Basic Setup for Novice Questions

I have downloaded the User Guide read it & read your FAQs section & I’m still unclear on how to setup this firewall. The “n00b” setup led me around in circles & the flash tutorial didn’t seem relevant (I don’t have a network of PCs). I have never configured a firewall. I am a home user, the only user, of one PC which connects to the internet by cable, no router. I really need a step by step installation & configuration tutorial with screen shots. At what page of the User Guide does the novice using default settings stop? (Ques 1) By page 40 or so I was lost. There’s no clear end point. Do the default settings “Automatic Configuration” set me up a zone? (Ques 2) I understand some things need to be written with rules like bit torrent/p2p, iTunes, excluding these is the firewall initially complete & ready to use? (Ques3) I don’t want to surf au naturel!

I understand default settings are the least secure. There are settings on Wilders for a basic setup for your firewall. Wilders>Security Software>other firewalls>Comodo Firewall (basic setup) Sept. 4, 06 by Stem, a firewall moderator.*** I’d like to know from you if his setup is complete. There seems to be great difficulty gearing instructions to novice users. Either we get talked to as if we don’t know why we need a firewall or assumptions are made that we have knowledge to build on that we haven’t yet attained. I’d like to know how Stem’s method differs from your Automatic Configuration. (Ques 4) What else if anything needs to be done to complete his basic setup? (Ques 5) Is it a better way to go than an Automatic Configuration? And why/why not? (Ques 6)

And yes I’ve read the explanation that the moderator wrote for his mother. I’m glad she gets it! I need a from start to finish newbie, maybe newbie plus guide with screen shots on installation & configuration! It’s that simple. With all the information on here it’s lacking. I am impressed by your responses to your users. I was fascinated by several threads. p2u’s settings were a great read, talk of future releases with HIPS are exciting, but for right now I just need Comodo to please tell me how to get this firewall on correctly!

I will be more than happy to assist you in any way I can. I will make myself available to this forum. I think it’s hard to remember where you once were. There are many people who wish to move away from commercial suites & are willing to do whatever it takes to learn more. Help us get there. I’m very grateful that a product such as yours exists & would be very proud to have it on my PC. Empower me please Comodo!

***Going to Wilders may be more than you’d want to do so I’ll recap:

On the Firewall Configuration Wizard Stem’s choice is Manual configuration [for power users]
On the Wizard page Please select how Comodo FW should make the application analysis his choice is Scan my computer for the known applications. On the next wizard shot he chooses Protect own settings from unauthorized modifications & Skip loopback [127.xxx] UDP requests. Alert frequency is low-- at the 2nd from bottom mark. He mentions he has disabled the DNS client. (huh? Ques 7) & it appears you simply click remember & allow if an alert you want comes up. He then gives an example of one rule for an inbound torrent client. You can see where the TCP & port number come from & go. & it’s put above the block rule. He states some torrent/p2p software require more than one inbound port & says to follow the example to add any other required port (to Settings within the client). (huh? Ques eight)

Michele

Thanks for the post and your willingness to learn and help.
Actually, you are in a perfect position to help us with this process of creating a newbie instruction set.
We will all chip and help you. Can you pls create step by step guide, as you learn, how to set it all up. and pls feel free to ask for help about any aspect and even help write sections of this instruction manual kind of object.

It will be so very useful for many users out there.

We really would be grateful if you could help us Michele (CLY) (CNY) (CWY) (CLY)
(:HUG)

Melih

Michele, I am a new user also who spent weeks circling this firewall trying to decide if I could handle it. I had been using ZoneAlarm for a few years and always used it as is. I was afraid that I’d have to set up rules like you see in the newbie instructions. Then someone in the forum told me I can put the firewall on automatic. I uninstalled ZA and installed COMODO in the automatic configuration. After the installation was complete, I clicked 2 options. First to have Comodo learn my already installed apps, and second to have pop ups stay up for 130 seconds so I have time to think about whether to allow or deny the pop up. It has done the rest for me ever since. The installation was so easy, I was mad at myself for putting it off so long.
(L)

Hi Michele.
I think we have discussed before.
It’s was a miss understanding about DC++;)
I did write you a tutorial for it, but never posted it when you said you didn’t use it…
If you want a tut that you can understand (maybe?;D), I can write you one.
To answer some of your thoughts, I can say that default settings is secure.
If you are “paranoid”, you might have to do some manual work, but i don’t recommend it, if you don’t know what you are doing. If you do it wrong, you can get less secure…
As I said, the default settings pass all leaktests, so It’s secure.

Hi Michele and welcome at the forums. (:HUG)

First of all I’d like to informe you that CFW (Comodo Firewall) does not need any tweaking for making it secure. If you installed it with the default settings you are perfectly secure.

The faqs and the guides that the moderators or other users have made is for resolving and explaining issues with specific applications.

But for helping you to understand the various aspects of CFW please provide us with specific questions.

Lets begin from the installation. Where there something that was not clear?

Oh My goodness! Melih et al!

What lovely support! I have to start by saying Thank You! I've learned to size up everything before I jump in. I gauge the skill level needed, the support available, what's up in the forums... Until two weeks ago I had no idea there were rule-based or application-based firewalls! What happens is if it looks too foreboding & I can't find a tutorial I have to make another choice. These are security features. It's the responsible logical move. I'm very interested in Comodo--it's doing more than holding its own & it's available to us for free. You can feel the excitement here! 

Due to compatibility issues with Avast I've been waiting for the release on the 16th.  Right this minute I'd like nothing more than a clean install of the fixed version. So you've come to the rescue just in time! I'd be more than happy to help put together a newbie tutorial. I need a bit of help with  screen shots.  I think a tutorial that addresses new users of all levels--hopfully we advance-- is a great idea. Maybe a collaberative effort which fully introduces the product & supports those interested in it could be created. I can't tell you how disappointed I've been when a product I really want is out of reach for a stupid reason like an impossibly poor language translation. 

I wanted my questions answered and a solid plan of action to implement! It looks like this can happen! :)  I'm pleased!

thats great to hear Michele, and thank you on behalf of Comodo and our Community for helping us.
We will all be ready to chip in with screen shots etc or anything else you need. just let us know.

as to compatibility with Avast, can we help you there? whats the issue?

thanks
Melih

Melih,

I want you to know what a nice touch it is to see a CEO taking time to participate on a forum board. 

You must have been too busy to be aware of the Avast issue.

 There is a 9 page thread on here re it: Desktop Security Products/Comodo Firewall/Help "Anyone know what this is? (Oct. 7, 06) by Nickal.
 https://forums.comodo.com/index.php/topic,3113.html 
     
 Kail, Panic, AOwL, Comicfan2000, Egemen all participate in it. On page 8 Egeman says Comodo is working on a resolution for the Avast issue right now.

 On the Avast forum we were told by Lukor, Avast team:

« November 08, 2006, 04:58:29 PM »
Hello Guys,

I just had a conversation with a developer from Comodo team. They put some efforts into this issue with avast! WebShield and as it seems to me now that the future update of Comodo PF (which should be out soon, probably ver. 2.4) will contain a fix! Grin

All of you who have spotted problems, please update as soon as the new version is available.
Thanks.

Lukas.

The last mention of the release of CPF 2.4.0x Beta I saw was from Umesh, Comodo mod, when he edited the prior release date from Nov 7, 06 to Nov 16, 06.

 Is this accurate information, Melih? There is a release with a fix for the Comodo/Avast issue coming out tomorrow, isn't there? 

-Michele

Hi Michele, Please click the link below which has all the Comodo screen shots. ;D

http://www.pcmag.com/slideshow/0,1206,l=179484&pg=0&s=1645&a=176829,00.asp

I’ve seen those shots TWL845. They illustrate the reviewer’s points nicely. -M

Couldnt have put it better myself. Like Michele, I am totally new to this level of firewall, and no matter how much I read on this forum, I am not able to understand what I need to know about configuring this firewall. I am not for some reason able to view Ewans flash tutorial and am totally confused as to what I should be doing to make my computer more secure. I do know that despite what
seems to be the accepted norm that Comodo passes GRC’s Shields UP test “Out of the Box”, on my fresh installation, …it fails miserably. It shows most ports “closed” and only a few stealthed. Solicited TCP packets show Failed, and the Ping Test show Failed. Even my old and trusted Sygate passed these tests with no problem.
While I accept that maybe it is due to my inexperience and lack of expertise that is causing this, I am feeling very disappointed and lost after having installed Comodo. Surely there could be as Michele says, a simple way of configuring this firewall, complete with screen shots to help the novice. The incredibly detailed advice that I have read on this forum so far is far beyond my level of expertise, and would imagine that many people are put off using what seems to be a great product because of this. Certainly, unless I can understand more about what I need to do to make my computer more secure, I will have to go back to Sygate, even with its limitations.
Thanks for your time.

Hi, kennyboy! (And hi to Michele also)

Unfortunately, making tutorials that cover just anybody’s needs is impossible. Much depends on the configuration of the individual’s computer. Did you touch (change) any of COMODO’s default Net Monitor rules? What application rules have you set so far?

Paul Wynant
Moscow, Russia

The point is, that if you install with auto and have the default rules in network monitor, it pass all leak tests and port scans.
Have you changed anything in network monitor? Is the last rule a block all IP rule?
If you are behind a router, then the router is the one getting scanned, not CPF.

Kennyboy, Check my comments in reply #2 (J)

Kennyboy,

CPF was just reviewed by Softpedia. I believe screen shot #6 shows the default settings. Take a look. Someone please correct me if I’m mistaken, for I haven’t yet attempted to install the FW. I’m awaiting, perhaps erroneously, the release of the alleged version with the Avast issue resolution.

Please come back & post whether or not you “tampered” with the default settings. Are you behind a router?

CPF et al,

Is there a release with an Avast issue fix pending? Please let me know.

P2U,

I’m titillated to see you’ve typed my name :)! Regardless of an individual’s PC configuration, I have been led to believe CPF’s automatic configuration to be a secure firewall right “out of the box”. Paul, is this incorrect? My initial questions re the basic setup Stem on Wilders provided went unanswered.

Thank you for your time & expertise.

Michele

Stem’s manual “advanced” setup results in the same setup as the auto install does.
He could have used the “auto” install instead…

Hi, Michele!

Sorry for the delay, but when you wrote, it was night in Moscow…

You can just run the automatic configuration and you will be very well protected. Any other set-ups are for advanced people who know what they are doing and why they are doing it. That does not mean that I discourage you to learn! If you don’t know too much about networking, then don’t do anything but the default stuff and continue reading before you start tweaking yourself.

Stay safe!

Paul Wynant
Moscow, Russia

Hi All.

Many thanks for the replies. I did not mean to hi-jack Micheles thread, but was only meaning to add weight to her request.
I will start a new thread after I have re-installed Comodo because it has just also failed Comodos own hacker test with the default out of the box settings, untouched, by human hand, as well as Gibsons Shields-up. This was of course only on my system here, so maybe it just doesnt like something here.
As I am impressed by all the good feedback from the forum, I am determined to try again, and will post when I have.

p2u…I have not set any rules at all. Not capable of doing this at this time.

AOwL…I have not changed anything in configuration, and the last rule seems to be Block all.

AOwl and Michele…I have asked this question about whether or not I am considered to be behind a router on other general computer forums, and have never had a definitive reply. The answer is I honestly dont know. You see, I am in the Philippines, on a wireless internet connection from the local cellphone tower. There is a small antennae gadget on the roof with a cable down to the computer directly. Nobody at the ISP has any idea what a router is, let alone if that is what they install to their customers. (Customer service here is not a strong point!!) So, if it is a router in that little box on the roof, then nobody here would be able to configure it. I have to accept that it just seems to work. Not helpful I know.

Paul W…I dont see this “Automatic configuration” anywhere. Do you mean the default install config?

Edit…Sorry Paul. Having re-installed, I now see the Auto Config is in the install process.
Many Thanks to all here.

Hi, Michele!

As I see that you have not received a satisfactory answer to all your burning questions, I will make an attempt to do that.

Don’t use any User Guides. I’m not saying that the author did a bad job, but most user guides are only clear if you know what they’re talking about. To give an example: does it make sense to read a book about how love can hurt and how to recover from that unless you’ve gone through the process yourself? The only thing you have to do is ‘allow’ or ‘deny’ applications. As soon as you get the routine, your intuition and reading experience will guide you in fine-tuning…

The default settings set up a zone that is related to your ISP’s Internet configuration (your adapter, the channels your connection uses to contact your ISP, etc.). This is something you should not touch. It is not a Trusted Zone in the sense that anyone can do just anything; it’s merely to make Internet traffic possible at all. I would not do you a service by going into technical detail.

Yes. The firewall is completely ready to be used. The only thing required is your permission or denial for applications.

As a rule, the default settings on ANY firewall are the least secure. Stem knows this (he really has many good instructions for other firewalls). In the thread you are referring to, he merely demonstrates his principle never to use default settings, which in most cases is the only right approach, because some firewall vendors set really crazy defaults! I must say that this is not the case with COMODO. I’m in no way related to COMODO and I’m not being paid to say this; you will have to take my word for that.

I had a look over there at Wilders. I think he skipped a couple of screenshots (probably for privacy reasons). If he showed us all the screenshots during install, then his approach differs in that he shows us that there is an option in COMODO to scan for all certified applications on his computer BEFORE the setup finishes to allow COMODO to automatically allow and deny applications according to COMODO’s database. This is the default setting, even when you use the Automatic Install option. This is of course done to avoid a great number of pop-ups. There would have been a difference if at this point he had declined the option. As he doesn’t show any other settings, I cannot evaluate what other differences there might be.

You won’t believe me, but even I use the Automatic Configuration myself when I install COMODO (here and on other people’s computers). Afterwards I fine-tune the Netmonitor rules and the Security - Advanced - Miscellaneous settings, as you have seen in one of my posts.

There is no ‘better way’ than Automatic Configuration to install, not on this firewall.

Thank you for the compliment. You should understand, however, that I gave my settings to my good friend TheTOM_SK, who had been using this firewall for quite some time (he actually talked me into using it myself), is rather experienced in networking, and knows exactly what I’m talking about. It is a guideline to get the MAXIMUM out of the firewall, but you will be able to appreciate that maximum only after you’ve been doing the regular stuff first.

I’m willing to work with you personally through MP if necessary. To get an idea of what computer security is all about: it’s not in the firewall alone. Your Windows settings are just as important (if not more important), and so are your browser settings, your mail client settings, your Instant Messenger settings. When you allow an application, you should understand that you make a hole in the firewall (figuratively speaking). Do you or don’t you allow scripts to be executed by default, do you or don’t you accept html mail in your mail client (a big DON’T), etc. The answer to these questions will greatly determine how safe you are on the Net. I can advise you on all of those parameters in a clear and understandable way.

Yes. Disabling Windows services is very important. Please go to Start - Control Panel (Classical View) - Administration - Services. There you will see a service by the name of DNS Client. When you double-click on that name, a window will appear. You will read there: startup Type - ‘Auto’. That’s the default. Stem set that to ‘Disabled’, which is a wise decision. Why? Don’t bother trying to understand right now. Just take for granted that many Windows services can be exploited. The fewer you have running by default, the better. One of my posts contains a list of such services which can safely be disabled. If you need that list, I will give you a link.

Do you use torrent/p2p yourself? If not, do yourself a favor and forget about it for now. Just learn how to click ‘Remember my settings for this Application’ and ‘Allow’ or ‘Deny’ on application alerts. The rest will come by itself, trust me. An approach that gives TOO MANY details is wrong. Condiser yourself my student, or no, a colleague of mine who just has a little less experience. My advice will always be tailored to your current level of understanding without jeopardizing your security.

Paul Wynant
Moscow, Russia

Hi Kennyboy & all,

Kennyboy, i’m also new to CFW & very UN-savvy regarding firewall configuration - my nic’s not ‘braindrained’ for nothing! After reading firewall threads on a forum, i decided to give CFW a try (on out-of-the-box default settings), having used Zone Alarm Pro for several years. Until recently, i was on a wireless broadband connection, with a router on my roof. From your description, sounds like a similar setup & i was told by my isp NOT to use a software fw for compatibility reasons, so i had no control & no idea how they’d set it up. Now i’m on ADSL & have just tested my machine on grc’s ShieldsUp & PASSED EVERY TEST - CFW even went into ‘Emergency Mode’ during the onslaught, as i saw when i checked the log, which was reassuring. Just from what i’ve read, it’d seem that your ISP’s router has those ports open, causing your pc to fail grc’s tests, so CFW’s unlikely to be the problem in your case. Sorry i don’t know enough to have any helpful suggestions but, from my own experience with a wireless router, hopefully i’ve shed some (accurate?) light on this for you.

Cheers,
braindrained