Ars Technica names CFP in the Top Five must have security products article!

I did a search for this, but I didn’t see it on this forum, so I post it now. :smiley: here is a link to the article:

Much better than Scott’s article naming a certain other firewall as best of 2008 in January. roll eyes However, I don’t understand how they can recommend the Vista built in firewall. :S

Thanks for the link. Great to see comodo being recommended again. :wink:

It’s good that Comodo gets mentioned again, but I do not agree that Vista doesn’t need any other firewall than the one that is intergated in Vista. I also do not agree on some other aspects.

Aweome. I am using 2 of the products. Comodo and NOD32.

:BNC :Beer

so who is going to protect you from the malware that windows firewall doesn’t stop?


Was that a question from COMODO’s CEO ? ;D I think you know the answer. :smiley:

Not who, but what. And the answer to the What is C:\Format :wink: :Beer

Well this article was published April 2008 :wink:

I can’t believe they recommend Ad-aware!


Greetings all,

In support to the above statement I may say even more: to consider MS fwall is probably suicidal.
Another question !ot! who needs Vista?..
… but returning back closer to the topic regarding protection from malware.
Since Vista runs much slower then XP on the same configuration (after SP1 almost 2times slower for some operations)… perhaps the advantage would be - there is more time to catch malware (:LGH)

Cheers (R)

Srsly guys this is yet another techy recommendation from a writer who doesn’t know more than anyone here at the Comodo forums. I could have written that when I knew half of what little I know now. Its only importance is that people will actually believe it’s expert advice and follow it.

The so-called outbound “protection” is a funny issue. Precisely what Comodo has got right about personal firewalls–and what I’ve got right thanks to insight from Comodo–is that a so-called “leakproof” firewall is a crappy compromise between a compact inbound FW, and a FW along with a HIPS like CFP is.

It’s NOT true that you’re exposed to immediate infection if you only have the Windows (XP or Vista) FW. They’re robust and compact programs that will stealth you EVEN if you are connected directly without a hardware firewall nor a router. You can take MY word on this.

Everybody now thinks that so-called outbound “protection” is a must only because they read it somewhere written by someone who doesn’t know better than themselves. People even say now that the Vista FW is good while the XP one was crap because it has some kind of outbound control. But the Vista FW can be leaked easily if I’m not wrong.

Some users like their FW to have outbound control because they want to restrict their programs’ connecting out. But those programs have already been trusted if they’re installed, if they were malicious it would mean that the system is already infected and the war would have been already lost.

Anyway outbound control is not the same as so-called outbound “protection” or leakproofness. The latter implies the former but not the other way around. A malicious program won’t ask you politely to connect, it will try to connect sneakily without the FW’s noticing, likely taking hostage a trusted program, that is in any case leaking.

So the deal about FWs with outbound “protection” is that they promise they will prevent malware already infecting the computer from calling home. So you won’t need this “protection” unless you’re already infected. And of course it isn’t so simple either, because no FW can sincerely assure that there can be no attack capable of cheating it. Once malware has taken over your computer, a rootkit could simply stealth the nastie who’ll connect out so there’s no trace of it no matter which FW you use. And of course malware already running in your machine could always succeed at simply killing your FW, since self-protection (and hence leakproofness) can’t be assured to be 100.0 per cent perfect. If you give the bad guys the initiative, you can’t be sure of eventually winning the battle, no matter your arsenal.

Comodo made a leakproof FW which was the 2 version, and it was one of the best if not the best. But unlike the rest of the vendors who only kept making new versions of the same product that the users kept buying even though it didn’t provide perfect proactive protection, Comodo realized that the paradigm was wrong. You can’t possibly promise perfect leakproofness if you let malware run in the first place. The only way is implementing a full HIPS like Defense+, that notices any attempt to do anything from malware (and any program). Any vendor who promises with full certainty that their FW won’t let malware call home, and doesn’t provide a full HIPS, is either wrong or making false claims.