Is the Comodo Firewall any good?

[bluesdave]

I read a rave review of the Comodo Firewall in PC Mag, and since it was free, decided to download it and try it out. I have been using the free version of Zone Alarm for several years, but it seems that every time I download a new version, the program is larger, and slower, and has fewer features than the last version I used (I realise that this is a marketing strategy to encourage you to buy the full version).

I have noticed that while Comodo asked me about 8 times whether I wanted Internet Explorer to access the Internet (yes, I selected the "remember" box), it allowed several programs to access the Internet unchallenged. Comodo also failed its own test suite that they suggest you download and try on your existing firewall before you install Comodo (it is supposed to prove that Comodo is better). I even pushed the security setting up to "very high", but four programs still made it through, unchallenged.

They say that they have a database of 10000 safe programs, and that Comodo will let those through, but they do not supply the user with a method of viewing that database, so I cannot verify whether my four programs are in it. I have sent the Comodo support people a series of questions, and hopefully will receive a reply in a few days, but I was wondering if any of the IT gurus in the Cellar had experience with Comodo, and can recommend it, or suggest that I ditch it?

[skysidhe]

I'll wait for an answer 'cause I am using it too.

[SteveDallas]

I'm not familiar with it, but I'm not a fan of any PC-based firewall. I prefer to rely on an external router/firewall.

[bluesdave]

Quote:

Originally Posted by SteveDallas

I'm not familiar with it, but I'm not a fan of any PC-based firewall. I prefer to rely on an external router/firewall.

Steve, I have that too in my router, but the inbuilt firewall does not keep programs on your pc from sending out (unless you completely block a port). The good thing about software firewalls is that you have fine control over what can come in, and what can go out. You do not have to block a whole port, just a program or dll.

[SteveDallas]

True enough, but I've never felt the urge to do blocking of individual programs. You're certainly right that if you want to, you need a pc-based solution.

[Maui Nick]

Never used Comodo, nor have I noticed features being pared in recent versions of ZoneAlarm. It's one of the key programs I install when somebody asks me to get their new computer running right for them (the others being Firefox, Thunderbird, Spybot, AVG Antivirus and AdAware).

[bluesdave]

Quote:

Originally Posted by Maui Nick

Never used Comodo, nor have I noticed features being pared in recent versions of ZoneAlarm. It's one of the key programs I install when somebody asks me to get their new computer running right for them (the others being Firefox, Thunderbird, Spybot, AVG Antivirus and AdAware).

I also do the same. I have used Zone Alarm for several years, but you would have to agree that it is getting larger, and slower, every release. Maybe you did not use it, say five years ago, when it was fast, secure, and had more features. email scanning is the latest feature to be removed from the free version. My brother purchased ZoneAlarm Pro (because I had installed the free version, and he wanted all of the features), and he is not happy with it. Apparently it is not remembering his responses to the pop-up windows, even though he checks the "remember" box. I never had this problem with the free version, so I do not know what is going on with his version.

[Maui Nick]

I've used ZoneAlarm for about as long as I've been using Windows; I find it's still fast and secure. Email scanning isn't a feature I need because I have other software that looks for malware in e-mail; that said, the current free version comes with MailSafe activated by default.

As for your brother's computer ... I dunno, man. Sounds like he needs to re-install.

[bluesdave]

Quote:

Originally Posted by Maui Nick

I've used ZoneAlarm for about as long as I've been using Windows; I find it's still fast and secure. Email scanning isn't a feature I need because I have other software that looks for malware in e-mail; that said, the current free version comes with MailSafe activated by default.

I was not going to bother replying to your post, because the thread was about Comodo, not Zone Alarm - I only mentioned it as an explanation for one of the reasons I wanted to try Comodo. ZA isn't fast - well not as fast as it used to be. It has become bloated - it's a 13mb download for heaven's sake (Comodo is 8mb), and the free version does *not* do mail scanning. See the ZA web site for confirmation. If you look at your ZA settings, you will see that while you have a MailSafe option, in the free version it only scans VBS files. It used to scan all file types. I never liked that option by the way - I only mentioned it as an example.

Back to the topic. I have some feedback on Comodo - skysidhe is using Comodo, and there might be someone else out there in the Cellar who is interested (doubtful as it is).

Comodo's strength is that it offers the user very fine control over the firewall settings. You can selectively block a particular program from accessing all but one or a few IP addresses. By that I mean you have the option of allowing a program to access one IP address, or a range of IP addresses. Personally, I think this is overkill.

By default, when Comodo is installed, it sets it's security level to low. You can adjust the sliding scale through a range of security levels, up to "very high" (for the paranoid). At the top setting it will prompt you every time a program tries to connect to a new IP address. This is very irritating, and I cannot see why a home user would want this feature.

The authors of the Comodo Personal Firewall say that its main benefit is to prevent spyware and keyloggers from hijacking your browser. With Zone Alarm once you give your browser access to the Internet, it does not prompt you if a third party program uses the browser to access an IP address. Comodo will ask you every time (even on the low setting). They say that this gives you the chance to prevent a keylogger from sending your details out. I found it annoying after a while because so many programs use this feature legitimately (like various Adobe products, Nero, and thousands of others).

I have found several bugs in Comodo, and tried to report them to their support staff. I was ignored until I jumped up and down, and finally received some responses. The last one basically told me that it was a free program, so "p... off". Which I did. I have gone back to ZA temporarily, until I can find a better solution. As I mentioned in my first post, my need for a software firewall is not urgent, because my router has a solid firmware firewall built in. I will probably end up paying for a good firewall, and hopefully one that has good support, unlike the morons at Comodo.

[skysidhe]

The best firewalls in my opinion are Sygate and Kerio. I am not sure about the Comodo yet.


Is a ping failing on a firewall test a bad thing?

No I actually havn't tested the comodo on the Sheilds-up test. Has anyone?

[bluesdave]

Quote:

Originally Posted by skysidhe

No I actually havn't tested the comodo on the Sheilds-up test. Has anyone?

I did, and received a perfect score, but then I suspect that it was the firewall in the router that did the work. I would have to turn it off in order to test Comodo, which I now cannot do, as I have uninstalled it.

I have always been told that a ping as such is harmless because it is your network card or router or modem that is responding to the ping, and not your operating system. I think the ICMP protocol has been used in the past by hackers, but now-days any decent firewall should handle it, and if you use a good antivirus like NOD32 it would protect you too.

[skysidhe]

Quote:

Originally Posted by bluesdave

I have always been told that a ping as such is harmless because it is your network card or router or modem that is responding to the ping, and not your operating system.

This is what I thought.


There was just something about the Comodo that leaves me uneasy. Perhaps it is the fact that it hijacks the browser and won't allow internet access if it isn't on.

I am trying out the NOD32 antivirus. Thanks for the mention.

[tw]

I don't know what Comodo does, but top notch firewalls do both incoming and outgoing filtering. Most firewalls will stop (limit) unsolicited incoming packets. That is what Shields Up tests for. The most famous ports for violation were 137, 138, and 139.

ICMP is handled in the networking stack; IP which is part of an OS. The network card does very little beyond basic Ethernet (hardware) functions - lowest level in the OSI protocols. Ping is not automatically replied by the NIC chip. Ping is third level up - an IP function.

Reason some turn off ping is so that a searching program does not know a computer exists - does not start probing combinations of ports and protocols looking for an open backdoor. But when ping is turned off, networking diagnostic abilities are lost. Good for you; bad for someone who wants to solve your networking problems.

You may have seen it. This message pops up warning you to stop working immediately and download this Windows fix. Well, it is routinely observed on many internet connections and routinely ignored by the OS. Sometimes I see it appear on Windows 98 machines. It still probes computers in America routinely. It appears to have a China origin. The message suggests how much internet bandwidth is full of such scams. But again, today's OSes routinely pass Gibson's 'Shields Up' test - therefore ignore this and other spam.

[bluesdave]

Quote:

Originally Posted by tw

Ping is not automatically replied by the NIC chip.

Wrong. The echo is sent by the NIC - in my case a router. To prove my point I allowed incoming pings in my router's firewall, and turned off my PC. I had someone ping my IP address, and the echo was returned. The ping command of course is provided with your O/S, and ICMP has to be supported by each O/S if they want to fully support the IP.