I have worked with many firewall applications over the years, and am very proficient in IT. When it comes to a desktop firewall, I find most of them are poorly designed and/or implemented. The best of the bunch (which, I should point out, is termed loosely) that I have found is ZoneAlarm. While it doesn’t offer the power and customizability that Comodo does, the way it’s laid out makes sense (unlike many other firewalls), and is easy to configure.
Kaspersky Internet Security, for example, is a nightmare and a complete mess. The way they designed it to work is horrible - that either an app is trusted or untrusted, not giving much in between, and making it either impossible to give apps the rights you want, or extremely complicated to do so.
When I found Comodo Firewall, I was for the first time hopefull. On paper, Comodo Firewall seemed intelligently designed - working in a similarly straightforward fashion as ZoneAlarm, but giving more control and granularity. This was, again on paper, ideal as an improvement over what I had been using for years.
So, I tried it out. And within a day, I had uninstalled Comodo, and re-installed ZoneAlarm.
I wanted to give you feedback as to why, and what I disliked about Comodo. I didn’t take notes at the time, so I’m sure there are things I am forgetting, but I’ll put down what I remember.
Applications were not necessarily automatically added to the software list the first time they were run. This is not good. The first time a new application runs, it should be automatically added to the software list so that it’s easy to set rules for it. This is especially important since many apps have multiple components, and knowing that a particular app needs to be set up doesn’t mean you know which part of it to point to.
Application names are not used in the software list. Most people are not going to immediately know what “vssadmin.exe” is. But if you list it as “Command line interface for Microsoft Volume Shadow Copy Service”, that’s a hell of a lot clearer, and allows people to make a more educated decision on it without having to look it up first. Many other firewalls do this, so I don’t understand why Comodo doesn’t. By all means, make sure it’s easy to pull up the actual path and filename, of course. But for the purposes of normal administration, make sure to list the normal name for each program!
System components were lumped together as a single “System” item. It is improper to assume that because it’s part of the O/S, it’s okay to give it full access. In ZoneAlarm, each individual item that starts and tries to get access gets put on the list seperately. A user can make individual choices for each and every component. Now, I don’t know if it’s possible to delete the default System item and add each component seperately - I hope it is. If not, then this is an immediate dealbreaker. But if it’s possible, than I simply dislike that this is done by default.
It is counter-intuitive, the way things are seperated between the basic section of the UI, and the advanced section. It makes more sense to be able to choose an Advanced mode, whereby all of it is available in one place.
Responsiveness of the application to configuration changes was unpredictable and not immediate. Granting rights to certain apps yielded no change in their restrictions. This yielded multiple troubleshooting steps, only to find out that several attempts and ten minutes later, they were now taking effect. Not because the rights were incorrectly set in the first place, but because either it didn’t take (in which case, Comodo is flaky), or because it doesn’t take effect immediately (which would be a serious design flaw).
I found the Defense+ to be too much trouble to work with. I don’t mind certain types of proactive defense systems that many security apps have - and I love that Comodo gives you such control. But I found it impractical to configure each and every possible program with the minutia of rights. I admit that this may simply be something that takes getting used to. I remember finding it annoying that one of the rights couldn’t be configured to be enabled by default for a given app. This didn’t sit right with me.
So, as I mentioned earlier, I’m sure there’s other stuff I’m forgetting, but that’s what I can remember at the moment.
I think Comodo has a lot of potential, and I sincerely hope that the developers will address some of the issues I encountered as this product gets revised, so that it becomes something I will be happy using in the future. But for now, it just doesn’t cut it for me.