Is finding Comodo 5.10 really that hard?

Discussion in 'other firewalls' started by luciddream, Mar 3, 2013.

Thread Status:
Not open for further replies.
  1. lurkingatu2

    lurkingatu2 Registered Member

    Joined:
    Apr 25, 2007
    Posts:
    22
    Location:
    Oregon
  2. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    FWIW, I have 5.12 on this XP computer. I don't think I installed it from a downloaded installer. I think it was either offered to me during an automatic update check or as a result of my manually using the check for updates feature. Oooh, guess what, I have another machine with 5.10! So I just manually checked for an update, it tells me one is available, and when I click on View Update Details I see the release notes for the v5 line (5.12.256249.2599 being the latest). So from the looks of that Comodo is, if not via automatic update checks then at least manual ones, offering 5.12 to 5.10 users on non-Win8 platforms. I've now set that machine to automatically check for updates. I don't know when that will occur, but I'll see if I can learn more when it does.

    I'm not dismissing the idea that 5.12's firewall might have been weakened relative to 5.10. It's just that if it was that would be significant and it would be something that should have been *explicitly* disclosed/described somewhere. If it has, I'd just like to find it.

    I am inclined to question the idea and want more info to back it up because I don't understand why it would have to be so. My impression was/is that in order to intercept Metro traffic you have to use WFP and Windows 8 hardware certification requirements dictate no TDI/LSP filters. So Comodo would have had to make changes to the way CFW works *when running on Windows 8* but those changes wouldn't necessarily have had to be made to the way CFW works when running on earlier OSs. Windows XP doesn't support WFP, yet CFW 5.12 on this XP computer seems to be working OK (I have various things blocked and others set to ask so I routinely get firewall alerts with the config I use). Supposedly, Windows 7's WFP isn't exactly the same as Window 8's WFP and maybe there too the solution that CFW uses when running on those two platforms could be a bit different. Point is, I'm inclined to suspect that there are different drivers or just different portions of code that handle the hooking/filtering details so as to allow the same rule engine to operate across the different platforms.

    Does this make sense to you? Is there something more you can share about your thinking that would make me question mine?
     
  3. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    This must have changed then, because it didn't used to be that way. I remember when 5.12 came out, when I'd check manually it would say my version was up to date. Seems now they're on a mission to push people to use the newest versions, even making the previous ones unavailable and hard to find, so no surprise.

    There's definitely nothing concrete I can provide to show that 5.12 is inferior in some way to 5.10. My common sense just tells me that in order for them to have accommodated the Web Shield they probably had to make some concession. For every action there's an equal & opposite reaction. Usually in the IT security field the trade off is security for usability. I feel better having 5.10 in place personally.

    I have other reasons for not wanting to use a Web Scanner too. I feel it actually increases your attack surface, listening in on ports as it does that I would rather just be closed/stealthed. Not to mention I've yet to meet one that didn't have a noticeable performance hit, even if subtle. And the Web Shield goes to work within my sandboxed environment... which goes *poof* as soon as I close it anyway. If I were lax enough to allow something malicious to be recovered outside of that environment, the File Shield would just shoot it down. So that overhead seems pointless to me.
     
  4. Krysis

    Krysis Registered Member

    Joined:
    Dec 28, 2012
    Posts:
    371
    Location:
    DownUnder
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    And use the filehippo mirror to download, otherwise you wil get just the latest version.
     
  6. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,974
    Location:
    Boston, MA
    Is anyone kind of hesitant to be using an older version? It isn't updated I assume. Wouldn't that increase the chances for something to be exploited?
     
  7. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,101
    The anti-virus will still be updated as usual but the core components probably not.
    Then again how often does the windows firewall get updated just as an example.I feel its a step backwards to be using 5.10.
     
  8. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,974
    Location:
    Boston, MA
    I agree. I'd love to be able to use the older version. for some reason I can't get ver 6 tho work.
     
  9. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,292
    For those who can't find it. I've uploaded it to sendspace, here's the link:
    http://www.sendspace.com/file/nhrgfb

    I can confirm that this is indeed version 5.10.228257.2253. Installed it on my XP Pro system alongside Bitdefender Free.
     
  10. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    And I have uploaded the last 5.12 here:
    http://www.multiupload.nl/YYATARBGFR

    only the x64 version of the firewall.
     
  11. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    Right... or the firmware in your router? For both, it's probably been a MUCH longer time than Comodo 5.10. Yet it is still doing a perfectly fine job of protecting you & stealthing your ports.

    The nature of packet filtering really hasn't changed in quite some time, nor is it likely to change dramatically anytime soon. So having your FW up to date is of less importance than the next app. All updates are pretty much for compatibility/stability with newer OS's and other real-time apps. And/or in Comodo's case, to add more vendors to it's Trusted Vendors List. Since v5.10 plays great with my setup and I delete that list, the updates are especially pointless to me.

    And that's why LooknStop & Kerio 2.1.5 are still doing a perfectly fine job of keeping users safe. As are your routers. As is the integrated Windows FW... even the XP one for inbound only.

    The are also people using much older versions of Comodo (v2 & 3), before the HIPS was even integrated, and are doing just fine.

    And thank you for providing those links and saving me the trouble...
     
  12. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    FWIW, I was automatically informed of a new version being available. I allowed the install to occur and ended up with 5.12.256249.2599.
     
  13. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,292
    I'm fairly new to Comodo and I'm not familiar with it's features and everything. Can somebody please elaborate on why you prefer 5 over 6? Yesterday I upgraded to the latest version and in general, I like it but I'm not sure if there's something lacking compared to version 5.
    Thanks
     
  14. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,545
    I prefer v5 (FW/D+ only) because it is more streamlined/trim than 6. I find the interface/layout to be far more intuitive and useable. And it's not just because I'm more familiar with it, though that is true too. It is slightly lighter too, but not enough of a difference that I'd let that make my decision. I don't want any of the extra features in v6, so it just offers me nothing as an end user personally. There were no marked improvements to the 2 modules I use, and actually I prefer the D+ in v5 ("Treat unrecognized as") functionality.

    If I were using the entire suite, or even just the AV in addition to FW & D+ I'd upgrade to v6, as it no doubt has an improved AV/heuristics engine. And if I wasn't a SBIE user I'd use the kiosk. It's probably the best all-around free security app out there, and perhaps even remove the word free and the comment still holds true. But I've fallen in love with Sandboxie and my real-time AV'less approach. And v5 FW/D+ fits in there perfectly.
     
    Last edited: Mar 19, 2013
  15. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    FWIW, now that I've updated the machine to IE10 I'm taking some time to go over my Win7x64 box. Including testing the CFW 5.12.256249.2599 that I allowed to be installed via automatic update. There is a problem with firewall blocking functionality and I'm trying to pin it down. Hopefully, this is specific to my machine. Which is equipped with Avast 6 and thus its older style redirection mechanism is active. Before digging further into the non-functional HTTP blocking behavior I saw, I backed up to test blocking on non-redirected ports. I'm seeing something that confuses me.

    If on my Win7 box I: 1) setup a block rule for telnet, or 2) setup an ask rule for telnet and choose block when prompted, telnet is blocked and neither the Wireshark running on it or the Wireshark running on the remote target machine machine see SYNs on the wire. However, the Wireshark running on the Win7 box is showing RSTs from the target machine. As if CFW is forging these RSTs when running on a Win7 machine or the Win7 stack forges these when a firewall blocks things via API (these don't happen on XP). I don't recall seeing such RSTs for blocked connections in the past, but I might have and just forgot about them.

    If there is someone running CFW 5.10 or 5.12 on Win7 I'd be interested to know if you too see these incoming ghost/forged RSTs when CFW is blocking an outgoing TCP connection.
     
    Last edited: Mar 26, 2013
  16. chimpsgotagun

    chimpsgotagun Registered Member

    Joined:
    Dec 1, 2012
    Posts:
    55
    So there seems to be uncertainty, what versions, if any, work properly with Avast Web Shield.

    I'd like to use Comodo with Avast 8 in three computers, that have operating systems WinXP, Win7, and Win8.

    I have only access to versions 5.12 and 6.0 of Comodo from trusted sources (cnet, comodo).

    So should I disable the Web Shield from Avast 8 (leaving other shields and stuff on), and use either version of Comodo?

    Or has somebody tested through if the issue is fixed?

    I'd really like to know if there would be issue if leaving the Web Shield on, or if disabled, would it be major security issue?

    Would a better alternative be using F-Secure IS that has a great AV side but how about the firewall side (both security and lightness on resources)?

    From their site:
     
  17. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,292
    Thank you for your answer. I' currently using v6 with no AV. I'm liking it, tho I don't use the kiosk nor full virtualization nor the HIPS. I may go back to v5.10 sometime this week to see the actual difference now that I've ran v6 for some time now.
    Are there any downsides security-wise running v5.10? I mean, are the sandbox and the firewall the same in both versions?
     
  18. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,171
    FWIW, the blocking problems I'm seeing seem consistent with CFW 5.12 on Windows 7 being vulnerable to Avast *6* local proxy redirection. I believe CFW 5.9 and 5.10 were show to be vulnerable to Avast *7* local proxy redirection. Based on what I've read I think Avast *8* uses the same approach as Avast *7*. I have some more testing to do, which should probably include going back to 5.10 just to verify its behavior. Interested others should do their own testing too.

    I'm unable to make sense of the limited reports and discern whether CFW 6 is susceptible to Avast 7/8 local proxy redirection on Windows 7. I haven't seen anyone mention even trying CFW 6 with Avast 6. An unlikely combination I'll admit, but something that should be tested to make sure CFW 6 isn't vulnerable to its mechanism for redirecting traffic.
     
  19. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    491
    Thanks for the download. Also I have installed CFW 6 & Avast 8 in aVM. It appears to pick up the loopback. My feeling is it works.
     
  20. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    541
    Location:
    United States
    Okay, so it appears to be a improper uninstall that left the old UI in place. Not sure why or how this happened. Anyways, running the new UI on desktop. Not particularly impressed with the layout. Going to take some getting used to. I'm going to hold off on updating the other computers. Wait and see.
     
  21. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    4,101
    Im running avast 8 and comodo firewall 5.12 and there have been no problems.
    I can block the browser ok if need be.:)
     
  22. StillAlive

    StillAlive Registered Member

    Joined:
    Dec 29, 2008
    Posts:
    42
    File version 5.10.31649.2253 / Product version 5.10.228257.2253
    http://web.archive.org/web/20120425083456/http://downloads.comodo.com/cis/download/installs/standalone/cfw_installer_x86.exe
    File size: 61,6 MB
    MD5: 393cad137c02566b21925c6c149497d3
    SHA1: 569a7a5a3dde4ce8ce5ba79c803f36813697f026


    File version 5.10.31649.2253 / Product version 5.10.228257.2253
    http://web.archive.org/web/20120322201931/http://downloads.comodo.com/cis/download/installs/standalone/cfw_installer_x64.exe
    File size: 61,6 MB
    MD5: f93ec1525c941298870755a35cdf861d
    SHA1: 8a99814f0ccd4731047bd1b2424897c8648b0c41
     
  23. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    611
    Location:
    Wallachia
    Are you sure you want to use this ?! :)

    I have used it few months ago ,this and 5.12 and i have discovered interesting things.

    To check ,place a machine that has Wireshark between the PC where you are using it and the internets.

    What i have observed are DNS leaks of executables that had no rules ,like the Adobe updater.Nothing was in the firewall log.Also the firewall will connect to Comodo DNS and again no logging for this ones too.

    After removing the firewall i have observed that the Comodo temp leftovers ,from the temporary folder, on a W7 x64 machine ,would try to do stuff.At least Online Armor was reporting strange activity from that file that in virus- total seems perfectly valid.

    I would say Comodo firewall is not a good choice at least in version 5 so...

    By the way all DNS leaks stopped installing Online Armor or Outpost firewall.

    Also the svchost rule had rules to allow only 2 DNS servers and connections only to Microsoft repositories so the DNS leaks are due to the firewall not blocking and not due to bad config.
     
  24. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    Comodo is over, I would use Privatefirewall or Onlinearmor.
     
  25. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    611
    Location:
    Wallachia

    Keep in mind Private firewall does not intercept loopback.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.