Why I think comodo is rubbish

That is why I mentioned the possible "bypass"
I have known about that for quite a while, but it is like any other security, nothing is infallible

I agree, I know a number of legit programs that will fail due to DEP, but, PC firewall is not one of them on my setup.

 

It's not about being fallible, MS put that intentionally, for whatever reason.
The guy on the link suggests an alternative, which is hex editing. Personally, i prefer not to.

Try it. Edit the boot.ini file, trade "OptOut" for "AlwaysOn". Save and reboot.
PCTools Firewall, at least the GUI, won't work, or my computer has something weird.
There could be a warning, i don't remember. Some programs simply don't open, Windows doesn't warn.

 

Stem,

I started a thread on this here so as not to continue disrupting this one.

 

Hello,

How many connections? What about the upload?

Did you try pinging a few sites just for fun, so see if there's any difference?
Again, a snapshot of the processes usage is not enough, you have to measure over a long time.

But it is quite possible the product improved. Except that I see there are quite a bit of problems with this D+ Z- thingie.

Mrk

 

Hi,

First let me state that more people like the reputation (as best free firewall) more than learning how to master this FW (read the manual/help), also most people dissappointed in Comodo are to unsecure about their system state to just set it a week in training mode.

I do not install Comodo any more as stated iin this post on request of friends https://www.wilderssecurity.com/showpost.php?p=1255596&postcount=15, I rather install Vista Fire Wall control.

I used to be a COmodo critic, but Comodo in this mode https://www.wilderssecurity.com/showthread.php?t=207773, even without the registry improvements in combination with TF (XP, Vista 32) or PRSC (Vista64) makes an excellent security combo.

My son is a fanatic gamer (two years ago, at age of 15 he once had the highest kill stats in the Netherlands in Battlefield 2). When he installs a (legitemate) new game, sets it in learning mode. He uses it in combo with PRSC on a Vista64 rig. He is very fanatic on 'ping', but he is very happy with Comodo on Vista64. After SP1 he told me that he did not even had to compensate for delay, meaning he can aim at an opponent in stead of shooting a little in front of the guy. This means that he has virtually no ping delay.

Off course we are behind a router and have "fragmented packet filtering off", he also manually fine tunes rules of the FireWall, limiting ports/protocols. Our router only has SPI on message header level (no DPI). In speednet.tes his ping times are better (on cable) than the family PC box with only XP firewall (on wireless). In my oponion you either use a software FW for [better traffic control (DPI)[ or[ limiting ports/protocols/applications and protecting your system integrity]. When someone knows a free product offering both, without trafiic delay, please mention it (do not think it can be made that way).

I think Comodo/D+ is a great product, only limit it on intrusion detection of image, file, registry and pseudo com and use a smart behaviour blocker to deal with the rest.

I was a Comodo critic, I found 2.4 a dragon of an application, only focussed on post infection bells and alarms, V3 really protects before infection. I am now positively critical.

No it-product can compensate the lacking compentences of a user (a FW) or an organisation (a CRM application), so don't blame the product, move on to a product which suites you better. Threads like this have a post trauma healing effect on the people who have to move on. So enjoy this thread.

Regards Kees

 

Comodo is for a small group of knowledgeable users and will never have a change in the large group of average users and who is going to spend a week on configuring a firewall, it doesn't even have an automatic configuration, based on the installed softwares.
I wonder what the developpers had in mind, when they created such an unpractical firewall. So much programming work for a small group of users. No wonder it is free, no one will buy such a firewall.
The art of creating successfull softwares is making it look very easy on the screens and very complicated behind the screens. Simplicity is always brilliant.

 

Here are the connections:
http://img237.imageshack.us/img237/148/29319960id4.png

Oh, there is nothing wrong with upload speed, it's "stuck" at the levels that i put it (32).

Don't remind me of pinging. Weird things happen when i ping. In speedtest.net, i usually get 480-530 ms (!) ping. While when i ping a site manually (command line), i get around 57ms. I *think* that with Comodo some emule servers appear with slightly higher ping (+10ms?) than with PC Tools, but nothing scary. On the bright side, with Comodo i get some very high individual file speeds (could have been a coincidence though).

MrkVonic, i have been using emule for 10 years and know the CPU consumption by heart. Believe me, i know when a firewall is eating more CPU than another and Sygate on my PC eats more than Comodo. 10 years of experience are enough. I could uninstall Comodo and run Sygate for 1 hour less, with the same files in dl and Sygate would still eat more CPU Time.

D+ can be annoying but IMHO, it doesn't cause trouble if you don't make it cause trouble. After all, it's a "dumb" hips, so you decide. And if you don't like D+, you disable it...

 

I have to agree. I can pretty much use any firewall, but i remember that when i first installed Comodo 3, i was puzzled especially with D+. I didn't know what i was doing until i read ALL the help files. It also took me some time to figure out how the preset rules were working and that i could modify them and add mine. Average Joe won't bother reading help files and unless he has a very fertile imagination which will help him to figure out everything on his own, he will just think that Comodo is crap.

 

Hello,

Cheers! I've been using p2p slightly less than 10 years ... And for me, best results come from Sygate ... But like I said, haven't tested Comodo 3.

What is important is that you have a firewall that suits you and all problems solved.

Mrk


On a side note, I noticed quite a few people spell Mrkvonic with capital V. I assume that my username becomes Mr.K + Vonic in most people's minds

Which is kind of: if you don't wanna go sub-sonic, try mrk-vonic ...

 

Ideally, the firewall i would like doesn't exist. It would be a hybrid of Kerio 2 rule making and lightness, Sygate's logging and maybe D+. But, it's OK and MAYBE PC Tools is the reason that my PC reboots, i have to wait and see. So for now i stay with Comodo. One thing that i can say though, is that cmdagent, in the first v.3 releases wouldn't eat any CPU time. Now it does. Prolly with all the bugfixes they make, they touched something there too.

What annoyes me with Comodo is that they make new versions too often. It seems that there are always importan bugs around. Anyway, this version doesn't do anything odd to my PC...

Sygate used to be my fav p2p firewall too. But when i had 256 kbps line. It seems that with speed line increasing, it eats a lot of CPU time. Sygate on my dual core runs between 2-5% all the time with often spikes to 10%, which is unacceptable for me. It's the main reason i don't use OA free either. Too CPU thirsty with p2p. Cpf.exe runs at 0% most of the time, up to 1%. Comodo 3 IS a different beast compared to v.2 with p2p. It has been confirmed in many fora in the internet.

LOL! True! Sorry about that!

We could set a new internet speed limit too. Sub-vonic or hyper-vonic.

P.S.: In emule the firewall and number of file sources is only a parameter as you know. Much of the difference make the number of files in dl (put many), the hard limits, the half open connections (TCPIP patch), the new connections per sec setting etc. Some people put too low, some too high and their connections is "strangled" trying to make a gazillion connections which is actually reducing their performance in dl.

 

The problem with this type of FW/Hips is that the average user or "noob" user is the one who needs the most protection. But the average user cant answer all popups correct, even experienced users dont know what to do with cryptic alerts. If an user can exactly answer all popups then in my opinion he doesnt even need this type of HIPS because he has too much knowledgde and wont be infected anyway. So the users needing the most protection cant handle the product and experienced users dont need it.

 

Good logical thinking. I wished the developpers would have done this and put their time in something else.

 

Well, I've just uninstalled Sygate and installed PC Tools Firewall Plus. The only reason being that Sygate has a problem allowing my pda to activesync
with my pc. Short of a registry edit on my phone which I discovered is the only solution for others, ( and I can't get any replies on another forum about which reg editor to use ) I decided to try pc tools, especially since I'd downloaded it the other day and I wanted to see what it's like.
Well, it lets me activesync very easily and and generates application rules automatically, so, even better than sygate where I'm concerned.

 

But the users who cant handle it turn down every slider and turn off every advanced feature...
and feel still impregnable because of using the most advanced and secure product of all.

Cheers

 

In a Dutch PC magazine the previous comodo version with D+ disabled leaked more than old Sunbelt Kerio FireWall of PC Tools FW !

The magazine's main editor felt obliged to show this to the readers, because they (the redaction) thought this was the greatest downside of Comodo (users using wrong configuration and feeling very secured). They rated Comodo as the nr 1 FW for power users. They compared early rule/application FW's with Comodo now. A few years ago Kerio/Sygate were the best posisble software FW's, but attracted a lot of users who had trouble getting their filters/rules right. They claimed that next generation FW's now have the same riks on the HIPS part of the FW (Also doubted the rational of a leakless FW, when after a router with build in FW and running LUA in Vista). They also claimed that IE7 in protected mode was safer than Firefox or Opera (when running in Vista).

 

Not a surprise. Without D+, Comodo has no particular security whatsoever. It can't even warn about application changes (something available even in Kerio 2, because keeps MD5 hashes).

There is no reason why one should use Comodo over other "simple" firewalls, with D+ disabled.

 

Ah okay, now I know why Nero8 doesn´t work. My mood becomes more and more bad towards UK!!

 

That was the problem myself and others had with it as well and why I won't use it. Apparently the Defense+ is not a big fan of video game emulators. I tried to make rules to allow my Mame32 emulator, to no avail. So I figured I'd just disable Defense+ all-together temporarily and that's when it really flipped out. Everything on my computer was supposedly "not a valid Win32 application" then.

IMO Comodo 3 is still a buggy program and I wouldn't recommend it to anyone. The 2.4 version is a very good, stable firewall. I would go back to it in a pinch.

 

Agree, still beta now since 3.0.25 with Adware Askbar.

 

Well said. I think default install of CFP should have two options:

1- Dummy mode - no pop ups, no Defence plus, all automatic like Norton FW
2- Advanced mode - with all Defence plus n FW pop ups

And ... Yes, no tool bar in either case.

 

Is it really true? That,s so bad.

I am curious if this issue has been discussed at their forums.

 

I haven't tried to verify it, but is known, that Comodo with D+, doesn't keep application hashes, because D+ is supposed to monitor in real time any such changes and block them. So, i think that one can logically expect, that Comodo without D+, can't "see" application changes, because has neither hashes nor D+ monitoring in real time.

And yes, it is bad. But as i said, if one was to use Comodo without D+, then there are other better and lighter firewalls out there.

 

I would not complain to much about D+, every better FW have integrated HIPS like feature, D+ is transparent and you can clearly see what is it doing, problems can be with other FWs where HIPS is not transparent so when you disable it some parts of it are still active (e.g. self protection), D+ can be tweaked to protect every single part of your system or non at all or some, users decision.
Default set of protected area should be taken as a template, nothing more and nothing less.

 

It's what i said earlier about Defense+ not being completely off.

Change explorer rule to ask in Defense+, and modify firefox.

 

I found a bug in latest 3.0.25, Vista 64 sp1. When Taskeng accessing wsqmcons
if you click on details Comodo crashes totally. Probably a critical thing.
I reinstalled backup, now the first time that Comodo works with ease, except this bug,
no compromise actually, keyhooks are prevented, great.

Additional info: GUI crash also happens with other pop ups, just click on details of the right process,
CPF 3.0.25 will crash.