A Good Effort... But not what I want

Due to ZoneAlarm becoming bogged down and, well, ■■■■, I completely stopped using it around version 5. I mean, how many firewalls block your DNS server at random?

For a while I used BlackICE, but constantly paying for a firewall that never really updates? Not for me. And the application control aspect for BlackICE just wasn’t what I wanted. Too awkward and simple.

And then I found SyGate and was content. It was perfect. Everything was clearly set up, you could open ports in the firewall and even specify which applications could use that port, and as an improvement over BlackICE, you could deny an application access but still have it ask the next time it tried, just in case you did need to let it out once in a while. …and then Symantec bought it and canned the whole thing.

Now, it’s occured to me more than once that using an old, discontinued firewall is A BAD PRACTICE. And using a router, incoming connections are a little less of a problem, so the firewall is more for application control than anything else. I want command of which programs get access and which don’t. A little Google searching on a slow work day and I happened across a few mentions of Comodo with people comparing it favorably to Sygate. So I figured I’d give it a shot, and have been using it on one PC for the last week.

You’ve developed a very good program here, especially for one that’s free, but it still leaves concerns and just doesn’t work for me. Since it seems you encourage feedback, though, I’ll explain why.

  • Setting up firewall rules was… awkward. There were only 3 or 4 ports I needed to open for programs, but once i had them opened it was hard to tell which rule was which without viewing exactly what it does. Being able to name it would be rather nice. And I realize I could’ve specified incoming access for the application in question, but we’ll get to that in a moment.

  • Over-reacting parent control. This was one of the major stopping points. I play a little FFXI, and the one thing you need to keep in mind with it is that it absolutely HATES to lose focus. So after it opened itself full screen and was unable to access the lobby server, I let it close back to a window and allowed access. Then I went in and turned off Parent Check and set it to allow all connections. Three days later, it had turned parent check back on each day and I would have to set it back to full access again. So I deleted the application records and let it re-add it, and it finally stayed the way I had set it. But still, that was annoying.

Additionally, it would occationally grab other applications for no apparent reason and claim that a program that wasn’t even running (for example, c:\program files\windows media player\mplayer2.exe) was acting as the parent. Which is particularly annoying when, again, parent check was turned off for the program. So even when you set programs to be allowed access, or turned off parent check… it didn’t always work.

  • And now for the big one. Not doing what it’s told. I remembered turning a slider up a little higher during the first install (may have been alerts), so I figured I’d uninstall, change nothing on the reinstall, and try again. Things seemed to be going… alright, until my mailcheck utility came up. Parent check said that explorer.exe was executing explorer.exe and might be trying to hijack poptray.exe. …sure it was. So I denied it but, and this is important, I DID NOT tell it to remember that choice.

A few minutes later, I opened my mailcheck utility and tried to send recieve. Socket error. No request for approval from Comodo. Oookay, annoying. No record of application. …huh. Added it manually and gave it absolutely full permissions. No parent check, allow everything, skip advanced, allow invisible. Socket error. I checked the logs and poptray.exe was being denied access to my router’s DNS port (, even with full access rights. And no parent was listed, nor was a rule specified as to why this was being blocked. It was simply suspicious application behavior, and a program with full access was being blocked. I had seen similar log entries for programs being denied access even after being given access and having been set to always be allowed access.

That was the straw that broke the back. When an application doesn’t do what you’re specifying it to allow, there’s a problem. And I’m sure if I had restarted the computer, Comodo would’ve stopped assuming Poptray wasn’t trusted and things would’ve been happy. But I had told it that Poptray was allowed to do whatever it wanted, so nothing further really should have been necessary.

In closing, you’ve got a really good idea for a product here, and I like where it’s going, but… Setting up rules is still a little murky until you adapt to Comodo’s way of saying things, and the rules just don’t allow you to do some of the things you’d like. Add in the parent control glitches and disobedience… It’s not that I think your program is bad, I just don’t get along with it very well. Perhaps the rules are too literal for what I need, or maybe I just didn’t understand half of the system, but Sygate still does what I want for the most part, and I’ll trust DD-WRT to block the rest.

I agree wholeheartedly with this post.

If you want a program which will do what the heck it likes no matter what you tell it then install Comodo.

If you prefer to control your own computer then look elsewhere.

Jetico Firewall has exactly the same problem. So I wouldn’t recommend that one either.

I loved the Sygate firewall - until Norton bought it and made it into such a big unwieldy monstor it used all the computer resources and bogged my system down.

I understand about setting rules and exceptions. It is a necessary part of using any firewall worth having. I just wish I could find a firewall that worked as well as the old sygate firewall used to work.

Tnx for the feedback, linoth. I hope you’ll keep your eye on Comodo and try them again after v3 becomes a stable final release.

IMO, your problems weren’t problems of function, they were problems of understanding what the function was/what it does, and why.

I’ve seen this time and time again, and was there a lot myself when I first started using CPF, having come from a different firewall. IMO, you do have to think a little differently, and get your mind out of the box that was your previous FW. Comodo has a layered security system that goes through a number of inter-related filters, in a way that is different from any other FW I’ve seen. The biggest problem a lot of times is users who are used to tightening up their FW rules; they get into CFP and expect it to work as they are used to. Plain and simple, it doesn’t work that way… whatever way that is, CFP is different… :slight_smile:

It can, however, be a very set & forget FW, or a tinkerer’s FW for the security-conscious (or paranoid). There are only a very few questions that cannot be answered/resolved here in the forums, if the user takes the time to ask, and sticks with the process to work through it. We have very knowledgeable Users, Mods, and obviously, Admins and other Comodo Staff here; any questions we cannot answer are referred to Support. Heh! We can even tell you how to do a complete remote install…

Anyway, I do hope you’ll give it another shot at some point. But be forewarned… v3 is a whole different animal from 2.4!