Comodo Firewall worse than windows firewall

for known safe things ?

okay can you give me an example of which thing or application or process you classify as safe ?

Making rules for known safe things is useless and unnecessary ??

ah ah yes, I have some advice, for free, you can install Java on your machine, it’s okay.
and let all plugin start automatically, that’s a good idea also.

do you think explorer is a safe application ? and svchost ? is it safe ? so we can set them as trusted application to use the network ?
yes that’s a great idea also, i’ll do that after my post.

there’s paranoia and there is what we call a logical and objective way of thinking and it’s not exactly the same meaning.

you can search the web for kernel-mode rootkit and read about it, that’s funny. and that’s also funny when you read on which solution is the best to chose to fix your machines. you’ll find how we fix that kiind of paranoia.

So if you are sure that you’re right, no problem, and do you have any antivirus ? and if yes, can you tell me why is it for ?

thanks for the heads up REBOL

Melih

LOL There are many known safe things. Far more than unsafe ones. I do have Java installed, as well as Flash. Flash runs automatically, Java on demand. Silverlight and .NET are also installed. So is UTorrent. I visit Facebook and Twitter almost daily. Internet Explorer is my default and only browser. I also use full autorun capability. I consider Explorer and svchost to be completely safe and don’t block them from anything. The Trusted lists in CIS are trusted by me fully. You have just illustrated paranoia.

I want free and unfettered usage of my machine and everything the net has to offer. I won’t cower and hide behind unnecessary barricades and not be able to do that. I refuse to let the bad guys dictate how I use my machines. I’ve also been online since 1999 and have never been infected by anything.

It’s known by everyone that at least 90% of the computer users in the world are sufficiently protected by the built in Windows Firewall and either MSE or the improved Defender in Windows 8. Especially so if they are also behind a NAT router. One of my older machines is using that exact setup for performance reasons. The ones I use more often are running CIS 7 but with only a few adjustments to the default settings. I feel very safe.

It was my pleasure, Sir Melih.

Still, such “happy news” won’t ever totally redeem you from the (un)holy task of further stimulating the ongoing development of the best free fw / security solution available today on planet earth, ye knowe?
Be proud of your past and all those recent achievements, but never be tempted to start resting on them. 8)
And don’t ever sell out (as Sygate and Lavasoft, amongst many other formerly famous out there, unfortunately did in the past…)!
Never forget, fame alone is nothing compared to “trust”.
Talking seriously about “trust” should never become merely a phrase to just “sell a product” or related things. Don’t get me wrong, please, I guess you know how I mean it.
Just trying to be honest as far as possible whilst not hurting.

Trust, in the end, is a rather private, personal thingie in my opinion…
Wot dat mean? 8)
If I’m able to trust you (I mean personally, as a human being), well only then I’ll be somewhat able to having at least some “trust” in your company as well.

You already did it quite right regarding this, methinks: just look and see what happened and changed during the last years concerning this special kind of trust COMODO is now being met with by it’s users.

(Re)gaining “trust”, i.e. (re)assuring and / or (if necessary) restoring “confidence” might not be a simple task THAT very easy nowadays.
What has been made public during the last months or so (and there will be more, it seems) indeed tends and really threatens to become something like a rather “tough nut to ■■■■■”. Especially regarding US based companies, sorry for having to say so.

But well, ok, here’s my statement:

No company on earth can be made “responsible” for just following their country’s / nation’s jurisdiction. (In a “moral way”, I mean here, especially not if directly being “forced”).

Now there’s a (not quite so) small difference between “being forced to do so” and “eagerly willing and / or having followed instructions to do so”, we’ve all learned from history, haven’t we? (I sincerely DO hope so, at least).

But what am I really trying to tell you and maybe anyone out there running a software company (without, hopefully, stealing your time)?

Well, that always depends on whom or what (or: if at all) one wants to serve / fight etc… if there’s one single noble motivation (just my opinion, you read it atm) amongst those many things man in his short life is able to follow, it has to be the intention to be neither on a preconstructed “good” or “bad” side (that always somewhat depends on - way too often - artificially constructed perspectives, as we all know), but to be on the “people’s” side.

It’s THEIR trust, in the end, that is mostly demanded by all those self-proclaimed seekers of “earning trust” out there. Some of them may be totally honest with their claims, but they’re in a difficult position these days (while most of them are simply NOT AT ALL interested in that kind of “truth” or “honesty” afforded by the depth of “trust” demanded by them).

So you gotta “prove” in one way or the other that you’re “trustworthy”, if seeking to be “trusted”.
That’s the crux of it all.

I think most of us have read their “Orwell” at least once in their lifetimes, and when I read it, it was not 1984 yet.

I am hereby openly criticizing (at least parts of) the (un)holy US legislation(s) [there’d be more to have a very, very critical eye on, rest assured) with these my - maybe - unimportant, insignificant words, confessed.
And, maybe as well, I’m regarded as an “enemy” or “human target” as of now.

Still, I’m free to give my opinion on that, right? How nice, thank you all, long live democracy!

Please let me just add one thing:

I’m living in a country (i.e. Germany) where the very thought of “democracy” has been suppressed “the hard way” more than just one time.

Some of those many things we’re witnessing today in “democratic countries” are NOT IN THE SLIGHTEST backing up / maintaining / encouraging the very thought of the real founding fathers of democracy.

So, well, happy pentecost / whitsuntide to all of you in just a few days (some left), if “applicable”.

Fighting can mean being “against” something, and it often has been, indeed.
Figthing “for” something really worthy of, by means of regaining self-determined life, human dignity and - very long way to go - brother(sister)hood, might take quite a bit longer.

Don’t ever give up whilst walking this lonesome road as I try to do and always have done, sad “enemy” me. 8)

Kind regards, REBOL.

Unfortunately, I cannot agree with you this time, Dch48.

At least in my opinion, ailef was totally right with most of his assumptions this time.

Kind regards, REBOL.

I’m sorry. :embarassed:

No, he’s (ailef) not paranoid by any means, methinks. ??? :-La

He’s right and you are not, at least this time.
Please don’t continue with your insinuations, that’s not the right way to go.

Kind regards, REBOL.

No I’m sorry, It’s not because you are not interested about exploit that it prooves that I am paranoiac,
I reject this idea. It’s not something that you like to learn and get informations about, okay i’m agree with that, people like different things.
But if you were watching a little what is possible with any OS any browser and any router or firewall or whatever you want, you would not see me as a paranoiac person. I just lijke to be informed on that kind of things, It’s a good school to see the reality of the world computing in term of securty. and it’s just facts, it happened, someone coded some exploit, and it like that hundred times as we speak.
So forge the paranoia, it’s not serious to call paranoia reality. you just have to search on the web, you’ll find lot of things easely and from companies that are not here to make jokes about paranoia but work all the time and release new articles on new exploits and that’s just a fact.
now If you think I’m not serious, because of facts, what can i say ? I will not make the job information for you, especially if you just dont care and take me for a person with a psychological disorder

And when you say 90% of machines in the world have enough protection with windows firewall , MSE and a NAT-router ??

I’m sorry, i dont want to be impolite but it"s a so enormous stupidity i read there that I dont know what i could say that would show you the reality… it’s to you to do the job, i can tell anything i want, it will just be useless.
Do you know how many machines are infected in the world ?
do you think that a firewall that doesnt control windows process is serious ? do you know how you can bypass any scanner ANY and last version ? you can search, you’ll find answers I guarantee you?
what is the gold with a NAT-router ?
Do you think that I can have any infos on your local network from the internet ?
I know the local ips of your machines, I just have to ask to your cmd to get infos i can get with cmd. but it’s not possible to access to local infos with a public IP of course ?
Do you h have google ? just ask
with some javasscipt we can see our local infos on a public website, why our local infos are on a public website ? in general it says, local and public can’t comunnicate because of the routers-rules unable to allow that. really ? so just some javascript shows the power of some nat-router ? that doesnt look that strong…

I’m not here to imagine stories then give it to you,
If you want to inform yoiursel, u’ll do it.

greetings,

ailef.

update : you said you were never infected, that’s a good point there.
But in my case today, I’m not able to say that i’m totaly sure at 100% that my machines are clean and unbreakable.
I used to think like that years ago, now I know I can limit the risks but I understood clearly that anything is possible with computing,

what you can do is enrypt your SSD system and use a crypted connection with their own DNS from side to side around the world, and i like to use comodo FW with defense+as it replies to what i want.

IF you run your machine that way, so the risks are not very important. but except this configuration, you’re juste the next target like anyone of us. I’m not here to telling ■■■■ to people, It’s not a respectable attitude as I like this forum for the freedom speach we can have. I like moderators, they do not have the big head like some places I’m bannned for a long time now, especially with french moderators, they dont like that you post what you think and opposite to what they say, (sorry for that but they can fuck off gang of ■■■■■■■■. I’m french and I can say I was banned from so many places that i never used any french forum for more than 10 years, I hate those young morons thinking they know how the world was created, So i’m only using english forum and i had never any probem with moderators… strange no ?
same on IRC, i was banned from most of french chans, lol, , now I found a nice place with people from different countries and there’s no ego problem, was some adding, i’m not sure it has any interest, in fact i’m sure it’s useless but that’s written noiw).

have a good day or night,
It’s always interesting to talk with people that dont have the same vision as you,
i like it as we always have something to learn with different point of view.

Come on, people… be more kind towards eachother, at least here, ok?

Kind regards, REBOL.

I am informed of all those things and just not concerned because the odds against a personal computer being infected are very high. Businesses of course should have strong security measures since they are the main targets these days. I will stand 100% behind my statement about 90% being sufficiently protected. A firewall really only needs to block unsolicited incoming connection attempts and a NAT router will take care of 95% of those. The Windows firewall will get and alert to the rest. Outgoing protection is nowhere near as important since a piece of malware has to get in and establish itself first before attempting to connect out. At that point blocking anything is already too late. It’s also very annoying to have to allow every connection manually when 99.99% of them will be not only safe but necessary for a program to function correctly. I have read the pros and cons about doing more and I know Microsoft’s stance and reasons for the defaults of the Windows Firewall. I agree with what they say and I agree with the default behavior of CIS with just a few adjustments which may not even be necessary. It would be very hard for anything bad to get through the layered protection of CIS, even in it’s default configuration. The fact remains though, that at least 90% of the computing public will never encounter anything really bad that needs to be blocked and will be fine with what Microsoft gives them.

I never said anyone had a psychological disorder. It’s just that many people have too much concern and worry too much about malware. In the process they lose or even deprive themselves of a lot of what the web has to offer. I refuse to do that.

It was a joke man when i said trouble disorder, dont take it wrong.

And if I say to you that if you allow outgoing only, I say that I will reply to you.
It looks like i can send you data as you allow only outgoing but that’s just normal.
there’s no need to get an incoming point to break into some machine. you can get what you want from your new friend using outgoing way.

you use torrent you said no ?

set the rule as outgoing only and do not add any port on your router outgoing or incoming, so tell me how people are downloading data from your machine
Because they still get data from you as you blocked incoming connexions.

Sorry if I looked like i was agressive for anything,
that was not my intention, I maybe used a way to talk too ironical and that’s not a proof of respect.
Sorry people I’ll try to moderate my the way i talk,
but it’s something that i cant promise as it’s part of me into the kernel

I think the CIS allows complete customization , meets all tastes with a robust protection.
Since that install with default settings to those who enjoy the principles of " System Hardening "

I use Comodo for years and never had any security problem or malware on the system.
I think that some issues can be simplified during installation ( choose the profile that meets the need for Balanced Protection , Maximum Protection, for Torrents … etc ) . :-La

About security in Windows …
if well configured, updated, sofware with reliable reputation and basic protection - the system is fine.
Agree with Dch48
Often the problem is linked to the browsing habits and installing software without minimum criteria.

About espionage, backdoors, and derivatives: it will continue to exist …
What remains is to choose the product/solution that respects the basic principles of privacy and maintains transparency on these issues.

“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.”
– Gene Spafford

Comodo was allways there like that. There is no surprise.

You are focusing so strongly on network firewall that you are seem to be forgetting about the protection the proactive components of CIS will bring. A rootkit cannot be installed by unknown, or manually sandboxed program is not allowed to install a driver or service. Unknown programs cannot change executables on disk bringing which adds more fortification.

Exploiting a programs may be stopped by the buffer overflow component of CIS. When concerned about security of internet facing applications sandbox them.

It’s common wisdom here at the forums that in order to notch up security from default it is best to start with enabling notifications by the network firewall.

There is much more security provided by CIS then the sheer tone of your arguments suggest. When looking for loads of control CIS can provide it for you.

For me Comodo FW is useless without Defense+,
I use it for years and i call it Comdo FW, that"s it.

I dont know if I’m focused on the Firewall, i replied to Dch48 and if it’s about trafic and network so that’s why I talked about the FW part.
Defense+ has nothing to do about netxwork analyze, it’s the firewall doing that, that’s all.

And please dont say it’s impossible to do this or that, I know that you know it’s wrong to think that.
I imagine that you know enough about computing so why telling that ? you know it’s false 100%.

People saying that corrupting something is impossible for this or that reason is not telling the truth.

There’s not just a limit for what is possible with computers, and I’m of course sure you know that perfectly.

" There is much more security provided by CIS then the sheer tone of your arguments suggest. When looking for loads of control CIS can provide it for you. " ??
what’s your problem ? Comodo is just a software, come back to earth,
i do,nt need any comodo or wathever called protected thing as my drive system is encrypted using TPM and as i connect to some tunnel or some VPN.

what’s the problem with that ? I’m right , that’s all.

Good bye Mister “i read in your mind” .

Let me elaborate some on tone and not finding your position very convincing.

Now that’s a hyperbole and that calls for solid corroboration.

Java browser plugin is set by default as disabled these days. Disabling plugins is a way of reducing contact surface but typically something to do with a browser rather than a firewall.

do you think explorer is a safe application ? and svchost ? is it safe ? so we can set them as trusted application to use the network ? yes that's a great idea also, i'll do that after my post.

You seem to forget that CIS protects these files and processes from being tampered with by unknown applications. This protection has served me well all the years I have been using CIS (since Comodo Firewall 3 Alpha). But if you want extra control CIS puts you in the hot seat.

there's paranoia and there is what we call a logical and objective way of thinking and it's not exactly the same meaning.

you can search the web for kernel-mode rootkit and read about it, that’s funny. and that’s also funny when you read on which solution is the best to chose to fix your machines. you’ll find how we fix that kiind of paranoia.

You did not respond to my observation that a rootkit cannot be installed by an unknown application (if possible Comodo would love to learn about it and fix the bug).

In all your reasonings have not been convincing me to use the highway hyperbole. You’re only referring to rootkit without solid proof CIS can be bypassed making it a scare tactic. Then I am not even commenting on the needless posing that you’ve been interjecting here and there.

If you want to be in the hot seat of extra control please take it but you have not been convincing when you tried to discredit trusting automatic rules for trusted applications.

CIS is a very powerful and empowering tool that will put you in the hot seat when desired.

okay, I’m going to be short, i don’t wan to discredit anything,
But don’t tell me you’re safe and there’s nothing to tell about that.

If you think that, It’s no because you think it"s the truth,
it’s a position you protect because you’re part of something to defend.

that’s all for me. people can search for exploits, they’ll find, there are hundred of pages on that and it can takes weeks to consult a little part of all.
your sofwtare is a really great piece of code, i agree 100% on that, but it’s just impossible it’s not unbreakable at all, that’ just not part of what is the reality and any code is facing this reality soon or late.

greetings,

ailef.

Sad but oh so true.

Thanks ailef. :-TU

Kind regards, REBOL.

A sure fire safe option is shown in the image in the attachment below.
Edit: Re-worded for clarification.

[attachment deleted by admin]

Rule number one:

Never (and I mean it) open any kind of attachments. Especially not if having been attached by someone you regard as trustworthy or a friend. It could be a trap. >:-D

Kind regards, REBOL.