Are commercial firewalls going to suffer?

How does it take more people to develop a firewall for lots of users than one for say, less users? Surely it would take the same amount of developers (roughly speaking).
The good thing about support forums is you get help from non employees too (like here at Wilders). People give their time and experience freely and the only 'personal gain' for them is helping fellow users.

I'm not saying that Comodo would turn down a multi million dollar offer from Microsoft (for arguements sake!) and that Microsoft would start charging but the guys at Comodo certainly state strenuously that there will be no charge for it. Not that a charge would put me off if I felt that the product was good.

 

The requirements for a firewall are increasing as time progresses - a few years ago a basic packet filter would do. Then application filtering became necessary. Then checksumming of files to detect modified programs. Now a firewall needs to handle DLL/code injection, memory modification, DDE/OLE automation and Active Desktop modification. Not only do these features add extra work, but they increase the prospect of conflict (and hence the need for workarounds) with other software.

In addition you have support to consider - this will tend to scale linearly with user numbers. User/volunteer-run forums can only go so far.

 

Hi Paranoid2000,

I hope those checksums are stored safely

I highly respect you. You know far more about firewalls than me !
What I'm wondering about is:
Is this what we want from firewalls? Isn't it more and more for some time going the way of a suite?
Like "Crash Dummy" said when some folks said that they were trying to make a new AtGuard: keep it simply and stupid.
Couldn't it be possible that a firewall is just that? That way you could choose your additional programs if you want (ProcessGuard, Reg/App-defend, SSM, etc). Just like you choose your AV, AT, etc., instead of going for a suite.
Of course there could be that too many kernel drivers issue.
Well, more questions than I can answer...

 

That depends on who the "WE" in your statement is referring to. A casual user doesn't want to spend their time assembling a security suite. They want a whole package. A casual user doesn't want to figure out child-parent dependencies. They don't want to know what all the executables on their systems do. They want to use a PC for whatever they enjoy and let a security suite protect them. This holds true for most people. Outside of the security forums, you don't find too many people who want to pick and choose security components. Single purpose apps tend to target those who know how computers and security apps function. The better ones are difficult to work with if the user doesn't have computer knowlege. Two different markets with different users.

It's still completely possible. Many of the additional functions Paranoid2000 described are done by a HIPS component in the firewall suite or a similar component. There's something of name game involved, with HIPS being one of the new "buzzwords" for an idea that's been around for a while. It used to be called application firewalling. Behavior blocking is also similar. There are no official definitions for any of them that I know of, which makes it even more difficult to choose components. I don't recall System Safety Monitor being called HIPS when I first started using it. Personally, I'd rather they got rid of all those abbreviations and fancy sounding acronyms and start calling apps names that accurately reflect their functions. It would be better for users, especially those who don't spend their days at security forums.
The kernel driver issue is a big problem, especially when a user doesn't know whether a particular security app hooks the kernel or not. As a general rule, simple firewalls (ones that control internet traffic) don't need to hook the kernel. HIPS software usually does. Firewalls with HIPS components (or components using another name but performing a similar function) usually do. You can use a good stable packet filter to handle the internet traffic control and add a separate HIPS to control the DLL injection, driver installing, etc. The hard part is determining which are truly single purpose apps and which are suites. There are few rules for picking components that don't conflict. Most of the time, it's trial and error, and a combination that works well on one system may not work on another. If you do decide to put together your own security package, have a good backup program so you can restore to a previous state if a combination does work the way you want. If you plan on using a firewall and a separate HIPS program like SSM or PG, start with selecting those components, then fill in from there. They'll be the heart of your system.
Rick

 

Ah righto, thanks for the insight Paranoid2000. Might be the case that add-ons may be the way forward instead of complete rebuilds but then I know zero about what's involved.

 

Nicely put... Paranoid2000

 

A little more, now quoting crashdummy and Joseph.
http://www.atguard.net/support/forum/viewtopic.php?t=1796

crashdummy:

Joseph:

As a side-note:
1. I do use NISFileCheck on both W98SE and XP-home.
2. I still use AG at W98SE.
3. I still have some hope that a new AG might come ...

 

There's certainly room for debate on exactly what a firewall should do!

If we accept that a firewall's role is to allow rules to be set on network traffic, then it is a fairly small step to say that application filtering is required (e.g. the ability to let Firefox or Opera send traffic to port 80 on a webserver while blocking Internet Explorer from doing so). Once you have application filtering, then you need verification that the application is what it claims to be (hence fingerprinting/checksumming) and that it has not been tampered with (DLL/code injection control, etc).

The ability to resist termination/tampering and/or to alert and disable the network connection if such tampering does occur is highly desirable.

Where things start moving firmly into the security suite territory in my view, is when Windows system control is added (global hooks, low-level memory, keyboard or disk access) or file/registry access monitoring. However given that these techniques could be used to disable a firewall (or other security software), it is very likely that most products will add such features anyway.

Getting back on-topic, there is one measure that Comodo could take to guarantee that their firewall will always be free and available for use - make it open-source and release it under the GPL (or a similar) licence. If the intention is to keep it free indefinitely, then this is a small step to take (they would still retain copyright).

The current system where users have to apply for a licence allows Comodo to change their policy at any time - even if their firewall says it has a lifetime licence, how can users be sure that there is no hidden expiry date? This applies to any closed-source product so is not an attempt to single out Comodo, but vendors charging for their wares have more incentive, legal and financial, to stay consistent about licence duration and limitations.

 

OK, thanks Paranoid2000 and herbalist for your thoughts; appreciated !

(PS: maybe I'll go with the new Outpost when gold. I haven't yet decided.)

Anyway, I don't want to hijack the thread further with that more general discussion.

 

I think that the popularity of Comodo's free firewall has to affect paidware firewalls.
Most users will take a quality free program over payware.
There have been a lot of good points brought up about history of freeware programs and lifetime licenses etc...
IMO Comodo is more likely to stay free because of their commercial programs.But nothing in life is guaranteed.Except of course,death and taxes.

 

I recently got a dell and it came precustomized with Norton for 6 months. The 6 months are now up and I'm wondering whether I should replace it with Comodo even though the firewall in Norton still works great. I read Comodo has a whitelist, I wonder if it is as good as Norton's.