ESS 3.0 compared to Comodo Firewall

Discussion in 'other firewalls' started by MrMonk, Nov 5, 2007.

Thread Status:
Not open for further replies.
  1. MrMonk

    MrMonk Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    5
    I've been a registered user of NOD32 AV for a couple of years and am very happy with it. Alongside that, I used Zone Alarm Free Firewall, but dumped that last year and have been using Comodo Firewall Pro since, which has always worked well alongside NOD32 AV.

    Now that ESS 3.0 is out, my question is simple really .. Would you recommend migrating my licence from just NOD32 AV to NO32 ESS 3.0 as it's a pretty decent upgrade offer and have all my eggs in the same basket so to speak.

    How does NOD32 ESS Firewall compare to Comodo for instance (I've got a Netgear DG834GT Router which is what connects me to the t'interweb). I'm not too technically minded when it comes to configuring specific ports etc and just want something that does what it says on the box and keeps me nice and secure, showing me what apps are trying to connect so I can allow or deny, and logs any intrusion attempts.

    Any guidance and recommendations as to whether I should stop dilly dallying and get NOD32 ESS 3.0 :)
     
  2. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    Well the Intrussion Detection on Comodo is very basic compared to ESS. If I read the help corrected, ESS checks the content of every packet sent or received from the internet, whinch assures that it is safe, Comodo does not, It just checks for inconsistances on the protocols and stuff but not the actual packets being transmited.
    On the other hand ESS won't pass any leak tests because it does not have HIPS like comodo V3 will have or like in some measure comodo V2.4 has. That being said ESS approach is not to let you download or run anything that compromise your security so that you don't need a HIPS because everithing on your machine is safe.
    Personaly I'm using ESS because it is just a service and a process and that is all to secure your system, not to forget that nod V3 does not get along with Comodo very well on my personal experience.
    Others might say that having an all in one suit is a risk because if the suite gets killed then your on thin air, but NOD never got killed on my machine and I have no reason to believe ESS will.
     
  3. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    MasterTB comodo does the same checking of packets ess does. It is just not default or used much.
     

    Attached Files:

  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    This would infer "deep packet inspection". Are you sure of this? Are or you thinking of "HTTP AV monitor (web av)"?~~ (there is a big difference)
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Checksum check (IMHO) should be done by any SPI firewall.

    Malware can have a verified checksum. This in itself is not protection.
     
  6. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    Well actually not. The firewall Engine in eset checks the content of every packet not the packet checksum those are two different things.
    If I did not read the help wrong, by integrating the firewall and the AV, every packet allowed in is checked to verify not only integrity but also malignous code, and that is something that comodo cannot do becuase it does not have an antivirus built in.
     
  7. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    Agree, that's why I say that Intrussion Detection in Comodo is very simple compared to ESS. Not to mention Kerio.
     
  8. galloot

    galloot Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    12
    Can anybody suggest a HIPS program that would be compatible with running ESS 3. ?
     
  9. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
  10. catprincess

    catprincess Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    44
    I am also interested in ESS 3.0 compared to the upcoming Comodo 3. I have been using NOD antivirus for coming up to 2 years and liking it. I don't understand all the real technical stuff about firewalls. Tried Comodo 2.4 some time ago and had problems getting it to allow my other computer to connect to the internet through internet connection sharing. Perhaps if I'd persevered for longer. I wonder how easy ESS is to set up to work over a network with internet connection sharing and file shares. I'm also interested in which provides the best protection.
     
  11. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,572
    Can you please provide some proof about this? Have you read it anywhere, have you tested it, or it is something you suspect?

    I hope that you are not reffering in this:
    ps. For achieving what you described, SS3 has to be capable of Cross Packet Inspection (XPI).
     
  12. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    This article here: http://www.winplanet.com/article/3847-.htm
    Says that:
    "ESET Smart Security's firewall will have aggressive scanning as data go up and down the wire, since so many forms of malware seek to get around firewalls by using certain ports or applications. The NOD32 engine will inspect all traffic going in and out of the computer through the firewall in real time without impacting performance, according to Andrew Lee, chief research officer for ESET. " // "A lot of firewalls are rather static. They give port access to an application and then don't check the content coming through," he told InternetNews.com. "The network is our area of focus since everything goes through it. We inspect all network traffic with the antivirus engine." Also: "Different levels of security can be applied to applications. For example, Microsoft Word can have a normal level of security or ESET Security Suite can treat it as if it were a browser and apply the same kind of scrutiny to its disk and network activity as it would Firefox or Internet Explorer."

    If that is not what I understood then sory, but I think it is pretty clear that all trafic allowed by the firewall is scanned for content with the antivirus engine... that is more that what Comodo can do or any other standalone firewall I have used. (remember that I am no expert, just a user)
     
  13. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    To answer your comment about NOD V3 and Comodo not getting along, that's incorrect. Comodo didn't object a bit when v3 moved in.
    As for the suite issue, I think we debated that to death, and the fact is that there's a first time for everything, and after using ZA suite for a few years I can state with experience that stand alone's are the best way to go. Having said that, I will say that if I didn't know better I'd go for ESS for the reasons you gave.:)
     
    Last edited by a moderator: Nov 11, 2007
  14. faenil

    faenil Registered Member

    Joined:
    Oct 25, 2006
    Posts:
    88
    Hey man...nothing is perfect, my Ess 3.0 got cracked up by beagle two weeks ago...I had the beta version

    so Ess 3.0 beta CAN be easily killed...dunno if ess3.0 is still vulnerable to this attack..and notice that the infected file was scantime detectable but not runtime...so the file let it come in...and the av let it install, even if they both knew it was a virus...Which make me think...
     
  15. SecMonk

    SecMonk Registered Member

    Joined:
    Sep 21, 2007
    Posts:
    19
    Sorry, but that is a short-sighted approach to security. What you talk about is an ideal state that is unreachable in reality. Even the best AV (which NOD32 is) can NOT catch every new unknown virus. It is impossible (you may get to 99% but not to 100%). The advanced heuristic module can catch unknown new malware, but according to independent retro tests, it catches only about 80-90% (which is very impressive, but still not 100%).

    So, there will always be some malware that makes it to your machine in spite of your antivirus.

    What to do next? First of all, you need to have a leak-proof outbound firewall, so that the malware cannot send your data to the net and cannot receive commands from hackers. That's called pro-active layered security.

    It is absolutely naive to believe that AV will catch 100% of malware and so allow one to tolerate weaknesses in the firewall. You need additional layers of different kinds of protection. That includes an excellent 100%-leak-proof firewall (plus HIPS to prevent installation of then unknown kernel-space malware and possibly using VM sandboxing to isolate mission-critical private data).

    It is imperative that ESET makes their firewall as leak-proof as possible. Otherwise, their firewall is useless. Seriously.
     
    Last edited: Nov 10, 2007
  16. OLDXTECH

    OLDXTECH Registered Member

    Joined:
    Aug 7, 2007
    Posts:
    30
    Location:
    Exact center of California
    ronjor closed my thread without answering my question and only referring me to this thread.

    My question is:
    Has anyone TESTED Comodo Firewall 3.0 with NOD 32 3.0 and compared the tests to ESET ESS 3.0 AV+Firewall? Will such a test be done later if not already done?

    I am looking for actual tests/facts.

    Thanks.
     
  17. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    Agreed, but I think they don't feel the same way. Look at AVG and Panda for example, they both go the same way Eset is going...
     
  18. SecMonk

    SecMonk Registered Member

    Joined:
    Sep 21, 2007
    Posts:
    19
    Well, if that's true, I'll keep using NOD32 + a good firewall from competition. I won't bother buying ESS (although I'd love to, because NOD32 is the best AV in the world and I'd really love to use a firewall created by the same team).
     
  19. SteveBlanchard

    SteveBlanchard Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    312
    Location:
    ENGLAND
    Does that make the opinion that Comodo IS far better than ESS Firewall or not?

    Looking at Comodo, with ESS firewall off, I seem to have the same problem as I had with ZA, everytime a component contacts to the web I get asked should I allow, fine but I've just allowed FF 12 times, so thats not fine.

    There are a few issues with ESS leaktests, but when out of 10 tests the first one failed on automatic detection, but passed on interactive, that proves to me interactive is better firewall. Most the other tests got blocked as virus's anyway.

    Comodo just looks a touch to complicated and reminds me of the nightmares I had with ZA last year.
     
  20. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    I wouldn't go that far. I think the firewall in ESS has a much better Inbound protection, and since it is integrated with NOD32 antivirus it has the potential for a great protection. What comodo brings to play is the HIPS, which ESS has not, but you can add a 3rd party HIPS without having to install Comodo.
    Personally I'm using ESS for now, until the V3 of Comodo is up and running, then I'm going to make up my mind but for noww Comodo has too many issues for me to use it.
    And like I say if you want that absolute control on your system just Install a HIPS alongside ESS and that's all you'll need.
     
  21. SteveBlanchard

    SteveBlanchard Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    312
    Location:
    ENGLAND

    Any recomendation for a HIPS? ideally free.
     
    Last edited: Nov 11, 2007
  22. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    I'm sory but I can't recomend one, I have tried a lot of them but eventually they all fall short. The only HIPS I know that work really well are the ones included in Online Armor firewall 2.0 and Comodo V3 (still in testing RC1 was released a week ago).
    Unfortunately those come with a firewall, which kinda sucks if you want to use ESS.
    As for me, at the time I run ESS along with Comodo Boclean, it seems to be a great combination and since I'm behind a Router I think I'm pretty much covered, of course not every one will agree....
     
  23. AJohn

    AJohn Registered Member

    Joined:
    Sep 29, 2004
    Posts:
    935
    You should be able to install COMODO, disable the firewall and then install ESS.
     
  24. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    As for a HIPS, you may want to keep an eye on this thread-

    https://www.wilderssecurity.com/showthread.php?t=190712

    It looks like someone is going to try ESS and Online Armor 2 with the OA firewall disabled. This may turn out to be a good combo assuming you are not trying it on Vista.
     
  25. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,572
    Thanks for that. :)

    From the description seems more like some kind of extented HTTP AV monitor to all the ports.

    ps. I do not think that this adds more security. NOD32 AV standalone version can detect those too. It seems more like a publicity article to me. (nothing wrong with that ;) )
     
Loading...
Thread Status:
Not open for further replies.