ESS 3.0 compared to Comodo Firewall

I've been a registered user of NOD32 AV for a couple of years and am very happy with it. Alongside that, I used Zone Alarm Free Firewall, but dumped that last year and have been using Comodo Firewall Pro since, which has always worked well alongside NOD32 AV.

Now that ESS 3.0 is out, my question is simple really .. Would you recommend migrating my licence from just NOD32 AV to NO32 ESS 3.0 as it's a pretty decent upgrade offer and have all my eggs in the same basket so to speak.

How does NOD32 ESS Firewall compare to Comodo for instance (I've got a Netgear DG834GT Router which is what connects me to the t'interweb). I'm not too technically minded when it comes to configuring specific ports etc and just want something that does what it says on the box and keeps me nice and secure, showing me what apps are trying to connect so I can allow or deny, and logs any intrusion attempts.

Any guidance and recommendations as to whether I should stop dilly dallying and get NOD32 ESS 3.0

 

Well the Intrussion Detection on Comodo is very basic compared to ESS. If I read the help corrected, ESS checks the content of every packet sent or received from the internet, whinch assures that it is safe, Comodo does not, It just checks for inconsistances on the protocols and stuff but not the actual packets being transmited.
On the other hand ESS won't pass any leak tests because it does not have HIPS like comodo V3 will have or like in some measure comodo V2.4 has. That being said ESS approach is not to let you download or run anything that compromise your security so that you don't need a HIPS because everithing on your machine is safe.
Personaly I'm using ESS because it is just a service and a process and that is all to secure your system, not to forget that nod V3 does not get along with Comodo very well on my personal experience.
Others might say that having an all in one suit is a risk because if the suite gets killed then your on thin air, but NOD never got killed on my machine and I have no reason to believe ESS will.

 

MasterTB comodo does the same checking of packets ess does. It is just not default or used much.

 

This would infer "deep packet inspection". Are you sure of this? Are or you thinking of "HTTP AV monitor (web av)"?~~ (there is a big difference)

 

Checksum check (IMHO) should be done by any SPI firewall.

Malware can have a verified checksum. This in itself is not protection.

 

Well actually not. The firewall Engine in eset checks the content of every packet not the packet checksum those are two different things.
If I did not read the help wrong, by integrating the firewall and the AV, every packet allowed in is checked to verify not only integrity but also malignous code, and that is something that comodo cannot do becuase it does not have an antivirus built in.

 

Agree, that's why I say that Intrussion Detection in Comodo is very simple compared to ESS. Not to mention Kerio.

 

Can anybody suggest a HIPS program that would be compatible with running ESS 3. ?

 

Hey galloot, try DefenseWall ( www.softsphere.com ).

 

I am also interested in ESS 3.0 compared to the upcoming Comodo 3. I have been using NOD antivirus for coming up to 2 years and liking it. I don't understand all the real technical stuff about firewalls. Tried Comodo 2.4 some time ago and had problems getting it to allow my other computer to connect to the internet through internet connection sharing. Perhaps if I'd persevered for longer. I wonder how easy ESS is to set up to work over a network with internet connection sharing and file shares. I'm also interested in which provides the best protection.

 

Can you please provide some proof about this? Have you read it anywhere, have you tested it, or it is something you suspect?

I hope that you are not reffering in this:

ps. For achieving what you described, SS3 has to be capable of Cross Packet Inspection (XPI).

 

This article here: http://www.winplanet.com/article/3847-.htm
Says that:
"ESET Smart Security's firewall will have aggressive scanning as data go up and down the wire, since so many forms of malware seek to get around firewalls by using certain ports or applications. The NOD32 engine will inspect all traffic going in and out of the computer through the firewall in real time without impacting performance, according to Andrew Lee, chief research officer for ESET. " // "A lot of firewalls are rather static. They give port access to an application and then don't check the content coming through," he told InternetNews.com. "The network is our area of focus since everything goes through it. We inspect all network traffic with the antivirus engine." Also: "Different levels of security can be applied to applications. For example, Microsoft Word can have a normal level of security or ESET Security Suite can treat it as if it were a browser and apply the same kind of scrutiny to its disk and network activity as it would Firefox or Internet Explorer."

If that is not what I understood then sory, but I think it is pretty clear that all trafic allowed by the firewall is scanned for content with the antivirus engine... that is more that what Comodo can do or any other standalone firewall I have used. (remember that I am no expert, just a user)

 

To answer your comment about NOD V3 and Comodo not getting along, that's incorrect. Comodo didn't object a bit when v3 moved in.
As for the suite issue, I think we debated that to death, and the fact is that there's a first time for everything, and after using ZA suite for a few years I can state with experience that stand alone's are the best way to go. Having said that, I will say that if I didn't know better I'd go for ESS for the reasons you gave.

 

Hey man...nothing is perfect, my Ess 3.0 got cracked up by beagle two weeks ago...I had the beta version

so Ess 3.0 beta CAN be easily killed...dunno if ess3.0 is still vulnerable to this attack..and notice that the infected file was scantime detectable but not runtime...so the file let it come in...and the av let it install, even if they both knew it was a virus...Which make me think...

 

Sorry, but that is a short-sighted approach to security. What you talk about is an ideal state that is unreachable in reality. Even the best AV (which NOD32 is) can NOT catch every new unknown virus. It is impossible (you may get to 99% but not to 100%). The advanced heuristic module can catch unknown new malware, but according to independent retro tests, it catches only about 80-90% (which is very impressive, but still not 100%).

So, there will always be some malware that makes it to your machine in spite of your antivirus.

What to do next? First of all, you need to have a leak-proof outbound firewall, so that the malware cannot send your data to the net and cannot receive commands from hackers. That's called pro-active layered security.

It is absolutely naive to believe that AV will catch 100% of malware and so allow one to tolerate weaknesses in the firewall. You need additional layers of different kinds of protection. That includes an excellent 100%-leak-proof firewall (plus HIPS to prevent installation of then unknown kernel-space malware and possibly using VM sandboxing to isolate mission-critical private data).

It is imperative that ESET makes their firewall as leak-proof as possible. Otherwise, their firewall is useless. Seriously.

 

ronjor closed my thread without answering my question and only referring me to this thread.

My question is:
Has anyone TESTED Comodo Firewall 3.0 with NOD 32 3.0 and compared the tests to ESET ESS 3.0 AV+Firewall? Will such a test be done later if not already done?

I am looking for actual tests/facts.

Thanks.

 

Agreed, but I think they don't feel the same way. Look at AVG and Panda for example, they both go the same way Eset is going...

 

Well, if that's true, I'll keep using NOD32 + a good firewall from competition. I won't bother buying ESS (although I'd love to, because NOD32 is the best AV in the world and I'd really love to use a firewall created by the same team).

 

Does that make the opinion that Comodo IS far better than ESS Firewall or not?

Looking at Comodo, with ESS firewall off, I seem to have the same problem as I had with ZA, everytime a component contacts to the web I get asked should I allow, fine but I've just allowed FF 12 times, so thats not fine.

There are a few issues with ESS leaktests, but when out of 10 tests the first one failed on automatic detection, but passed on interactive, that proves to me interactive is better firewall. Most the other tests got blocked as virus's anyway.

Comodo just looks a touch to complicated and reminds me of the nightmares I had with ZA last year.

 

I wouldn't go that far. I think the firewall in ESS has a much better Inbound protection, and since it is integrated with NOD32 antivirus it has the potential for a great protection. What comodo brings to play is the HIPS, which ESS has not, but you can add a 3rd party HIPS without having to install Comodo.
Personally I'm using ESS for now, until the V3 of Comodo is up and running, then I'm going to make up my mind but for noww Comodo has too many issues for me to use it.
And like I say if you want that absolute control on your system just Install a HIPS alongside ESS and that's all you'll need.

 

Any recomendation for a HIPS? ideally free.

 

I'm sory but I can't recomend one, I have tried a lot of them but eventually they all fall short. The only HIPS I know that work really well are the ones included in Online Armor firewall 2.0 and Comodo V3 (still in testing RC1 was released a week ago).
Unfortunately those come with a firewall, which kinda sucks if you want to use ESS.
As for me, at the time I run ESS along with Comodo Boclean, it seems to be a great combination and since I'm behind a Router I think I'm pretty much covered, of course not every one will agree....

 

You should be able to install COMODO, disable the firewall and then install ESS.

 

As for a HIPS, you may want to keep an eye on this thread-

https://www.wilderssecurity.com/showthread.php?t=190712

It looks like someone is going to try ESS and Online Armor 2 with the OA firewall disabled. This may turn out to be a good combo assuming you are not trying it on Vista.

 

Thanks for that.

From the description seems more like some kind of extented HTTP AV monitor to all the ports.

ps. I do not think that this adds more security. NOD32 AV standalone version can detect those too. It seems more like a publicity article to me. (nothing wrong with that )