online Armor, (paid), which while by no means perfect or silent is a more practical and user friendly solution for me.
I'm not a fan of suites so I use a separate AV, Avira PE premium, + Comodo BOclean + SAS on demand.
I have tried several rule based firewalls too, but unless one is either very knowledgeable or prepared to become so, are just too much hassle to set up from scratch.
I think in the real world, ease of use combined with good protection, is what most (not those here, who are technically interested) people want.
My two-pennorth!

But all firewalls will fail against port 80 crypto tunnel.;D ;D ;D

Hello,
What is port 80 crypto tunnel?
Mrk