Why would I use anything but Comodo Firewall?

A little bored today, but this question does interest me. I have used all of the free Firewalls and it would seem that Comodo Firewall is tops. However, in saying that and actually liking CPF more than any of the other ones. I have to add that I also liked using Sunbelt Kerio Personal Firewall Free and for some reason really liked using Zone Alarm Free. Problems were the main reason I stopped using those two, but I never had any trouble using the latest CPF release. I am currently using AVG Firewall, but I miss all the other ones I mentioned. I may even do a custom reinstall with AVG ISS and not add the Firewall this time. If I do that, then why would I use anything but Comodo becomes an even more interesting question for me. The reason I say this is that I heard ZA Free is much better now, as is SKPF, and even Ashampoo Firewall is improving. I'm not looking for my Firewall to pass every leak test, but I do want it to give me more information than my AVG Firewall does. My other question is. What does anyone think about me using either ZA Free, SKPF Free, or Ashampoo FW for those reasons? Thanks in advanced.

 

~removed full quote of post just above....Stem~

I'm in the same boat.

I know it suck's in the leaktests, but i really like my Kerio 4.2.2 (last,stable version IMO). I've tried to leave it many times but keep going back to it (very good reporting features among other things). I liked Comodo but felt it was still a release or 2 away from being ready for my system. So i'm going to stick with Kerio again for now. Does anyone know if 'Prevx' can be used to Shore up the leaktest part?.

 

4 firewalls worth my time:
-Jetico
-Ghostwall
-OA firewall
-Kerio 2.1.5

 

lucas1985, I used 4.2.2 as well, but then being somewhat anal I tried 4.2.3 which was just the branding of Sunbelt to the Kerio Firewall and it worked the same as 4.2.2 with no troubles. I did have conflicts though when using either version with AOL AVS, but never with anything else. Stem confirmed this problem in thread here awhile back. It was an informative FW and liked the Application Behavior Blocking feature I think it was called. It only ran on my PC at around 8 to 10 MB of mem usage. Quite low. Anyway, I could just keep using AVG, but it takes the fun out of having a Firewall on account of the way it's set up in the Suite itself.

 

In my case, Kerio 2.1.5 is much more light and stable. But if you haven´t problems, keep v4.23.
On topic: Comodo has strange behaviours in my systems: missed rules, BSOD, etc. Perhaps it´s just me

 

Duke1959
You need to be getting all of the Xmas presents ready today.
As for using Comodo over ZA or Kerio, I think all three may provide more info than the AVG firewall. I decided on installing ZA on one of my PCs after considering my experience with it on other PCs. Kerio and Comodo tend to be more on the HIPS side as well as many of the newer firewall programs. ZA has never caused problems on the PC (I used every version except 6.5 which was reported to have many bugs). Comodo has added good protection features to the program which is to be commended.

 

I'm not going to get into the pros and cons of each firewall, but if you are looking for firewalls that provide a lot of information, here are some examples of what level of logging is available in other firewalls as a point of comparison. This is from Norton Personal Firewall 2004, the newer versions won't do all this! The statistics and logs can be easily cleared using the menu if desired for privacy reasons, and each log category can be specified to be a custom size (ie. 32K-2048K)

Statistics: Note the number of matches to your "permitted" and "blocked" firewall rules are recorded. The statistics window can also be printed.

 

Firewall log (heavily reduced image quality):

(The Alerts Log (not shown) records details of firewall alerts responded to on-the-fly, something that many firewalls do not provide.
Notice the DHCP traffic recorded after a reboot. The request and the response are both logged. Not many firewalls are able to log both directions of DHCP traffic this early.) The logs can also be printed.

 

System Log:

 

Connections log:

 

I won't use any other firewall.
But I did like ZA free.It ran well for me.

 

Here's my 2 cents worth on the issue:

Used Comodo for awhile (lastest non-beta version) - was impressed with certain aspects, but not with others. I noticed it would lose rules, would allow certain applications to connect without any rules (even with the trusted apps rules unchecked, so it should have asked for any app trying to access the Internet), and did some other strange things. Also, I know there are some concerns regarding its basic structure and the need to allow inbound connections for applications (some good arguments on this in Comodo forums and here at Wilders - don't have time to try to find the threads). Anyway, in the end, did not feel all that secure with this firewall.

Also used Kerio paid version for the last year (subscription expired 2 days ago), but got real tired of its resource usage and other bugs. The latest version 4.2.368 ballooned over 100mb in memory usage. Seems this firewall is getting worse instead of better, so decided to ditch it. Tried version 4.2.2 but when trying to add packet filter rules, it seemed to "forget" them, change the order, lose certain rules, etc. Bagged it also. Decided to try 2.1.5. I know it works great for a lot of people, but it was very buggy on my system, losing rules, rules changing, etc. Tired of messing with all the rules, spending time to do configuration only to lose all my due to application bugs. Time to find a new non-Kerio firewall...

I had started out using Zone Alarm free several years ago (the first one I ever used), but had decided to try something else, for reasons I can't even remember. But after all the problems I had, I decided go back to my original firewall. Downloaded the latest free release, and have to say I really am impressed so far. Seems to be very stable, much lower resource and memory usage than some of the other recent versions, and the log is very informative. Am not too concerned with leaktests, as I think much of the leaktest hysteria is hype and marketing garbage. I will let SSM handle the HIPS/leaktest blocking duties, and just let my firewall be a firewall. I also use SSM to protect ZA from termination, so that function in the firewall itself isn't that much of an issue, IMHO. Surfing is much faster with the latest ZA than the other firewalls I've used.

Also, if you're really concerned about firewall logging, I would suggest using a couple of products I use, such as SmartSniff from Nirsoft (http://www.nirsoft.net/utils/smsniff.html) or a full-blown program like Wireshark (formerly Ehtereal) http://www.wireshark.org/. ZA itself has a pretty informative log, that lists both the IP address and the resolved address in the log entries. Regardless of what is said about it in the leaktest arena, is still a top-knotch firewall and does its job.

 

Tried it for a couple of weeks,slowed me down too much so back with zone alarm free.

 

Thank you KDNeese, that was well written and informative. One question though. I believe SSM may be a little more for me to handle than maybe some other HIPS. I could try the free version I suppose. If so, do you know if it protects other software like the paid version does, and is it easy to use? I have AVG Internet Security Suite now without the Firewall installed, and Comodo Firewall which I really like. I wouldn't be afraid to try ZA Free again though instead. Maybe keeping AVG with the Virus and Spyware protection like I have now along with ZA Free and SSM Free would work for me. Any thoughts?

 

Here are some reasons for chosing a firewall:

You prefer how the firewall looks and operates

How the GUI is made (clearness, ease of use, etc.)

Want a firewall that has minimal impact on system resources AND on latency

Whether or not you want application filtering or not

SPI

Logging

etc.

These are how I make a choice based on what firewall I use, so for example I wouldn't use Comodo because I don't believe I need application filtering, it isn't as light as the solutions I use, it doesn't have as good or any SPI, and it doesn't have some extra features I like(such as tarpits in 8 signs).

Cheers,

Alphalutra1

 

It has a very good helpfile/user guide. I use the free version and have very little problem understanding the prompts. It isn't a product you can just install and use without doing a little study. However, it doesn't take a computer science degree to operate, either. If you leave it in "Learning Mode" for several days and run all your apps as normal, you will receive very few prompts running it in regular mode. I am not a very technical person, yet don't find it hard to use at all. A technical person can use it to configure very complex rules, while the less-technical person can also use it. Like I said, takes a little reading to learn the functions, but well worth it.

As I said above, I use SSM free and it protects itself from termination as well as any other application you choose. You can protect any program with just one click in the rules section. Can't get much easier than that. I have it protecting ZA free. NOD32 has its own self-protection so don't use SSM for it. You can protect any file on your computer from termination, whether .exe program, DLL, or whatever. As for AVG, it should work fine with it, although I really don't see the need for resident AS protection. However, if it doesn't take too many resources, no harm in it. AVG, SSM & ZA free would make a decent combo, I think. I use NOD32 because of its advanced heuristic capability as well as anti-stealth, anti-rootkit technology. I've never used AVG's AV so don't know much about it. I do use AVG AS as an on-demand scanner, but the AS used too many resources for my taste. Hope that provides you with some decent feedback and helps you in your decision.

 

I agree EXCEPT change Sygate for Comodo. I've tried them all & still 'tis Sygate for thee.

 

Thank you very much KDNeese, I think I will give SSM Free a try. I heard good things about ProSecurity too, but the people who said they locked themselves out of their PC's put me back a bit. I can't do this with SSM Free can I? I read where there is a restore function in case I would make a mistake. Not that I'm going to change anything mind you, just want to be a little cautious about some of these HIPS programs.

 

You can lock yourself out with both, thats why its wise to run it in learning mode for a while to avoid this.

 

Thank you too farmerlee, I think I am having second thoughts about any HIPS though. Even when Comodo comes out with version 3 as tempting as it would be I will probably stay with what I have now. I use Firefox and NoSript, plus I watch where I surf with McAfee SiteAdvisor. I enjoy the simplicity of ZA Free Firewall and AVG Anti-Malware, and hopefully it should be enough protection.

 

This is Matousec conclusion :

"The positive on the security of Comodo Firewall is its excellent ability to fight against leak-tests. It probably was a priority of its vendor to pass all leak-tests. Only the Coat test was able to bypass its protection but we have been informed that the next version of Comodo Firewall will handle this one too.

The implementation of the security design is very superficial. Today's malware creators would not have problems to bypass the protection of Comodo. The development of this firewall probably missed independent betatesting of its security features because the number and the nature of bugs we have found in it is alarming. This is why we can not recommend Comodo Personal Firewall as a personal firewall solution to anyone who require the real protection against today's malware."

 

Yeah thats plenty. With some basic 'internet smarts' you'll have no worries.

 

Agreed. When I installed SSM I ran it in learning mode for around a week or so to make sure it became familiar with my system. It is especially important to first run SSM in learning mode during the booting of your system so it learns what files are needed during the boot process. There is an option to disconnect the user interface, where SSM will block things automatically without prompts - but I have some reservations about that. I haven't done it, and don't plan to. Don't really see the need, as I rarely get prompts from SSM. Very easy app to use if you allow it to learn your system.

If you're not comfortable with a full HIPS program, another option would be using Winpatrol (www.winpatrol.com). It monitors startups, services, Hosts file changes, etc. Is a very simple app to use. In fact, it was the first security app I ever used, back when I knew nothing about security or how my system even worked. It is considered an IDS rather than a HIPS, but is an excellent program. You can also use it to disable programs you don't want starting at boot time. Like I said, it's not a full-blown HIPS, but provides a wide range of protection while at the same time being simple to use. Definitely worth checking out if you're not already using it.

 

This is very well said.
Excuse my ignorance who/whom/what is Matousec?

 

David Matousèk is a Independant Security Analyst.

http://www.matousec.com/matousec/about-us.php