Comodo v3 or Online Armor Free?

Discussion in 'other anti-malware software' started by danielrego, Apr 17, 2008.

Thread Status:
Not open for further replies.
  1. danielrego

    danielrego Registered Member

    Joined:
    Apr 17, 2008
    Posts:
    15
    Hello all, I wanted a fairly light, yet powerful and secure free HIPS system, and Comodo 3 and OA Free seemed to be what most experts on this forum suggested. I tried OA Free, but felt somewhat restricted by its seemingly barebones and limited firewall and HIPS features. I've heard Comodo 3 is much more comprehensive and powerful. What would you suggest between the two? Remember, my first priority is a good free HIPS, the firewall is secondary.

    Also, I'm running Avira PersonalEdition Classic as my AV. Is it better (security-wise) to use either:

    A. a combo of ThreatFire + GhostWall, or
    B. Comodo v3 OR Online Armor Free

    Thanks in anticipation,
    Dan
     
    Last edited: Apr 17, 2008
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    Dan

    First welcome to Wilders. What you are going to get with this question, is a flurry of opinions, mainly based on what people are using. You might be well of reading recent threads on the different software, but in the final analysis, the only real answer will be for you to trial them, and see how they fit.

    Pete
     
  3. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Well since you already tried OA, just give Comodo a whirl and see for yourself.
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    DanielRego,


    What operating system are you using? Do you have enough RAM and a strong CPU?

    I understand that your first concern is a free good HIPS and of secondary concern the FireWall. From the alternatives you mentioned yourself ThreatFire is a free good easy to use HIPS.

    Another popular HIPS is EQSecure, soon with a new release and members available for help configuring the HIPS or using (importing) their filters.

    Regards Kees
     
  5. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    The best choice hands down.
     
  6. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    1- Threatfire + Ghostwall? Ghostwall only protects against incoming. Such being the case, it would be just as effective to use Threatfire + Windows built-in firewall. This will still leave you with no outgoing firewall, which many folks say is not sorely needed -- unless, of course, you get infected by malware that calls out, in which case an outgoing firewall would probably alert you to that fact.

    2- Comodo & Defence+ (Comodo 3's HIPS) gives great protection IF (a) you are tolerant of an app that produces numerous alerts, AND (b) you are proficient at dealing with those alerts. If your answer to either (a) or (b) is "no" then Threatfire would be a better choice. TF is "intelligent." Defence+ is "Chicken Little" (the sky is falling! the sky is falling!)

    3- OA-free has a grrrreat firewall. Protection both ways (in & out). The HIPS module is okay if you are not a really risky surfer.

    >>>If you ARE a risky surfer (&/or you are paranoid) then I recommend a combo of OA-free plus Threatfire. That is an armor-plated set-up, & isn't hard on system resources. TF & OA usually get along well together (but nothing in life is certain, wot?).
     
  7. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Ghostwall is a tad faster and offers a granular control over endpoints and protocols if you want to restrict network traffic to the essential.
    In this case, you have to know how to answer to a firewall/HIPS pop-up asking you about a random exe trying to connect out. On the other hand, you've assumed that this malware has managed to bypass both the AV and Threatfire.
     
  8. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Verus Ghostwall, OA has the advantage that it gives him another shot in the off-chance that: (a) he's already infected &/or (b) he someday encounters a nasty that by-passes his other security apps. NEITHER (a) nor (b) is impossible, wot?

    Inasmuch as the OA firewall goes both ways, it's a dandy little fail-safe for very little system overhead & zero bux. Shazam!
     
  9. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Yes, OA (or any other 2-way firewall) may give you another chance, but it's a helpful chance? How are you suposed to discern between a harmless pop-up and the real one? If you can easily discern malicious behaviour from legitimate behaviour, you don't need to ask which program to use. With such knowledge, you go for a classic HIPS like SSM, PS or EQS and build your own ruleset.
    I hope I'm being clear enough :)
     
  10. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    484
    Does Online Armor & Threatfire actually work alongside each other? I surmise that you must have managed to get both working together. Did you have any trouble doing this?
     
  11. danielrego

    danielrego Registered Member

    Joined:
    Apr 17, 2008
    Posts:
    15
    Wow I love this place, you people are really helpful and quick at that too.

    After reading all the replies, I decided to do some testing on a friend's machine, which he suspected was infected as he got repeated, recurring alerts every few minutes from Avira PersonalEdition Classic, regarding a JS Trojan/Downloader. After installing ThreatFire, the alerts continued, but TF gave no indication of anything amiss, even when security level was set to FIVE. On the other hand, OA's HIPS module alerted us that a certain .tmp file (which was located in the \User\Local Settings\Temp directory) was repeatedly attempting to create an .exe file, which to my knowledge, was certainly suspicious behaviour. So i blocked the attempts at exe creation, and the AntiVir alerts also stopped. It seems to me that OA was more effective at preventing this supposed infection from spreading and causing potential damage.

    I suppose the choice for me is between OA Free and Comodo v3 then. I have used HIPS apps like SSM in the past, but my new machine would display a BSOD on every boot after installing SSM on it. So I ditched SSM, and am now looking for an able replacement, but also want outbound firewall protection. Frequent alerts are not really a problem, because I like the anti-executable function and program monitoring of a classical HIPS system like OA (or Comodo, I haven't tried it yet). The problem is I live in India, and TRUE broadband connections are still fairly expensive here, so I'm stuck with a 96kbps connection. So even though I want outbound protection, I don't want the firewall to affect my internet performance noticeably.

    I realise that Comodo 3, compared to OA Free, gives far more comprehensive control in both HIPS and firewall departments, but is it as effective, and most importantly, light on resources and internet traffic as OA?

    My specs are: Windows XP SP2, Pentium 4 3.2 Ghz, 512 MB of DDR2 RAM, and a 7,200 RPM 160 GB hard drive.

    Thanks for all the assistance, advice and tolerance,
    Dan.
     
    Last edited: Apr 18, 2008
  12. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    If any application attempts to connect out, and the computer's user did not directly and specifically INITIATE that very action, then that user does not have to be a rocket scientist in order to recognize that such an event is bloody suspicious, right? Right!

    Any malware that connects out is bad to the extreme. Imaging, sandboxing, etc. can help a user recover 100% from just about anything EXCEPT if a malware phones home with that user's personal info, passwords, etc.

    Malware that manages to secretly phone home is worse than an inconvenience. It is, very probably, an outright disaster.

    Suppose that a user somehow screws himself by allowing a malware to get on his computer. OA will give that user an added chance to un-screw himself. The fact that he *might* fail to use that added chance is (IMO) a fallacious reason for not wanting that additional chance to be offered at all.

    @Woody In my experience, TF plays nicely with OA. Your mileage may, of course, vary.

    CFP 3 is surprisingly light, & is more configurable than OA-free. However, TF + OA-free gives a broader spectrum of protection that does CFP 3, IMO.

    Try them out & decide for yourself. Either way, whether CFP or OA-free+TF, you will have superb protection.
     
    Last edited: Apr 18, 2008
  13. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    If you were able to handle SSM, then I think you should be fine also with Comodo 3. It is light on memory and extensive in coverage. Newer versions, up through 3.0.21.329, can be slow when making a rule from an alert, if you have a large ruleset. Version 3.0.14.276 does not have this issue; you can get it at filehippo.com. If you're using Vista, consider v3.0.15.277, since it fixed an issue with Windows Updates on Vista.

    For effectiveness against various tests, look at http://www.matousec.com/projects/firewall-challenge/results.php and also http://www.testmypcsecurity.com/view_results.html.
     
    Last edited: Apr 18, 2008
  14. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Dan,

    When on XP you have a choice between OA and CFP, when on Vista I would give CFP the advantage. OA versus CFP: OA is user friendlier. The OA paid version is really worth looking at, give it a spin.

    Regards Kees
     
  15. danielrego

    danielrego Registered Member

    Joined:
    Apr 17, 2008
    Posts:
    15
    Thank you, I'm installing CPF 3 right now. Hope it lives upto expectations!

    Thanks, you guys are incredibly helpful and fast at that too!

    Dan
     
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    I need a HIPS that doesn't keep a use waiting an eternity to get up and working like SSM did. I'm getting very frustrated that EQS is dragging things out by delay and in the meantime theres growing importance for these coverages users need whereas it's finally coming to a point i may have to forget them altogether and go back to DeepFreeze & AE with DefenseWall.

    I think it's admirable what OA and Comodo have done fron the implimenting of HIPS but they are FIREWALL specialists NOT HIPS experts and it shows.
     
  17. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Hm, OA started life as an easy to use HIPS :)
     
  18. pitzelberger

    pitzelberger Registered Member

    Joined:
    Jan 10, 2008
    Posts:
    56
    I would be very careful with this combination! There where a lot of people (including me) on this, and other, forums reporting about problems when running the two applications together. In particular, windows will freeze or not boot completely; uninstall necessary in save mode, etc...

    I didn't read anything since then, but I don't think this was addressed in the new releases?
     
  19. danielrego

    danielrego Registered Member

    Joined:
    Apr 17, 2008
    Posts:
    15
    Installed and configured Comodo v3 (with D+), and I've decided to keep both modules in learning (safe) mode for a while. I have to say i'm incredibly impressed, as the application has improved tremendously. I last used CPF about a year ago, before v3 was launched and i remember it having a fairly bloated UI and hogging quite a bit of memory.

    The new CPF is unbelievably light, and the D+ module is just superb, offering a much higher degree of control than OA Free.

    Looks like this one's a keeper :)
     
  20. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Glad to hear it :). Version v3.0.22 was just released.
     
  21. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    How do you know its high degree of control in safe mode o_O
    This seems to be a little inconsistent.

    Cheers
     
  22. danielrego

    danielrego Registered Member

    Joined:
    Apr 17, 2008
    Posts:
    15
    I left it in Learning (w/ Safe Mode) so that it learns the typical behaviour of apps on my system without going paranoid for each event, plus in this mode it displays in the corner of the screen each event is allows and blocks as per the rules and permissions set. I plan to leave it in this mode for atleast a week before I let it run normally.

    By high degree of control I mean the Defense+ module gives you much more hands-on control over the program behaviour permissions, policies and the like, much more than OA Free atleast. I like being a control freak occasionally ;)
     
  23. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    I apologize for misinterpreting your creation, i guess i have a real hard time dealing with a combo of HIPS + Firewall, thats another reason i dropped SSM.

    OA surely has a lot of very useful secure functions that work well together in unison but HIPS part alone is my own favorite and i'm but only one that prefers to keep them separate apps.

    Plus i am really hung up on EQS like none other before due to it's great configurational settings and now sandbox.

    This is a customers/users market and the malware makers are the ones dizzy now trying to find ways around them and it's getting progressively harder for them now just to fashion a single compromise and thats the way it's going to stay if more developers just like you have anything to do about it. LoL
     
  24. Bonzai

    Bonzai Registered Member

    Joined:
    Apr 19, 2008
    Posts:
    4
    Do you really need a software firewall. Almost 95% of users here have some form of router with a built in NAT and/or SPI firewall already. Why add yet another layer of filtering?, you are just hurting your systems performance and introducing software bugs. Anyone with a router only needs outbound protection and program control available from a good HIPS such as ProSecurity and EQSecure. Stay away from HIPS with firewall type filtering like SSM.
     
  25. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    I agree with your suggestion avoiding HIPS with Firewall filtering but for different reasons i suppose. I prefer a single app approach to a single attack vector possiblity and like to keep it that way.

    As far as a router, why should i install another hardware item when a single firewall guarded over by a HIPS and who knows what else should be plenty enough. I never been hacked in my history or remotely rooted but have had ny share of drive-by disruptions that gave me droppers that called out but the software firewall stopped them cold in their tracks everytime.

    I don't network or link together PC's although in the future i may just do that myself like others before.
     
Loading...
Thread Status:
Not open for further replies.