You also don’t get the Allow all out Application rule or the global rules you mentioned, if you install the firewall only.
Just out of interest, what do you believe the default behaviour of Global rules would be, without the Global IP out rule?
Is this question intended for me or Dch48? I’m a novice at this.
It was intended for dch.
With regard to your previous question, I personally believe using the second option in Stealth Ports wiz is less secure than using the third. Blocking all inbound requests, with logging enabled, will prevent anything from potentially slipping through.
Creating inbound global rules for the odd application that needs them is a 2 minute task and is by no means rocket science.
Definitely not. I’m saying the default rules of CIS4 are bad but the 3rd option in the ports wizard is also bad for many people who need to allow incoming in certain circumstances. With this option chosen, all incoming connections will be blocked, and blocked silently unless you choose to have the events logged. I think you need to be alerted to any connection attempts (except those by known safe apps, those should be allowed automatically) and make your decisions accordingly.
It may not be rocket science but it shouldn’t be necessary when there is a much simpler solution and that is to use the second option in the ports wizard. Then you get alerted and if you allow the connection, the rules are created for you. I much prefer that. In my opinion, the user should never have to manually create or edit any rules. The firewall should be smart enough to take care of that by itself. With my way, even things like uTorrent require no manual rule creation or editing. You get an alert to allow connection, allow it,and everything is fine from then on.
Actually , for a lot of people, making a manual rule would be “rocket science” and the need to do so would make them dump CIS in a heartbeat. That’s if they hadn’t already done so due to the HIPS alerts and/or the sandbox.
Is it bad if Network Defense tells me that 0 intrusion attempts have been blocked? I have CIS Complete!
I have been using the Comodo Firewall since June of 2009. I think I started with v3.8. In all that time, I have never seen anything other than a zero in blocked intrusion attempts. I am behind a router and when I check it’s incoming logs, I see many things being blocked. I just think that the router is preventing any connections other than those requested by installed programs. The router seems to be blocking all the unsolicited attempts. When an installed program wants to either connect or receive a connection I get an alert asking me if I want to allow it. So far, since every alert has been for something I knew needed to connect, I have allowed every one and as I said, have never seen a single intrusion attempt blocked by Comodo. Even when I have turned on logging for the global rules and left it on for a few days, I still have never seen anything but a zero. I’m not concerned because I think everything is as it should be. If I was connected directly to the modem I would expect to see intrusion attempts being blocked by Comodo and I’m sure I would.
Exactly. Since most routers use NAT, your software firewall doesn’t have to work very hard. Consequently, your logs aren’t going to be showing much in the way of intrusions. If anything, you’ll just see system alerts. With dial-up however, your software firewall will be doing all of the blocking so your logs will show thousands of messages.
If you want to see if your firewall is working properly, just temporarily block an application such as your web browser and try to access the web. You’ll see a log entry that the firewall blocked your browser.
I am behind a router, with rules in place for its firewall.
If I run an application such as BitTorrent, I will see blocked intrusion attempts listed with the incoming and outgoing connections.