Instead of new products, how about improving existing ones? [locked]

[Guest]

[eXPerience]

First of all, I'm happy you tried it.
Second, reporting the good things wouldn't make sence so it's normal you focuse on the 'to do' list  .

- the firewall component "forgot" ALL it's settings (had CFP 3.0.12.266 before) during upgrade!

Did you back-up the settings from CFP first ? (miscellaneous --> manage my configurations --> export ; later import them again ?)

- Firewall does NOT make FIRST an net audit to know "what is LAN, what is Internet"
- I understand that as CFP does NOT allow any difference to LAN access vs. WAN access
- Firewall zones editor missing editor for zones type (home, company...)

True, you can put this on the wishlist however. But I actually don't see the need for it...

- Firewall missing setting "allow Access to zone x ONLY"

Go to : Firewall --> advanced --> Network security policy --> edit
then you can choose which ports you would like the program to have

- Firewall: Advanced: Alert Settings: "This computer is an ICS Server" is enabled by default
- Firewall: Advanced: Alert Settings: "enable lerts for Loopback requests" is enabled by default

What's the problem with that ? It just gives higher security and you get almost no alerts, so ?

- CAV: Settings: Real Time Scanning: "Automatically update VirusDB before scanning" does NOT make ANY sense in REALTIME scanning!

There you have a point, if it needs to update every single thing it will scan in realtime, we'll get a lot of update traffic  But this is just a GUI problem, nothing serious

- Firewall: Multicast addresses are seen as Internet addresses

Errr... you were saying  , I don't know what you mean so, I can't help you with that... perhaps you can ask why they do that in the CIS questions and answers

For some reason, I don't feel right saying that everything is bad. It has some flaws indeed, but look at what you said, are they really such a problem ?

Regards (and waiting for your reply of course  )

Xan

At the other moderators, please do not merge/move just yet...

[R.I.P...]

Dear Xan,

I am not as sophisticated as you. Please excuse I am not taking the time (as you did) to natively "quote and reply".


Did you back-up the settings from CFP first ?
NO, Xan. I am a bleeding stupid user (I do not pretend to be. I am.). How would I know about it if C. did not tell me?


True, you can put this on the wishlist however. But I actually don't see the need for it...
Xan?! How con you "not see" the difference in trusting an application to access the LAN and accessing the internet??
This is one of my most important criticims on C. Firewall!
(Almost) any app is safe on LAN (even a bot!).


Go to : Firewall --> advanced --> Network security policy --> edit
That's not available in 3.5.52764.414.
Again, I am not playing stupid. It is just not available in 3.5.52764.414.



What's the problem with that ?
it's simply wrong on 9x% of all computers.  I don't know which behaviour it triggers. It is simply wrong.


Multicast vs. Unicast: Xan, this is essential networking.
Iif (I sincerely do not know it) multicasting does not (today) produce a thread I would not want to be warned about it.

Thank you and your fellows for the time you take to maintain this forum.
Really.



R.I.P.

[eXPerience]

NO, Xan. I am a bleeding stupid user (I do not pretend to be. I am.). How would I know about it if C. did not tell me?

Good question, it would be nice if CFP/CIS asked you while uninstalling (wishlist, hint hint  )

Xan?! How con you "not see" the difference in trusting an application to access the LAN and accessing the internet??
This is one of my most important criticims on C. Firewall!
(Almost) any app is safe on LAN (even a bot!).

Because, I'm like you but I'm willing to learn and that's what I do   

I am a bleeding stupid user (I do not pretend to be. I am.)

That's not available in 3.5.52764.414.
Again, I am not playing stupid. It is just not available in 3.5.52764.414.

Try taking a look at the attached pictures, I hope it was what you were talking about

 

it's simply wrong on 9x% of all computers.  I don't know which behaviour it triggers. It is simply wrong.

Just a funny thing, first users were complaining that CIS standard defense was set lower than CFP and now you ...  You can change it to disabled if you want, but the security is just that bit higher 

Multicast vs. Unicast: Xan, this is essential networking.
Iif (I sincerely do not know it) multicasting does not (today) produce a thread I would not want to be warned about it.

And if you set the alert trigger lower ?
Firewall --> advanced --> Firewall Behavior settings --> alert settings

Well, I hope I could clear some points out again

Xan

[gibran]

Rest in peace CIS/CFP may have a different design but it allow to do the same things you posted about.

Regarding the config lost it will only happen with 3.0.12  and 3.0.13. That's why automatic updates were disabled for these versions

Automatic updates for versions 3.0.12.266 and 3.0.13.268 are not available;

Those versions are way old and may even date to 10 months ago.
Post 3.0.13 Updates will not remove existing configs even with CIS beta.

The remark about LAN/internet traffic paradigm hint to a simplified rule representation that is used in a 3rd party firewall.
Such paradigm cannot supersede a full ruleset implementation and it will only be useful as an optional wizard.

Regardless of the distinctions between unincast, broadcast, multicast traffic I guess one thing that could be possibly bundled by default would be a LAN and LAN & outgoing predefined policy.

Once an appropriate predefined policy is in place it doesn't really matter If the firewall provide a setting to ignore such traffic besides IIRC it would be possible to use an ALL application (*) policy in the firewall ruleset too thus restricting the alerts displayed.

CIS/CFP already detect new NIC interfaces and add them to Network Zones.
It is possible to block a specific Zone easily using Blocked network zones without having to create a specific rule.

Apart from creating an Internet zone in Network zones there is no way to tell if a nic is needed for internet connections or not besides it's up to the user to decide if a nic should be trusted or not regadless of internet connections.

[gibran]

..just look for instance at http://forums.comodo.com/help_for_comodo_antivirus/how_to_disable_detectiion_of_notavirus_items-t28000.0.html to see what I mean.
You have so many issues with the existing products that bundeling your forces to solve these and to do one thing right was better than splitting the forces up to do three things a bit.

R.I.P.

AFAIK the feature you asked for in that topic is not implemented in many other AVs even tough the exclusion list allow to prevent scanning of potentially unwanted apps.

Sure such a feature would be useful that's why I posted a whishlist even before you created that topic.

CIS realtime and scheduled scan have "Automatically remove threats found during scanning" enabled by default.

To my understanding there are few applications that are potentially unsafe(Applicationunsafe, Riskware, Joke) but they could be nevertheless needed by users.

If possible in order to let the users chose if those apps are going to be placed in CIS exclusion list I wish that those automatic delete options could be disabled by default and the default action would be to quarantine those files.

It would be also useful to provide some additional description about the different categories (eg Applicatiounsafe or riskware) in order to give users the infos they need to make a rational choice.

With those info it could be also possible to modify default behaviour(providing additional options) when a particular category is found.

eg: Only log Joke apps but quarantine Trojan apps.

I don't know if there are some heuristic categories but I guess it would be useful to let the user know if some app was identified using heuristic in order to let them evaluate the possibility to check those apps using Defense+

[gibran]

Dear gibran,

that was not a requst for help but expression of annoiance. If not even Comodo products know and trust each other then it produces a DOS by bombing you with (useless) requests for decisions.


R.I.P.

Comodo apps should be learned automatically due to Trust applications digitally signed by Trusted Software Vendors   besides even if a trust application button is not available there is Treat as option that is even more flexible.

[R.I.P...]

Dear gibran,

yes, "you saw it first".
I never wanted the honor to be "the one" who found out whatever. I also used search before posting the not-a-virus - issue. I have only effort to point that out, no use. So you do not need to point ME to your other posts. Point Melih to them, that woud help so much people!

I just tried to explain myself and what I think a simple user would like to have.

Regarding the networks (LAN, WAN, Unicast): This IS essential. One does not need a firewall if it does not distinguish between localhost, LAN and WAN.

Again: It's NOT about what an IT Pro needed but the broad user base. EVERY LAN behaviour is (almost always) OK, every WAN behavior NOT.


R.I.P.

[casualgamer]

Those are not really major and could be implemented easy just put them in the wish list.

[R.I.P...]

casualgamer,

I won't call you any names.
But saying "it" (not being able to distinguish between LAN and WAN traffi) was "not major" disqualifies you totall...
I guess you are "the satisfied C. user".

R.I.P.

[gibran]

Dear gibran,

yes, "you saw it first".
I never wanted the honor to be "the one" who found out whatever. I also used search before posting the not-a-virus - issue. I have only effort to point that out, no use. So you do not need to point ME to your other posts. Point Melih to them, that woud help so much people!

Sorry I don't think that my viewpoints are to be regarded with an higher priority than other members wish so I try to submit feedback in the appropriate places like it is obvious to guess from that post too.

Since CIS is undergoing its betatesting phase IMHO it could prove useful for any user to help test the product and submit feture suggestions in CIS beta corner board.

Hoping that some of them won't take that chance to post unconstructive criticism.

I just tried to explain myself and what I think a simple user would like to have.

Yep, I guess nobody could think that you were going to express something different than your own viewpoint even if somewhat you stated that as something every user need.

Regarding the networks (LAN, WAN, Unicast): This IS essential. One does not need a firewall if it does not distinguish between localhost, LAN and WAN.

Again: It's NOT about what an IT Pro needed but the broad user base. EVERY LAN behaviour is (almost always) OK, every WAN behavior NOT.

IMHO the LAN WAN paradigm you presented it's an oversimplification of a real firewall purpose due to the restricted span of the effective rules enforced it could only implemented as an optional wizard.

Adding a couple of predefined rules and a couple of predefined zones to the bundled configuration will be able to mimic that oversimplyfied paradigm with the current full firewall implementation.

In fact having a dialog to choose what zone a specific app could access it would be no different than assigning a predefined policy using a treat as option.

[R.I.P...]

IMHO the LAN WAN paradigm you presented it's an oversimplification of a real firewall purpose due to the restricted span of the effective rules enforced it could only implemented as an optional wizard.

Adding a couple of predefined rules and a couple of predefined zones to the bundled configuration will be able to mimick that oversimplyfied paradigm with the current full firewall implementation.

In fact having a dialog to choose what zone a specific app could access it would be no different than assigning a predefined policy using a treat as option.

Gibran,

I (try to) live the pareto principle. 20% effort gain 80% result.
Sure it was great to have a freely configurable firewall like iptables. But that would NOT help the average user.
We talk about a product for a broad user base. To differ between LAN (allow all) and WAN (ask) would be a HUGE gain over todays "always ask and give the user the choice to have an app inoperable or phone home"

R.I.P.


BTW: Your opinion IS more valuable than the ones of newbies like me. You committed time and energy to C. and proved to be a "friend".

[weaker]

I just want to support R.I.P. in that way that I also think that setting up CFP is too complicated for the average user of the (hopefully) broad user base which consists of vastly more non tech-savvy people than gurus.
I know computer science students that ditched CFP due to its complexity using it.

[casualgamer]

When i said those are not major i meant it would be easy for comodo to add them into the program not that they were not important.

[gibran]

I (try to) live the pareto principle. 20% effort gain 80% result.

Yep that is what predefined policies allow users to do.
It is obvious that those policies are not bundled in current releases but  this doesn't mean they will never be nor that CFP is missing an important feature.

Bundling an appropriate set of predefined policy will prevent many user to create them manually and will make possible to easily restrict traffic only to LAN or allow unrestricted access or anything meaningful.

Adding a wizard to present an alternate paradigm would prove an useful too but in the end it's only a tool to create an appropriate set of standard rules.

There are many users out there I'm unable to assume that all of them would be willing to stick with a WAN/LAN paradigm lifetime.

I may be wrong but I'm more inclined to assume that if they aknowledge that there is something more they could choose to take their time to learn it.

If so a predefined policy can be used in a simple way but it can also be reviewed to learn what rules are enforced when the user is willing to make that effort.

[R.I.P...]

Dear gilran,

I do sincerely NOT understand why you try to block a useful development of CFP by asking features NO PFW (personal fire wall) has to offer.

"It is obvious that those policies are not bundled in current releases but  this doesn't mean they will never be nor that CFP is missing an important feature."
CFP IS missing a VERY important feature if it is not able to distinguish between LAN and WAN traffic!


"Bundling an appropriate set of predefined policy will prevent many user to create them manually and will make possible to easily restrict traffic only to LAN or allow unrestricted access or anything meaningful."
Full ACK!


"Adding a wizard to present an alternate paradigm would prove an useful too but in the end it's only a tool to create an appropriate set of standard rules."
Full ACK!

"There are many users out there I'm unable to assume that all of them would be willing to stick with a WAN/LAN paradigm lifetime."
Let's stick to the next few years.
Most users are "stupid" and do not know how to judge a request to connect whereever.
95++ % of all users were VERY happy with a LAN/WAN paradigm!!!


"I may be wrong but I'm more inclined to assume that if they aknowledge that there is something more they could choose to take their time to learn it."
You ARE wrong! Users (not even DAUs) fall over different symbols (for instance users used to WinZip had serious difficuties to use PowerZip, which has the same menues and buttons, just different pictures on it!).
You HAVE to keep it simple for the usual user. LAN/WAN is already almost too complex.
BTW: LAN/WAN is everything one needs. I was able to realize complex security needs of companies just using THIS model (and a few extra rules).


R.I.P.

[Tags:]