Security Navigation

Virus | Spam | Firewall | Firewall Basics Configuring Firewall | Blocking IP's Spyware |

Latest news

30 Oct 2008: Comodo Firewall Pro 3.5 Version 54375.427 has been released which includes some bug fixes. See 'Installing and Updating' for further details.

Links:

• Comodo Products
• Comodo Forum

Using a Personal Firewall

Previous experiences are based on using Agnitum Outpost, starting with the free version and then upgrading to the Pro 2.x version, through version 4.x which was way ahead of the competition, until version 6.0. It was version 6.0 that finally decided me that it was time for a change, after suffering poor response on my XP system while just opening folders. I never went for the Outpost Security Suite which was obviously the market that Agnitum was hoping to capture. Instead it seems they ended up satisfying no one which is a pity since their earlier efforts with just the Firewall were rather good. Now the competition is a lot more intense and I decided to trial the Comodo Firewall Pro 3.0 product which is free and comes highly recommended.

After waiting several months I decided it was safe to make the switch to Comodo Firewall Pro, as by that time I was getting tired of the popups asking me to renew my Outpost licence and also the general lack of responsiveness with Outpost 6.0 was making my quad core system look quite slow on occasions. I never liked the integration of the anti-spyware module with the Outpost Pro version. It never fitted well, so when I installed AVG 8 with it's integrated anti-spyware module, this seemed a much better solution as the virus and spyware scans can be combined, which was never the case with Outpost Pro. So now I use AVG 8.0 (free version) for virus and spyware protection and Comodo Firewall Pro as my Firewall protection. So far this combination is working well and once more my system is back to its normal responsiveness.

Introduction

The aim of a firewall (as the name suggests) is to put a barrier between your data and applications to the outside world, so that nothing comes in that is unwanted and nothing leaks out that you do not want to go out. This seems remarkably easy to control on your own, but it is amazing to hear the stories that I hear of the computer dialling out every time a logon occurs. Unfortunately, there are so many unscrupulous people around who consider anyone fair game, that this attitude is no longer defensible. Again, once you have bought your firewall, it is sad but true that there is very little available with the goods that helps you to configure it to suit your circumstances. You will not be making the most of your Firewall unless you configure it to suit your circumstances; the configuration that comes with the product is general and cannot hope to satisfy individual needs. The following is aimed to provide a little insight to what's involved with the hope that it will spur you to get the most out of your firewall. Since migrating to broadband I have now become much more aware of the types of attacks that the Firewall must counter. The following provides a very limited introduction to some of the items that can be changed to provide a personalised and safer configuration - you are strongly recommended to visit the Forum (see below) and study the details there before making any changes.

Installing and Updating Comodo

Comodo will not install if it detects the presence of another firewall and you need to make sure that your previous firewall is completely uninstalled (look at the forum for details on tools available to help with this - actually I looked on the Outpost Forum to get rid of Outpost). Since installing in May 2008 I have done one update using the built in updater - this worked very well. Towards the end of October 2008 I noticed that there was Comodo Internet Security 3.5 version available and I thought about installing this but decided not to (although if you read on you will find I actually did end up installing this). I looked at the forum and found that there was confusing advice on how to upgrade to version 3.5, so decided to hold off. I was very wary about anything that was integrated after my experiences with Outpost, and that was the main reason I passed. The next day I found Comodo ready to apply updates, so I went ahead and discovered that I was now running Comodo Firewall 3.5 - so far so good. Then I looked at Process Explorer after a reboot, to see that I was now running Comodo Internet Security 3.5. OK I'm not particularly bothered as the update seems to have gone well, all it means is that I am just using the Firewall element of CIS and not the Virus checker. As I don't want the virus checker at the moment I shall leave the Firewall running and see what develops. I can see why Comodo has done this - they ultimately want you to upgrade to the paid version of CIS and having a free Firewall Pro did not make for good advertising. What I am more upset about are the confusing messages that appeared on the forum and seemingly lack of communication skills shown by the developers. Despite all this I remain very satisfied with the product.

Ease of Use

Comodo Firewall Pro 3 comes with four security levels or five if you include the 'disabled' option, which as the name suggests disables the Firewall and lets all traffic flow unrestricted.

• The 'Block All' mode blocks all traffic in and out of your computer and stops any internet or network access.
• The 'Custom Policy' mode applies only the custom security policies and network traffic policies specified by the user. The system will not attempt to learn about the behaviour of new applications, nor will it automatically create network traffic rules for those applications. Unless you have specifically 'trusted' an application you will obtain alerts everytime an application (even those on your 'safe' list) makes a connnection attempt. If any application tries to connect to the outside all the components are checked to see if they are allowed. If any component is blocked then the connection will also be blocked. This mode is recommended for experienced users.
• The 'Safe' mode allows the system to automatically create rules for every application that is on the Comodo Safe list. When installing Comodo there is a scan of all applications and this forms the basis of your safe list. For non certified new applications you will receive an alert every time an internet connection is attempted. If you are satisfied it is OK you can grant the application trusted status which avoids the alerts in future. This mode is recommended for most users and is the one I am currently using. It combines a reasonable level of protection whilst at the same time avoiding alert overload. So far it seems to be doing exactly that.
• Training Mode automatically creates new rules and suppresses all alerts, so you must have a fair level of confidence in what you are doing. As Comodo says this is probably most useful if you are playing a new game with internet connection and you want to avoid alerts while Comodo learns.

Based on some discussions on the Comodo forum, I had expected there to be a rather steep learning curve when I migrated to Comodo, but the opposite has proved true even though it is early days. Certainly you cannot just let the Firewall run without any user intervention; so as a minimum you need to understand alerts, pending files and some of the settings. OK after several days use I have to admit that I was wrong - Comodo 3 is definitely not suitable for inexperienced users and yes, it does need a lot of setting up to get reasonable security. I shall be exploring the many ways this firewall could be improved and how to go about making this more useful in the config section. Nevertheless, I am still very impressed by the features available and plan to stick with it until I find it unusable.

Comodo Firewall Pro - Defense+

The new version 3 of Comodo Firewall features Defense+ (a new name for Host Application Prevention System - HIPS) which checks each application before it is installed on the system against a database of known trusted applications. This 'Whitelist' contains over a million applications that are considered not to contain malware (i.e. spyware, viruses, trojans) and if the application is not on the whitelist, alerts the user who is asked to 'allow' or 'block' the application. Comodo maintains the trusted application list and is constantly updating the list and there seems to be a process which allows the user to ask for an application to be included. I guess Comodo checks out the application creates a database signature which can then be accessed by anyone using Comodo Firewall Pro. Also if there is an application that you regard as trusted and does not appear on the list, you can update your list locally. Note this works quite differently to most Intrusion Detection Systems (IDS) where applications are vetted against a list of known malware signatures, plus heuristics are used to guard against new unknown threats. From what I have read the Comodo approach (new in CFP 3) seems to be going down well with the user community. I haven't tried it yet, but I guess it might be cumbersome if you are using a lot of beta software and I am unsure how it deals with DLL's, but whatever it still seems a quantum leap advance over most existing Firewalls and what's more it's free.

Denial of Service Attacks

This can happen when a hacker figures out a responding port on your PC and sends a huge amount of data to it. The port is just unable to accept all of the data, the system resources exhaust, and the system crashes and cannot operate any more. Comodo Firewall detects hacker attacks, including Denial-of-Service, and blocks them promptly. By default Comodo puts all your ports into stealth mode, so that your computer is invisible to all other networks except those (if any) you specify as trusted. The Attack Detection Settings allows you to block a suspicious host and saves any attack events in the Log Viewer. You can set the time the suspicious host is blocked (default 5 minutes) and the length of time the Firewall stays in emergency mode (default 120 seconds).

Privacy Leaks

Spyware programs employ ever advanced techniques to gather information about you and your interests (such as your surfing habits, what other software you have on your PC, etc.) without your knowledge or consent. So it is worth knowing that Comodo Firewall performs exceptionally well against a standard set of leak tests designed to see if your Firewall is preventing information being 'leaked' to the outside world. The claim is that Comodo Firewall has been tested against the full range of available leak testing software and has a 100% detection rate.

Undesirable Content

As far as I can determine Comodo does not offer any Content filtering module. this is one area where Agnitum Outpost still has an advantage with the ability to block entire domains such as sex.com, or any web page containing specific words like "bomb", "home-made explosive", "sex", etc. Once set, the filter cannot be removed without the password, making it ideal for parental or employee controls. Maybe these sort of content filters are better implemented on the web browser.

Comodo User Forum

Some of the criticisms I see about Comodo Firewall is that there is not enough support from Comodo in answering queries. However, I would say this is also a problem with Outpost where they rely almost entirely on the forum for providing answers to users (and don't forget you have to pay for Outpost). Another frequently raised point concerns moving from the stable 2.4 version to the new 3.0 version which has a changed GUI and supports Vista. Where have I heard that before?? Other queries are concerned with the ease of use and setting up, which seems to involve the firewall going through a learning phase with lots of popup queries. Outpost seems to do quite well here since it will work out of the box, although you will certainly get much more benefit by changing the default settings. If I had to summarise I would say most people seem very satisfied with Comodo and there does not seem to be the same amount of hostile feeling that greeted Outpost version 6.0. Maybe if Agnitum gave the regular users a free trial year up front, in view of all the pain they have caused, (instead of offering two years for the price of one) maybe they would stop their loyal users going elsewhere.