Comodo Firewall VS. Agnitum Outpost

Hi!

I need your help to choose:
Comodo Firewall or Agnitum Outpost:

I'm with Comodo now, but it seems to use same resources than Outpost do.

Which do you use/recommend?

Thank you.

 

Really? For me outpost uses like 20k more


Id say outpost is easier to use but Comodo has better blocking techniques and protection.

If your a beginner use Outpost because it has automatic rule creation but Comodo doesnt really have much automated rules.

If you want better protection/security nerd then use Comodo as its safer.

 

Outpost is easier to use but its heavier depending on how you configure it.

Theyre about equal in leaktest protection though.

My choice: Comodo.

 

I have a two year licence for Outpost Pro, I read how a lot of people on this forum use Comodo firewall. I figure I would try it for a week, I discover application control and logging is a joke and it forgets you approved a application...a lot. I switched back to Outpost Pro after two Days. I'll try Comodo again when 3.0 comes out, they're supposed to start public beta testing some time in April.

 

Outpost may be easier, but Comodo isn't hard to use at all. It is the better firewall, plus to use outpost optimally, you have to configure multiple plugins. Finally, IMO, the logging system in outpost was kinda clumsy.

 

Can Comodo replicate:

the functions from the Outpost plugins - activex , vb, java, ads - filtering / blocking?

how does it cope with block lists?

 

No, and it's not important in a firewall.
Except for blocklists, i hope none of that surfaces.

 

I'm with Comodo... it's better

 

I now have Comodo on all of my four computers.

I am very pleased with it.

If in doubt, give it a try.

 

If you're the only one using your computer (or if you can trust all users): Comodo.

If you can not trust everyone on your computer (kids, girlfriend, wife, mother in law, parole officer, aliens, dog): Outpost.

Comodo 2.x can not be locked down with a password, so anyone can change its configuration or shut it down.

 

Hello.

Outpost v3 still is one of my favorites. Intense logs, excellent rule creation, tight security and the fast browsing is still found with the later versions of Outpost. It has a certain polish that is still not found in the Comodo firewall. It does have a good level of protection, even though it is somewhat dated.
I have all of the Outpost plugins -active content, ad-filtering, block post, DNS cache, attack detection, etc all enabled, along with the Quick Tune Plugin. There is no need of any additional site blockers or ad blocking or web filtering.

The only part not used is the antispy scanner, since I never renewed the license. That is off for good. It uses no more than 30,000 k or so of mem. The version 3 is not the best in the leaktests, but it is far from the bottom of the list of the test comparisions. But I use the SSM free with the firewall to tighten the security.

I love this firewall and it has always remained one of my favorites and it always will. I am tempted to try the latest Outpost, and hopefully I will have some free time. to do so.

12fw

 

Outpost.

 

Thanks for all replies!

I just discovered something really bad:

Comodo restarts my computer! I'll report this on their support. Comodo is very nice, but for now I had to uninstall.
I'm sure of that, because I tested many times.

I tested LnS (too bad for me).

Well, then, would you suggest Outpost?
Which more to test? (i'm accepting other firewall suggestions!).

THANK you.

 

Close call...slight edge to Outpost.

 

Comodo is more secure with all features enabled.

 

Comodo should be nice, but it's not quite there yet. I am ranting against Comodo maybe too often, but this is the only firewall (out of 20 maybe) that gave me stability issues. It didn't behave well with file-sharing (multiple connections), I found the CPU usage very unstable. It worked well on my main machine, but cpf.exe gave me BSODs on my test-box (v2.4.16). The leak-test coping is nice, but I don't consider this to be the primary function of a firewall, if at all (we have HIPS now for that). I also didn't like that application control in Comodo, it's too simplistic, basic allow-deny principle with learning mode. And again, the lack of detailed logging is unforgivable for me, as the logs are a very good way to understand the connections your system makes and to create appropriate rules accordingly. One more thing about Comodo I didn't like is it's GUI, but that is only my personal taste. So, I would suggest Outpost for now, it is a 'battle-hardened' firewall, very user-friendly but configurable also. Above all, it is very stable and I didn't have any issues with it. Logs are the best you can find.
Besides L'n'S you could try ZA Pro or Sunbelt Kerio. Jetico is very nice firewall also (my favorite), but requires some constant tinkering, so if you are looking for a friendly firewall, stay away... Or, if you don't mind using a somewhat dated software (and that really isn't a problem with fws as with avs), you could go with Sygate 5.6 or Kerio 2.1.5, they are both free.


Cheers

 

Allow me to point one thing: disable dll injection and you get one of the lightest FWs. I doubt you P2P more than i, and i always used Comodo. It handles it perfectly.
Dll injection has some CPU consuming bug. If you yourself say you do not want those things, turn them off, you will see the huge difference.
The logs apply to the Network Monitor, AKA, packet filter . This is where SPI lies.

 

Hello Pedro.

Yes, I know that when I disable dll injections I don't have those CPU spikes (and sometimes they are not spikes, but constant CPU engaging). But, what's the point of HIPS in Comodo if I do that? Where is leak-proof? I could very well use CHX instead then, which supports pseudo stateful inspection for UDP, something that Comodo still lacks. And use SSM for leak-proofing. I have no doubts that Comodo works for you, but still not for many configurations, so I prefer to wait for future releases. Believe me, as much as I don't like v2, I am very eager to see v3. This is very promising firewall, I just think it is very overrated at the moment. Does it still do checksums by CRC32?

 

I like when people come with valid arguements, refreshing. Too bad it's rare on some topics.

I had the impression you did not want that feature. Point taken.

V3 will handle all this with HIPS. I hope/expect a much better FW in the end. Because these two things (app. control and packet filter) will be sepparated even better.
Oh, and about SSM: according to Matousec, it passes less leaktests than Comodo...

I think i recall Melih stating that it's a mix. V3 i expect to be better in this regard. Maybe i'll ask that specific question, that's a legitimate problem.

Back to you

 

Hi there Pedro buddy

There was a thread a month ago or so where you (Someone then ) asked me why do I think that Comodo's inbound is basic (if I recollect correctly). Well, I went over the line there a bit stating that, but I guess you could say that it is in a sense basic. While it gives you a stateful TCP, as I already said it doesn't do that for UDP or ICMP. Also, Vista introduces new IP v6 with wider address ranges, so I would like to see Comodo supporting that as well in v3 (L'n'S 2.06b already does that). This, I believe, is a priority with Comodo team, as we would all like to use our Comodo fw on Vista. I would also like to correct my previous statement when I said that I don't like Comodo. I DO like it, I think it heads in a right direction, and I have no doubts that v3 will give us major improvements over current version. But in fact the thing that made me mad about Comodo are the Average Joes. Do they really know that Comodo is a good firewall? No, they are absolutely clueless, Matousec rates it as #1 in leaktests, and Joe blindly follows that table thinking that he is using the best stuff. That's enough for him, follow the simple formula, don't bother with packet sniffers and dropped packets, just listen to the elder geek.
That said, I tend to think of firewalls as a packet filters only, and that has nothing to do with leak-proof. It is always good approach to separate defenses as much as possible - use packet filter for network filtering, and a dedicated HIPS for application control. The point of leak-tests is to check how good is application control integrated with network filtering in a given firewall. This integration of security software and making all-in-one firewall is simply not my way of thinking. As I said many times before, I would very much like to see Comodo team focusing on packet filtering and maybe abandon that HIPS idea. Anyway, we will have to wait and see what kind of magic will they pull out of their hat this time...

Cheers,

 

You should see the wishlist!
Sure, we have people that know these problems, but they tend to be a minority in the forum. A lot of people want everything, and tend to overlook the essentials to the firewall.

To me, there are only two things worth adding: proper HIPS for those who want, and possibly a sandbox. This because i think they would integrate well with a Firewall. Not necessarily HIPS (i'm not convinced yet), but the sandbox is, to me, a second firewall within, protecting the system. The HIPS would help to control outbound better.
These days i'm not so sure what i want, given that i have SandboxIE and i'm happy. HIPS and no more maybe. heh
For those who don't want it, the option to not install would please everyone.

But for me, and i stated somewhere in the forum, it's more important to refine the firewall, and then whatever.

Thing is, the way the "leaktest protection" work as of today, is not ideal. When opening firefox, from CCleaner to check the version (example), CPF has to look, detect and alert dlls, parent process, OLE (toro...) etc. AND ip's, ports, NetMon
I'm not a programmer, but danger Will Robinson. I almost bet this is where CPU goes crazy (maybe not, but hey). HIPS could handle this when it happens (dll's,...), and when it's conection time, FW only. Refining the FW then would be easier.
This is a huge wild guess note. I'm trying to put myself on developers shoes.

But because Comodo so neatly sepparated NetMon from AppMon, this maybe is not the ideal schedule. After all, this is a firewall.
(join the forum and help us ).

A good way to look at Comodo Firewall is: NetMon is king, all else must conform to its rules. This is what you want refined (me too), the Network Monitor.

 

Actually i know, but it has to do with the OS itself.. I'm in between worlds, and this probably will all be mute points. IPtable with Firestarter will probably be all i will have lol.
Checking out apps and HIPS must be flushed out of my system (head).
Maybe i need a vacation on a sunny beach somewhere. Note to self

 

Hey Pedro

There are some firewalls which already introduce sandboxing (I can think of Blink right now), but not very successfully. Comodo developed very fast in a very short time, so that gives me a clear hint of the enormous dedication of its developers. This is very important detail. Every new build gives us notable improvements, so I am really expecting something big here.

Yes, I believe we discussed this topic as well in another thread.

I would just conclude this with my current view on Comodo: I repeat, very promising, but I have to consider it still a beta somewhat...

Please, remind me, where is that quote from? It's very familiar to me... (sorry to mod for the OT, Pedro you can PM me on this to keep the thread consistent)

My regards,

 

Regarding SPI, i'm not sure what's missing. I got intrigued by your query.
http://forums.comodo.com/index.php/topic,6297.0.html

I'm not sure what king of SPI is possible for UDP. I haven't read that much about SPI. I'm delaying that. Maybe that's next for me (list of to-do is huge )

 

Hello.

UDP and ICMP protocols are conectionless protocols, so they cannot have a full statefull inspection like TCP. I was referring to pseudo-SPI for these. But, the last time I tried Comodo was a while ago, so I could be wrong here and that could be updated by now. I will look more into this tomorrow and repost back here...