Comodo Firewall Wishlist v5[Closed]

Here is a Feature (that probably is already talked about here in the forums but doing key word searches I did not come up with a direct hit :-[ ) and that is identifying IP addresses that are blocked.

I know ZA Pro had it and it would allow you through another company to contact that IP provider.

Most times we learn from information.

Can Comodo take those flagged IP addresses and glean information (in my instance a few weeks back that a beta program was not closing down and I was getting hit 3-5 times every 5 seconds).

What we consider high may not be high in the amount of blocks, but if a certain IP address keeps showing up with a Serious attempt That IP provider should be contacted, in the attempt to clean up or Stop one of the million Zombies that are networked.

There are too many to try and clean or stop each Zombie, but to notify and keep notifying each IP provider might put some bumps in the Zombie network.

High Severity Blocks most definitely should be reported back to the ISP provider. But also if enough blocks from an IP address medium severity block occurs again the ISP provider should be contacted not only to check but to improve performance for that user and their network.

Do most ISP providers want to quarantine and disinfect zombies on their network, and also if possible improve performance of their network resources ?

Oh this would only be done manually, by administrator of the PC. So Comodo would not be spying, but the user would be using a collection tool provided by Comodo and forwarding it on. This tool should be for both High and Medium blocks (a preset count by day or week) or the user could identify a particular IP address.

UncleDoug

Anything that makes setting rules and applications easier while still being as secure (ie noob friendly)

I add my vote for a History file, preferably user-configured. I watched my boot-up activity log and found a remote web site that I had never heard of accessed by scvs (I think) and I was hoping to find the underlying initiator of that connection. It went to a web content provider called Akamai who contracts to some of the big web content providers. It was barely mentioned in Google, with no useful hits so I had to do a WhoIs to find out who that site belonged to. If I don’t HAVE to have them mailing home, I will be blocking them, but I can’t find out which program initiated the link and the activity log vanishes almost before you can write down the connection details. There is a lack of information on the connection of interest in the activity log and I was wondering how many other stray connections are allowed without my knowing who they are. Logging security alerts is fine, but I want to be able to (occassionally) review the actual connections that are happening that DON’T trigger an alarm.

So, let bring my little stone to this (fire)wall:

First, about me and why and what I expect from a FireWall…

• I started at firewalling long ago with ZoneAlarm free until the day he decided to block my web randomlly (needed reboot !) At this time most available firewall limited their action on ports and protocols, so I was happy to find…
• Kerio, with a neat interface about what could go in safe or net zone or not. Unfortunally Since Sunbelt, this fireall is doomed with poor improvements and rich bugs! (ie: blocked 16bit apps for mounths. ie: last version can pop hundreed time for the same rule if you don’t answer fast)
• Then I needed a replacement, and looked around reviews (most I found are outdated. after some testing ( outpost4 too big and complicated ) finally used Outpost for a few days.

I’m not a firewall/networking/safety expert, but I spent some time understanding how all this works, and I like to understand (and have control on) how the things go !

So what I expect from a firewal:
1 - To be a firewall, nothing less, nothing more ( my browser will take care of popups!)
2 - No crashes/bugs/problem to run (and acces net), for my other apps.
3 - Acceptable CPU/memory load.
4 - Ease of use & configuration
5 - Effectiveness as a firewall
6 - Not too much warnings ( => careless reply )
7 - No warning ( for children ) capability

CPF2.4 seems to comply some of those conditions. What I like with CPF2.4:

• Suposed to be efficent (from various reviews)
• Nice and simple interface
• free

Now what I dislike, (and suggest to improve!):
Safe/local zone:
The way it’s implemented in CPF is really hard to understand for newbies. I’ve been used to this concept with Kerio, and think it’s a good way to help noob users to uderstand & choose what can do what. Today many users have some kind od adsl/wifi router, and even don’t know it. If the “local/safe zone” concept is not easyer for them, Comodo will be fast discarted…
→ Add a new tab in security page: “safe zone”, here show the current safe (s) zone(s), the buttons to add/edit/remove entries, and some explanation about what is the safe zone for the noobies.
→ Add some router info or a wizard to let computer communicate with the router as needed ( and WAN zone)
→ Add a check box ( checked by defaut) in rules: [x] rule apply in safe zone.

Network Monitor tab:
I needed to explore the forum to understand the importance of this tab. Even this way it’s hard to remember / use this…
→ Add a “Back to default rules” button
→ Add some explanation in the help file.
→ The “Application monitor” and “Advanced attack detection” are performed somewhere between Network monitor rules. very disturbing ! Put them in the network monitor rules list ?

system and core windows files protocols
All those system/system rules are mysterious. What apply to networking or some other higher level functions that could be blocked? (file sharing, WinUpdate, …)
→ Some generic (virtual ?) undeleteable application rules should be added here.

Scan for known applications
Supposed to know 1000s of apps, strange this feature found IE OE, Mozilla. Nothing more!
Even Opera was not found ! And only C: was scanned.
→ Option to scan other disks.
→ How to see the list of known apps ?

Alerts for the system default browser
Most apps offer to open the link to their web site using you defaut browser (shellexecute) or use your browser for their help system.
I even tryed to create a rule to allow opera with not parent, but no way ! The only way is to remove all advanced checks… if the browser is already running.
I understand that malware often use other app to access the web, and the need to know who ask the browser to browse is important, but the system default browser should really be allowed to launch an URL !

Alerts or no Alerts, that is the question !
This is an important missing feature:
Supose you configure a computed for children, and wish only a few app to go silentlly to the net and refuse access silentlly for all other cases.
→ I suggest a new level in adjust security level: AllowAll / Custom / AllowThrusted Only / BlockAll
→ Here we’d need some pwd protection or possibility to remove icon from tray.

Rules, parent applications, and interactions
Those rules ( ie: my prog wanna use or change Opera) are not seen in the GUI. I understand it would be really complicated to have a simple/nice GUI for that.
→ I suggest a new tab: “Parent application Monitor”.
Here you could state an application is allowed to be the parent for all / Default browser / stated app (ie: explorer.exe allowed to be parent for all), state if it is allowed to use command line, DDE, Window’s msg, injection etc… or not.

Conclusion:
Been myself programmer I can understand CPF has a design mostlly based on complicated rules, and it’s somewhat hard to make things seem simpler for the user. ( ie: safe zone, parent rules )

Been often asked by friends/familly of advice/help to install/configure computers, I think CFP still needs some improvement before beeing a perfect choice for beginners.

Edit on sept 24th:
After testing beta 3.0x, I see some wihes her are alreaddy taken into account, even if at current devellopment stage, the beta interface is still confusing…

New good important functions ideas

(:KWL)
reset options
return your settings back to the original values

---

(:KWL)
these access rules more (when it ask to let program go to internet)

-outbound access only
-allow access once

I was a ZA user for many years, and one of the features that I miss is the option to set a timeout internet lock.
Thanks…

IMHO, the external log viewer is one of the most important diagnostic tools in the app. Why then is it buried under CFP - FIREWALL - COMMON TASKS - VIEW FIREWALL EVENTS - (Wait for long refresh tme) - MORE? That’s 5 mouse clicks to get to one of the most needed functions.

How about adding the external log viewer to the system tray context menu?

Ewen

I don’t think so >:(

Just kidding ;D
(:AGL)

---

Anyway the log summary(the More... one) is a bit slow indeed. Looking at the standalone Log it is evident that the code used in this case is not Optimized as the listbox is redraw many times in order to populate the log summary (look at the changing size of the scroll bar)

A wonderful feature would be a rightclick create rule from the log summary.
If I have to add my two cents too I would like an option to export the sqlite db to a mdb one

I found out a sqlite ODBC driver but I found that a bit difficult to configure

---

BTW many members posted here their wishes, what about posting the same content to the corresponding beta Feedback topics or splitting V3 posts?

I’ve asked something similar. But i put it in different terms: why is it external?
Why do i have to click links to view the firewall itself (the rules). These should be on the main window, in a tab.
The logs should be just a different tab. Just like in 2.4 . I don’t like handling all these windows, just to access the firewall’s main functions.

Just switched from ZA and one thing I really miss is having the tray icon show the network traffic meter. The animated up/down arrow in CF only shows that there is traffic but not the strength. Any chance this is part of the beta?

Also, second the request for an Internet lock.

Please add the option to export settings (as an XML file, for example), this is an essential feature still not implemented in CPF. For example, when I reinstall my system, I’ll have to tweak all CPF settings by hand again which is very tedious. It would be great if there were a command-line option to generate the XML for automated backup scripts and such.

One feature I would like to see is the ability to create a Zone from individual IP addresses in the Add/Remove/Modify a Zone section. Just like we can if we have a list of ports (53,135,1026). We separate them with a comma.

I have several DNS servers that do not have sequential IP addresses such as 172.1.10.114, 172.1.10.120, 172.1.10.200. I would like to make a zone so the applications can reach all the DNS servers without needing an entry for each server IP.

Right now Comodo FW only allows the Start Range and End Range and doesn’t allow a custom zone.

Enter v3; it does what you’re looking for, although in a slightly different way. You define the Zone, then add individual IP addresses, ranges, etc to it on separate lines within the Zone.

LM

Perhaps some of these have been mentioned (I’ve not time to look through):-

• When you multiselect application items, you need to be able to do a bulk edit, or at the very least provide more options on the right-click: for example, one may well want to multiselect items and choose ‘Skip parent check’, either as a bulk edit or right-click option
• I’ve just updated my program launcher so its cryptographic signature changed. I then got about 100 popups saying its signature had changed as parent to a program. When a cryptosignature changes, the popup should give an option that says ‘accept this new signature for all applications where this is currently a parent, not just for this particular program’
• When a new application is first detected, the popup needs to allow more settings choices, like whether to care about parents, ports etc
• In the application monitor list, allow choice of what columns you want to show (out of all available), like a column for Parent application
• When you update the settings the application monitor list refreshes (not instantaneous) and loses its place, which is a pain when you are going through revising a lot of settings. You need a box that turns off the list refresh on screen for a few minutes.
• Big problem with use of system forecolor on fixed white backgrounds when you have a white or light system forecolor.
• Could alerts be faster in their response to confirmation click (or is that a user illusion)?

All the best for this excellent product,

david

• as an amendment to my last post, I wonder if the popup issue when the parent crypto signature changes, occurs particularly when it does so whilst the child program is (and remains) running, as I seem to have been answered the same signature question many times over, but after closing the program (e.g. an email pop3 checker) and reopening, the questions have not reappeared for that program

david

Just an idea to add the BOClean functionality to the next generation of Firewall (CPF 3.5 or maybe 4.x) . So in Summary Tab will be: Network Defense, Proactive Defense, Memory Defense, and finally Anti-Malware Defense altogether.

Hallo!

I think a very interesting feature for comodo Firewall would be the support of the ARP-Protokoll for filter rules.

Welcome to the forum, hans! CFP v3 is integrating ARP protection. v3 is currently only in Beta testing, but the final release promises to be quite good.

LM

A small wishlist to add to those already listed before by other users:-

A- Ability to save log files in both HTML and text.
B- Extra window pop-up or systray icon changes when there are security alerts.
C- Larger databases on Comodo servers for safe / unsafe programs and,
D- Quicker response from Comodo servers on the above.

My wishlist
Daily

Hello to wholes!

Forgive if not they understand some my English, but the thing is that I do not know . I use a translator.

Answering, I would like that they improve the form to give permissions to the applications that they get hooked in to the principal. Example: If I authorize to an application, connected contact with principal father, firefox.exe, in order to say something.

No himself if I am explaining to myself.

We see ourselves!!

Regards to wholes!!
(:WAV)