Add ability to automate the switch of different configurations

1. What version of CIS, or Comodo Firewall, are you currently using:
Comodo Free Firewall 5732.83

2. What actually happened or you saw:
I was unable to automatically replace my current CIS settings when screensaver activates or based on a time schedule.

3. What you wanted to happen or see:
The ability to select a configuration file on disk that will auto-replace the current configuration settings when the screensaver activates and then auto-replace that one with the original configuration file when screensaver deactivates again. I also wanted the ability to select a time-schedule in the same manner or both screensaver and time-schedule at the same time.

4. Why you think it is desirable:

  • If you want to block all traffic when you are away from the computer, automatically, you can do that with the screensaver option
  • If you want to automatically change the entire configuration of CIS when the screensaver hits in, you can do that too
  • If you need to switch configuration based on a time schedule, you can
  • If you have temporary needs to have risky ports open, but need to leave the computer, you can have it auto-switch back again based on time or when scr.saver hits in
  • If you have a particular time you want to read your e-mail, you can have the time scheduler block all and have only e-mail ports open at a particular time of the day, let’s say at 10 o clock in the evening, when you peek at the time in the taskbar, perhaps at random and you see the time is 10, you can get your e-mail knowing that no other traffic is allowed, perhaps sneaky local network traffic, you can download e-mail safely knowing only e-mail ports are open
  • If you use torrents and you don’t want to let the torrent program eat up your bandwidth, but want to give it bandwidth at a particular time of the day, you can use time schedule to open its ports when you want to
  • If you have different needs for different internet services based on a day to day basis or weekly, you can have a whole variety of configuration files set in your time scheduler

5. Any other information:
We want to see a dropdown menu in the security settings (or general settings) where you can select “once”, “daily” or “weekly” and what time it should activate. The dropdown menu should also have the ability to select the screensaver option instead of time scheduling or even both. It is also suggested that these features is turned off by default in a new installation of CIS (unless Comodo is willing to find a solution that works for all users right out of the box, then it can be turned on by default)

The configuration file cannot be tampered with. It is protected by CIS regardless of the configuration level.

However, this is an interesting wish. Could you provide me with another situation, and what changes in configuration may be desirable, in which this enhancement would be very useful? I’m trying to fully wrap my head around this.

Thanks.

It’s hard to think of any particular situation, well maybe if some users use torrents and need to open ports, they might want to auto switch configuration when they have been away from the computer for a while. Temporary exceptional needs may force a user to change firewall rules that he know he will switch back to later, why not automate it.

If I were to give a personal reason for this, I would have to refer to my past when I was hacked while being away from the computer. They stole all files on my computer when I was out. If I have been at the computer I might have had a chance to repel it.

If they implement a screensaver switch, I am happy with it. Time scheduling is also very good, but it’s a bit more complicated, they have to judge for themselves. But I will be happy with a config switch when screensaver activates.

I think this would be handled already by the option to only allow an alert once. Am I misunderstanding?

Every firewall popup already automatically defaults to block of the user does not respond in time. Thus, changing the configuration wouldn’t have changed this. Were you using CIS at this time?

Okay, so what do you think the configuration should be for screensaver mode?

Thanks.

I am using the free firewall here, I haven’t paid notice to single alerts, I have to check that out. But the problem with torrents (and some other internet services) is that it doesn’t depend on a single ip address, so you have to open up to all addresses. A new problem arises when you are forced to allow all addresses, you have to disallow anyone as soon as you’re done again. But I am not sure if that is a good enough reason to put in time scheduling, I’m tempted to withdraw my wish about time scheduling for later, unless you can see a reason to put it forward?

The configuration can be anything the user choose to put in it, it can be a whole variety of firewall rules, hips rules and general settings, it can even be a full blockade. Personally, I will set my configuration to windows update and block the rest, and disallow any non system programs to run while screensaver is active, even trusted third party programs.

My idea about the screensaver wish, goes like this:

  1. The user configures firewall rules, hips rules, sandbox rules, general settings and then exports this to a configuration file.
  2. The user selects that configuration file as the active replacement when screensaver activates.
  3. The user then reconfigures everything for normal use and saves that as another configuration file that will be imported and activated when screensaver deactivates again.

I can add that the screensaver feature should be switched off by default when the firewall is installed. That is the idea.

( I don’t recall what firewall I used, probably not comodo-related )

Most of the configurations have an option to only disable for a certain amount of time if they are disabled. However, there is nothing for making changes for programs. Essentially, there is already the option to only allow the program to connect to that address once, and then to ask the next time.

I think that essentially the reasons behind why you want this are already in Comodo, although they are implemented in different ways. My advice would be to start a new topic in the HELP section of the forum. Then ask questions about how you can configure Comodo Firewall to do certain things, or to ask for certain situations. You will likely find that most of it is already available.

However, if you do find that there is a circumstance, which is not already accounted for in some way, where this sort of wish would be very helpful, respond to this post and let me know. I will leave this here for 2 days before I move it to Rejected.

Let me know if you have any questions.

Thanks.

I’ll try to come up with something, if I’m not here in two days, I have got nothing.

No problem. Thanks.

A few reasons I can think of for having auto switch on screensaver:

One reason I can come up with for having auto switch on screensaver would be to lower the risk of technical weaknesses in the firewall by lowering the complexity of how it handles rules. A software that handles multiple complex rules may be more subject to an attack (in two terms, in rules and in potential bugs) than a firewall that has simply “block all”. A block all rule is not as complex as many rules combined. Basically technical risk minimization, sort of like a highway intersection is technically more vounerable to error than a straight highway. It let’s a user pick a setup that is more minimalistic when away from the computer (screensaver). And that is basically what hackers do, they exploit weaknesses that they can find, by letting the user choose a minimalistic setup automatically, risk can be reduced.

Second reason I can think of is high level of user control.

Third reason I can think of is that people often forget, a screensaver never forgets.

The first reason is about minimizing technical risks and the second is about flexibility and user control.

Thanks

Okay, thanks for the explanation, and good reasoning. I’m thinking that perhaps the way to word this would be something along the lines of adding the capability to select when any of the Firewall Rulesets, or Firewall configurations, will be activated. This could provide a dropdown menu allowing users to have it apply on for a designated time, either once, weekly, etc… It could also have the option to apply when screensaver is running, when computer is inactive for a certain amount of time, etc…

What do you think? How does that sound to you?

Thanks.

Yes a dropdown menu is a great idea.

Okay, in that case, now that we’ve narrowed down the wish some more and located some specific reasons why it would be useful, could you please update the first post accordingly? Edit it so it now reflects what the wish has become.

Let me know when you think it’s good enough and I will take a look.

Thanks.

Ok all fixed.

Okay. I have edited the first post and added a poll. Please look them over and let me know if they are okay. If they are then I will forward this to the Waiting Area for voting.

Thanks.

All seems ok.

Thank you for submitting this Wish Request. I have now reset the poll and moved this to the WAITING AREA.

Please be sure to vote for your own wish, and for any other wishes you also support. It is also worthwhile to vote against wishes you think would be a waste of resources, as implementing those may slow down the wishes you would really like to see added.

Thanks again.

I as a screen saver using the continuously running .exe file ( http://relaxtime.8vs.ru/ )

In addition, the automatic switch would not hurt the full-screen games and other full-screen applications

Thus, it is necessary to make some of the mask on the name of the foreground window process (in particular, on extension) and full screen mode

The user would have to find the usefulness of this, there are probably many uses and it’s not possible to tell what it might be useful for to a particular user, it depends on their needs. But I can mention a few things that you can use this for.

  • If you want to block all traffic when you are away from the computer, automatically, you can do that with the screensaver option
  • If you want to automatically change the entire configuration of CIS when the screensaver hits in, you can do that too
  • If you need to switch configuration based on a time schedule, you can
  • If you have temporary needs to have risky ports open, but need to leave the computer, you can have it auto-switch back again based on time or when scr.saver hits in
  • If you have a particular time you want to read your e-mail, you can have the time scheduler block all and have only e-mail ports open at a particular time of the day, let’s say at 10 o clock in the evening, when you peek at the time in the taskbar, perhaps at random and you see the time is 10, you can get your e-mail knowing that no other traffic is allowed, perhaps sneaky local network traffic, you can download e-mail safely knowing only e-mail ports are open
  • If you use torrents and you don’t want to let the torrent program eat up your bandwidth, but want to give it bandwidth at a particular time of the day, you can use time schedule to open its ports when you want to
  • If you have different needs for different internet services based on a day to day basis or weekly, you can have a whole variety of configuration files set in your time scheduler

A few things that is possible to do, but it doesn’t necessarily mean you have those needs. Of course there are always alternative programs one can use, and of course there are those who don’t want to use alternatives, both of them exist out there. It’s up to what the user want or need.

Thanks. I’ve updated the first post with this list of possible uses.

There are only two things that I can think of this wish that relates to security and that is if the user want to use these features to switch to a more minimalistic ruleset, complexity is reduced and that again will have impact on badly designed firewall rules and also on potential bugs in the firewall. If he auto switch to a minimalistic ruleset (let’s say when screensaver hits in) then that minimalistic ruleset will somewhat reduce the chance of of security holes and “running into” a software bug. If the normal configuration has 10 rules and the minimalistic configuration has 3 rules, chances are lowered that you will suffer from a security hole or bug in the firewall. Simplicity eliminates that somewhat. According to updates from comodo, they seem to have several hundred bugs fixed every time, in my opinion this is not a bad wish.

But as it looks right now (it doesn’t have enough votes)