Due to ZoneAlarm becoming bogged down and, well, ■■■■, I completely stopped using it around version 5. I mean, how many firewalls block your DNS server at random?
For a while I used BlackICE, but constantly paying for a firewall that never really updates? Not for me. And the application control aspect for BlackICE just wasn’t what I wanted. Too awkward and simple.
And then I found SyGate and was content. It was perfect. Everything was clearly set up, you could open ports in the firewall and even specify which applications could use that port, and as an improvement over BlackICE, you could deny an application access but still have it ask the next time it tried, just in case you did need to let it out once in a while. …and then Symantec bought it and canned the whole thing.
Now, it’s occured to me more than once that using an old, discontinued firewall is A BAD PRACTICE. And using a router, incoming connections are a little less of a problem, so the firewall is more for application control than anything else. I want command of which programs get access and which don’t. A little Google searching on a slow work day and I happened across a few mentions of Comodo with people comparing it favorably to Sygate. So I figured I’d give it a shot, and have been using it on one PC for the last week.
You’ve developed a very good program here, especially for one that’s free, but it still leaves concerns and just doesn’t work for me. Since it seems you encourage feedback, though, I’ll explain why.
-
Setting up firewall rules was… awkward. There were only 3 or 4 ports I needed to open for programs, but once i had them opened it was hard to tell which rule was which without viewing exactly what it does. Being able to name it would be rather nice. And I realize I could’ve specified incoming access for the application in question, but we’ll get to that in a moment.
-
Over-reacting parent control. This was one of the major stopping points. I play a little FFXI, and the one thing you need to keep in mind with it is that it absolutely HATES to lose focus. So after it opened itself full screen and was unable to access the lobby server, I let it close back to a window and allowed access. Then I went in and turned off Parent Check and set it to allow all connections. Three days later, it had turned parent check back on each day and I would have to set it back to full access again. So I deleted the application records and let it re-add it, and it finally stayed the way I had set it. But still, that was annoying.
Additionally, it would occationally grab other applications for no apparent reason and claim that a program that wasn’t even running (for example, c:\program files\windows media player\mplayer2.exe) was acting as the parent. Which is particularly annoying when, again, parent check was turned off for the program. So even when you set programs to be allowed access, or turned off parent check… it didn’t always work.
- And now for the big one. Not doing what it’s told. I remembered turning a slider up a little higher during the first install (may have been alerts), so I figured I’d uninstall, change nothing on the reinstall, and try again. Things seemed to be going… alright, until my mailcheck utility came up. Parent check said that explorer.exe was executing explorer.exe and might be trying to hijack poptray.exe. …sure it was. So I denied it but, and this is important, I DID NOT tell it to remember that choice.
A few minutes later, I opened my mailcheck utility and tried to send recieve. Socket error. No request for approval from Comodo. Oookay, annoying. No record of application. …huh. Added it manually and gave it absolutely full permissions. No parent check, allow everything, skip advanced, allow invisible. Socket error. I checked the logs and poptray.exe was being denied access to my router’s DNS port (10.10.98.1:53), even with full access rights. And no parent was listed, nor was a rule specified as to why this was being blocked. It was simply suspicious application behavior, and a program with full access was being blocked. I had seen similar log entries for programs being denied access even after being given access and having been set to always be allowed access.
That was the straw that broke the back. When an application doesn’t do what you’re specifying it to allow, there’s a problem. And I’m sure if I had restarted the computer, Comodo would’ve stopped assuming Poptray wasn’t trusted and things would’ve been happy. But I had told it that Poptray was allowed to do whatever it wanted, so nothing further really should have been necessary.
In closing, you’ve got a really good idea for a product here, and I like where it’s going, but… Setting up rules is still a little murky until you adapt to Comodo’s way of saying things, and the rules just don’t allow you to do some of the things you’d like. Add in the parent control glitches and disobedience… It’s not that I think your program is bad, I just don’t get along with it very well. Perhaps the rules are too literal for what I need, or maybe I just didn’t understand half of the system, but Sygate still does what I want for the most part, and I’ll trust DD-WRT to block the rest.
