Comodo firewall - Not Ready For Prime Time Production?

Greetings Staff and Friends of Comodo,

It is with deepest regret that I’ve recently unloaded Comodo Firewall from my office systems. I might add that the PC’s are AMD 64 dual core and single core models with different XP service Pack 2 editions installed ( both 32 bit). Prior to Fiona the 3300+ was being bogged down unacceptably by the 23% baseline cpu usage and 90+% cpu usage spikes. The 5500+ was able to handle the massive cpu usage and remain functional but slow.

Fiona changed everything… CPU usage dropped remarkably to less than 5% on the 3300+ and I was quite impressed. But the 3300+ began to experience random crashes… windbg revealed that the error was : “Probably caused by : cmdmon.sys ( cmdmon+7299 )” but the 5000+ remained stable until about 2-10-2007 or 2-11-2007 when it began crashing shortly after bootup (only if the pc was off for an extended period of time) The event log showed disk errors and atapi errors and the crash dumps were inconclusive, so I uninstalled all of the software that might be suspect (except the Comodo Firewall that I was so impressed with). Actually I convinced myself that the problem with the 5000+ was hardware related, although all the hardware tests passed repeatedly. So at my hardware vendor’s insistant request I reloaded the OS from scratch. And the crashes are gone. As it will take another week to reconfigure the 5000+ I recycled the 3300+ and noted that all of the crash dumps showed cmdmon.sys as the likely cause. And as I now could no longer accept random crashes in a first line production machine. I discovered that it was, first of all, Comodo software, second of all it was installed on 11-23-2006 and modified 2-11-2007(!!!) which coincided with the AMD 5000+ crashes. I uninstalled Comodo from the 3300+ when I checked and noticed that your most recent update didn’t change the cmdmon.sys file and the random crashes are gone.

Gentlemen and ladies, I won’t trouble you with my resume, but I do need to add that I’m no novice. So when I say the following it is from experience… Your firewall is a very promising beta product. I ran across similar issues with Jetico’s rev 1 beta release. But they labled their software Beta. And since I uninstalled Comodo, I’ve tried their 1.0 production release and it works (so far - on one machine) Frankly had I realized that Comodo was beta-ware, I wouldn’t have implimented it in a mission critical, production environment.

I’d like to conclude only by remarking that my principal complaint is not with your software… it shows real promise and I’m certain it works on certain platforms. Some day it very well might be the very best firewall anywhere. But rather, my complaint is with your revision levels. A 2.x revision level indicates that the software was 100% stable and has had one major upgrade… (well anywhere except M…soft) As my best friend (senior engineer for a fortune 100 tech firm) says, software needs to be rock solid first before you worry about how it works otherwise. Firewalls that crash computers aren’t stable and those that use 23% -100% CPU aren’t acceptable. I would very much like to try Comodo again when all the kinks are worked out. But how am I to tell when that happens? Perhaps you might label it “Production Release”? Well, I’ll stop by regularly and watch your progress, when you get to a revision level that’s solid, please post same in the announcement section. I wish your firewall development team great success.

Otherwise, as I’m posting a long missive anyway… I might add that I looked at your data backup product, also not suitable for backups in a production network environment where there is no way to tell who has a file open at the time of an automatic backup. The software needs at least microsoft shadow copy or peferably some better way of backing up open files and industry standard security practices require that all off site data storage be done in a highly encrypted fashion (which I didn’t notice in your software). According to your resume, the encryption feature should be easy for you to impliment, and worse come to worse shadow copy in XP might resolve the open file problem, but you could likely do much better.

If I’ve been overly critical please forgive me, I will be reloading and configuring a very complex computer for the next week or so, aside from and beyond my regular 60 hr/wk job requirements and I’m not really happy about it. But if I didn’t see great potential in your software, I would not have taken the time to send you this comment.

Best regards,

~R~

Hey R (you gotta love short nicks ;))

Thank you for taking the time to post in such detail and with such a considered tone. It’s appreciated by all.

The cmdmon.sys crashes are a high priority at Comodo. They have surfaced in the latest release of CFP (release version 2.4.18.184) but only in a small percentage of users. I have CFP installed on 8 PCs at home and over 120 PCs at work but I am yet to strike this issue (having written this down, it is now certain to happen though). My neighbour, however, has had to revert to 2.3, as it would cause crashes on both his PCs (different O/S, different CPU, different RAM, different installed software base).

I can’t spot the cause on his PCs, same as I can’t spot the “lack of cause” on mine.

V2.4.18.184 is not a beta release, however. It is a stable release and has proven stable on hundreds of thousands of PCs, but this does not diminish either the impact of the defect to those affected or to Comodo’s commitment to track and kill the bug.

If it’s OK with you, I’ll PM or email you when anything further arises on this issue.

Again, thanks for your considered response.

Cheers,
Ewen

Thank you Ewin for your kind reply. Perhaps the crashes are AMD 64 or XP sp2 specific, because the other hardware in my machines is different. But I can’t say for sure as I no longer run intel or other off brand cpu’s and I didn’t try Comodo on my NT servers or win 2000 machines due to it’s resourse requirements. As I was convinced that the crashes on the 5000+ were caused by hardware failure or defect, I didn’t save the logs or crash dumps, but anyone interested is welcome to the minidumps from my AMD 64 3300+ .

I do suspect however that the Comodo sys driver crashes are more common than you think. Their not intuitive as one machine just crashed randomly and the other logged hardware errors. Even some crash dumps occaisionally showed other drivers were suspected ie. incd. I do understand the drive to get production levels out and the desire to improve functionality as my company developed it’s own propriary software (under my management) and the clammor for new revisions was deafening and sometimes lead to the occaisional oops. But if you should ever have the opportunity to speak to your management team, you might want to remind them that for many people, some who aren’t backed up, one system mulched is likely to turn them off forever and a reputation for buggy software will long outlive a bad rev. level. Btw, I would have gone back to rev 2.3, but that one was eating too much cpu.

Perhaps there is a happy medium… if there was a rev level the worked 100 % right, you might want to consider keeping it on the web site for mission critical applications, better a few less bells and whistles than crashes??? In any event, yes I would very much like to be notified when Comodo gets the kinks out. When your software works, it works very well, but if I have to work through another weekend and another three shift week diagnosing, backing up, reconfiguring and reisnstalling propriatory software (that doesn’t come with prepackaged installers) I’m going to have a real hard time re-defining the term “free software” to the rest of my office and my family.

Again, thank you and I do look forward to hearing from you soon.

Best regards,

~R~

Hey R,

Please underatand that I don’t work for Comodo, I just do this for fun, and to help people. As such, I’m not privy to the stats that Comodo may or may not keep on reported bugs, I was just working things out from what has been posted on the public forums. I don’t know if Comodo have any mechanisms for measuring the scope of reported bugs or how they prioritise the fix patterns.

Could you please PM the minidumps to “egemen” on these forums, or post it here and I’ll forward it. The sooner they get hard factual traces of the error, the sooner they can nail it.

Again, thanks for your considered reponse and your understanding.

When this is rectified, I will PM or email you, as promised.

Thans in advance,
Ewen

P.S. I’m starting to come around to your way of thinking - strip off the bells and whistles and provide a stripped down version that just gives the same sort of straight forward functionality as iptables under Linux.

I’m glad to hear someone else tell it like it is. While I applaud Comodo’s achievement in making a light-weight firewall product that competes with the firewall heavyweights, and providing it for free, I can’t overlook the fact that CFP is essentially beta software and users are not duly informed of this.

After the amount of time I invested in trying to come up with a way to install CFP and get the monitors to turn on, I feel that I have been cheated. If Comodo is willing to spend their time coding this nice firewall, I’m willing to spend some of my time beta testing it. But, pushing the product as a stable release when it is clearly plagued with many issues is not going to win the admiration of many potential users.

NP

NoPayne

I can’t help think that you are not a user but someone trying to discredit Comodo!
You are not coming to forums asking for help. If you check the postings once can see that all you have been doing is trying to discredit Comodo, by finding unhappy users and trying to fuel arguments.

Why are you doing this? You claim you had an issue, we offered to help you, but you don’t seem to be asking for help in these posts but simply trying to discredit.

if you have an issue let us help you (which you have been avoiding), if you don’t, whats your agenda?

Pls refrain from disseminitating incorrect information. You are entitled to your opinion, however naming CFP beta and blaming us for not informing the users that its a beta is a pure lie!

Melih

Probably because he has no life, and has nothing else better to do then come here and start problems.

There is always 1 in every forum(unfortunitly), no matter where you go, and its a shame.

Sorry, but, I am not a beta tester, I’m not smart enough…But…I do like the firewall and I do like the way these forums are run!

Keep up the great work!!! :■■■■ :■■■■ :■■■■

I am not going to dispute “R” and the issue he is having on his corporate machines… I am sure his points are valid. But, if NoPayne is doing what Melih states, that is sad…

I find Comodo to be a very nice firewall so far (except that I can not yet password protect the settings, which Ewen said in another thread that V3 will have this feature).

Actually, I find the Comodo Firewall to be the best free software that I have ever used before. It does not have some of the bells & whistles of ZoneAlarm Pro (which is NOT free), but I think Comodo Firewall’s incoming/outgoing UDP/TCP network connectivity monitoring, application monitoring, and dll monitoring are more intuitive, provide more useful information at a quick glance, and is generally better than ZoneAlarm Pro at the main goal - of being an inbound/outbound network filtering software firewall.

I currently have Comodo on 2 of 5 machines in my household (the 2 that the kids and the other family members cannot use). As soon as the settings can be password protected, I plan on installing it on the remaining 3 machines.

John

Gentle Persons,

Please don’t fight over my comment. First of all, in all likelyhood the Comodo firewall does work well for some users, probably many if not most of them. And my needs are particularly mission critical. My firewall and other security measures may very well be protecting some of your sensative personal data. Comodo came highly rated and did pass most of my in-house tests prior to Fiona, even though it had the cpu usage issues.

When I called Comodo Beta, that wasn’t intended as a knock against the firewall or its development team. Every great piece of software we all depend on for our cyber lives and livelyhoods was once Beta. And it worked for some people right away and hopefully got better and better as the developers got feedback and spent further sleepless nights.

There is another competative firewall out there that is currently working on its 2.X Beta revision. And frankly it’s getting some pretty good buzz. But when I stopped by their web site I noticed that they posted the warning “Do not use in a production environment” so until Comodo gets a few kinks worked out I’m using the competition’s stable (well rated but likely inferior) 1.X revision and it works exactly as promised. I might note it hasn’t had a service release in over a year. But to be entirely honest, some years back I evaluated that same developer’s beta 1.x release that was so gawd awful that it scrambled the hard drive on my test machine. (I might note that the release I have canned isn’t even in their “official” revision history). Despite crashing my computers Fiona did resolve the CPU usage issue on my machines so it is clear that the developers are working ■■■■■■■ their software.

Although, I would prefer that Comodo would post a notice of some sort about use in production environments and personally feel that the traditional “Beta” definition still applies to the current rev. level; to their credit they have left this thread on THEIR forum so that IT people and home users can read both the negative as well as the positive remarks on their product.

Honestly, I believe that Comodo is closer to getting it right than going astray. And very likely a more cautious Network Administrator or Engineer would refrain from using a product that has had a major revision in at least 6 months… I might note that the US army kept a Novell rev. level for several years after it had been superseeded everywhere else until they updated to another level that was also obsolete but stable… All in all, I don’t know if I’m right or wrong about the definition of “Beta” but as far as I can tell the nice folks at Comodo have stepped up to the plate and admitted that their software has certain stability shortcommings and seem to be honestly dedicated to working out the kinks. This is a very fine start and more than some software giants have done. So what I really meant to say was let’s not fight over semantics. Yes, the firewall has some severe problems on certain machines, this seems to be a given and yes it is particularly frustrating when it affects us personally. I’ve lost several nights sleep reloading and reconfiguring mission critical machines as well as testing replacement software (and there are a lot of highly rated but marginal firewalls out there to test). Still I have high hopes for Comodo. If they concentrate their efforts on stability first, bells and whistles second and maintian their dedication I could see their product as a production environment industry standard. Some day, this will all seem like a bad dream, the software will be bug free and we’ll all cherish our free lifetime lisences. So yes, if your machines was mulched you have a right to be upset, and a notice might have prevented me from testing Comodo in my offices, but I still would have tested it for home use. And very likely so would you. I have used beta software privately and often with very good results so their warning would not have saved my home machine had I gotten around to using it there and likely you would have taken your chances too and been none the better off. So let’s not fight, let’s play nice. The Comodo people are working ■■■■■■■ creating a great product, and some people who have had their machines mulched are likely to be ■■■■■■ because it still has a few quirks that mulch certain machines, niether side is wrong, both are likely well intentioned kind and gentle people that mean each other no harm…

If I caused this fight, please forgive me. BTW I still owe Comodo a few crash dumps, and will send them as soon as I can find time… sorry for the delay.

Best regards,

~R~