Balance between safety and speed configuration ?

I installed the Comodo Firewall ( without defense + )

If i open my firewall then click behaviour settings > advanced , you see ,

  • Protect ARP Cache
  • Block gratuitous ARP - Packets
  • Protocol Analyse
  • Monitor NDIS protocols different then TCP/IP

i translate it from netherlands to english , i live in netherlands.

What do you enable of those 4 things , and what is overkill and slows down your pc ?

The determination of whether to enable these options will, to some extent, depend upon your environment and the perceived level of risk. As is the case with any attempt to manipulate packets, there will likely be a trade off between usability/performance and security.

For the ARP options, you should first consider the nature of the protocol. ARP is a broadcast based protocol, which means it will be contained by routers. If you have a router between you and the Internet, then enabling these options will not provide much benefit. Likewise, if you perceive a risk of ARP poisoning between you and the first router of your ISP, then you may consider these as useful additions.

Protocol analysis is potentially useful, but I’d advise against enabling this option on a permanent basis. Essentially, protocol analysis is a primitive form of Intrusion Detection (I’m uncertain at which layers the CIS implementation works) This means that every packet will be examined to determine if there are any irregularities. Some have found that enabling this option can cause certain applications to work incorrectly.

NDIS is a specification that allows a variety of protocols to run concurrently over the same Network Interface card, for example you are more than likely running TCP/IP over Ethernet, but there other options, such as Token Ring or FDDI, ATM and others. If you wished to monitor these other protocols or suspected such were running on your network, you may wish to enable this option.

Personally, unless you have very specific reasons for doing so, I’d leave the default settings on this tab as they are.


It occurred to me that I should mention something about fragmentation, even though you didn’t ask, it is one of the options.

Fragmentation is an integral part of Internet communication, this is why we have Path MTU and ICMP Type 3 code 4 (fragmentation needed and Don’t fragment) Essentially, when a packet is sent from point A to point B, there is a strong likelihood the packet will traverse one or more routers. When the packet reaches any given router it must be determined if the packet can be forwarded. One of the considerations is the size of the packet. If it’s to large it will be dropped and the router will send an ICMP message to the originator. Essentially this instructs the sender to reduce the assumed MTU size for all future packets on that route.

Once again, if you have a router, you can forget uncheck this box. Also, others have reported issues when this is enabled, with certain types of application.