Why I think comodo is rubbish

Discussion in 'other firewalls' started by Roman5, Jun 4, 2008.

Thread Status:
Not open for further replies.
  1. Alcyon

    Alcyon Registered Member

    Joined:
    Jan 16, 2008
    Posts:
    438
    Location:
    Montr?al, Canada
    I personally think CFP is a real shitty firewall but hey to each their own preferences. There are a lot of better firewalls.
     
  2. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Maybe my I.Q. is higher than I thought. :D :D :D ROFLMAO. Instead of having D+, I might get an A+
     
    Last edited: Jun 5, 2008
  3. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    No, i have never tried the firewall with D+ disabled. For me, the main reason for running Comodo, is D+. Otherwise, i like Kerio 2 and PC Tools much more. D+ adds a lag on the system, for example opening quickly folders. But i accept that, it's a price to pay for a HIPS. And overall, Comodo isn't CPU or RAM hungry even under p2p. BUT, i CAN feel a difference in browsing and in browsing while doing p2p. I mean, what Matousec found "scientifically", is something that i could "feel" too.

    I don't have big complaints with Comodo's interface either, but i do prefer Kerio's 2 or PC Tools firewall on the fly rules. For example, Comodo's preset "browser" rule isn't suitable for many live streams or internet tvs and since in its rule it has "block all other", you need to edit it, or it won't even ask. Kerio and pc tools also automatically do DNS resolving, giving you the domain name, which is quite helpful often, instead of seeing an IP and having to do the whois yourself. Both Kerio and PCTools can make on the fly rule for specific port on specific IP. Comodo's "allow" will make a rule for both TCP and UDP for that port but for ANY IP. If you don't like it, you must go find the rule and manually modify it, while in KErio 2 and PC tools, you do it on-the-fly.

    So, i think there is room for improvement in Comodo in its firewall department. But, they seem to be concentrated on adding new HIPS features.

    That said, i DO like Comodo overall and it's great freebie and if i get in the mood of running a firewall with HIPS, which is CPU-easy even with p2p, i will certainly choose Comodo. It's not bad with p2p either. I get very high speeds. It's just that it seems that my browsing gets "heavier" compared to the "simple" firewalls at the same speeds. There must be something in the way it handles connections. Also my pings seem a bit lower now compared to Comodo.
     
  4. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Alcyon, can you be more vague?
    Defense+ is not the main reason for me, to the point that i don't use it.
    You should try it without Defense+ if you revisit CFP. You can't compare these firewalls when you use Defense+. It will do a lot more than those firewalls, and it has to use more resources, it's a no brainer.

    PCTools? Sorry, it doesn't run with DEP! :p
    I don't use the browser rules, but if that's true, it's a matter of reporting to Comodo.
    What i use that substitutes Kerio's custom rules is setting the alert level the way i want it. Alert level Very High is specific to IPs and ports. You then edit the rule to generalize for instance, firefox port 80 to any IP. You're in charge.
    The rules are grouped per executable. It's easy once you understand it.

    If PCTools is like LnS, perhaps you can explain something: i allow Firefox, what happens? Then, can you see what are the rules for Antivir, in one place (not look for them)?

    Cheers, i enjoy these discussions :)
     
  5. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    One of these days i'll load my folder in Emule, and start it. We'll see! muahahaha
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,213
    Hello,
    If you are used to firewalls that make 0 impact on traffic, like sygate, kerio, iptables, even windows firewall (actually a VERY good firewall!), then you'll be unpleasantly surprised.
    Mrk
     
  7. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    That's exactly what i mean. You have to edit the rule again manually, instead of having "once" on the fly rule. I prefer the more direct approach, found in Kerio, PC Tools or even Outpost.

    It's not bad, there are much worse out there than Comodo, just my wish. Their browser preset has the "common" needs, which isn't bad (http,https,ftp). But, the thing is, that exactly since they don't have on the fly rules and because they have included the "block any other" rule, you have to edit manually everytime you need a different port. For example, i want to go to an online TV site and for that site ONLY, i would like Opera to use port 3400 and 3442. With on the fly rules, it's very easy. With Comodo you must go and edit quite a bit, having noted down the site's IP of course. So, in Comodo at the end i quit any such effort, and just use "outbound only" preset. Although i am thinking of modifying the "browser" preset and delete the "block all else" rule and see if it will ask me. That might work...

    PC Tools is said to be based on LnS, but i haven't run LnS in ages, so i don't know if the GUI is the same. When Firefox wants to connect, you get a pop up saying that Firefox.exe wants to connect to www.wilders.com port 80. From the pop up you can click customize rule and can edit ANY of the above as well as direction (outbound or inbound). So you can create a rule on the fly, for Firefox to allow on ANY IP port 80 OR only for wilders.com port 80, OR simply connect to ANY TCP (no matter what port) outbound. It's very convenient.

    On PC Tools firewall, there is the application window, where you see all the apps names. To see the exact rules, you have to click on each application (you can't see the rule directly or all the rule for all apps at once).
     
  8. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753

    Comodo isn't that bad with p2p. I 've seen much worse. And most important, doesn't eat CPU at all. Oddly enough, Sygate eats MUCH more CPU with p2p on my PC than Comodo. Maybe doesn't like dual cores?

    As a matter of fact, i have just reinstalled Comodo and running it with Emule and it's does feel to "struggle" more in browsing, but as i said, i 've seen worse... I am trying to understand what's causing random reboot on my PC, so i have uninstalled PC Tools firewall for now.
     
  9. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,213
    Hello,
    It's all relative.
    Mrk
     
  10. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Before anything else, uninstall Defense+ so you can test it properly!
    The major missing things are :
    -MD5 or better for applications, though it does monitor and block changes. The default will allow explorer.exe though... hate that :ouch: . It's like Defense+ isn't really off, and not really on either. But hey, SSM free does the rest..
    -The alerts "act as server" for localhost. That is, the AV connects to websites, and mysteriously the browser goes localhost to whatever port.
    We know what's going on, but i hate that too.. There are no rules that allow IN for the AV on localhost. 2.4 has a small victory there.
    It will work.
    On the Opera example, i just allow it and remember. I don't need to edit anything, although i always do for all programs (or most), which is source port - NOT - restricted ports.
    I would welcome very much the custom rule feature from Kerio 2.1.5 indeed. I do believe it's in the "wishlist".
    But it doesn't make or break CFP, for me.

    Oh, thank you for the PCTools preview :) , i really appreciate it. Maybe someday i'll disable DEP just so i can try it. Then uninstall so i can secure it again .. hehe
     
  11. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    How can i test it? I mean, how do i remove (most of) my subjective observation.
    TIA
     
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,213
    Hello,

    By monitoring logs, cpu, memoery usage, browser response, page loads, ping, etc over a long period of time - incl. average, peak, overhead etc, once for comodo, once for something else (a light firewall).

    Hell, you can use my Design of Experiment thingie to check it out.

    I tested Sygate and Comodo in that experiment. Firewall impact on system response was almost identical. Sygate was better for low RAM, Comodo gave a better show for higher RAM.

    I admit it was a limited test, a specific hardware platform, using only two outputs. The AV and RAM are far, far more critical in that regard.

    I did a separate test on my own with p2p - as it takes quite a long time. Almost a week to get it done. I tested quite a few parameters, most notably page loads, cpu usage and memory usage.

    While you may call the Comodo results acceptable, because it sure did not cripple the machine, it showed 5-10% average load, the cpu spikes - up to 60%, memory load 70-80MB, and page loads that took on average ~ 1sec. This for approx. 500 simultaneous connections.

    Sygate held steady at 2-3% with spikes less than 10% cpu, 13MB memory and ~ 0.35sec page loads.

    So, can you live with it? Yes. Should you? Well, if you want a modern firewall with all the leaktest thingies, then that'syour choice.

    If you are a minimalist and want a pure firewall, don't compromise and go for light solutions like Sygate, Kerio 2.1.5 etc.

    I think performance is no.1 issue, so it's always the fastest and lightest for me.

    One thing I could not fully test is stability over time. I can say, though, that I did find some bugs with Comodo - small and all that - in abut 2 months total time testing, but I've never had them with Sygate in approx. 5 years. That says a lot.

    The only other firewall that never crashed on me (Windows) was the Windows firewall. ZA got its logs erased on hard reboot and Kerio 4 had an occasional BSOD when shaken, not stirred. I tested Kerio 2.1.5 for too short a time to claim, but it was quite nice... and so forth ...

    P.S. Tested was Comodo 2.4, so I can't say what goes today.

    Mrk
     
  13. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    :D
    Yes, it has to do better at least. I do notice differences, and i don't use Defense+ (this is the HIPS part, leaktest passer and all that).
    Without Defense+, it's just a packet filter (Global Rules) and per application rules.
    It's not iptables, but it does the job.

    Thank you for the reply, i'll see when i can load Emule in XP.
     
  14. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    Ah, this explains it. Comodo 2,4 was going insane in CPU with p2p. Comodo 3 is completely different and in my PC beats the crap out of Sygate in CPU time. Of course the indisputable champion, remains Kerio 2. It just won't eat CPU time...
     
  15. wat0114

    wat0114 Guest

    Just a basic test but rather a revealing one I've tried is using Wireshark to capture packets when surfing to 4-5 of my favourite websites. Under Windows using one of a few software firewalls, the number of bad tcp packets is enormous. However, under Linux (using PCLinuxOS 2007 currently) with only its built-in iptables, the number of bad tcp packets is tremendously lower than that seen using Windows. I'm behind an old D-Link router in all cases.
     
  16. computer geek

    computer geek Registered Member

    Joined:
    Oct 6, 2007
    Posts:
    776
    You know, you can get your PC tuned up and get it expert installed now at comodo, it did me real good. It was a lot faster, even on paranoid mode.
     
  17. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    For MrkVonic, a glimpse on Comodo 3.

    Running emule from 18:59 to 23:25

    Of course i agree that Comodo 2.4 by now would be eating alive my CPU. Reason for which i never used Comodo 2.4 for more than 10 minutes. :D

    But with Comodo 3, although i feel browsing more sluggish,

    http://img397.imageshack.us/img397/1903/23323432ni7.png

    http://img397.imageshack.us/img397/5074/42852265cg3.png

    Can't complain about dl speed either. :D (i have fragmented packets protection OFF, because emule generates an amount which seems useful to it and my router lets them pass anyway).

    http://img397.imageshack.us/img397/4632/62640142ct1.png
     
  18. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    What are you classing as bad packets?
    If you are referring to checksum errors then your NIC may be set to "checksum offload" which will then show packet errors in Wireshark.
     
  19. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Comodo firewall, with D+ active, will give you superb protection. It is a firewall plus HIPS with an extremely broad scope of protection and an extremely stupid AI (artificial intelligence). If you accept & adjust for the stupid AI, your computer can enjoy a nearly bullet-proof protection.

    Here is one way to get there IF & ONLY IF your computer is clean.

    1- Install Comodo firewall, inclusive of D+.
    2- Right-click the Comodo icon in your system tray then (a) set the firewall to "training" mode, then (b) set defense+ to "training mode"
    3- Right-click the Comodo icon in your system tray then click "Open"
    4- On top row of GUI (showing Summary Firewall Defense+ Miscellaneous) (a) click "Defense+". Then (b) click "My Own Safe Files". Then (c) click "ADD". Then (d) click "Browse Files". Then (e) Browse to My Computer > C > Program Files.
    (f) Then add the entire folder of each individual "clean" application to your safe files. Click "apply". (g) repeat steps c-f until you have added all the folders for all clean application to "My Own Safe Files."

    5- Do updates for all your security apps then Right-click the Comodo icon in your system tray then (a) set the firewall to "Safe Mode".

    6- Leave Defense+ in training mode for several days then Right-click the Comodo icon in your system tray then (a) set Defense+ to "Safe Mode".

    7- After a couple of weeks, Right-click the Comodo icon in your system tray then (a) set the firewall to "Custom Policy Mode", then (b) set defense+ to "Paranoid mode"
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    The above process will give you a very secure computer with VERY few pop-ups -- IF & ONLY IF your "clean" computer is truly clean to begin with, AND you stay in safe waters during the two weeks of getting set-up in this manner.

    NOTE 1: I have it on good authority (but not incontrovertible) that it is safer to categorize a file as "Safe" (My Own Safe Files) than it is to categorize it as "trusted." For example, a Trusted Application can modify any protected file without alert, while a Safe Application that tries to change a protected file will generate an alert.

    NOTE 2: As to "Step 4" in the above suggested process, this is what ProSecurity does AUTOMATICALLY during installation. To my knowledge, ProSecurity is the only HIPS that accomplishes that step for you, automatically, & thereby makes it MUCH easier to learn & use than is true for most other HIPS. Unfortunately, ProSecurity appears to be abandoned-ware, for the moment, whereas Comodo is vigorously maintained up-to-date. If Comodo were to enable autiomatic set-up, along the same lines as ProSecurity, then Comodo would be easier AND better than it is now. On the other hand, if ProSecurity's developer got to work again, ProSecurity would probably leave every other HIPS behind it in a cloud of dust. Until that happens (if it ever does) there is Comodo.
     
  20. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Data Execution Prevention?
    I have run the latest version of PC tools firewall with hardware DEP enable (for all programs) without problem.
     
  21. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    'noexecute=AlwaysOn' ?
     
  22. wat0114

    wat0114 Guest

    I beleive that's what they are. It's been quite a while since I tested on Windows. However, I use the same pc with the same NIC for the tests when i run Linux, and I see very few of these "bad" packets under Linux. Somewhere in these forums I posted on this, so I'll check for the thread a while later when I get time.
     
  23. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi wat0114,

    It would depend on driver support in linux if such offloads are allowed, but would say to disable the "checksum offload" in windows for the NIC when using wireshank.
     
  24. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Such an option would make what difference?

    Dep is enabled on all. If such execution is made, then either the DEP is bypassed or intercepted with alert, or, the program attempting such will crash.
     
  25. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.