Comodo Firewall wishlist v4

[Guest]

[iamme99]

When adding a trusted app, Comodo does not change the permission entry to "Trusted".  Instead it remains "Allow".  I'd like to see the permission changed to "Trusted". 

Also, the column headers in the Application Monitor section are not click sortable (like in many other applications).  This would help to group applications that had been trusted or banned together visually or allow the user to sort the list by IP addr, for example.

[placoboy]

About the "Activity" section: both connections and logs will be useful but for now they are not. I think they need some kind of grouping and sorting features. You probably know what I mean.

For instance in the "connections" section, it is almost impossible to monitor what is going on, there are so many lines and scrolling (try it with Skype running!). What would be good would be to be able to group by process or apps and then be able to expand and collapse (see Kerio or Outpost, actually on this aspect Outpost is really excellent and clear)

I would really make a distinction between "instant monitoring" and logging feature. Logging should be sortable and "filterable".

This will be a must for CPF to become a mature product.

[Graham1]

Please consider changing from source/destination to local/remote. Source and destination can be confusing for beginners Remote will always be the "other" computer and local, mine . Also, the details in Network Monitor are confusing too . See screenshot below:-

[Triplejolt]

Source/Destination specifies direction and is a common networking terminology. It's the additional Direction: scrollbar thats confusing.
Source isn't always you (local), Graham1

[Arioch]

>Source isn't always you (local)

True. So to understand it it takes to screw one's mind a bit.

It is not womething that average user can easily understand.
What was the idea behind such a strange IMHO categorizing, instead of usual and simple "here and there" ?

[jobeard]

I would also like to see this info.  However, there are some problems that could make this difficult.

1. Depending on the speed of your connection or the response time of the hops, the time it takes to run a background trace route might be excessive.

Agree -- reverse lookup is a real performance problem and if the log is seldomly viewed, a
total waste of time.   
Extraction of the log and performing your own NSLOOKUP $IP is easy
and only those users what that info need spend the time doing so.

[Graham1]

Source/Destination specifies direction and is a common networking terminology.
Source isn't always you (local), Graham1

Agreed, but that is why it's so confusing . What is common is that an ip address/port appears on both local and remote computers. For a beginner, it is easier for them to understand that local will always be their computer and everything else is classed as remote. Take SKPF4 for example.

It's the additional Direction: scrollbar thats confusing.

Sorry, you've got me with this one (which isn't hard ). What do you mean by scrollbar?

[iamme99]

See http://forums.comodo.com/index.php/topic,6597.0.html

I created 2 network monitor rules to allow all DNS access through port 53 to my DNS servers. These rules were #1 & 2 at the top of the network monitoring rules, so should fire first. My goal was to eliminate security alert pop-ups for DNS port 53 access.

The rules worked but did not do what I wanted to do. Network rules either ALLOW or BLOCK access at the network level.  As far as I can tell, the only real use for network rules is to block something.  Anything allowed through then gets processed by the application rule engine. 

However, constructing application rules is limited by the lack of wildcard support.  What is required is the ability for the user to control all or a group of applications at the Application Monitoring level via wild cards.

Unfortunately, this functionality does not exist in CPF. CPF only allows for the control of individual applications because CPF only supports a specific application name when constructing an application rule.

Adding wildcard support for application names in application rules should be a priority enhancement.

[panic]

The danger with wildcards is that wild things (trojans) could have names that match the wilcard spec in an application monitor rule and therefore be allowed to function.

I agree that the app monitor rules are very specific, but that's because they are intended to be that way. Tightness is an inevitable part of security, and not necessarily a bad thing.

Ewen :-)

[iamme99]

A trojan COULD also have the name of a valid program.  I have read that this has been tried before and is not too uncommon.  In over 15 years on the net, having downloaded and installed many thousands of programs and visited untold numbers of websites, I have never encountered a trojan.  The only virus I came across was 2 Word doc viruses back in 1997 received by bringing home a floppy disk with a couple of docs I was working on.  IMO, for people who practice safe computing, the risk of getting a virus or trojan program is minimal at best.

The issue isn't that Comodo rules are very specific, it's that the Comodo application monitor rule engine implementation is limited and lacks user friendliness.

[Triplejolt]

Sorry, you've got me with this one (which isn't hard ). What do you mean by scrollbar?

In the Network Monitor section, when you edit or make an access rule, theres a General setting. Look at the 3rd option, which is called Direction: and is scrollable. This scrollbar will tell the firewall how to read the direction of the traffic. This in addition to the source/destination settings.

Eg. You set "ALLOW, UDP, OUT" but set Source to be an outside source and the Destination to be your computer.

You see how this can be confusing, even for your own firewall? 

[AlanW]

Hi,

I've just downloaded Comodo and I'm trying it for the first time since moving from Kerio.  First impressions are very good! - well polished, clean and easy to configure.

However, I'm a software developer and I'm finding I do get pestered *a lot* when I compile and run an application that communicates via TCP/IP. 

My suggestion is simple - I would like to turn off signature checking.

I know it forms a big part of completely securing a machine, however it's starting to interfere slightly with my day-to-day activities.  I also know that turning off signature checking wouldn't be encouraged, but I see it as the only option.

I'll continue to use Comodo as I think there's a lot going for it (I might also check the betas), however, unfortunately I might have to consider moving back to Kerio if this feature isn't added soon.

Many thanks for taking the time to read this,
Alan.

 

[soyabeaner]

Welcome to the forum, Alan. 

This thread also mentions a possibility for special version for developers .  So you were right to post your wish here.

[Razorback]

Maybe I may have missed something but when you resize culumns, close(minimize to tray) then reopen the GUI the columns revert to the original size and the GUI interface size does not return to maximized or whatever size you changed it to previously.

Best Regards,



Razorback

[adric]

Maybe I may have missed something but when you resize culumns, close(minimize to tray) then reopen the GUI the columns revert to the original size and the GUI interface size does not return to maximized or whatever size you changed it to previously.

Best Regards,



Razorback

Known problem with the GUI. All I can say is 'don't hold your breath'

Al
 

[Tags:]