I have been using Comodo 3.5 Firewall + Defense+ for the past few months, without any glitches so far.
I have two basic questions:
a) how essential is it to update to version 3.9?
b) I realize that the best option for me would be to do a clean install after uninstalling v3.5. However the installer exceeds a mammoth 70MB… of which the only useful component for me is the Firewall. I am not shifting from Avast as of now for AV.
I have recently got a one-year license key for Online Armor (full version), whose installer weighs in at hardly 10MB or so.
Which would be the better option to go for? Can someone who has used both, present a pros-cons comparison of the two.
a) Lots of fixes and security improvements, e.g. (BOClean is included in v3.9), thread sense is a nice feature (online check on COMODO website for security), better self-/System-wide protection. Only gets better and better, so i strongly suggest it. BTW, if you want to check the change log you can see them when you go ‘Miscellaneous’ → ‘Check for Updates’, appears a small window saying updates are available, at the bottom there is a underlined message: ‘Detail…’ or something similar. You wont be able to make a self-update from v3.5, the updater will give a link to the full download, so yeah, is better you uninstall and make a new install.
b) Man, the price of 70 MBis little compared with the world class service of CIS v3.9, even if you don’t install the AV the large database still is used for malware search when you install the product and can recognize malware when encountered I think (without AV I think still does this, not sure). I use Avast! for Antivirus since a couple of years ago I got a bad experience with the AV (Windows would restart in a loop without getting even to the desktop I had to reinstall all over again WinXP and apps), also I tested a few months ago and avast caught more viruses that COMODO AV, that’s why I suggested that Avast! work together with COMODO, so I’m not ready to go full use of CIS at least on the near future.
Yes, i guessed if the new added features make it essential to update the version. However i am not so sure about the malware database being shared by the Firewall component. The last available standalone version of the Firewall (available at majorgeeks.com) is about 18 MB. So i am guessing the Firewall component of the 70mb suite would be amounting to about 25mb or so.
You are ■■■■ on about using Avast. It has not failed me yet, and the ability to turn on/off the modules comprising the Avast security mean that i can configure it to run on my low config set up.
But i still wish to know the pros-cons vis-a-vis Online Armor. It is a proven better detection firewall, but is it worth to change to it.
This is just a nonsence without any valid proof. OA AV+ (or ++ shortly) is a multi layered security solution. As for me I think HIPS and firewall is enough to be safe, still I have AV just to save my time, for it can detect the known threats at the very early stage. But most people are just not ready to use HIPS, unfortunately. So the way to go seem to be virtualization (sand-box like approach). And as far as I know OA moves there already.
Actually, this is not a problem to handle this situation gracefuly. All you need to do is to control memory allocations. And this is not “just a test”, this is qute real situation where a program with memory leak can bring your system to the nonfunctional state. Controlling memory allocations you can save a system from such programs. OA already do it since some recent beta
This approach is wrong. If you control “\Device\Afd\EndPoint” you have a lot of the false positives and mislead the users with the wrong alerts (or cause their programs to work incorrectly if this device is blocked).
To handle this situation gracefuly you need to control “\Device\RawIp” at TDI level. Unlike “\Device\Afd\EndPoint” this brings a lot less false positives and much more meaningful security alerts. Usually programs do not need to use this device.
Needless to say this is what OA does for a very long time already
I have Avira Free and OA Paid running on 10 machines now. No troubles at all. Also nobody getting locked out of there pc like CIS users. The top av and the top firewall. Avira and OA. A match made in Heaven.
This particular test just passively sniffs the traffic and poses no real risks. Internet Traffic is ASSUMED to be SNIFFED all the time anyway. As soon as your packet leaves your PC, it can be sniffed by anyone else. It is not a threat at all.
There are many ways in windows and recently with windows Vista that can be used to sniff the traffic AND ACTUALLY SEND custom packets bypassing the weak firewalls. CIS filters the ones that can be used to bypass the firewalls by crafting packets.
I remember your username from wilders forum. Some of your posts about COMODO, trying to be technical, were misleading (willingly or unwillingly) and clearly wrong. E.g. CLT DuplicateHandle tests with DUPLICATE_SAME_ACCESS being no threat at all(Perhaps because your product was failing?).
I did not pay too much attention but If you are affiliated with the development of the product you are advocating, we can have a technical discussion in detail.
Otherwise you should thank COMODO as a user that because of our leak tests, your company is trying to cover some of the real threats.
Egenem, it is allowed to Melih do not understand this, but you should understand this is a kind of a DOS attack. Security should protect system, not just itself. There is no much sense in security that can protect itself perfectly, but cannot protect system from DOS. And yes, the test itself was designed with somewhat different purpose, but while it is allowed for the users to take things literally, security experts (which I hope you are) should take it not only literally, but to see all the possible outcomes, especially if they claim to be not just “test passers”.
Your approach starts to frighten me. I do not say this is too high risk, still this is the same risk any keylogger/screenlogger/webcamlogger presents. There is no logic in catching screen/webcam loggers while ignoring tcp/ip traffic loggers. Nobody knows in what way a LOT of third-party programs send data over non-crypted connections. Security MUST guarantee this traffic cannot be sniffed at least on a computer it is installed on.
This is theory and nothing more. In reality they both do their job very well, and even if one of them fails, another one still does the job. On the opposite side if CIS fails, it fails completely, not to say its AV module is far from perfection. So theoretically you are right, but practically you are not.
Although it would be interesting to test OA on a system with only 128MB of RAM and see how many DOS will prevent…
It is interesting to note though that actual security experts may object when they acknowledge no real threats and get their opinion about such individual who put so many efforts to stretch the perception of casual readers.