Comodo Firewall wishlist v4

[Guest]

[halcyon]

Which is probably why CPF continues to spank LnS silly in the security tests...    (R)

LnS being spanked by CFP (it's Comodo Firewal Pro these days) in leak tests is true, of course.

However, it's not due to superior speed in network protocol analysis, but wider/deeper implementation in application monitoring/hooking/dll injection filters.

I can make CFP very resource hungry by (practically) turning off app filter and stressing the network filter only (very heavily).

LnS and CHX1 network filters stay below 1% on my system with a similar load. CFP climbs to 10-20% (even if only temporarily at times). And this is with a higher number of rules (and more complex) network rules active on LnS or CHX1.

This implies, that there is still room for speed improvement in the network filtering rules implementation, imho.

Of course, I've been wrong before and I say this with the honest intent of trying to help improve great CFP even better, not as a pissing match between Lns and CFP. I was merely using LnS (and now CHX1) as examples that it can be done faster (AFAIK), with very tight control and fine granularity.

So, to re-iterate in to the wishlist:

 - faster/more efficient, lighter on cpu/memory network filtering rules implementation under very heavy network usage scenarios

[Graham1]

Just a small request . I would like to see an addtional column under Connections named Direction. Under this column you would see an icon, showing either listening, incoming, outgoing or both (incoming and outgoing).

[Melih]

umm 100% CPU usage would be better, then we don't have to worry about security anymore because are system won't run.

yes i agree

so what is acceptable? What is the metric of deciding Security vs performance? Should people go with less CPU usage firewalls or more secure firewalls?

You see, there is no clear metric to help end users choose! That is the problem.

Melih

[JMC]

Hi again 

If i scann for this known applications it will do a scann and i see some path like
C:\some\wehre\a\place.exe
and so it is searching on my 10GB C:\

but i never see my 120GB E:\

it would be nice to include other hardDisks into the scann!
and also maybe a option to choose on wich HD to scann or not
or maybe also mere specific in wich folder or not


and if i try to upload files to proof them i get two popups wich say...

1) the connection with the server was terminated abnormaly
2) some error occured during uploading. aborting file submission.

maybe this is a problem on my side ... but i dont find it ... please fix this for me with your next update wich i will download in 10 minutes
 

[hjason]

i would like to see a little less cpu usage i don't know how much it uses now but if possible use less.
it also messes with my internet a little, it makes it a little slower.
can you fix that aswell if possible?
and i would like to see regular updates like deffinitions and those will install the new versions when they comeout but untill then use updates to update the software.
i don't like uninstalling and installing new versions of anything.
i like it through updates.
and i also would like to see password protection for the firewall.
that is were the hackers get through easier because of no password.
the password is that extra line of security if the can get through the password then they can't get in your pc.
and one other thing i would like to see on the cpf,
i would like to see an entertainment mode.
it is where when you are loading up a game or some other type of entertainment it will ask you if you want to go into entertainment mode and it will block all incomming programs or packets or what have you except the games things you are playing. it only works on entertainment that goes to full screen only.
i have tried several firewalls before finding this one and i found the entertainment thing to be the best part of one of them but it was only a trial of that firewall it was not free so i went looking and found this one.
i like it but it needs a few things and the ones i mentioned are a few of them .
thanks for listening and i hope you could put those products into your firewall.
it would make you more popular around the world.

[Graham1]

Because all inbound connections are blocked by default, I would like to see an option that would alert the user that an inbound connection is being made. Are there reasons why the Network Monitor does not prompt (unlike Application Monitor) for inbound connections?

[sonny]

My request would be to make it more informative. By that I mean, the most frustrating experience when it comes to firewalls has been "not knowing" what applications/services connecting and most of all I don't know if I should allow or deny all these alerts about all the "application behavior analysis" protections. I just don't have enough expertise to know which dll or parent programs for example is safe to allow and which ones is bad. I am more then willing to read and learn, so maybe provide link within the alert menu to comodo site where it gives description of that file/service/dll/process and etc. So instead of just pressing allow or deny like right now when we're not 100% sure what we're doing, we will be educated about what we're doing.

[JMC]

if i let the firewall allert me for port IP application (i think the maximum alert level)
it display a IP in the alert.. this should be as a link to a good WhoIs site wich can give more information about the specific IP something like here http://www.ip-plus.net/tools/whois_set.en.html
also maybe the same with ports like here http://www.auditmypc.com/freescan/portsearch.asp

[JMC]

1) I would like to do more specific zones i.e.
#Zone A
#....192.168.0.1-192.168.0.10, 192.168.0.20, 192.168.0.30, 192.168.0.40-192.168.0.50

2) Maybe Applicationmonitor can de done with a treeView for each Application

3) there should be a usermode and a passwordsaved adminmode, and it should be possible to block users fom setting static rules

4) sometimes if i block something nonStatic i have to restart the PC to get it unblocked again, this should be refreshable without rebooting, something licke clear-cache

5) maybe its possible to definie optional some settings in alert-popup, things licke zone or anyPort or allowAllForApp or maybe like in some other firewals "act as a server" whatever it means" 


greatings to all

[jasper2408]

I would like to see all of the Network Monitor default rules have the "Create an alert if this rule is fired" checked when the firewall is installed. This would give log entries for troubleshooting. purposes.

jasper

[1stdead]

Hi...
First time using this firewall.. Seems fine to me.. 
Some on the most important things to me are the features:
1. Ads / popblocker / spyware filter. So it blocks any ad on the webpages.. I will recommend this feature very much..
2. Using as low memory and processor as possibly
3. "Translated to danish"
4. Showing transfer rate of downloading with etc. possiblilly bandwith control..

[Bluesman]

3. "Translated to danish"

Then ask LeStrata to hurry up with the translation

http://forums.comodo.com/index.php/topic,3271.0.html

[siriusbox]

Here I am with another suggestion, selfcreated groups for Application Control Rules, so under one ony app Path item all the sub parent apps could appear.

Hope it helps.

[acr]

I am not sure if this is worded differently on your list or not, but I put it on here: I like the "internet lock" like ZA has.  It would be a timer that blocks all after a designated period of inactivity.  I suppose it would be nice if rules could be added to allow certain programs inbound/outbound connections for updates that run overnight.  An internet lock feature would be a nice security addition, especially for those who have computers that are always connected to the internet.

Thanks!

[JMC]

hi


i would like to generate groups of definied applications and control theyr default rules with templates
i.e.

Title: ApplicationSet_001
Description: Normal browsing of internet.
Selected aplications:
----*Firefox.exe
----C:\AppDir\InternetExplorer.exe
----C\AppDir\*-Browser.exe
----...
----...
Selected rules:
----Browsing rule 001
----Browsing rule 002
----...
----...

Title:Browsing rule 001
any TCP Out Port 80

Title:Browsing rule 002
any TCP Out Port 443


Something like windows-group-policie-editor for comodo firewall.


##########
EDIT:
Pass though lines in a list with arrow up and down keys on keyboard

[Tags:]