Matousec, Comodo & PC Tools

Discussion in 'other firewalls' started by TerryWood, Mar 4, 2010.

Thread Status:
Not open for further replies.
  1. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    703
    Hi All

    A confession, I am not very knowledgable, that is why I come to this forum to ask the following questions in the hope someone can explain and clarify my confusion.

    In the latest Matousec tests, Comodo Internet Suite vies with PC Tools Pro Firewall for first place, which suggests that each is as good as the other (insofar as the tests are concerned)

    The heart of my confusion lies in the fact that CIS is a Firewall, Antimalware D+ and an antivirus AND yet PC Tools Firewall Pro is just that a Firewall.

    1) So how does a Firewall only, manage to achieve comparable results to that of a Suite (CIS)?

    2) Does Matousec, test only the Firewall component of participants? If not see 1) above?

    3) If Matousec tests involve all three sections ie Firewall, Malware and Antivirus how does PC Tools Pro square the circle?

    4) How is PC Tools Pro as an an alternative to comodo Firewall and D+ in real life?

    Any commentary to help me assess the two products, and to some extent, how two different products can achieve glory in the same tests would be appreciated

    Terry.
     
  2. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
  3. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    703
    Hi lordraiden

    Thanks for that, so on that basis (of your reply) PC Tools = Comodo D+?

    Terry
     
  4. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,188
    Location:
    USA
    PC Tools is buggy. Comodo has an insane amount of pop-ups and is rather annoying.
     
  5. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    PcTool is a firewall + HIPS

    Comodo is a Firewall + HIPS (defense+) + AV(optional)

    I would recommend comodo they have just release V4 but is better if you use the old one 3.14 since the v4 have many bugs.

    Also you can try Online Armor or Agnitum Outpost, both firewall + HIPS.
     
  6. TerryWood

    TerryWood Registered Member

    Joined:
    Jan 14, 2006
    Posts:
    703
    Hi

    Thanks to everyone replies very helpful

    Terry
     
  7. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    525
    Location:
    Arizona
    I suppose if you are running 64 bit Windows you can throw those results out the window. Correct?
     
  8. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    funny sentence... english for runaways? :D
     
  9. Edwin024

    Edwin024 Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    1,000
    Not anymore in the latest edition.
     
  10. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    Well, more or less but you have more guarantees if the 32bit version is better ;)
    They will release a win7 x64 test soon.
     
  11. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe

    " insane "..... :rolleyes: is what an HIPS must do.
     
  12. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    525
    Location:
    Arizona
    That will be interesting. Thanks for the heads-up.
     
  13. TheIgster

    TheIgster Registered Member

    Joined:
    Jul 25, 2009
    Posts:
    645
    Location:
    Edmonton, AB
    Drives me crazy when people just drive-by post like this.

    I've been running PC Tools Firewall Plus for quite some time now and have had ZERO ISSUES with it.

    Please explain what you are referring to as "buggy".
     
  14. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,188
    Location:
    USA
    Sad thing is I had over 6 months experience with it. Its buggy. You can read about random net lag, wireless net loss, the GUI lags, and I know for a fact that there is an issue with allowing uTorrent through the FW and PCTools following that rule.

    Now explain to me how you think that because YOU dont have issues with it doesnt mean that the software and user base of PCTools Firewall as a majority doesnt have issues?
     
  15. TheIgster

    TheIgster Registered Member

    Joined:
    Jul 25, 2009
    Posts:
    645
    Location:
    Edmonton, AB
    I didn't say no one had issues with it. I stated I had not had any issues with it and I also questioned your driveby post without details.

    I have personally not experienced any of the issues you posted and currently have uTorrent running in the background with no issues after configuring it. As you can see by the attached image, uTorrent is always in OK mode with the rules I have configured in PC Tools Firewall as well.
     

    Attached Files:

  16. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    if i remember correctly, v5 i think won the best performance firewall wen it came to network throughput the last time matousec did a performance test. so idk bout the net lag part. and i also agree that ive never experienced a serious problem with PC Tools FW. seems to be more system conflict then general bad programming and will only be solved over time as its exposed to diff software.
     
  17. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,188
    Location:
    USA
    So Matousec got lucky and didnt have a system conflict.
     
  18. TheIgster

    TheIgster Registered Member

    Joined:
    Jul 25, 2009
    Posts:
    645
    Location:
    Edmonton, AB
    lol

    C'mon now...
     
  19. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    lol, haha:D
     
  20. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Things to note based on Comodo CIS3/4 and PC Tools 6 trials

    Granularity of PC Tools HIPS
    An issue in my eyes is the fact that PC Tools groups intrusions into groups in novice (default) mode. When you allow one type of intrusion, you automaticcally allow thee others becasue they are in the same group. In the expert mode, you can obtain this granular protection. So PC Tools in expert mode is fine. Problem is that it will generate some more pop-ups. You have to use the English version, because these detailed information pop-ups are translated by amateurs or by professional morons. I am a enthousiast amature in relation to security, with a professional background (more than 20 years ago) of a system developper / data base administrator / network (transaction protocol monitors) admin / security (RACF) admin on mainframes. I really did not understand the warnings of PC Tools when running it in Expert mode (the Dutch version). The Dutch PC Tools version learned me pseudo words which are not in Wiki or dictionary neither could I releate them to my old experience. So I removed the Dutch PC Tools version and replaced it with the English version. Those pop-ups are okay (not terribly explaining when you relelate it to the actual intrusion of the tests/PoC I was running it against). When you use PC Tools only use the version with offical content management of the pop-ups, being UK/US version.

    Comodo
    There was a nice German website, which was called "illusive security". (ScheinSicherheit). It is not actual anymore, but the idea was to test default setups and see how good they are (trying to take user interpretation mistakes
    into account and testing what really was covered on intrusion trigger level).

    Comodo (3.xx) in its default setup would have been highly critised, because it provides a high level of fake security. For instance when you are not installing in the highest security mode, Defense plus (Comodo's HIPS) generates default rules from the setup mode you have chosen
    F.I.
    Originally the default mode applies a ASK for rule 5, 6, 7 and an allow for the another 10 rules. When you decide that you would like to check on rules 10, 13, 15 and 16 and a programs was detected by rule 16, one would assume that Comodo generates a rule which has an ASK for rules 5, 6, 7 (the default) and 10, 13 and 15 (ones you added), only giving the triggering rule an allow (on rule 16 in this example). Wrong Comodo generates a rule with rule 5, 6 and 7 set to ask and all other to allow. So this really is a feat of illusionist security (I guess Ury Gueller would have been impressed with the disappear trick of you own added rules). Yes I have discussed this with Comodo, I did not bother. Aigle very much tred to convince the Comodo developers this was a joke, but they showed no interest.

    Due to change of concept, CIS4 will be more easy on these types of mistakes, but the D+ rules generator still works in the same way. Meaning the mistake is the same, but due to the Sandbox the effect is less dramatic. The beta CIS4 also had some strange choices for compatibility reasons (e.g. one of the virtualisation mechanisms was not on). The concept behind CIS4 finally is making some sense (making it easier to use), but it still is a half limped vision implementation. Some developers have absulute clear company values which are translated into the programming practises. For an individual programmer this makes it easier to code within the general vision of the product. Also on matters which are not thought out before hand. When I tested CIS4, it noticed it still has the totalist way of dealing with criticism and that when you really try Comodo, you can see that same type of intrusion are handled differenty in various parts of the Defense+ part. That said I really think CIS4 is a big usability jump compared to CIS3. For a freebie it is a great product. Still the quality issues of Comodo are really reducing the trust I have in a product (compare Comodo with DefenseWall on x32 or with Online Armor and you will see the quality differences of a single guy and a small dedicated team, versus the herds of programmers Comodo has in various low wage IT countries).

    Advice
    Since CIS4 is still early days and the trouble some quality Comodo usually delivers, I would not advise Comodo (think about their malware scanner which was retracted few days after launch, due to its ability to trash systems after having 'helped' the user to remove malware). But to be honest, despite the high ranking in Matousec, I would not advice for PC Tools in novice mode either. Instead have a look at DefenseWall and/or Online Armor when you really not into firewalls/HIPS the first place. The other option is to try ThreatFire and select the default rule for outbound control, Since you are behind a router/FW, you can disable GhostWall or Windows Firewall, since you are connected by wire AND trust the other family users in your home network. When the latter is not the case I would opt for Windows FW, since it is up to date with the latest Service Pack. I also like Outpost free very much, becasue of the smart way they have implemented the HIPS (with Outpost the grouping of HIPS protection is really well chosen, the groups are chosen on their impact of an intrusion, so when you fully enable the OS/HIPS group with vulnarable Windows spots (forgot the exact name), the chance that your AV can't cure any intrusions is very very very low (near zero). Sitill Outpost is better off in the hands of a HIPS enthousiast. OA and DW are more ease of use champions (with DW version 3 the easiest one)

    Regards Kees
     
    Last edited: Mar 15, 2010
  21. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    Hi Kees, thanks for your so complete analysis. Let me know: if I use CIS - as always I've done - only in the highest level and settings for the HIPS and the fw, the security issues in CIS that you described have not space, they don't exist ? So I understood your words, and so I believe on the base of my long CIS using ( in high configuration ). Is it ?



     
  22. vhick

    vhick Registered Member

    Joined:
    Jan 21, 2006
    Posts:
    224
    Location:
    Noypi.........
    Thanks sir Kees for your analysis and classification. Outpost Firewall is very very good. Atlest for me but for the multi-user PC. I think I'm going to change Outpost because of lack in information in pop-up as other user of multi-user pc is just click ok without knowing what it is. Even I put Outpost in leaning mode. After leaving learning mode, some components is ask for access. I try defensewall (v3 which have a firewall) and very very easy to use but its not free.

    Now looking for an alternative one...
     
    Last edited: Mar 15, 2010
  23. reedz856

    reedz856 Registered Member

    Joined:
    Feb 22, 2010
    Posts:
    10
    I used free Comodo & PCTools Firewall without any problems!
     
  24. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Blacknight,

    Yes when you have setup CIS in highest security mode your are fine (a default will generate an ALLOW or DENY depending on your choice, plus all other defense+ rules on ASK).
     
  25. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    It is no problem in the way you will get a blue screen. Only when you choose those HIPS/FW's depending on the matousec tests and you install it in the default mode, you won't get the protection you thought you would get. I am merely saying it is beter to use these products with the highest settings and for PCTools use the English language version.

    The Dutch Comodo translation is not the best. They also translated typical IT-terminology into Dutch, but at least seemed to have crossed checked the translators better (or had teh luck of more knowledgeable translators).
     
    Last edited: Mar 15, 2010
Loading...
Thread Status:
Not open for further replies.