Any thoughts on this Comodo review?

Discussion in 'other firewalls' started by ZeroDay, Feb 5, 2012.

Thread Status:
Not open for further replies.
  1. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    693
    Location:
    Hogwarts.
    Hi, I came accross this review last night and alough I take Pc mag reviews with a shovel of salt I wonderd if anyone had any thoughts on it?

    http://www.pcmag.com/article2/0,2817,2399024,00.asp

    In paticular this:

    And this:

     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    based on just what you quoted comodo was not configured securely. had it been the result would have been different.
     
  3. ZeroDay

    ZeroDay Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    693
    Location:
    Hogwarts.
    I agree, to me the whole review is nothing short of a dig at what I consider one of the best firewalls availble.
     
  4. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    This is what a dev said in CIS forum:

    If you active the proactive configuration you won't have this problem and the firewall will alert you if I remember well.
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    I have run Comodo both on XP and Win 7 x64.

    Under XP, their simply is no better firewall when it comes to protection. Under WIN 7, I have to say it is far from the best alternative. Under WIN 7, I was infected multiple times both under the default Defense+ configuration and under the stricter and more "chatty" maximum proactive configuration.

    I am an IT pro and I know how to configure firewalls. I do know Comodo ver. 5 has problems properly configuring security properly for both IPv6 and Teredo tunneling. Both these are used extensively in WIN 7 for internal activities.

    There are two primary components to Comodo, the firewall and the HIPS.

    The firewall under default set up provides full port slealthing and IPS protection as pointed out in the PC Mag. article. So does the default WIN 7 firewall. It also allows all outbound activity for trusted publishers with valid certificates. Given the fact that certifcates have been hacked and/or stolen, this method of default approval is no longer safe. The issue I found most disturbing was the rules it created for this activity. Comodo would create a rule for example allowing all outbound TCP activity for example rather than restricting it to port 80, etc.

    The Defense+ HIPS under default configuation offers basic intrusion protection; far from what is needed for today's exploits and rogues. It's sandboxing feature although automated to a large degree did have a habit of messing up many of my software installations. It also had a habit of leaving residuals in the sandbox without a way of deleting them.
     
  6. LMHmedchem

    LMHmedchem Registered Member

    Joined:
    Feb 8, 2012
    Posts:
    28
    I am interested to know if these win7 issues can be addressed in comodo with whitelisting. Couldn't you configure to allow only TCP connections on port 80, etc? Using ZAISS for a long time, I only have about 4 apps that are allowed to connect to the internet without permission, and most other apps are blocked. I haven't had to allow anything to act as a server (without asking permission for the connection). This includes svchost, which I have to allow a few connection requests on at startup for my printer, local host, and such.

    I am looking for a new firewall and what I would prefer is to see the attempted connection requests and be able to check out the domain and port. Then I could set up a specific rule. Better yet, the fire wall would check the digital sig of the app and only allow the rule if the sig matches when the app was approved. If not, it could alert. I know that ZA has some of those functions, but I have never been able to figure out how to write rules for app>IP>port and disallow everything else. I am wondering if I can do that in comodo?

    In my opinion, most apps have no reason to ever connect to the net. I have almost 700 entries in the program control list, and only 4 that are allowed to connect without permission. If apps do want/need to connect, I should know where they want to connect to and be able to restrict access to that location. My hardware firewall allows for some control like this, but of course it is not application specific.

    LMHmedchem
     
  7. Dundertaker

    Dundertaker Registered Member

    Joined:
    Oct 17, 2009
    Posts:
    385
    Location:
    Land of the Mer Lion
    That review was done with a wrong configuration. The reviewer should have went on to check first in the Comodo forums about the problems he has encountered and included that observation with the fix.
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Last time I tried Comodo (agree it was long ago), even in the most secured setup, one still had to select some advanced options manually in the firewall to improve its filtering mechanisms. Given the attention which is given to the HIPS part of Comodo, it is only logical they have trouble picking up IPv6 filtering.

    Edit: I see that the default has improved (at least blocks fragmented packets now), but the advanced options are not selected (to increase performance).
     

    Attached Files:

    Last edited: Feb 12, 2012
  9. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    I didn't read the review closely enough to confirm, but Neil usually installs security software with default settings since that's what most users are likely to do. I've used the Comodo Firewall on and off and while it may be possible to make it bullet-proof it does require quite a bit of user knowledge and participation. There's nothing wrong with that for advanced users but I think average users can't handle it. Note that it still scored 3.5 out of 5 stars (or dots or whatever they are :) )
     
Loading...
Thread Status:
Not open for further replies.