My history: years and years ago, like maybe even more than 10, this old guy paid for Zone Alarm. Then for another number of years I used Comodo. By then I was starting to get a better feel for all of this PC stuff. Then a few years ago, OA free and then they offered a free license for their paid version which I used for a while. Never felt like it did a very good job of remembering "Allowed" items. Also tried PCTools for a while. Recently I've been using PrivateFirewall, which has brought me back to Comodo, since Zemana flunks its own keylogging test with PF installed. I never really ever had any issues with CFW other than when I used D+ with it, it could get annoying. I've just installed the base firewall and have enabled default "medium" settings and stealth ports. Should I enable "Protect the ARP Cache"? I am behind a router by the way! Thank you!
Protect the ARP Cache - Checking this option makes Comodo Firewall to start performing stateful inspection of ARP (Address Resolution Protocol) connections. This blocks spoof ARP requests and protects your computer from ARP cache poisoning attacks. The ARP Cache (or ARP Table) is a record of IP addresses stored on your computer that is used to map IP addresses to MAC addresses. Stateful inspection involves the analysis of data within the lowest levels of the protocol stack and comparing the current session to previous ones in order to detect suspicious activity. Background - Every device on a network has two addresses: a MAC (Media Access Control) address and an IP (Internet Protocol) address. The MAC address is the address of the physical network interface card inside the device, and never changes for the life of the device (in other words, the network card inside your PC has a hard coded MAC address that it keeps even if you install it in a different machine.) On the other hand, the IP address can change if the machine moves to another part of the network or the network uses DHCP to assign dynamic IP addresses. In order to correctly route a packet of data from a host to the destination network card it is essential to maintain a record of the correlation between a device's IP address and it's MAC address. The Address Resolution Protocol performs this function by matching an IP address to its appropriate MAC address (and vice versa). The ARP cache is a record of all the IP and MAC addresses that your computer has matched together. Hackers can potentially alter a computer's ARP cache of matching IP/MAC address pairs to launch a variety of attacks including, Denial of Service attacks, Man in the Middle attacks and MAC address flooding and ARP request spoofing. It should be noted, that a successful ARP attack is almost always dependent on the hacker having physical access to your network or direct control of a machine on your network - therefore this setting is of more relevance to network administrators than home users. Source: http://help.comodo.com/topic-72-1-155-1175-Advanced-Settings.html