The bugs which harm your computer are the other serious problem, especially for a non tech 70 year old which I am.
I came to Comodo after being a Zone Alarm user. That one gave BSODs whenever it updated itself, on two different computers. I had a lot of trouble finding a restore point which worked, so was in big trouble.
OK so I found CPF 2 after trying others which also caused problems.
I really loved that firewall, so when the betas of CPF3 appeared I had faith in Comodo and have used all of them from the first. (I chickened out of the alpha)
At no time have any of the betas caused a problem I couldn’t sort out for myself, as a forum member, so for me I would not consider anything else.
I think the issue is not whether they have bugs or not but the implications of these bugs. If as a security product a bug stops your security than this is a very serious issue.
And we both know that ZoneAlarm, Comodo Firewall, Outpost, Online Armor contains tens of bugs that can be used to bypass their protection. But this will not be include in FWC because the environment and the rules are fixed there.
Maybe you shuold try 100 times the tests also with COmodo, so you’ll see if it’s completely safe… :THNK
Agreed…
But here I think the question shouldn’t be that they have such bugs or not…but that Comodo has any or no.
Fortunatelly, as far as I know it hasn’t got any. (R)
I think this situation is somewhat similar to mine in elementary school…my parents didn’t care about the mark of my classmates if mine was bad…Cfp is a great product on its own…there is no need to do comparisons.
Melih, I do understand you that you want to fight against misinformation and/or misinterpretation made by people. But, IMHO, with such people that only rely on Scott and similar…or on a Matousec test (im not saying here that it is not reliable or so, but a leaktest in itself cannot be the only source when judging a product) who are so closed-minded, manipulable, with lack of own, personal opinion…you have no choice…You cannot convince them or show them the light with clear, honest reasoning…They just simply wont get it…
Sorry Leolas, I was not referring to you.
Nobody needs to (tbh nobody should) convince others that X program is good/best ect…
If I want to know which program is the best for me, it wont depend on Scott, pcmag, matousec ect…
I may read them, but my opinion will be based on my personal experiences of the given software. This is why it will be a personal opinion. And not the opinion ported from others, which is unfortunately a common practice these days…
Please take a minute and consider this everyday, for Mr. and Mrs. Average, scenario.
Your PC is turned on and your firewall is running. You’ve been on the internet doing whatever and somehow, “something bad” has gotten on your PC without your knowledge. It sits there waiting, lurking. You get up to make a cup of coffee, tea, ■■■■, whatever. After a measured period of inactivity (we’re assuming Mr. and Mrs. Average don’t have their computer in the kitchen and have left the room to get their drink), the “something bad” springs into action and attempts to access the internet. Luckily, your firewall springs into action at the outbound attempt.
Now, you would concede that the above is a fairly realistic scenario?
Imagine that they don’t return in time and their firewall suddenly decides to allow traffic, despite there being no explicit user acceptance.
Where, then, is the value, benefit and trust in that firewall?
The question now becomes not “How good is my firewall?”, but “How long can I stay away from my PC before it stops being a good firewall?”.
I realise that the above scenario is solely targetted at a known flaw in OA, but I am actually using that as an example to show why people are upset at David’s testing and the methodologies underpinning it. People aren’t saying David is s#!t, just that at least one aspect of his testing method is. People here aren’t saying that OA totally sucks, just that this flaw is a pretty bloody big one.
As for whether testmypcsecurity is god or not, lets look at it another way. At Davids site, he defines the testing method, tests firewalls and publishes the results. If you don’t agree with the test results, you have to pay for a retest (pretty good business model when you control the model that delivers potentially flawed results that necessitate payment for correction - you own the problem and get paid to correct it). At testmypcsecurity, YOU decide what firewall YOU want to test. YOU publish YOUR results along with YOUR comments and YOUR results can be measured along with everyone else’s. What could be more independant than YOU doing your own testing and hanging your results out for the world to see - oops! Have we just tripped to the central issue?
If Mr. and Mrs. Average can find a flaw in a firewall (absolutely regardless of what firewall that is - CFP, OA, ZA or XYbloodyZ) and publicly release their testing results, the manufacturers of said firewall really should pull their collective fingers out and fix it (if the bug really is a showstopper). The more people that do the tests, the greater the amount of test data we can get for each application, the more accurate the overall results would be.
Please understand, I like OA2 and have read most of Mike’s postings at their forums. He seems to have a genuine concern for his users and for internet security as a whole, but this (blanket ALLOW after indeterminate inactiivty) is a bug that certainly requires deeper investigation, which I’m sure Tall Emu will do. Likewise, Davids testing methods, IMHO, require investigation. Imagine David tested car brakes. Or bullet proof jackets. Both of these are devices designed to provide user security. I’m pretty sure they get tested to 100% levels, and while I certainly don’t equate the safety a software firewall provides to the safety level required of a bullet proof jacket, I want my firewall to be tested at greater than 85%, or whatever percentage someone else deems sufficient.
Don’t you find the following statement that Scot makes about Comodo ironic?
Especially knowing that the very review Scot wrote about OA he had ask his users to upgrade to a newer version of an 2 your old “XP” product due to insecurity and instability and the so called testing org he relied upon (Matousec) had to apologise twice about them!!?
“What that tells me is that Comodo 3 is a good firewall product, potentially a great one, that quite possibly was shipped to end users without adequate QA testing. As is always the case with free, publicly available software, some early adopters were ill-equipped to handle the problems they encountered. Most of those issues appear to have been fixed now. Comodo 3 was also an ambitious release, and bugs happen. But this kind of management of a development process does not inspire confidence — especially when it’s the type of product that can wreak havoc on your computer.”
He blames us for having bad management of software development process even though we brought our stability for a new OS (VISTA) and security under control within less than 2 months of launch and this includes 64bit version of VISTA as well! Yet on the other hand Scot is still having to ask his users to upgrade to a newer version of his chosen software for XP because of instability and insecurity and that is after 2 years of its development for XP (not even VISTA)!
Ewen
When was the last time you meet a Mr. and Mrs. Average that could read a alert box and make an informed decision reguarding “Allow” or “Block” much less can “find a flaw in a firewall and publicly release their testing results”
What do you expect Melih, he does not like you. You called him on his **** and he didn’t like that. You gotta admit you aren’t always the most politically correct person in your posts
I have yet to see a software without bugs but as Melih and Ewen/Panic said the question is does the bug affect the basic function of the software. 1/100 or 1/1000 to me is not that important. The question is does it or will it affect me or even more if I am installing it on a business network or client does it or will it affect them. They don’t care if a bug is one in million, if I recommend the software and it has problems in their mind it is my fault. All the disclaimers in the world don’t seem to make much difference.
You misunderstood my post. Or haven’t read the whole topic. There is no software without bugs. Comodo has too…I was referring with “such” to serious, security comprimising bugs. The chkdsk and perfect disk bug is not one of those in my opinion. The shutdown thing you are talking about can be considered serious security wise. With the last three versions I had no stability problems. So I wasn’t aware about that bug if it is a comodo bug anyway. This is why I said “as far as I know”
So instead of saying your favourtie product doesn’t have bugs and others have bugs, you say your favourite product doesn’t have SERIOUS bugs but others definitely has SERIOUS bugs? That’s a even more fanyboyish statement.
What is so magical about your favoured product that it is immune to having serious bugs, but the other products are riddled with them?
If you can accept that comodo products has bugs like any other product, why is it so hard to believe that some of the bugs are serious bugs (just like in other products)?
The chkdsk and perfect disk bug is not one of those in my opinion. The shutdown thing you are talking about can be considered serious security wise. With the last three versions I had no stability problems.
Well take a look at the forum or anywhere else on the net, and you will see stability problems galore. Fact is, for products as complicated as security software there is BOUND to be serious bugs somewhere, to believe otherwise is folly. Particularly when we are talking about CPF3 which has more HIPS features than I have seen in 95% of products…
That is why sometimes “simpler” products that pass few tests might in the long run actually be superior…
Sorry if my English sucks that much. Others usually have understood me so far. I have just admitted that the stability issue IS serious security wise. But the fact that this “bug” doesn’t affect me, I mean CFP is now stable here, for me this bug has vanished a long time ago.
Well take a look at the forum or anywhere else on the net, and you will see stability problems galore. Fact is, for products as complicated as security software there is BOUND to be serious bugs somewhere, to believe otherwise is folly. Particularly when we are talking about CPF3 which has more HIPS features than I have seen in 95% of products...
That is why sometimes “simpler” products that pass few tests might in the long run actually be superior…
I agree with you here on complexity and the problems/bugs being proportional. But, it is possible that I have not searched the net thorough enough, I don’t see that stability problems galore.
Anyway, I nowhere have commented about bugs in other software.
But here I think the question shouldn't be that they have such bugs or not...but that Comodo has any or no.
Instead, here I tried to point out that instead of focusing on other products, we should focus on Comodo bug-wise.
Just to make it clear I do believe that Comodo can have, have serious bugs. Its just there aren’t any affecting me that Im aware of. I have never stated that Comodo has no bugs. I said up to my knowledge…this is more of a personal experience than a fact…
BTW I think it is pointless to over-use qualifiers like “I’m aware of”, “AFAIK” etc. Of course everything one says is “AFAIK” etc… Adding that doesn’t give you any extra wriggle room when you are challenged IMHO (lol).
I have never stated that Comodo has no bugs. I said up to my knowledge...this is more of a personal experience than a fact...
Almost everything anyone, either you or me says is “up to” one’s knowledge. One can’t talk “beyond” one’s knowledge …
Trying to dodge a challenge by using such qualifiers is a waste of time.
I don’t see using those qualifiers as an attempt to dodge a challenge; to me it appears to be an attempt to inform.
I am now informed that Blas is not privy to certain information through the use of those qualifiers.
I can infer that he is not a systems programmer, nor in charge of the bug-tracking process, nor has he had any experience using change-management software…
