A real acid test!

I’m a noob here, and couldnt find a better place to post my experience with Comodo Firewall. So I hope this is ok.

I gave Comodo a true acid test, by dropping it into a war zone.

My computer got infected with a root kit of some kind. That was my own fault, I had a brainfart, and did something stupid that let the kit get into my system.

Right away, the hacker in control of it stole half my bandwith whenever I went online. It took me some time to find out about this tho. But in time I did.

Once I knew I was infected, and what the infection was, I knew what I had to do. I had to do a destructive restore on my computer, that is, to wipe the drive, and reinstall the oporating system.

But before I could do that, I had to save all my data to cd, and that would take time. Meanwhile my system was being used by someone else, and it kept getting more and more unstable. I had to find some way to buy some time to offload everything, by shutting the doors to the hacker, or by slowing them down somehow.

My first choice, was to find a firewall I could afford. Being disabled and getting by on a small monthly check, that was not so easy. But then I saw a review somewhere about Comodo. And unlike all the other progs reviewed, Comodo was FREE! I had to go check it out. I still had my doubts about it, as it was new, and free programs tend to not be very good. But what did I have to lose at that point?

So I downloaded Comodo, and tried to install it.

Right away, it tried to go online. I didnt know why then, and I was very paranoid, so when it asked permission to go online, I blocked it. And the “remember” box was ticked. That caused an error, and it refused to install right. I wrote the company a note in panic about it, and got a very fast reply (That greatly impressed me right there!). But by the time I had gotten the reply, I had already tried uninstalling it, and then reinstalled it, and this time I allowed it to “phone home”. In seconds it was up and running perfectly!

More than that, it instantly slammed all the doors shut, so that, while I was still infected, the infection, and the hacker behind it, could no longer talk to each other.

The result, was that my system did not get any more unstable than it already was. It couldnt stop problems that already existed, but it prevented the hacker from messing up anything else. And that bought me the time I needed to get the rest of my data safely to cd.

I have since done the restore, and I am now updating and reinstalling things. And second on my list of programs to reinstall, was Comodo. (The first was Win Patrol, to look for and stop anything suspicious on my system, while I was reinstalling other things. That is another great program that has saved my bacon more than once.)

The end result was, that Comodo not only proved itself to be a great firewall that was easy to set up, but it proved itself under the worst possible conditions. A true acid test!

Maybe some of the paid firewalls could do the same thing. But if there are any other FREE firewalls, I doubt they could. And the Windows Firewall, tho free, would have been useless, since the root kit rewrote parts of windows itself. So Windows Firewall would have been blind to any traffic in or out of the system that was from or to the root kit and hacker.

It doesnt need saying, but I will say it anyway, I am now a hardcore believer in Comodo! And in my own small way, I have already been spreading the word about it. And whenever a Comodo button is made available, I will quickly add them to my websites, pages, and blogs!

Rick R.
AKA darknightmadman
AKA Black Paladin (Retired youth rights activist)

(R) (R) (B) (B) (S) (S)

Gotta agree with Rafel.

That sure is an impressive story, the only thing i would like to add to that is the following facts:

  1. A Rootkit can hide TCP/IP communications (Sometimes by editing the TCP/IP stack)
  2. What was the name of this rootkit? (I would love to get a description to see if it actually bothered with Num #1 to see if COMODO can actually detect a Rootkit that achieves that. IE. (Helps to tell if it was a kernal level rootkit or User mode rootkit.

A tip on avoiding rootkits:

kernal rootkits CANNOT patch the kernal if you keep windows up-to-date, use a restricted account and put a good password on all administrator accounts.

A user mode rootkit can still install and run under a restricted user, all though these are allot easier for apps like Rootkitrevealer to detect. Running as restricted user adds another “Layer” of protection for your Firewall and antivirus as they use a driver and service, both of these CANNOT be touched under a restricted user, even if they can it then depends on the software it’s self to defend it’s self. (If a restricted user becomes compromised, logon as admin and delete the account, i don’t think they can jump accounts, unless they infect files i guess)

cheers, rotty