Can I have Comodo Firewall Pro and Windows Firewall on?

Discussion in 'other firewalls' started by cheater87, Mar 3, 2008.

Thread Status:
Not open for further replies.
  1. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Incase Comodo fails to start up for some reason I can still have windows covering me.
     
  2. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
    Comodo recommends that you disable the Windows Firewall.

    thanatos
     
  3. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi Cheater:

    Let me ask you to do some experiments with your CFW version ?.

    When CFW comes to life does it automatically turn win fw off?
    When CFW is shut down does it automatically turn win fw on?

    Turn on win fw and CFW and do a restart and check in task Manager what is on/off.

    It is my understanding from reading the experts here and elsewhere that having 2 FW's active at the same time is a bad idea since they may conflict and even neutralize each other. But if you challenge that notion , I can't prove it.

    The CFW forum guys should know right?

    IMHO your worry should be why is CFW not starting?

    See ya:thumb:
     
  4. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Next time the pop up comes up I will do a screen capture.
     
  5. clint7

    clint7 Registered Member

    Joined:
    Jun 26, 2006
    Posts:
    27
    Location:
    Ky. USA
    No, Never have 2 firewalls on at the same time. Only have 1 installed besides Windows Firewall. Run Comodo Pro install to your desktop or external harddrive. Disconnect from the internet. Go :cool: to security and Windows firewall settings and turn off Windows Firewall. Then run install of your Comodo Pro firewall. Every thing should be ok after that. Some programs will automatically turn off Windows firewall upon installation but all will not. So to be safe do the steps above. By the way you might want to look at the Online Armor Firewall before installing Comodo.:thumb:
     
  6. sded

    sded Registered Member

    Joined:
    Jun 4, 2004
    Posts:
    512
    Location:
    San Diego CA
    Many of us have had both Comodo v3 and the Windows firewall on at the same time by accident. The Comodo installation didn't turn it off automatically, so stayed on until noticed. Don't know if it still does that now, but there were no problems having them both on at the same time. Real issue is that the Windows firewall is applied out in front of Comodo, so the "allow" type rules in Comodo may or may not work for you since stuff is blocked by the Windows firewall. May be some other problems too, but I never ran into any or saw any other complaints. It is certainly easy to turn it on for a while and see. :)
     
  7. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,133
    Location:
    USA
    I think you hit on the key issue - how the two firewalls affect each others' performance is unknown. Just because there isn't an obvious problem doesn't mean the firewalls are working properly.
     
  8. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Generally using two software firewalls at once slows things down and can mess up your system in all sorts of ways.
     
  9. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    As already pointed out by others (Escalader), in case Comodo fails to start it is most likely that there's something wrong with your system. You need to concentrate your efforts on solving this problem instead of patching it with another app.

    Using two firewalls (filtering packets twice) is a very bad idea. If we follow this analogy, we should all then use 2 AVs, ASs, HIPSs, whatever, as well. Just in case the first one doesn't start...
    Oh well... :rolleyes:

    I wonder why you say this. What do you mean "in front"?

    Cheers,
     
  10. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Everybody seems to belive that having 2 firewalls is a bad thing. Normally this is true. First, because having 2 packet filters slows the network traffic down more than only one filter. Second, because today's firewalls are not simple packet filters, but have also HIPS, and so there is a chance that the two HIPS will overlap and further slow down the system. Even worse, because most firewalls are poorly programmed, overlapping of hooking functions not only slows down the system, but it causes incompatibilites too, and can result in system instability and even crashes.
    But, if we speak of simple packet filters (and windows firewall is a simple packet filter) there shouldn't be any reason why you can't run two of them at the same time. For instance, in XP the firewall is implemented as a firewall hook, and because Microsoft doesn't recommend to software developers to use firewall hook for their firewalls (because it is placed too high in the network stack), there is almost no danger of a conflict between another firewall and windows firewall.
    So, no matter what the experts say, every firewall uses it's own method to filter network traffic, and in some circumstances, there is no danger of running more than 1 firewall at once (of course, if you don't mind the slowdown :)).
     
  11. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hi:

    Interesting. Stem do you have time to comment on this post from Nebulus?

    It presents a different point of view! :cool:

    Why would most FW vendors turn of win FW if this idea of 2 is NOT an issue?
    Are they confused, wrong or just concerned with being light on our PC's?
     
  12. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    You might find this old interview worth reading:

    "Pat_MS (Expert):

    Q: I have a 3rd party firewall, can I use the Windows XP firewall
    with my firewall? Will it cause any problems?

    A: No, it shouldn't. We did a lot of testing with our firewall
    and third party firewalls and didn't find any issues.
    That being said, it isn't necessary to use 2 firewalls on a machine. "

    Full text here:

    http://www.microsoft.com/windowsxp/expertzone/chats/transcripts/04november10.mspx
     
  13. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    I'll leave only comodo on then. I do have a router. If comodo does fail to start up (I can just click the desktop icon to get it up then) will the router protect me?
     
  14. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    If your router has NAT (most today do), it will act as an inbound
    firewall. If it also has an SPI built-in firewall (many today do), go
    into your router configuration menu, and make sure to turn it
    on. That adds additional protection from certain types of hacked packets.

    One of the problems with most home routers is that they ship with default
    configuration passwords, which a hacker can look up on the Internet.
    Be sure to change your default configuration password to something
    secure. You can test the strength of a password here:

    http://www.microsoft.com/protect/yourself/password/checker.mspx
     
  15. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    I might have an answer for that. They are not wrong. It's just easier both for them and for their users to manage the firewall if it's "alone".
    First, the windows FW slows down the network traffic. 3rd party FW also slows down the network traffic. Now, the 3rd party FW vendor doesn't want another slowdown (from windows FW), because the users will not be able to tell who slows down the network, and it will probably blame the 3rd party firewall for that.
    Then, let's assume that windows firewall blocks some incomming packets. When the user installs another firewall those packets will still be blocked, even if the second firewall has only one "Allow All" rule. And the user will probably complain to the 3rd party vendor that his firewall blocks the network communication. In this situation, if the windows firewall is disabled, tech support is easier :).
    And there is another question: how many people need more than one firewall? There are special cases (for instance running another firewall alongside Kerio 2, to solve the fragments problem), but most of the users do not need 2 firewalls.
     
  16. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    Hi Cheater. Is the version of Comodo #3? Is defense+ on and in what mode?
    Is the ST HIPS on or off?
    Therein may possiblylie the answer as to why Comodo isn't starting.
     
  17. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    From the point of installing/running 2 3rd party firewalls, certainly not a good idea, we see many posts where users have problems with left over drivers etc from previously installed firewalls when installing another.
    For win firewall, well, I have certainly not made any tests, but we do see (not as much now) where a 3rd party firewall as not deactivated the win firewall. The only main problem being any config needed to allow unsolicited inbound (for P2P etc).
    From the thread starter point of view, if there is doubt about the 3rd party firewall that a need to activate a second firewall, then it is time to change the firewall to one that is trusted to start.

    Even in that situation, it would be less problematic to just make registry change to block fragmented packets.
     
  18. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Spyware Terminator had HIPS turned off and Defense + turned on.
     
  19. Hiker

    Hiker Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    268
    I uninstalled CFP until recently and having been running 3.0.18 for a week or so. I just looked and the Windows firewall was on with no known conflicts.

    I'll also say the latest version has run amazingly well so far.
     
  20. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    There is no danger, yes, but technicalities aside, I find this dicussion over what-will-run and what-will-not-run pointless.
    Many security software with same purposes (hooking same stuff) will run together without any problems. But as I said this is not the point! I personally find this to be a very wrong approach to security. Piling up software on top of each other is not the key to proper security and privacy. If one has some intentions other than just securing his/her system, like testing out all kinds of immposible/mindless configurations (like some members here already do :rolleyes: ) or the level of paranoia is so high that nothing else would help :):) ), than he/she should by all means install 10 firewalls and 15 AVs if that will give a piece of mind. After all, we all live in a free world (relatively speaking) and we all have a freedom of choice no matter how stupid our choices may be.

    I believe that would be... none?
    But you can easily end up with several "firewalls" installed at once (unintentionally), depending on who you listen to (due to lack of knowledge) :) According to Matousec, DSA and SSM were firewalls so I too have 2 firewalls installed, although one of them would be rated 0 with the famous expert. No conflicts between them whatsoever.

    Cheers,
     
  21. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Hi Seer:

    Although I would describe it differently, I agree with the thrust of your post, not that you asked. :D

    Goal: Security Lite but effective and non conflicting:thumb:

    Working from the wall in most users can have "enough" security as follows:


    0) WWW
    1) H/W F/W ( alpha shield) for all PC's on my LAN
    2) Router (also a H/W F/W)
    3) 2 way S/W F/W + HIPS, tweaked and limited access to certain counties and ip's.
    4) Independent IP Blocking lists software 2 way
    5) Real time heuristic AV with hourly rapid updating
    6) Spam Manager, scan incoming and outgoing plus attachments
    7) Maximum strength Password manager
    :cool: Firefox, hardened, disable IE and explorer from www access
    9) Minimized windows services
    10) Daily imaged backups of all partitions
    11) Partitioned HD, data in one, O/S software the other
    12) Safe Surfing
     
  22. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    It is not pointless, somebody asked if 2 specific firewalls work together, and I answered his curiosity.

    I would agree with you if there was a software which would offer me everything I need - and when I said everything I need, I don't mean lots and lots of useless features, but exactly the features I would require... But there isn't, so sometimes there I need to "pile up software".

    I think there are at least few people who feel the need to use more than one firewall. But the point was that these people usually know what they are doing. The average user doesn't need to use more than one firewall.

    What I tried to point out is that people need to know exactly what is possible and what is not. It's easier to answer all the time with "Don't run 2 firewalls, it's bad", but the one who asked would get the (wrong) idea that there is something technical wihch wouldn't allow that. I think it would be better that someone says: "I know those 2 firewalls work toghether with no problems, but I'd preffer to run just one, so I won't slow down my network connection", rather than "Some expert told me not to run 2 firewalls, because it's wrong". The first line of defence in computer security is (or should always be) knowledge.
     
  23. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    To "Pile up" software is not an option for me. Some compromise may be required, but at the end of the day, I have my PC for me and the applications I want to use, not for use of security applications. (Yes, I do have a PC for checking/testing, but I do not class that as a personal PC, I have that dedicated for the purpose of support)

    I do not know who you refer to, but those that do know "what they are doing" (which I do class myself as) will not install 2~ 3rd party firewalls, they simply are not intended for that. Simply installing 2~ 3rd party firewall may not cause the system to hang/crash, but as I have mentioned before, underlying problem may (and usually do) happen.

    It is considered as a "rule of thumb" not to install 2~ 3rd party firewalls, this is basically due to problems that do happen. Firewall vendors do not look for, or resolve issues with other firewalls,.. why should they?

    Such checks would be interesting, but rather time wasting.

    Incorrect knowledge, or knowledge without fact can be a major problem.
     
  24. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Let me give you an example from my experience. I really liked Jetico v1. It can be customized exactly as I like, it is light, doesn't seem to slow down network traffic... But it has a problem: it stops working when you logoff, or at the system start/stop. Most of the people would say: "Use Jetico v2, it runs as a service". True, but I don't want to pay for it, so I'll stick to the freeware. I tried other firewalls, but none was offering me what I liked. My solution? I used a second application which detected if Jetico was running, and if it wasn't it stopped all network traffic. Basically, it was another network control app, but only with on/off possibilities. It worked perfectly, and it was also light.
    (Ok, before you start asking me what application was that... I wrote the application for that specific case. :)).

    I'm not sure I can explain what I meant and make myself clear at the same time, but I will try :). What I was saying is that somebody who installs willingly (not by mistake) 2 firewalls, usually knows what he is doing, and is doing it for a specific purpose (he tries to test that configuration for conflicts, for instance).

    "Rules of thumb" are hardly facts, and I can quote you on this matter: "knowledge without fact can be a major problem".
     
  25. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Hi Escalader!

    Getting ready for a doomsday there? ;)
    You are using 3 firewalls... do they all perform SPI?

    Hi Nebulus

    Discussions can be informative, but if the topic of the thread is to run 2 firewalls "in case" of one of them fails to starts, then I still don't find such discussions very useful.
    Why not simply use a single firewall you trust, instead of a fancy GUI one (Comodo) you don't? A trusted firewall if configured properly will do sufficient filtering. Why on earth would someone want to do it twice is beyond me.

    It is possible to drive a car backwards, but people don't normally do this. What is "possible" can often be the "wrong way".

    As I said, if something is technically possible it doesn't automatically justifies the implementation. After all, the OPs question was not about technicalities, I thought he asked about the benefits he may gain from using 2 firewalls. IMO, there are none.
    There are cases where you "cover" your software from being terminated, but using a software to "cover" your software in case it fails to start is very funny to me.

    A problem, is that a general concensus? I don't find this to be a problem, but there are solutions. I think RunAsService was widely used.

    That's Ok. I want.

    Cheers ;)
     
Loading...
Thread Status:
Not open for further replies.