Comodo - Registry Bloat on Steroids

Discussion in 'other firewalls' started by timeless52, Dec 29, 2010.

Thread Status:
Not open for further replies.
  1. timeless52

    timeless52 Registered Member

    Joined:
    Mar 23, 2010
    Posts:
    14
    OS: XP x64
    FW: CIS 3.14 (Firewall/Defense+ only)
    AV: Avast5

    This is an unusual issue and hopefully posted in the right place.

    Over time, I have noticed my registry growing at a rate I consider to be alarming, particularly since I neither game nor install much in the way of new software.

    To investigate potential culprits, I started poking around using jv16 Power Tools 2010 Registry Finder. With Comodo as the sole search parameter, I found nearly 135,000 entries. The size of the .txt file generated is 19MB. Attached is a screenshot from jv16 PT.

    So far, I haven't received any useful feedback on the Comodo forums.

    It seems to me that anytime anything is either updated, upgraded or changed in any way, Comodo writes to the registry without ever cleaning up after itself.

    I'm wondering if anyone here has seen the same behavior.

    I'd like to ditch CIS, but not many firewalls are compatible with XP x64. Any recommendations here based on direct experience would be greatly appreciated.
     
  2. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    Why are you using 3.14 version ?
    5.3 is current , you are way behind.

    I don't know the reasons, but that might be the one.
     
  3. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Attached where?
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    My guess is that the allowed/denied binaries with hash values (of the image execution protection) are written to the registry and never cleaned. Have you tried cleaning up the rules sets of CIS 3?

    CIS 5 has a 'regular' data base of whitelisted aps, which could solve this problem also.
     
  5. timeless52

    timeless52 Registered Member

    Joined:
    Mar 23, 2010
    Posts:
    14
    Sorry, didn't copy the image to my post. If you'd like to see the .txt file, go to https://forums.comodo.com/install-s...-for-comodo-internet-security-t36499.105.html. "ces5077" is my username there. You must be registered and logged in to view attachments there.

    2010-12-28_064632.png

    Why not upgrade to CIS 5.3? Although CIS works well enough, IMO it is kludgeware. I use my computer for trading and cannot risk incurring any one of the vast litany of bizarre problems seen by other users. All I want is a lightweight firewall with HIPS. Something like Private Firewall, which I use on my older XP x86 system. I should probably just bite the bullet and migrate to Windows 7.

    As for cleaning up CIS 3.14, I purge the Firewall and Defense+ components regularly. If there are additional actions I need to take, please let me know.
     
  6. Jose_Lisbon

    Jose_Lisbon Registered Member

    Joined:
    Feb 5, 2010
    Posts:
    245
    Location:
    Portugal
  7. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    then just install fw part of the latest CIS
     
  8. inka

    inka Registered Member

    Joined:
    Oct 21, 2009
    Posts:
    406
    @timeless52
    I observed the same (massive registry bloat) result.
    CIS had written 130,000+ registry keys by the time I uninstalled it.

    @Kees1958
    The bulk of those keys (about 110,000) appeared immediately, upon installation.
    Even if "cleaning" ruleset brought a result (I doubt it would), it would be miniscule.

    @Jose_Lisbon
    Unless a newer CIS version writes its config data to a DAT file (or SQLlite db) instead of the registry, I believe reinstallation would be futile. The registry bloat the OP describes is "normal" CIS behavior

    @Cudni
    In recent versions, AFAIK it's not possible to just install Comodo Personal Firewall and Defense+ (as Defense+ is only available in the suite).
     
  9. timeless52

    timeless52 Registered Member

    Joined:
    Mar 23, 2010
    Posts:
    14
    Thanks all for your responses!

    In my case, the vast majority of entries are of the type HKLM\System\Software\Comodo\Firewall Pro\Configurations\0\HIPS or Firewall\etc. Upon further scrutiny, most were created on 12/14 and 12/17. 12/14 was the second Tuesday of the month; that means Windows Update. I'm not sure what happened on 12/17.

    In that I don't know the size in megabytes of these entries, I'm not sure how much it contributes to the overall growth of my ever expanding registry. For the fresh install of XP x64, my registry weighed in at about 50 MB. Now it is over 170 MB. For comparison, a fresh XP x86 install on my other system, done around the same time, weighed in at around 25 MB. It is now about 45 MB. The older system has never seen CIS. With a P4 3.4 GHz CPU and SATA I HDD, the older system now boots noticeably faster than my newer system.

    I recently discovered Outpost has released a free security suite that has an XP x64 compatible firewall. I also read that the installation of antivirus component is optional. Does anyone here have experience with this? Not much in the Outpost forums about it.
     
  10. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    Did you try it or did somebody tell you? See what happens when you try.
     
  11. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    If i remember correctly from the time i was using v.3, i think i had read that Comodo used the registry for the rule creation, adding new keys as one was adding new rules. Something like that. Probably this is normal.
     
  12. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    791
    Location:
    India
    This is not true. Comodo even provides a standalone installer for Firewall and D+

    www.personalfirewall.Comodo.com
     
  13. Jose_Lisbon

    Jose_Lisbon Registered Member

    Joined:
    Feb 5, 2010
    Posts:
    245
    Location:
    Portugal
    I understand your point but I would still try my option. It won't hurt.

    @timeless52 Try some options before entering a never ending argument.
    Outpost free has serious limitations. Have a go at Online Armor, or Private FW; but I would still try the Comodo uninstall/reinstall. It's about 20 minutes.
     
    Last edited: Jan 1, 2011
  14. Jose_Lisbon

    Jose_Lisbon Registered Member

    Joined:
    Feb 5, 2010
    Posts:
    245
    Location:
    Portugal
    No it is not.
     
  15. timeless52

    timeless52 Registered Member

    Joined:
    Mar 23, 2010
    Posts:
    14
    Online Armor and Private Firewall are not compatible with XP x64. Not many firewalls are. Outpost Free is compatible: I have installed it on other's XP x86 systems and it worked well. However, those installs were done with earlier versions.

    @Jose_Lisbon: It's nowhere close to being a life or death situation with respect to CIS 3.14. Before uninstalling CIS 3.14, which seems to be adequate for my needs, please update me regarding Outpost's serious limitations. This is just the feedback I need before making any decisions.

    I'm not going any further down the line with CIS. Their be all things to all people strategy scares me. It sounds nice, but security utopias don't exist in my opinion. Small and simple is robust; large and complex is only as strong as it's weakest component. Just the fact that their whitelist is expanding faster than my registry is enough for me to say no thanks.
     
  16. Jose_Lisbon

    Jose_Lisbon Registered Member

    Joined:
    Feb 5, 2010
    Posts:
    245
    Location:
    Portugal
    The problem with Outpost free is that it lacks a lot that the paid version has. I'm not even sure if the HIPS is the full fledged one of the pro version or a watered down one.
    Maybe you should put some questions in their forums.

    I had forgotten about the compatibility with XP 64. That really narrows down your choice.
     
  17. Jose_Lisbon

    Jose_Lisbon Registered Member

    Joined:
    Feb 5, 2010
    Posts:
    245
    Location:
    Portugal
  18. timeless52

    timeless52 Registered Member

    Joined:
    Mar 23, 2010
    Posts:
    14
    Jose_Lisbon,

    Thanks for the link. I'm not sure what to make of it. I look at HIPS predominantly as a means of preventing malware from phoning home. Not getting one in the first place rests primarily on my shoulders. It's unclear to me if the test looked at how effective Outpost Free is at detecting and preventing undesirable outbound connections.

    I would not be using their antivirus. Should my system become infected, I would likely do a fresh OS install.

    Scans with SuperAntiSpyware and Malwarebytes' Anti-Malware have always shown my systems to be clean. I have never received any suspicious pop-ups from CIS. Would Outpost Free provide adequate protection without the hassles related to CIS, I just don't know.

    Until I see any noticeable system slowdowns (other than boot-related), I'll stick with CIS 3.14. If I feel the need for more options, I'll move to Windows 7 and go from there.
     
  19. Jose_Lisbon

    Jose_Lisbon Registered Member

    Joined:
    Feb 5, 2010
    Posts:
    245
    Location:
    Portugal
    I would stick with CIS 3.14 (if i had to).
    If you could upgrade to Windows 7 I wouldn'nt give it second thought.
     
  20. Jose_Lisbon

    Jose_Lisbon Registered Member

    Joined:
    Feb 5, 2010
    Posts:
    245
    Location:
    Portugal
    As you saw on the video, a proper HIPS shouldn't let a Rootkit in.
    That's my problem with Outpost, (paid version included), I just don't trust it.
     
  21. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    You're speaking of their current and future behaviour while judging it on software from their past on a SINGLE system -> yours. Your whole post reeks of FUD. I run the latest v5 with ~300 apps in my D+ rules and ~175 in my Firewall rules and my Comodo key is 2.79 MB. These rule configurations have been re-imported into newer versions of Comodo probably ~ 10x since v4 was released. It doesn't matter if the rules are stored in a registry hive or in a rules.dat file; they're all loaded into memory in order to access them so what's the difference?
     
  22. Jose_Lisbon

    Jose_Lisbon Registered Member

    Joined:
    Feb 5, 2010
    Posts:
    245
    Location:
    Portugal
    I have to go with timeless52 on this one: Comodo wants to embrace the world but they don't have the means. That doesn't give you much confidence.
     
  23. timeless52

    timeless52 Registered Member

    Joined:
    Mar 23, 2010
    Posts:
    14
    You bet it reeks of FUD!

    FEAR of installing needlessly complex software having features I don't want along with the UNCERTAINTY my system may be crippled by any one of the seemingly endless variety of problems reported in the Comodo forums. I tend to agree with many users that Comodo releases software before it has been thoroughly beta tested. DOUBT I will be upgrading anytime soon.

    It seems absolutely ridiculous to me that there are employees over at Comodo trying to generate a whitelist of infinite proportions so I can avoid dealing with pop-ups. Seems like good job security, though. Why can't they just develop a world class FW/HIPS and add include all the other goodies as plug-in modules?

    Rules.dat vs. Registry: As for functionality, there is no difference. I would prefer a rules.dat format, however. It would be much easier to either edit, backup or restore. By avoiding all those registry reads and writes, system reliability might also be enhanced.

    As I stated earlier, I use Private Firewall on my older XP x86 system and I love it. PFW is intuitive and easy to configure. It may not be as secure as CIS, but I've been running it for years along with Avast and have yet to be infested.
     
  24. Hiker

    Hiker Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    268
    I have an older XP laptop with CF v3.14 and a new Windows 7 laptop I've been reluctant to install Comodo on. Think I should give the v5 Firewall w/D+ a try?
     
  25. timeless52

    timeless52 Registered Member

    Joined:
    Mar 23, 2010
    Posts:
    14
    Go to the Comodo forums and do your own research. There are situations where CIS may not play nice with your system as it is currently configured.

    I believe your choice is dependent on the likelihood of being infected based on your surfing and downloading habits. If your just plain paranoid, go for it!

    It's your laptop and your decision.
     
Loading...
Thread Status:
Not open for further replies.