Need some FW advice pls

After 2 weeks of using Comodo Ver. 3 FW and sadly Comodo is one of my favourite FW's out there but V3 just does not do it for me, perhaps I'm too fussy or what ever. What put me off about Comodo V3 was that it never seemed to leave me in peace and must of popped up asking me this and that more than a squillion times everytime I installed or uninstalled a program, half the time the options that it gave you was total mind boggling. I still love Comodo and still would reccomend it but unfortunately V3 just did not do it for me. I just found it was a FW that could not seem to think for itself and always asked you this and that, plus half the time I did not have a clue what it was asking me or referring to etc and half the time I cliked allowe and another deny, so who knows what I allowed into my PC and what I didn't.

Now more advice pls, my other option is to go back to the earlier version of Comodo which I think is version 2 or better still can you reccomend me a good free light firewall and something that would do the job as good as Comodo.

Thanks

 

If you do not need Defense+, just disable it and you will not have the pop-ups. It is a great firewall. I don't use D+.

 

I use 3.0 & 2.4 as well as OA free depending on which drive/image I'm on and like them all 3 You sure can't beat the price, and imo they're all much better than ZAfree (I haven't tried ZP pro). I would like to see Comodo continue to support 2.4 as an entry FW, & do a couple of things like 1) being able to BU the rulesets w/o running script. 2)Include the excellent explanation PU in 3.0 in 2.4. 3) for all fws--- Be able to "click on" a single IP network block in the log & then have an option to add a quick temporary rule at either the top of your network rulesets or a preset location of your choice to add a single IP temporary outbound allow for the blocked single IP, which would disappear when the browser is closed. (like the noscript temp script allows in FX).

 

If I disable defense will it still give/allow me protection and also how do I disable it ?

Also what's D+ ?

I might give it a second shot around and see how I go, but like I said those pop ups were driving me up the wall.

 

Dear Tomaso, you will still have a firewall, without the HIPS features. It will still ask you about incoming/outgoing connections but no more "weird" alerts about applications doing this and that.

I have said before in this forum, that Comodo shouldn't be used by people that won't read the help file, because it is useless trying to understand Comodo without reading it.

D+ is the HIPS module of Comodo. You can either disable it by right clicking on the tray icon or by opening the GUI in the page with the D+ settings (clean PC, trainning, DISABLE completely).

Trust me, use Threatfire and/or virtualization software instead, like Sandboxie or Returnil, which both have free versions. They are MUCH easier to deal with.

Good luck.

 

Thanks or your inf and help, but the softwares you mentioned is not a FW apart from Comodo.

 

Yes. What i mean, is, instead of relying on a HIPS (D+), you can use a simple firewall + Threatfire and/or virtualization. There isn't any obbligatory rule that says that you must absolutely use a HIPS module...

For example, i use Kerio 2 as firewall, Threatfire and AVG right now. Threatfire is very quiet. You could use a simple firewall and Returnil as another option. You reboot and the malware is gone.

If you don't understand well a HIPS, it's useless. I mean, Comodo, if you don't understand its alerts isn't "bulletproof" at all. It's up to you to take the right decisions.

If you don't want to make the right decisions and also get rid of the many pop ups, you can follow other ways (like behaviour blockers as Threatfire or virtualization), which are much easier to use and maybe even safer. With Returnil for example, all you have to do is reboot and even if you got a malware, it will be as deleted, as if it had never been there. Threatfire is quite competent too. Together with an AV and a firewall, you shouldn't have problems.

Bottom line. You don't NEED the No1 leak-proof Firewall-hips combo to be secure. If you want less headaches, you can be just as safe with alternative solutions. Put a common firewall (even ZA Free would be fine) + AV + Threatfire + Sandboxie or Returnil and let the malware come! If the malware manages to come through all these layers , then kudos to the malware writer!

 

P.S. : Don't let the forum discussions make you paranoid about malware. It happens to all of us, but don't be afraid that unless you have firewall with HIPS incorporated you will be infected.

There are sooo many combinations of security products that you can make and be just as safe and without having to answer to cryptic pop up alerts.

So don't be mentally "stuck" with one firewall. There are plenty of firewalls out there, specially if you run XP. Find one that you like and then combine it with other security products that you feel comfortable with. The important thing is to have security applications that you can UNDERSTAND what they are doing and what they ask YOU to do. There is no point in having Comodo for example, just because it on top in Matousec's tests, if you are not sure how it works and what it asks you. You WILL get infected, because you will give the wrong answer. So, find an easy going firewall and then add other easy security applications and you will be fine!

 

You have many different settings in CFP one of them is installation mode, which will reduce amount of popups while installing something, (see pic1)
Also you may add some files which you trust to "My Own Safe files", like you can add trusted software vendors which have digital certificate attached to their files (see pic2), all this will decrease amount of warnings, Also I advice you to run defense+ in safe mode (see pic1 move slider to "Safe Mode")

 

Also I do not trust ThreatFire much, if malware failed to trigger combination of ThreatFire behavior analysis you will not have any warning from ThreatFire, which is not case in ComodoFP

 

You will be fine with your current AV and a firewall. Just reinstall Comodo with D+ disabled and tick the box (when installing) that asks if you want leak test enabled (it says something like that). You do not require Threatfire or any other hips program to be safe.