comodo was considered the best firewall in the november test for 2006.

Discussion in 'other firewalls' started by carioca, Dec 16, 2006.

Thread Status:
Not open for further replies.
  1. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    I'm afraid that the replies are typical of "application X" apology type of argument:

    They are based on the following structure:

    1) If you have problems, it's your machine/software
    2) If you don't know how to use, it's your problem (RTFM, stoopid, etc).

    After having researched, taught, designed and analyzed information system utility/usability for over a decade now, I have grown a little weary of the above type arguments.

    If you meant something completely different, then disregard this post :)

    Yes, they are opinions, just and as opinions as valid as mine.

    However, the insidious side of them is that they refuse to acknowledge the validity of a personal point of view that is different from on of theirs.

    That is: I don't have a problem, thus if you have, it's your/your machines problem, not that of the software.

    On that, I respectfully disagree :)

    One's own experience is most important to oneself. Not the experience of another, even if it comes from an expert.

    You like. I don't like.

    We are both right in our liking.

    Thus, IMHO, Jetico v1 is not a beginner FW, requires fairly deep understanding to utilize (vs. compare to Kerio 2, ZA) in full AND has conflicts with other software, causing system instability (whether you consider this the fault of Jetico or ther 'other' software is a moot point, because they are conflicting TOGETHER. Without Jetico: no problems on my system).

    This is my experience, and nobody can prove that it stems from my inability or there being something wrong on my system. Those are just opinions. Not proof. And I wouldn't necessarily agree with those opinions :)

    As for my motivation to saying this: I just want people to get a balanced view on each software. Not ONLY the arguments for it (or against it). In fact, one can find my experience in this forum about Jetico 1, by doing some searching.

    But this discussion was originally about CFP, so let's try and get back on track with that.

    Comodo FW discussion threads about it's CPU usage under heavy traffic conditions (taken from Comodo support forums):

    http://forums.comodo.com/index.php/topic,4612.15.html
    http://forums.comodo.com/index.php/topic,3773.0.html
    http://forums.comodo.com/index.php/topic,3449.0.html
    http://forums.comodo.com/index.php/topic,2505.0.html
    http://forums.comodo.com/index.php/topic,2648.0.html
    http://forums.comodo.com/index.php/topic,3157.0.html
    http://forums.comodo.com/index.php/topic,3436.0.html
    http://forums.comodo.com/index.php/topic,4625.msg34199.html

    So it appears others have also some issues with CFP cpu usage. YMMV and especially, your CPU resource availability AND your needs may vary. But a good thing to keep in mind, if you are on a resource usage starved computer.

    This is in a fair attempt to give information to people evaluating CFP for themselves (thing to keep in mind what testing, cpu usage being one).

    Personally I don't believe there is an ideal or "best" software fw out there, just different sorts of compromises, which suit different people based on their needs.

    If there was a best firewall and the degree was security, then I propose my ultimate secure firewall in that category (really cheap too):

    - Scissors (just cut your net connection cable)

    100% security, 0% resource usage, but with a slightly big compromise on net connectivity.

    :)
     
  2. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Was this a Comodo thread? I forget. :)
     
  3. poirot

    poirot Registered Member

    Joined:
    May 4, 2005
    Posts:
    299
    halcyon- just quickly to tell you i'm sorry you took it badly,i did not intend it to be the way you depict, nor infer anything about 'my software is good and yours is bad' , i ,too,stated many times Jetico was difficult....just ask Stem....how many times he helped me from impasse situations...
    Still, i mean no offence to anyone, but i remain with what i wrote.


    twl845- as the thread title says this is a comparison btw comodo and the rest, so you've got to reply to what people say and talk about the 'other' firewalls as well....otherwise how could you 'compare' if you only talk about one item?
     
  4. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Poirot - You're right. I was just making a joke because Jetico became the focus for quite a while. :D
     
  5. poirot

    poirot Registered Member

    Joined:
    May 4, 2005
    Posts:
    299
    That's true twl845,but its Jetico's nature to force extended debates :)

    Best wishes to all here,from mods to the last registered user!
     
  6. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    comodo was bypassed by antivir update.exe
     
  7. QBgreen

    QBgreen Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    627
    Location:
    Queens County, NY
    When I ran AntiVir PE Premium with CPF 2.3.6.81, it asked for DNS and net access permission for update.exe. Comodo asked permissions for the preupdate executable also. Could be something off kilter with your configs for CPF.
     
  8. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Comodo hasn't been using much for resources here since the first version.
    I agree that Comodo has come a long way with their firewall.A job well done IMO.
     
  9. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Tester - As a relatively new user, that's been my experience too. :D
     
  10. deckie49

    deckie49 Registered Member

    Joined:
    May 25, 2004
    Posts:
    34
    the following taken from your link...

    ""Comodo Firewall not much better than others (2006/12/19 17:49)

    We have finished the analysis and published a review of Comodo Personal Firewall 2.3.6.81. Except its great ability to fight leak-tests, Comodo does not have a good security design and the implementation is also quite poor and buggy. Nevertheless, its final score, also because of its excellent anti-leak protection, is better than the score of ZoneAlarm and thus it took the first place in our ranking. Visit the results page for more information.""



    did i miss something??
     
  11. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    I don't think the guys at matousec like any current firewalls. They seem to rag on them all.
     
  12. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    That's like saying you're good looking, but compared to Mary you're beautiful. :D
     
  13. QBgreen

    QBgreen Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    627
    Location:
    Queens County, NY
    Roger that. In reality, it's no secret that a completely bug-free firewall (as well as any other type of software) doesn't exist. Of course, some are much less buggy than others!
     
  14. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    I used AntiVir PE and Comodo 2.4.x beta and Update.exe bypassed Comodo, really crazy.
     
  15. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
  16. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Link
    "Cheats" = user-mode hooks ;)
     
  17. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,726
    Location:
    Canada
    I have to be brief, I think this might be going off-topic... :eek:

    Agnitum states, it’s not cheating, and I agree.

    The kernel mode hooks – only; this way of design can be very problematic, cause system instability and requiring a much bigger appetite for systems resources to function, and both technologies can be vulnerable to some degree as Agnitum puts it.

    How bad it was made to seem, it isn’t, or at least not until a certain somebody (David Matousek) brought it to everybody’s attention (including to the bad hacker people…, sorry please don’t hack me! I’m still very young and have lots of time to live-up).

    I have found it very amusing and it did pump Agnitum thinking-cap, a new positive approach that is likely to spread, the use of both worlds, both technologies working side-by-side to compliment one another and offer even better protection to its users. If I’m not mistaken, right after all that there was a new Outpost release, or extension? That uses both forces to best battle the known and unknown which is right around the corner…
     
  18. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    does the kernel hook works with vista?
     
  19. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,
    Amen to that.
    Comodo is a nice firewall but there is nothing that can remotely compare to Sygate. Running rock steady at 5K of memory with 800 p2p connections for days and weeks. Simple and quiet.
    Mrk
     
  20. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Maybe you should do some leaktests... Sygate leaks a lot... I like Sygate too but it leaks.
     
  21. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,

    No it does not leak. Users leak.

    The day I need firewall to protect me from myself, I'll shut down the PC.
    Firewall - traffic monitoring. That's all. Execution of dangerous files, DLLs etc, that goes under user's stupidity umbrella.

    Just as you can install a trojan and try to stop it from leaking, you can as well take a 5-kg sledgehammer and bust the tower. What's the difference?

    Firewall is about traffic. And I have yet to see a Windows-based firewall that handles traffic (pr0n) so efficiently as Sygate, working for weeks without reboot, not a glitch, steady as a rock, fast, simple. That's what firewall is all about. You wish to control the "dangerous apps" from leaking? Simple. Don't run them.

    Mrk
     
  22. test4

    test4 Registered Member

    Joined:
    Jun 21, 2006
    Posts:
    23
    So, basically what you're saying is you only need a firewall to control traffic\programs that you know you can trust anyway...
    Unfortunately not everyone is so brilliant to know what every single exe, dll, etc. is actually doing.

    You say:"Firewall is about traffic"
    Well, leaking is traffic that your firewall doesn't know anything about. As simple as that.
     
  23. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,658
    Location:
    Sydney, Australia
    Well, I don't know about you, but I have seen plenty of users accidentally download malware , but I've yet to see one accidentally take a 5KG sledgehammer and bust the tower.


    edit: typo
     
  24. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,215
    Hello,

    @test:

    What I'm saying applies to ME. My setup does not suit everyone. Nor is it the absolute truth. But it is a truth.

    You don't have to be an "expert" to use your computer. There is a certain trend in the security industry and among the hobbyists here to push heavily toward many and multiple software solutions. And that may not be the bare minimum.

    If your firewall leaks traffic - the problem is not with the firewall; the problem is with your usage. You can install malware programs that completely bypass the firewall. What then? You can install malware that randomly deletes files. What then? Where is the line where you start using your head and stop relying on supposedly fire-and-forget solutions?

    Do you know what a leak-proof firewall means? IT MEANS THAT YOU WILL THINK YOUR FIREWALL STOPS BAD TRAFFIC SO YOU WILL ASSUME THAT ANYTHING ALLOWED IS GOOD. YOU WILL ACTUALLY REDUCE YOUR SECURITY BY INCREASING IT.

    @Mike,

    I know a person who got angry at his PC and poured orange juice into the tower.

    On topic, people who download malware, accidentally, need to be taught not to download malware accidentally. You cannot prevent other machines from scanning you and botting you. But you can prevent yourself from executing ****.exe when you ought not to.

    This means - firewall for traffic, user for common sense.

    As to leak tests, there is NO software in this world, running inside an operating system that can 100% beat another software running inside the same operating system. It's a very simple thing.
    If you have a "stronger" driver for firewall than malware > firewall will win.
    If you have a "stronger" driver for malware than firewall > malware will win.
    The best way to prevent something like that is:
    Not to download and execute bad stuff.
    Use another application that guards the firewall.

    Mrk
     
  25. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,658
    Location:
    Sydney, Australia
    I'm certain not everyone can learn not to accidentally infect themselves. At least not some of the folk I've met.

    Even then, there will always be the user issues. I've even been nailed myself - "Missing plugin needed to view content" - it was tempting content - I installed it without thinking and the next thing I know I have 3 BHOS installed. Oops.

    Naturally, if the malware is "Stronger" than the firewall, malware will win. The trick is to try make the firewall as strong as you can. I personally don't think passing all leaktests is of vital importance - it's more about marketing and perceived competitive edge than anything else - and once users know firewall can "leak" then, of course they want to know which is leaking less.

    But, if you know it's possible to leak by (for example) injecting a DLL into a trusted process, and you can protect against such things - why not?

    You might not be able to have perfect security - but if you make it as good as you can, you raise the bar for the malware writers and make an attack less likely to succeed.








    Perhaps not. But if one considers a leaktest proof of a "vulnerability" inside a firewall product, then you're obliged as a vendor to fix it. At least this then raises the bar for a successful exploit (at least, technically).
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.