Comodo Firewall Wishlist V6

[Guest]

[AnotherOne]

An option to not grant Trusted status to the programs on the Safe list for Internet access.  There are some of us that do not want any software to have access without our knowledge, even if it is a Microsoft updater.  This could also be managed by having a "Trusted Programs Policies" list that we can then manage on our own, if we are so inclined.

[AnotherOne]

I have noticed that there are a number of people who have generated "Allow" rules for their web browser and email client.  Since CFP recognizes likely browser/email programs by the port requests, a different pop-up for those programs with a default of "Treat program as.." with Browser/Email client pre-selected would be an improvement.

[bc9am]

I find it really useful to be able to view all the current connections (outbound and inbound), and what bandwidth they are currently using. I find this a really useful spot check to see if anything 'weird' is going on (i.e an application that you allowed through connecting to places you didn't expect)

You currently have the 'View Active Connections' feature which is a good start, but still not really usable for me. To make it better you could make the following changes:

- Make it accessable from the systray icon (either by doing a double click, or a right click, and then select the option. The reason for this is that if you think that somthing odd may be going on you need to open in quickly with the least amount of clicking about.
- Show the CURRENT bandwidth that the application is sending / receiving at that moment in time. I'm not really all that interested in the total amount that the application has sent over time.

I realise there is a sort of vague bar graph on the main summary page with what processes are using what % of bandwidth, but i'd like something more specific where the connections and bandwidth are all together so all the information is in one place.

Other than that the product is pretty much perfect.. keep up the good work

[Burillo]

these are my two cents after using CFP v3 sometime:

1) more extensive logging - especially for Defence+
Maybe it's the concept, but it feels kinda strange to me - i can set any FW rule to log any rule - whether it's allow or block action. But when it comes to D+ - things are different. I can't set it up to log a certain app activity, it only logs what it wants to. Not so good for troubleshooting, you know.

2) Some UI changes i was talking about not so long ago. (and fix the bugs and glitches please)

3) Time control, which i also mentioned earlier.

4) rules, applied by default. I don't mean Clean PC Mode, i mean when i install some new app (e. g. Skype) it shouldn't ask anything too - just work. File sharing software is different, FW needs to know which exactly port to open, since there's no standart ports.

5) A little more presets (like LAN only, which i made for myself)

that's it for now.

[LuckyS]

these are my two cents after using CFP v3 sometime:

1) more extensive logging - especially for Defence+
Maybe it's the concept, but it feels kinda strange to me - i can set any FW rule to log any rule - whether it's allow or block action. But when it comes to D+ - things are different. I can't set it up to log a certain app activity, it only logs what it wants to. Not so good for troubleshooting, you know.

2) Some UI changes i was talking about not so long ago. (and fix the bugs and glitches please)

3) Time control, which i also mentioned earlier.

4) rules, applied by default. I don't mean Clean PC Mode, i mean when i install some new app (e. g. Skype) it shouldn't ask anything too - just work. File sharing software is different, FW needs to know which exactly port to open, since there's no standart ports.

5) A little more presets (like LAN only, which i made for myself)

that's it for now.

Nice ideas but could you please elaborate on some?

4) Hmm, is this for program versions known to CFP? Because, if the checksum doesn't match it could be anything and the firewall/Defense+ has to ask

5) So, you mean you can configure your trusted zones and than get an option to allow only one or a combination of some? For example: Trusted Zone Home only. Trusted Zone xy only. Trusted Zone Home + Internet only... That right?

[Burillo]

5) So, you mean you can configure your trusted zones and than get an option to allow only one or a combination of some? For example: Trusted Zone Home only. Trusted Zone xy only. Trusted Zone Home + Internet only... That right?

exactly

4) Hmm, is this for program versions known to CFP? Because, if the checksum doesn't match it could be anything and the firewall/Defense+ has to ask

i install QIP - which is KNOWN to be safe and FW told me it was safe and i can safely allow the internet request. I don't want it to ask about safe, even newly installed apps. "That right?" (c)

[LuckyS]

i install QIP - which is KNOWN to be safe and FW told me it was safe and i can safely allow the internet request. I don't want it to ask about safe, even newly installed apps. "That right?" (c)

Well, I for one do not want everything to connect to the internet that is on the safelist.
I like to get asked instead.

However, an option like "Don't ask for permission for programs on the safelist" or something would do it, wouldn't it?

[Burillo]

if i don't want something to connect - i go to FW rules ) yes, such checkbox (or whatever) would do the job

[LuckyS]

if i don't want something to connect - i go to FW rules ) [...]

But if it already connects during the installation or right after... I would be too late with that afterwards.

[Burillo]

But if it already connects during the installation or right after... I would be too late with that afterwards.

well, basically if the app is safe - nothing bad happens if it manages to connect somewhere :-)))

[LuckyS]

well, basically if the app is safe - nothing bad happens if it manages to connect somewhere :-)))

Seems like we are hijacking the thread so this will be my last comment on that:

Who decides what is bad and whatnot?
If I don't want a program to connect, I don't want it to. One of my reasons to have a firewall.

When I changed CFP from 2 to 3 I disconnected from the internet, installed, check my programs, defined rules and reconnected.

Now, if I install something, I would like to decide if it will get access. The safelist is a nice help to determine if it would be safe or not but the final decision should be mine.

I do understand your point perfectly well, too. That's why I've suggested an option.
After all, the more you can configure something to your liking the better.

[Burillo]

yeah, let's just hope this could be done :-))

[Iq1uy]

I'm with Toggie on adding 'OK' buttons as well as 'Apply'

I back yhancik, kemanetzis, forum.Man in thinking you need to be able to create custom rules from a prompt, so when a warning/prompt appears you can choose 'create rule' and have a rule window open with the settings with which the rule would automatically be created, but able to be modified.

I would like to see also the ability to have 'Protected files' in D+ which can be protected not only from writing but from reading (e.g. my Thunderbird mail files; my password database; etc).

Great software though.

[Burillo]

also it's a bit annoying that the updated firefox and BOINC are always on pending list... i have no idea what to do with it, 'cos if it was possible to "exclude" them from checking - that would create a potential security hole... but you gotta do something! :-)))))))))))))))

[overfifty]

                                                            STEALTH  MODE
Firstly, I am a complete novice and rely totally on the hope that the default settings you have kindly set up are enough to block any nasties. I am also still on v2.4 as I had problems with V3 , so I will wait a little longer until the bugs are sorted.
V3 makes reference to "stealth mode" which I like the sound of , but from what I have read it needs to be set up and I am afraid that if I try and set it up myself I will do something wrong and then not be able to get on the internet - so I leave well alone .
I would like to see - if possible  -  whereby I could put the firewall  into 'stealth mode' just by clicking 'one button' rather than the need for a novice like myself to have to configure it.

[Tags:]