at least one third of internet users in china would never use comodo cis

Thx. I am just trying to see where there are differences or similarities.

The best way to see the differences or similarities is: come to China and experience it yourself…
Nothing can make you feel better than being blocked by the Great Firewall >:-D

Is it possible for people to be able to connect to VPN and bypass The People’s Firewall of China?

Yes, VPN is an solution, but many VPNs are not stable and the speed of VPN can’t be guaranteed

Game over
http://easy-vpn.comodo.com/

I’ve tried it but it doesn’t work…

@COMODO: Is there a way to have some kind of P2P distribution for updates, like from those who are willing to give their machines for the task? I am willing to do it, to distribute updates with others.

Hi EricJH,
Is it really highly dangerous to delete the “Stop all the incoming connections” global rule for a moment?
If that’s the case, why the rule is NOT included in the default firewall global rule settings?

By the way, I’ve tested that tracert can also function normally if “Stop all the incoming connections” rule is moved down below “Allow ICMP In…” rules.

The problem shouldn’t related to the Great Firewall as it does not just affect one third of internet users in china…

When using the Stealth settings with the Block All IP IN at the bottom removing the Block all will indeed disable the firewall for unsolicited incoming traffic.

If that's the case, why the rule is NOT included in the default firewall global rule settings?
The new default Global Rules for v5.8 are actually the Stealth settings for Internet Security configuration.
By the way, I've tested that tracert can also function normally if "Stop all the incoming connections" rule is moved down below "Allow ICMP In..." rules.
That is because of the underlying Stateful Inspection principle. When making an outgoing request, for example when doing a trace route, the firewall expects a response from the IP addresses that get connected to and will allow the incoming traffic from these web sites.

When incoming traffic is not expected the firewall will block it. That is what the Global Rules for incoming traffic reflect: the firewall’s response to unexpected incoming traffic.

my isp is china unicom,which is the second largest isp in china provide service for about 1/3 of internet users in china,and china telecom (as fake5 has mentioned) is the largest isp in china provide service for about all the other 2/3 of internet users.

the key problem is that comodo has no servers in china,which makes its update service in china very unstable,especially these days.just one hour ago ,i could not connect to this website.

till now 2 weeks has already passed,i still can not give a install of cis with a successful update of the virus definition.

可以试试用迅雷下载最新病毒库进行覆盖……不知道你那里迅雷的速度能达到多少?

your suggestion is ok for me to solve my problem under the current situation,but the problem is that comodo would lost a large share of market,if i have to follow your suggestion. :-TU

:frowning: >:( That means current default setting for v5.5 without “block all incoming” rules is very dangerous… >:-D >:-D

By the way, the default setting for “Firewall Security” in v5.8 don’t have the “block all incoming” rule too. May be it is a bug or…

So the “block all incoming” rules can affect normal functionality of tracert. (at least in my PC) And that’s I wanted to point out initially.

Nope. The default Global Rules are to get alerted for incoming traffic on a per case basis

By the way, the default setting for "Firewall Security" in v5.8 don't have the "block all incoming" rule too. May be it is a bug or...
I cannot comment on that because I am using the suite. Defaults may be different when using the firewall only installation.
So the "block all incoming" rules can affect normal functionality of tracert. (at least in my PC) And that's I wanted to point out initially.
The block all incoming rules rule does not influence tracert because of the Stateful Inspection principle as explained. The Global Rules for incoming traffic are meant for incoming traffic that is not expected. When doing a tracert for example the firewall expects answers from the web and will allow them; the Global Rules for incoming traffic do not influence that.

Thanks for the explanation.

I am immediately convinced the problem is that there are no servers local in China. There is surely something going on that needs to looked into but we got stuck with the tracert analyis. I need to know now first why tracert is not working on your end. When you do a tracert to your router does the same thing happen? Do see * * * or do you see a report?

Please share what solution you are suggesting here.

of ocurse ,i also see * in the tracert report.

I just suggested him downloading the entire virus definitions using a popular p2p software called Thunder and then replacing the old virus database with the new one