Matousec, Comodo & PC Tools

Hi All

A confession, I am not very knowledgable, that is why I come to this forum to ask the following questions in the hope someone can explain and clarify my confusion.

In the latest Matousec tests, Comodo Internet Suite vies with PC Tools Pro Firewall for first place, which suggests that each is as good as the other (insofar as the tests are concerned)

The heart of my confusion lies in the fact that CIS is a Firewall, Antimalware D+ and an antivirus AND yet PC Tools Firewall Pro is just that a Firewall.

1) So how does a Firewall only, manage to achieve comparable results to that of a Suite (CIS)?

2) Does Matousec, test only the Firewall component of participants? If not see 1) above?

3) If Matousec tests involve all three sections ie Firewall, Malware and Antivirus how does PC Tools Pro square the circle?

4) How is PC Tools Pro as an an alternative to comodo Firewall and D+ in real life?

Any commentary to help me assess the two products, and to some extent, how two different products can achieve glory in the same tests would be appreciated

Terry.

 

This test are only testing the HIPS component of each application, so is not a firewall test or an antivirus test
http://www.thefreecountry.com/security/hips.shtml

 

Hi guest

Thanks for that, so on that basis (of your reply) PC Tools = Comodo D+?

Terry

 

PC Tools is buggy. Comodo has an insane amount of pop-ups and is rather annoying.

 

PcTool is a firewall + HIPS

Comodo is a Firewall + HIPS (defense+) + AV(optional)

I would recommend comodo they have just release V4 but is better if you use the old one 3.14 since the v4 have many bugs.

Also you can try Online Armor or Agnitum Outpost, both firewall + HIPS.

 

Hi

Thanks to everyone replies very helpful

Terry

 

I suppose if you are running 64 bit Windows you can throw those results out the window. Correct?

 

funny sentence... english for runaways?

 

Not anymore in the latest edition.

 

Well, more or less but you have more guarantees if the 32bit version is better
They will release a win7 x64 test soon.

 

" insane "..... is what an HIPS must do.

 

That will be interesting. Thanks for the heads-up.

 

Drives me crazy when people just drive-by post like this.

I've been running PC Tools Firewall Plus for quite some time now and have had ZERO ISSUES with it.

Please explain what you are referring to as "buggy".

 

Sad thing is I had over 6 months experience with it. Its buggy. You can read about random net lag, wireless net loss, the GUI lags, and I know for a fact that there is an issue with allowing uTorrent through the FW and PCTools following that rule.

Now explain to me how you think that because YOU dont have issues with it doesnt mean that the software and user base of PCTools Firewall as a majority doesnt have issues?

 

I didn't say no one had issues with it. I stated I had not had any issues with it and I also questioned your driveby post without details.

I have personally not experienced any of the issues you posted and currently have uTorrent running in the background with no issues after configuring it. As you can see by the attached image, uTorrent is always in OK mode with the rules I have configured in PC Tools Firewall as well.

 

if i remember correctly, v5 i think won the best performance firewall wen it came to network throughput the last time matousec did a performance test. so idk bout the net lag part. and i also agree that ive never experienced a serious problem with PC Tools FW. seems to be more system conflict then general bad programming and will only be solved over time as its exposed to diff software.

 

So Matousec got lucky and didnt have a system conflict.

 

lol

C'mon now...

 

lol, haha

 

Things to note based on Comodo CIS3/4 and PC Tools 6 trials

Granularity of PC Tools HIPS
An issue in my eyes is the fact that PC Tools groups intrusions into groups in novice (default) mode. When you allow one type of intrusion, you automaticcally allow thee others becasue they are in the same group. In the expert mode, you can obtain this granular protection. So PC Tools in expert mode is fine. Problem is that it will generate some more pop-ups. You have to use the English version, because these detailed information pop-ups are translated by amateurs or by professional morons. I am a enthousiast amature in relation to security, with a professional background (more than 20 years ago) of a system developper / data base administrator / network (transaction protocol monitors) admin / security (RACF) admin on mainframes. I really did not understand the warnings of PC Tools when running it in Expert mode (the Dutch version). The Dutch PC Tools version learned me pseudo words which are not in Wiki or dictionary neither could I releate them to my old experience. So I removed the Dutch PC Tools version and replaced it with the English version. Those pop-ups are okay (not terribly explaining when you relelate it to the actual intrusion of the tests/PoC I was running it against). When you use PC Tools only use the version with offical content management of the pop-ups, being UK/US version.

Comodo
There was a nice German website, which was called "illusive security". (ScheinSicherheit). It is not actual anymore, but the idea was to test default setups and see how good they are (trying to take user interpretation mistakes
into account and testing what really was covered on intrusion trigger level).

Comodo (3.xx) in its default setup would have been highly critised, because it provides a high level of fake security. For instance when you are not installing in the highest security mode, Defense plus (Comodo's HIPS) generates default rules from the setup mode you have chosen
F.I.
Originally the default mode applies a ASK for rule 5, 6, 7 and an allow for the another 10 rules. When you decide that you would like to check on rules 10, 13, 15 and 16 and a programs was detected by rule 16, one would assume that Comodo generates a rule which has an ASK for rules 5, 6, 7 (the default) and 10, 13 and 15 (ones you added), only giving the triggering rule an allow (on rule 16 in this example). Wrong Comodo generates a rule with rule 5, 6 and 7 set to ask and all other to allow. So this really is a feat of illusionist security (I guess Ury Gueller would have been impressed with the disappear trick of you own added rules). Yes I have discussed this with Comodo, I did not bother. Aigle very much tred to convince the Comodo developers this was a joke, but they showed no interest.

Due to change of concept, CIS4 will be more easy on these types of mistakes, but the D+ rules generator still works in the same way. Meaning the mistake is the same, but due to the Sandbox the effect is less dramatic. The beta CIS4 also had some strange choices for compatibility reasons (e.g. one of the virtualisation mechanisms was not on). The concept behind CIS4 finally is making some sense (making it easier to use), but it still is a half limped vision implementation. Some developers have absulute clear company values which are translated into the programming practises. For an individual programmer this makes it easier to code within the general vision of the product. Also on matters which are not thought out before hand. When I tested CIS4, it noticed it still has the totalist way of dealing with criticism and that when you really try Comodo, you can see that same type of intrusion are handled differenty in various parts of the Defense+ part. That said I really think CIS4 is a big usability jump compared to CIS3. For a freebie it is a great product. Still the quality issues of Comodo are really reducing the trust I have in a product (compare Comodo with DefenseWall on x32 or with Online Armor and you will see the quality differences of a single guy and a small dedicated team, versus the herds of programmers Comodo has in various low wage IT countries).

Advice
Since CIS4 is still early days and the trouble some quality Comodo usually delivers, I would not advise Comodo (think about their malware scanner which was retracted few days after launch, due to its ability to trash systems after having 'helped' the user to remove malware). But to be honest, despite the high ranking in Matousec, I would not advice for PC Tools in novice mode either. Instead have a look at DefenseWall and/or Online Armor when you really not into firewalls/HIPS the first place. The other option is to try ThreatFire and select the default rule for outbound control, Since you are behind a router/FW, you can disable GhostWall or Windows Firewall, since you are connected by wire AND trust the other family users in your home network. When the latter is not the case I would opt for Windows FW, since it is up to date with the latest Service Pack. I also like Outpost free very much, becasue of the smart way they have implemented the HIPS (with Outpost the grouping of HIPS protection is really well chosen, the groups are chosen on their impact of an intrusion, so when you fully enable the OS/HIPS group with vulnarable Windows spots (forgot the exact name), the chance that your AV can't cure any intrusions is very very very low (near zero). Sitill Outpost is better off in the hands of a HIPS enthousiast. OA and DW are more ease of use champions (with DW version 3 the easiest one)

Regards Kees

 

Hi Kees, thanks for your so complete analysis. Let me know: if I use CIS - as always I've done - only in the highest level and settings for the HIPS and the fw, the security issues in CIS that you described have not space, they don't exist ? So I understood your words, and so I believe on the base of my long CIS using ( in high configuration ). Is it ?

 

Thanks sir Kees for your analysis and classification. Outpost Firewall is very very good. Atlest for me but for the multi-user PC. I think I'm going to change Outpost because of lack in information in pop-up as other user of multi-user pc is just click ok without knowing what it is. Even I put Outpost in leaning mode. After leaving learning mode, some components is ask for access. I try defensewall (v3 which have a firewall) and very very easy to use but its not free.

Now looking for an alternative one...

 

I used free Comodo & PCTools Firewall without any problems!

 

Blacknight,

Yes when you have setup CIS in highest security mode your are fine (a default will generate an ALLOW or DENY depending on your choice, plus all other defense+ rules on ASK).

 

It is no problem in the way you will get a blue screen. Only when you choose those HIPS/FW's depending on the matousec tests and you install it in the default mode, you won't get the protection you thought you would get. I am merely saying it is beter to use these products with the highest settings and for PCTools use the English language version.

The Dutch Comodo translation is not the best. They also translated typical IT-terminology into Dutch, but at least seemed to have crossed checked the translators better (or had teh luck of more knowledgeable translators).