Latest Comodo FW compared to ZAP & Kaspersky

Hi,

For those that have used Comodo - FW ONLY (latest ver), ZoneAlarm and / or Kaspersky FW from their KIS, how do the FW's compare in user friendliness and ease of giving permissions, creating / editing rules or conflicting w/ KAV?

Currently using Kaspersky IS 2009. (Also have copy of ZA ISS 2009). Kaspersky's changed the FW GUI a lot & it's somewhat easier to set permissions than v7, but I've always thought Kaspersky's FW was very over complicated, even for an advanced user (esp permissions & setting rules).

Used ZoneAlarm Pro w/ KAV in the past & liked the ZA FW better than Kaspersky's. But, haven't found ZA Pro on sale (free after rebates) lately. Can't install ONLY the FW out of ZA ISS 2009 anymore, even if tell it not to install the AV. Conflicts w/ KAV 2009.

Thanks.

 

Very recent review of Security Suites in PC Magazine at http://www.pcmag.com/article2/0,2817,2333444,00.asp breaks out firewalls as a separate component, so may be useful. Current posts by Comodo fans still say "usability is coming", so must not be there yet. I think that Zone Alarm, Online Armor, and even Kerio/Sunbelt are easier to use from the other ones I have tried recently (used Comodo for a year, but not since October). Haven't used Kaspersky, though. You just missed the "Free Zone Alarm Pro" anniversary giveaway last month.

 

I haven't used Kaspersky's firewall at all and it's been a very long time since i used ZA Pro.

Comodo's HIPS is the one with "usability coming". Because many people don't understand pop ups or think they are too many.

For the firewall part... If you have used Kerio 2 or PC Tools firewall, it means you have a knowledge of port and protocols and so, you won't have problem configuring the Comodo firewall...

It's very difficult to explain it. Basically, there are some presets. You can also add you own preset. For example "outbound only" or "Browser" or "Email client". Other than that, you can edit rules manually and restrict things per port and protocol.

I guess you ll have to try and see... At the beginning, before reading the help file i was a bit lost, because i wasn't used to presets. Once i read the help file it all became clear and i must say, i enjoy the firewall part of Comodo. Now i think it's very clearly laid out.

But it's all about personal taste when it comes to firewalls...

 

I wouldn't think of using CIS without the D+ HIPS. There are a number of issues with the firewall (including things like proxy holes) that are mitigated by D+. You will often see complaints about the firewall dismissed with "don't worry, D+ will take care of it". To quote one of the senior moderators, "Consensus is that without D+ CFP is a very average firewall".

 

Without D+, it has 0 anti-leak ability. About the proxy hole, i don't know.

 

A couple of simple examples: Without D+ you can usually get to a website from an "about" popup by harnessing your browser invisibly. You also have no SPI for passive FTP, so all the high order ports need to be allowed, counting on D+ to protect them. The Comodo site often warns users to take advantage of D+ for a stronger firewall. Nothing wrong with setting things up that way for efficiency, but still should be recognized that D+ is almost essential. Don't know whether upgrades were done to the latest version, but were certainly low in the priorities because of the effectiveness of D+..

 

To tell you the truth, i m not sure i follow you or how D+ can actually help the firewall in that, but anyway, the user can try for himself and see if he likes something.

Personally i 've never ran it without D+, but i can't find a connection between D+ and the firewall part in such cases as proxy hole, passive ftp etc. D+ controls execution, not ports or local proxy or anything else related to ports and protocols. For anti-leak, sure, D+ is the one controlling that, since it controls processes.

 

Thanks for all replies!

Is "D+ HIPS" a component of Comodo, or stand alone or some add on?

SDED: thanks for link to PCMag. Read thru his reviews on Comodo, ZA ISS, KIS & Norton. I haven't used Norton products in a Loooong time - for good reason. I'm sure they've improved some (or they'd be out of business), but they're still usually rated poorly by experienced users. Any professional reviewer that gives Norton (FW, AV, ISS) the highest rating is suspect, IMHO. Symantec is a huge conglomerate that bought up a lot of excellent programs/companies & gradually ruined most.

 

D+ is the classical HIPS module of Comodo. You can disable it after installation and stay with only the firewall module active if you don't want it. Simply, it won't have anti-leak capabilities. Meaning, it will follow firewall rules, but won't protect from process hijacking, tunneling etc. It will be a "simple" application firewall which would rate zero at Matousec's tests. Now foe the other stuff mentioned, i can't say anything. I haven't seen anything to make me think the firewall works any differently than others. It's true it doesn't have spi, it has a "protocol analysis" and "packet checksum verification" thing. If you ask me, for home users, spi is useless, i 've used for years simple application firewalls with no spi and as long as you keep your rules correct, you 're safe. Besides, in home products, usually the quality of spi, is questionable. If you have a router, it becomes no problem at all.

 

Try OA free, just tell it that all you aps are safe. You won't get many pop-ups in normal operation. It makes rules decisions for you (OA received somef critism in the past that OA made the FW decisions for the user, now you set this feature off).

When you are looking for a basic FW, then Rising or Sunbelt are also options to consider.

Cheers

 

You can try PC Tools firewall too! With or without enhanced security enabled. (off topic, but anyway).

 

Fuzzfas, should have mentioned above that D+ is actually where you block/allow access to localhost or browsers by the other applications and get the appropriate popups. So not really a part of the firewall, but does supplement the warnings in that sense. And Comodo does have SPI rules for common things like DNS and DHCP-in fact they work so well you can't block or log the SPI responses. Just surprising that the classic example of why SPI can be useful, namely passive FTP, is missing, so lots of ports are allowed outbound access which can be monitored by D+ if present.

 

phkhgh,
I see a lot of positive reviews by real users on various sites for Norton 2009, but don't know whether I could bring myself to use it again either. After the badly performing preinstalled versions we got on various computers in the past and the difficulties of getting rid of them so something else could be installed it does take a leap of faith. Even saw some good reviews on the Comodo site in the past, though. But the PC Magazine article does point out (perhaps tongue in cheek) that if you hate them too much to ever use them again, they think Trend MIcro (which I have never used) is also pretty good. And Zone Alarm firewall still has lots of adherents.
But Malware often comes in through good connections. And AVs miss enough new stuff that a good HIPS and/or BB is essential to good security along with the firewall. Security sort of looks like a (layered) sieve:
FW---->AV/AM/AS/----->HIPS---->BB or ? with each layer trying to correct the mistakes of the previous layer, and often involving the user in the decisions.

 

Thanks again. I do use a router (new Linksys) w/ SPI & NAT enabled, but always prefer using a soft FW too.

SDED:

What's "BB?"

I'm w/ you - not sure if they could pay me to use Norton again. Lots of complaints about Norton are how it interferes w/ other apps & problems unistalling it, as much how it functions on its own.

Dunno - maybe it's just gonna take a while to figure out Kaspersky's FW. Will say user friendliness improved since last yr. If you love tweakin' & fiddlin', you should be in hog's heaven w/ KIS, cause there's a boatload of configurable settings.

I read reviews & user opinions at PC Mag & other sources, on ZoneAlarm ISS 2009(mainly FW part). It's probably still a decent - even good - product, but sadly has gone the way of other software. After Check Point bought out Zone Labs, quality & support definitely suffered (not just my opinion). That was also my experience w/ ZA Pro since about v5.

They've let some reported bugs persist in last few vers - don't know about 2009.

 

By BB I mean a behavior blocker type program, like Threatfire or Prevx Edge that goes beyond signatures and beyond looking at a single action like a HIPS does. In a sense, with a HIPS you are often the BB in that you may look at a series of actions or some other information about what you were doing at the time of the popup to decide what to do. My wife still tolerates Zone Alarm/Avast!, runs screaming with the others, and hasn't been infected, so I am happy with it.

 

Thanks, I'm learning some things today. I'm unfamiliar w/ behavior blockers like Threatfire or Prevx, though heard the name Threatfire & think I used to take Prevx for heartburn...

Anyway, except for the extremely paranoid or those frequenting dangerous sites (even My Space is notorious if you're not careful), do many "informed" users use something like Threatfire along w/ say, KIS 2009, or is it redundant?

Isn't Threatfire's method similar to Kaspersky's heuristic analysis (if enabled)? Of course, no one security prgm of any type is 100% effective by itself, so if it doesn't interfere & doesn't slow down your system, guess it'd be OK.

 

KIS is powerful enough ,i would not install another "realtime guard".If u worry about browser threats- no script- addon can be very helpful if u use firefox.

 

Kaspersky is probably very good, but I prefer to use a separate BB technology, just because it is a very active research area and there are some very good ideas out there (unfortunately, along with some dumb ones, like voting). "Heuristics" is such an open ended term ( see http://antivirus.about.com/library/glossary/bldef-heur.htm and http://mirror.sweon.net/madchat/vxdevl/vdat/epheurs1.htm , for example) that it has become almost meaningless. I am trying out Prevx Edge ( https://www.wilderssecurity.com/showthread.php?t=225190 ) and so far have been quite impressed with the product and their descriptions of it-but don't see much real malware that gets that far; most show up as big alerts from Avast! And Avast! scores near the top on AV tests in spite of not having "heuristics" (oh, woe) by using generic signatures and algorithmic evaluation instead.
The alternative is really how comfortable you feel in evaluating the HIPS alerts you get and determining yourself whether you should block or allow. Some of the examples of "cloud" or "group intelligence" approaches to assist you are often incredible: Showing screens with 68% allow and 32% block , and saying "of course you now know you should allow it from that". BS; If 32% of the users block it and I know nothing else, no way will I let it on my machine. Even at 5% unless I know the block context it is dead meat!
Your NAT router will get rid of most incoming, and a Software firewall will give you more control, including over outgoing, But malware at the packet level often comes over good connections (mail, browser), AV/AM/AS at the file level are often behind in time, and a HIPS requires you to take responsibility for the allow/block action by executables. So you need to try some of the products (many are free, most have free trial versions) and see what feels good to you!

 

Off topic but if it's simplicity you're after then sandboxing is the key,SandboxIE will protect against the vast majority of malware with minimal user interaction.

 

Thanks. All good info. FYI, ThreatFire support said they don't find it interferes w/ Kaspersky's heuristics (for instance).

I've read a bit about Sandboxie, but never tried.
All this is interesting, but I wonder what so many users that get malware so much are doing that I don't do?

Never had a virus, trojan, etc., that any prgm ever found, or evidence of one. Have had same install of XP for probably 4 yrs & never had to reinstall. A lot of users must be engaging in much riskier (or more stupid?) behavior than me, like having unprotected sex w/ a stranger?

Back to Norton FW / AV - when last used it yrs ago, it regularly said it stopped sometimes dozens of attacks ea session. Seemed pretty incredible. Of course, when I switched to ZA or Kaspersky, all those fake reports stopped.

 

Comodo at least used to say on their status display that they blocked hundreds or thousands of attempted intrusions per session. Turned out that an intrusion was any incoming connection request that was blocked and logged, which usually had to do with your router sending routine communications, late responses to outgoing TCP, P2P, ... Just Comodo routinely doing its job like you asked it to, and when you made a rule to block and not log the incoming, the intrusion count went away.

 

Hi phkhgh.

I'm a Global Moderator on the Comodo Forums. If you feel you want to try Comodo Firewall without Defense+, Give it a try and I am here if you have any questions or concerns. The Comodo Firewall is one of the best in the industry, And best of all it's 100% Free and does NOT have a feature paid versions like many others do (Example, You don't need to pay for a version for stronger or extra protection, etc) - So you are not restricted.

Just FYI phkhgh, The review that PC Mag did on Comodo Internet Security 3.5 is pretty "unfair" you could say because Neil (The reviewer) missed alot of stuff out, This Review was analyzed by Comodo last year and the appropriate email was sent to Niel Regarding their Review. Either way, If your using the Firewall & Defense+ I am more than happy to help you with creating rules, etc.

IIf you need anything regarding anything about Comodo Internet Security or the Firewall stand a lone, etc... just PM me here or at the Comodo Forums! I also have an account and perform undercover moderation at the Remove-Malware forums where I post in the CIS board there also. So any of the 3 forums is OK to contact me.

Cheers,
Josh

 

Thanks Josh for the generous offer.

Free is good, but not my biggest concern. Now, for a stand alone AV, all I'd have is the AV from Kaspersky IS '09 IF it would (truly) allow installing only the AV, or using one like Avira. I'd have to verify that, unless someone here has successfully installed only the AV from KIS.

FYI, ZoneAlarm ISS gives option to install only FW, but actually installs the AV anyway - just disabled. That still interferred w/ KAV. No offense, but I'm not sure I'd be comfortable w/ Comodo AV -not yet, anyway.

Did have a "free" copy of KAV '09, but returned it.

 

phkhgh, I can only give my particular experience with PC Tools FW Plus.. I'm running KIS 2009 as you said you are. I disabled the KIS firewall, and installed PC Tools FW (for fun, I guess). It has so far worked flawlessly (a couple of weeks). I'm sorry I can't answer to Comodo.

Regards,

 

Actually, as Fuzzfas said, i 've never ran the firewall without D+ nor i am an avid follower of the Comodo forum, so i am not supposed to know all about Comodo. Running it with D+ never showed it anything weird.

You were a mod in Comodo forum, so you can say more about things i 've never read...