The Comodo firewall can be as strong as the user wants it to be. The test quoted in this thread is using it in the default configuration that allows all trusted things and does not use HIPS. Even in that config, the Behavior Blocker will stop or restrict things before they even get to the connection phase. I use it mostly in the default mode without HIPS but with notifications turned on and most of the checkbox options selected. For me that’s the best compromise between security and usability/silence. I don’t filter IPv6 because it’s not available through my ISP anyway. I don’t use TrustConnect because my home network is the only one the machine will ever be connected to and also because I use a wired connection. I also don’t think TrustConnect is enabled by default so that may have also impacted the test results given here.
Those with Test.
The question is not this, but the applications running in the foreground or background flaws, imagined someone defrauding a digital certificate (this happens daily), create a trojan or keylogger, an injector (and leaktest firehole). You or someone using your PC download and run this file and have their data stolen your mail or bank.
Remote attacks are hardly used the way these simulations HackerWatch and GRC sites.
The primary means of data theft is done by malware installed on the PC including those exploiting legitimate software and that CIS does not emit warnings if HIPS is not enabled.
I performed a battery of tests with various tools and scanners and without doubt I would classify as good protection.
The CIS 6 showed a very good index and CIS 7 I believe over time will be even better
The ones that were well in the tests along with the CIS, were the Bitdefender firewall and WebrootSecure.
I’ve tested almost all suites firewall free and paid, often end up coming back and installing the CIS.
Actually all of us are concerned about security, and I think that could be improved here is a way to track, report more easily vulnerabilities to be corrected by COMODO team.
Melih, why not implement a rewards program for incidents, exploits, bugs found?
One idea is to perform marathons that reward the best in their findings and ideas
Thought of the day: Being safe online is also a private matter of common sense:
Visiting harmful sites or put whitelisted suspicious programs will not improve the particular level of protection :a0 >:-D
This is not a valid test case. You installed Team Viewer on your Win 7 in vm. Then you access Win 7 in vm with Team Viewer. That is a bypass by user.
Although I am not intimately familiar with Team Viewer it works different from Windows Remote Desktop. We are discussing a test that uses Windows Remote Desktop.
For those who want to test
tests with applications
firehole: http://keir.net/firehole.html
This is also an invalid test case. In this video CIS is not bypassed. It is behaving as it is designed to.
When using application rules it will only check the path (not the hash). CIS allows the user to do everything where an unknown application will not be allowed. CIS is the nanny of program behaviour not of human behaviour. If you want to see this in action make a script file that tries to do the same thing and see it fail.
For those who want to test try Windows Remote Desktop and see what happens. When testing also address:
If you are referring to a man in the middle attack then that is not what a firewall usually detects. It is up to the browser to handle it properly.
create a trojan or keylogger, an injector (and leaktest firehole). You or someone using your PC download and run this file and have their data stolen your mail or bank.
Unknown files are not allowed to inject. I remind you that your test case was invalid because the user can do everything where an unknown file cannot!
Remote attacks are hardly used the way these simulations HackerWatch and GRC sites.
The primary means of data theft is done by malware installed on the PC including those exploiting legitimate software and that CIS does not emit warnings if HIPS is not enabled.
The buffer overflow detection of CIS will stop a significant amount of exploits.
Okay disregard my previous arguments’m not professional in information security.
A firewall should alert about incoming connections.
When I accessed the work area via teamviewer server has not been through the internal network I’m connected, so is a vulnerability as well.
There are similar software and need not provide data authentication.
The test itself does not specify something that was used, but the glaring flaw of firewalls that allow remote access and teamviwer is intended for this type of access and has an aggravating factor in the tests at the request of chip.de site was probably done over a network internal and my access was made from an external server. 6. Since the test was done using Windows Remote Desktop, demonstrates that malware with digital signature recognized by CIS which will allow external connections.
Conclusion: The firewall without HIPS and sandbox will fail to recognized and signed applications.
I really want to know why COMODO has so worse result in their report, so now, is COMODO staff going to ask CHIP what the detail is, or no?
I think one week is enough for COMODO to contact CHIP, if COMODO select to ignore this report and doesn’t give an answer, maybe we should move to other security product.
i would not like bringing trouble in your topic but will you please answer to the question of the topic :
is comodo firewall worse or not than windows firewall ?
are the test a non-sens ?
is it only a theoric question ?
what are the tests that comodo team should approve ?
how comodo firewall must be configured ?
why if there is a doubt , do you not promote windows firewall ?
Found this on their web page.
from 1-7… those who got full house (score perfectly are all in nr 1)… and so on
Nr Name of Software Score
Ping - File Sharing - Remote Desktop
6 Comodo Free Firewall 6.3 + + –
7 AhnLab V3 Internet Security 8.0 – – –
7 Emsisoft Online Armor 7.0 – – –
7 eScan Internet Security 14.0 – – –
7 G Data Internet Security 2014 – – –
Key to ratings
++ : Complete protection. The product protects the computer completely against all three forms of
access, regardless of whether the computer name, IPv4 address or IPv6 address is used.
: Partial protection. The product protects the computer only in some cases. For example, it may
protect against attempted access when the computer name is used, but not if an IP address is used.
– : No protection. The product allows access using computer name, IPv4 address and IPv6 address.
The information that icemaniceer posted isn’t from Comodo’s website. It’s the same information that’s been talked about this entire time. I can’t even understand why it needed to be posted when, by this point, it’s stuff we already know.
It brings us an another point of view from [Found this on their web page] and a little bit of fun : sorry to have disturbed you [at]cassette- it is like if i have asked it to [at]icemanIceer.
When will these famous enterprises have the courage to learn us how and why they have failed ?
Ten young Russians guys (hackers) seems more professionals than their staff (of these famous enterprise) , that is (was - perhaps) a real threat and not a test. It seems that behind this topic about test/magazines/quality of a product-performances there are another prohibited questions : how much money will you give for that ? whom ? Why ? Where is the point of view of hackers ? Are not they the best test ?
So am i, i read from the beginning this topic (…) ; and sometimes i do not understand the argument or the reason why someone promote or prohibit a product, a method, a review, etc. I mean at a uncertain level, expert disagree with the users but are they expert ? are they users ? i appreciate that foreigners or newbie give me their opinion … i wonder what do the magazine want prove …
I changed the color to blue. I cannot read yellow against a grey background. Eric
NOTE : GRC’s ShieldsUp test works by probing your public IP address - i.e. your public facing router.
If your PC connects to the internet via a router, The ShieldsUp test never actually reaches the firewall on your PC (unless you have port forwarded all applicable ports to your PC).
Ok then I must have not seen the info when glancing though this thread. Sorry for double post if the information I posted was somewhere here before.
And that if someone thought it was from Comodo website. I meant the “testers” website.
I just wanted to show ppl that this test of theirs has two of the best HIPS firewalls and firewalls that many hardcore users love and use, scoring so low.
I have used Comodo firewall and I had problems just using Plex media server within my own network.
And it blocked the Plex from getting out first time. And then incoming traffic when I started my TV and it was looking for things on the network.
So like many other I would like to see anyone try this if they have direct access to their computer through the Internet.
And lastly my 5 cents: If this is right, that the basic setting for Comodo is this open then this is not a firewall failure but a config problem. Some tweaking in the default config from Comodo and I am 100% sure that the CF would be getting +++
