Any thoughts on this Comodo review?

Hi, I came accross this review last night and alough I take Pc mag reviews with a shovel of salt I wonderd if anyone had any thoughts on it?

http://www.pcmag.com/article2/0,2817,2399024,00.asp

In paticular this:

And this:

 

based on just what you quoted comodo was not configured securely. had it been the result would have been different.

 

I agree, to me the whole review is nothing short of a dig at what I consider one of the best firewalls availble.

 

This is what a dev said in CIS forum:

If you active the proactive configuration you won't have this problem and the firewall will alert you if I remember well.

 

I have run Comodo both on XP and Win 7 x64.

Under XP, their simply is no better firewall when it comes to protection. Under WIN 7, I have to say it is far from the best alternative. Under WIN 7, I was infected multiple times both under the default Defense+ configuration and under the stricter and more "chatty" maximum proactive configuration.

I am an IT pro and I know how to configure firewalls. I do know Comodo ver. 5 has problems properly configuring security properly for both IPv6 and Teredo tunneling. Both these are used extensively in WIN 7 for internal activities.

There are two primary components to Comodo, the firewall and the HIPS.

The firewall under default set up provides full port slealthing and IPS protection as pointed out in the PC Mag. article. So does the default WIN 7 firewall. It also allows all outbound activity for trusted publishers with valid certificates. Given the fact that certifcates have been hacked and/or stolen, this method of default approval is no longer safe. The issue I found most disturbing was the rules it created for this activity. Comodo would create a rule for example allowing all outbound TCP activity for example rather than restricting it to port 80, etc.

The Defense+ HIPS under default configuation offers basic intrusion protection; far from what is needed for today's exploits and rogues. It's sandboxing feature although automated to a large degree did have a habit of messing up many of my software installations. It also had a habit of leaving residuals in the sandbox without a way of deleting them.

 

I am interested to know if these win7 issues can be addressed in comodo with whitelisting. Couldn't you configure to allow only TCP connections on port 80, etc? Using ZAISS for a long time, I only have about 4 apps that are allowed to connect to the internet without permission, and most other apps are blocked. I haven't had to allow anything to act as a server (without asking permission for the connection). This includes svchost, which I have to allow a few connection requests on at startup for my printer, local host, and such.

I am looking for a new firewall and what I would prefer is to see the attempted connection requests and be able to check out the domain and port. Then I could set up a specific rule. Better yet, the fire wall would check the digital sig of the app and only allow the rule if the sig matches when the app was approved. If not, it could alert. I know that ZA has some of those functions, but I have never been able to figure out how to write rules for app>IP>port and disallow everything else. I am wondering if I can do that in comodo?

In my opinion, most apps have no reason to ever connect to the net. I have almost 700 entries in the program control list, and only 4 that are allowed to connect without permission. If apps do want/need to connect, I should know where they want to connect to and be able to restrict access to that location. My hardware firewall allows for some control like this, but of course it is not application specific.

LMHmedchem

 

That review was done with a wrong configuration. The reviewer should have went on to check first in the Comodo forums about the problems he has encountered and included that observation with the fix.

 

Last time I tried Comodo (agree it was long ago), even in the most secured setup, one still had to select some advanced options manually in the firewall to improve its filtering mechanisms. Given the attention which is given to the HIPS part of Comodo, it is only logical they have trouble picking up IPv6 filtering.

Edit: I see that the default has improved (at least blocks fragmented packets now), but the advanced options are not selected (to increase performance).

 

I didn't read the review closely enough to confirm, but Neil usually installs security software with default settings since that's what most users are likely to do. I've used the Comodo Firewall on and off and while it may be possible to make it bullet-proof it does require quite a bit of user knowledge and participation. There's nothing wrong with that for advanced users but I think average users can't handle it. Note that it still scored 3.5 out of 5 stars (or dots or whatever they are )