Comodo Firewall 4 *ONLY* vs. Norton's Firewall

How strong is the firewall compared to Norton's firewall? I have Norton Internet Security 2010 and decided to turn off its firewall and replace it with Comodo's without D+. (I don't care for D+) Does the newest version happen to protect against any and all leak tests without D+? If necessary, what do I need to configure if it is not at its maximum security level right out of the box? I guess the bottom line is, is it better than Norton's and by how much? Thanks a lot guys.

 

A vs B

 

If you're not a moderator, perhaps you could let them decide.
I believe the A vs B rule is for AV's.

 

I cannot answer the question, except to say that Matousec's tests give Norton firewall low marks.
http://www.matousec.com/projects/proactive-security-challenge/results.php

I admit that I don't understand much about firewalls, and why a vendor would provide such a poor firewall according to those tests.

Regards,
Jerry

 

The mods have a problem with people voicing their opinion. (Lol fascism)

But anyway.. I just recently switched to NIS and honestly the firewall is terrible. You can put it against just about any leaktest and it fails ( firewall or hips leaktests). You can put it all on manual but there's so many popups that it made me wanna hit something.

 

Thats a HIPs test not a firewall test.

 

Ok, well here's a question that I forgot to ask. Does anyone know if CW4 passes all known leak tests w/o D+ or just some?

 

Decided. Thread will continue if it can remain focused on a sound discussion of items that provide technical differentiation between the subject products of this thread.

Please refer to Mamutu vs PrevX SafeOnline and follow the guidance provided there.

Blue

 

See what I mean about not understanding firewalls. If HIPS are needed why does not Norton use them in the firewall, but if the total suite handles the security why do any of the suites firewalls use HIPS or even stand alone firewalls? Is the firewall supposed to do the jobs of AVs and Anti-malware applications?

I don't want to hi-jack the thread so please don't answer, but I guess you see the problem re firewalls and some of us "dull knives."

How does one determine if a particular firewall is a "strong" firewall? It is not much help when someone says to test it yourself.

Regards,
Jerry

 

Wow, A vs B is not a sin after all.

 

Norton's firewall is silent by default. But if you turn on the advanced feature it is very aggresive indeed like it's SONAR. Matousec surely tested it with the default settings.

 

Leak tests primarily test HIPS functions. If you're concerned about having your firewall operate against programs that attempt to subvert it in order to make outgoing connections, you need a HIPS to accompany your firewall. For example, with just a firewall (Norton or Comodo) there is nothing preventing a running process from modifying your browser in memory and piggybacking upon it to connect out to any IP it desires. I am unaware of any firewall-only program that prevents against such an attack.

That said, if you really do not care for D+, you might want to give Online Armor a try, as it is less heavy on the popups than D+ (and substantially so). Although imo it offers slighty less protection, it is a strong and easy to use program, and is a HIPS/firewall combo that protects well against leaks.

As to which of your two choices I would recommend, I believe Comodo is more powerful because, if you change the alert level settings under Firewall settings, you can be prompted for all IP and port numbers. You can also make and apply very granular rules to govern the outgoing behavior of applications, which can mitigate the above risk somewhat. That said, you are going to want to allow some application to connect out to everything for your sanity and a running process could easily piggyback upon this to connect out.

 

Awesome to know some people can get rules bent and others cant.

 

i tried it recently to a test and it failed terribly but still using it as my subscription has 200 and some more days to run. After that time if they have still not worked things out i might only take antivirus and not the suite

 

While were at it lets compare LnS, Norton FW, Comodo, OA, Windows FW, and every other firewall ever made because we dont have opinions on these. They are all the same under the hood with different GUI's. We all know PC Tools is superior because it passes Matousec with the best results.

 

its embarrassing that even after all this time, members of this forum believe that leaktests show a firewalls effectiveness and judge a firewall as good or bad based on tests that dont even test the component in question here.

 

How do leaktests not show a firewalls effectiveness in controlling outbound traffic, and thus not "test the component in question"?

You cannot assume a malware author will simply use the standard methods of communicating out out of laziness, and ignore the need to insure that the network connections being made by trusted programs are actually being made by that program.

 

He was being facetious

 

i never said a HIPS doesnt have a use, i quits specifically said that using a leaktest to judge a firewall is inaccurate and a misconception people still seem to go by, if wer judging a security product as a whole protection then it may be more relevant for testing all those other areas, but that is not a FIREWALL's place and it should not be used to test something as a firewall. ur trying to test something that is completely irrelevant to the product in question and thats what people dont seem to understand, they think that the firewall and the HIPS are the same thing as shuld be judged as the same, but its not.

for instance i may just want a really good firewall and none of the HIPS stuff, so i go with LnS, but o wait, matousec said its terrible because it didnt pass their leaktest, now is that true that it is a bad FIREWALL?... no... it is tru tho that LnS does NOT have a HIPS, hence the results.

 

Firzen Matousec is well you know. I think its perfectly fine to bring up here since its all about just the firewall. Comodo clearly does better than Norton in the test.

 

Matousec is not the only leaktest out there. Judging a firewall based on their tests is a bad idea. But there are leak tests that test the firewalls outbound protection capabilities. Norton's firewall fails these too unless put on manual mode which gives you way too many popups.

 

As protection against leak tests requires HIPS, I suspect that, with D+ disabled, protection against leak tests will be poor. I haven't personally tested Comodo for leaks though because I agree with the view that the whole concept of leak testing is fundamentally flawed.

Instead of disabling D+ completely, you could try running it with the Security Level set to Safe Mode, but disable the Sandbox and Monitoring Settings. That still leaves Image Execution Control and My Trusted Software Vendors enabled. Coupled with a decent free anti-virus, D+ will allow known good executables to run, the AV will block known bad executables, and everything else will be subject to a default deny policy by D+ and alerted, pending a user decision.

You would get very few alerts but, due to the anti-execute feature of D+, still retain good protection against drive-by downloads.

 

All Matousec does is sitting and counting the number of popups per app (name it malware). He won this battle and now each and every firewall which wants to "score" more starts with a "iexplore wants to run, OMG what are you gonna do?". But wait they are smart guys, should think about users (what Matousec doesn't care) and put iexplore onto white list and now it runs without the initial popup.
And so the tests made in a laboratory are isolated from surroundings (usefull or not), cleaned up and got put upon a slide. Described empirically and exaggerated but I believe it may not be an indicator of quality for modern and complex products.

 

lol i more than realize its not the only one, im mentioning it because many people refer to it as the bible for what is good and bad in the world of firewalls, and thats the problem.

and honestly, in a set of leaktests how many of the methods it tests HONESTLY tests anything to do with the firewall? maybe 1 or 2 out of the dozens of other methods testing what a HIPS is supposed to do, and still people then assume "o it didnt get perfect on this leaktest, it must be a terrible firewall"