Does Matousec test Comodo with Defense+ or just the firewall?

I only use the firewall (I believe it was termed "Enterprise" at install) and ThreatFire. Just to cut back on the apps I have, I've been thinking about dropping TF but I don't really want D+ if my point is to downsize.

 

Matousecs` tests are now not just about testing pure firewall ability, they involve all manner of leak, break, and bash etc, so to answer your question YES Defence+ is the module responsable for passing a number of these tests.

They are now more of an IPS test.

 

D+ "enchants" your firewall against leaks. keyloggers and trojans and similar uses tricks to lure your firewall to believing that the traffic sent are coming from something its not. Most leaky firewalls will allow a trojan or similar to send your info out without an alert.

A none leaky firewall scores well at matousec..

 

As others have said, Matousec is really a HIPS test. In very broad terms, a firewall really worries about connections, ports, protocols, IPs and works at the packet level, a HIPS worries about processes and what they do when you put the packets together. Two classic issues with firewalls are proxy holes (Sygate was famous for that) and browser hijacking. And not just by malware, but by nuisance ware. If you use a transparent proxy, like avast! for example, your classic firewall can't see any of your applications trying to access the internet-the only programs that actually access the internet are the mail and web proxies that intercept the requests by your applications. So some firewalls add features to try and monitor the localhost loop-Comodo doesn't, it uses D+ to allow/block processes that use localhost. And this can be difficult in the firewall because this localhost loop is used for lots of other local communications by applications. Another classic example is browser hijacking. Most common place to see an example is when you go to the "about" tab on a program, and there is a link there to go to a homepage. This uses IE or some other browser to get there, and since the browser has been allowed access to the internet, your firewall never sees the attempt by the other program. You need a HIPS function to allow/block access to your browsers by other programs. And these are just a couple of the standard leaks that are incidental to the use of non-malware if you don't have HIPS functions. And the malware can use much more sophisticated ways to get out without being seen by the firewall-or even the HIPS. So you can either start adding HIPS stuff to the firewall, or integrate a HIPS with it so all the antileak things get done in one place, and generally more efficiently. Go run the Comodo leak tests with D+ turned off and see what you get, for example. I tried the experiment with OA, BTW. and got 330/340 with the OA HIPS on, 110/340 with it off using the Comodo leak tests.

 

Seeing how the test has had for quite some time SSM, ProSecurity, Malware Defender in high ranking places and that includes Mamutu and Threatfire, the question should rather be:

"Does Matousec actually test firewalls or just the HIPS?"

 

Indeed Though the trend now is very firmly towards suites/integrated functionality so the lines are always blurring.

There was one true firewall test - the performance tests for TCP and UDP. These were removed. IMO, renaming the test from the firewall challenge was long overdue.

 

nice sig ssj100


and D+ is nice and easy to use , best among the best of its kind , and total free + unbelievable big team behind support , check D+ (comodo) forum and u will see your self what i am talking about

cheers