Avast Firewall or Comdo Firewall & Defence +

Discussion in 'other firewalls' started by AMD, Jul 19, 2012.

Thread Status:
Not open for further replies.
  1. AMD

    AMD Registered Member

    Joined:
    Jul 9, 2012
    Posts:
    88
    Location:
    UK
    Hi,

    I started off with Avast IS7 with the firewall disabled and Comodo Firewall and Defence + but now I just have all Avast active.

    Just wondering which performs better.

    I must admit I did like the pop ups in Comodo advising changes etc as it always seemed more comfortable seeing something is protecting you rather than silently working in the background. I have Winpatrol + too which has alerts every so often which again I like but I am not sure I am getting rthe best out of it - some reading up required !

    Any comments appreciated.

    Andy
     
  2. KelvinW4

    KelvinW4 Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    1,199
    Location:
    Los Angeles, California
    Well if you have D+ and the firewall you will be pretty well protected. If you want to use Avast's firewall it is okay and will strain less resources at the cost that you will be a bit less protected against zero-days.
     
  3. Technical

    Technical Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    471
    Location:
    Brazil
    Defense+ is a HIPS program + Comodo firewall. Works at deny all policy. Popups.
    avast! is an antimalware + firewall. Silent.
     
  4. Vladimyr

    Vladimyr Registered Member

    Joined:
    Feb 11, 2009
    Posts:
    461
    Location:
    Australia
    You can easily make avast! Firewall more 'talkative' by changing these settings.
     

    Attached Files:

  5. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    But it keeps a fw, not a full HIPS.
     
  6. Technical

    Technical Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    471
    Location:
    Brazil
    Yes. There was never in the plans to become a HIPS :cool:
     
  7. pintas

    pintas Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    171
    It is my humble opinion that Comodo is better... period. :)
     
  8. Phractal

    Phractal Registered Member

    Joined:
    Jul 24, 2012
    Posts:
    15
    Hi all,

    I just stumbled over a few threads (old threads to be honest, February, March) saying that Comodo and the new Avast! do not work together correctly on Win 7 x64 OS.

    Is that still an issue or has it been resolved? If it still is an issue, is there a workaround or any recommandation for a different AV and FW setup?

    Thanks!
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Comparing Comodo's firewall to Avast's is akin to comparing "apples to oranges."

    Do the research and read reviews from reputable sources on both products and make your decision accordingly.

    Finally, you can run Comodo's firewall standalone with any other AV of your choice. Avast's firewall is part of it's Internet security suite which is a for pay product by the way.
     
  10. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    FWIW, I've been periodically looking for signs that the Comodo Firewall shortcoming on Windows 7 has been resolved. Unfortunately, I've only seen more recent comments which indicate that it still exists.
     
  11. Lou Knee

    Lou Knee Registered Member

    Joined:
    Jun 1, 2012
    Posts:
    10
    Just an FYI for all concerned.
    Perhaps spread the word.

    The Win7/Avast/CIS "shortcomings" "issues" "weakness" etc.
    Is NOT an issue for Comodo to "fix", Nor is it an Avast "issue" to fix.
    (Get that from reading both forums.)
    They are both right.

    The real problem is lack of user education and understanding of the OSI model and the two disparate technologies, they seem to insist on "layering".

    Avast isn't going to change their Web Shield to accommodate a proper Network Layer Firewall. You could pay for their "firewall" for that.
    And Comodo won't (I hope) tamper with their Firewall to accommodate Avast's Application Layer proxy/tunnel.

    Hope this helps to clear up this ongoing confusion, or at least spur some educational reading.
    I will for now withhold my opinion of Web Shields and Web Scanners.

    Lou
     
  12. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    And Comodo won't (I hope) tamper with their Firewall to accommodate Avast's Application Layer proxy/tunnel improve its ability to perform its function when Avast 7 or any other piece of software uses WFP to perform such redirects.

    FTFY. Is better, no? Comtraya!
     
  13. Kirk Reynolds

    Kirk Reynolds Registered Member

    Joined:
    May 8, 2011
    Posts:
    224
    Well, you can include Windows 7 firewall as well. The Web Shield renders it useless.

    So is it a MS Windows 7 problem or an Avast problem? :D Avast isn't going to change their Web Shield to accommodate....(you get the picture)

    It's pretty obvious where the problem lies.
     
  14. Lou Knee

    Lou Knee Registered Member

    Joined:
    Jun 1, 2012
    Posts:
    10
    Is better? No. ;)

    Comodo is a rock solid proper firewall. In regards to these issues (non issues) there is nothing to fix/improve.

    You can not set up what is in effect a tunnel, then expect a downstream app to provide granular control within the tunnel.

    This situation is like a textbook example of the sort of cockup one would have trying to run 2 firewalls simultaneously.

    The user must decide. What do I value more, Web Shield or granular application control in the Firewall.
    You can't have both, at least with the current implementation of Web Shield.

    @Kirk
    Thanks for pickin up what I'm puttin down.

    Lou
     
  15. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    IIRC (check me) these problem combinations were mentioned:

    Comodo Firewall + Windows7 + Avast7 with new WPF redirect
    Windows7 Firewall + Windows7 + Avast7 with new WPF redirect
    Private Firewall + Windows7 + Avast7 with new WPF redirect
    Windows7 Firewall + Windows7 + Avast6 with old TDI redirect
    Windows7 Firewall + Windows7 + Avira (not sure how it redirects)

    If Avast7 or Avast6 or Avira can contribute to a problem scenario, then any number of other software programs can contribute to the problem. If that isn't obvious, perhaps worth considering is Lukor's "The method we use is fully supported and documented and from several meetings with other companies I know for sure there are several (if not many) major products out there that use the same - so I guess such fix in Comodo will help not only Avast users but also many others." comment from http://forum.avast.com/index.php?topic=93953.msg759534#msg759534.

    So lets add to the above list three more:

    Comodo Firewall + Windows7 + OtherSoftware utilizing WPF redirects
    Windows7 Firewall + Windows7 + OtherSoftware utilizing WPF redirects
    Private Firewall + Windows7 + OtherSoftware utilizing WPF redirects

    I don't know anything about Private Firewall but I'm guessing that it, like Windows7 Firewall, simply is not as "full featured" as Comodo Firewall and thus we're talking about at least two different classes of firewall and somewhat different problem scenarios. Bottom line though, I think it should be apparent from the above that Avast is not the problem. Avast could be wiped from the earth and the problem would/could still arise.

    The problem, I would say, lies in one or more of the following:

    1) Redirection itself and how that impedes a firewall's ability to identify the source(s) of traffic
    2) The firewall not utilizing all available means of acquiring the visibility that is required to cope with the redirection
    3) The OS APIs (in Windows7 at least) not being sufficient to allow firewalls to gain the visibility that is required to cope with the redirection
     
  16. Lou Knee

    Lou Knee Registered Member

    Joined:
    Jun 1, 2012
    Posts:
    10
    Quote from lukor

    "Concerning the fix from avast! side: I doubt we would fix this, making changes in the code, so that other firewalls block our traffic is exactly the opposite what we try to do."

    hmmmm...


    Why would Comodo rewrite their free Firewall adding layers of unnecessary complexity/bloat in order to support techniques/apps that they feel are useless in the first place?

    Lou
     
  17. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    Non-issues? <jackvoice>Oh for crying out loud...</jackvoice> This is a security vulnerability Lou.

    Lets not favorably confuse things by painting it as a tunnel where the firewall could only examine downstream traffic. A firewall should have whatever visiblity it NEEDS to have in order sort out this type of OS supported redirection and there are various opportunities (upstream and downstream of the local proxy) for it to monitor what is going on.

    This isn't Web Shield specific, but fine lets leave that as an example. This is software. A bit narly scenario perhaps due to multiple parties being involved, but it surely can be resolved. In fact, now that I think about it, I think I saw messages at the Comodo forum that it actually has been sorted out on the Windows 8 version.
     
  18. Lou Knee

    Lou Knee Registered Member

    Joined:
    Jun 1, 2012
    Posts:
    10
    oops posting at same time.

    Before this gets any more messed up.
    We must clarify where we're coming from.

    A CIS user who opts to use Avast as AV.
    vs.
    An Avast user who uses only Comodo firewall with no other features.

    Big difference when claiming security vulnerability.

    Lou

    PS. IMO, If it is different in CIS6 or for Win8, that will be good and probably due to some of what you have alluded to, but I can be fairly confident that the changes weren't done specifically to appease Web Shield/Scanner fans. The Comodo camp views them as wasted cycles.
     
    Last edited: Jul 30, 2012
  19. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    Well in terms of the firewall component having a security vulnerability (which is what I'd call this), I don't see there being any difference. Obviously, though, additional layers of Comodo (or other) protection (if enabled and not overridden) should prevent various threats from achieving a foothold on the system and attempting to redirect-hamper the firewall and/or bypass an existing redirect-hampered firewall. However, someone could for example install CIS and setup firewall rules to lock down software they have installed on their Windows7 machine and then go on to switch over to Avast AV or install some other considered safe software that happens to use redirects. Since that software is desired by the user they will assure it gets installed and once its redirects are up and running the user could possibly lose some protection they had previously setup.

    Well that's fine. The Comodo camp is entitled to its own opinion and need not have a favorable opinion of WebShield type arrangements. Professionally speaking, however, I would expect them to work very hard to resolve the general redirect issue we're talking about. If that requires some help from Microsoft, I would expect them to do their best to get Microsoft involved. This I would most certainly do if I were in their position.
     
Loading...
Thread Status:
Not open for further replies.