And just to clarify things for people: stealth your computer doenst means that You are secured online. When the firewall stealth You, you can not be viewed by simple ways, but you secure depends on how strong your firewall rules are and depends on how careful you use your computer…
In other words, even if you are stealth, if your firewall is not strong enough I can mess things up on your machine. (not me, but just to make a point).
have a good firewall configured, stay always updated, keep temp cleanned atleast once a week, dont click on link craps, etc., and you will be good to go online…
I do realise this. The thing is what if a trusted program makes a malicous call to a windows file. For example, one of my games made a malicous call to the system.exe file to open some ports. Since I have “NETBios disabled” and “File and Printer Sharing” disabled, I never got any calls for system.exe before. So I didn’t have any rules set up for system.exe at the time since nothing ever called to it. Now I have everything blocking IN and OUT for system.exe since then. I wouldn’t have needed to do that since my setup doesn’t require the use of system.exe, but because of that game making a malicous call to system.exe, I now have rules for it. If you don’t have rules set up for your “protected files”, any program can do what it wants to that “protected file”.
You’re preaching to the choir. I have my firewall rules set to custom and defense+ set to paranoid. I also delete all the settings that come default with Comodo so that I can set up all the rules myself. I see EVERY event that takes place of my machine.
A “stealth port” is simply a port that does not respond at all when contacted from outside, thus the “attacker” gets no clue that a real device is even connected to that port. If you stealth all ports than a port scanner gets no response when scanning your machine and thus no indication that there is anything connected at that IP address. It’s like camouflage, “stealth ports” simply allow you to hide. However, should an attacker attempt to access you in any case it’s your firewall config that will keep them out.
You're preaching to the choir. I have my firewall rules set to custom and defense+ set to paranoid. I also delete all the settings that come default with Comodo so that I can set up all the rules myself. I see EVERY event that takes place of my machine.
It’s not needed. Steve Gibson himself invented the stealthed ports stuff and has gleaned undeserved praise ever since. It’s been shown time and time again that a closed port is just as secure.
A stealthed port is actually a dead giveaway that there is a live device at the end of the communications chain.
TCP/IP is designed as a responsive protocol. When a question is asked, an answer is sent. In the case of a ping, a pong is sent in reply. In the event that the requested address is not locatable, the last router in the chain will send an unreachable message. Under normal circumstances, the only type of ping that get swallowed is a request for a private address on the public internet.
When a port gets stealthed, no response is sent back to the originator. According to the TCP/IP spec, this is an unnatural response - i.e. something at the other end of the comms chain is not playing nice, thereby proving that there IS something at the end of the chain.
Closing a port is an expected response. Not getting a response at all could make someone curious as to what is worth hiding at the other end.
Not quite. TCP is designed as a reliable transport protocol (ie. guaranteed delivery). IP is designed as an unreliable routing protocol (ie. no guarantee of delivery).
TCP is reliable only once the TCP connection has been made. If I send a TCP SYN packet to you (to establish a TCP connection) and get no ACK in return I cannot infer anything other than no connection can be established. This could be because the application is not active (has not opened the port), because the destination IP address is not present (the host is powered off), because an intermediate router discarded the packet (congestion on the route) because the IP address and port number used is not in use (not assigned), or because the port is stealthed by a firewall (and not responding). You have no idea which of those is the case.
Steve Gibson did not invent the “stealtehd ports stuff”
Why do you think whatever praise he is getting is not deserved? Is that your own opinion or someone’s else?
You stated that “It’s been shown time and time again that a closed port is just as secure.” do have references for this assertion?
Again, as stated in a reply above, this is not quite correct. A stealth port behavior does not prove or disprove anything. As to what makes someone curious as to what is at the other end is pure speculation.
Either way, this subject has been discussed to death on this forum and elsewhere.
If you want the firewall to protect you, maybe you should learn a lot more on how to set it and why.
If you set rules for your “safe applications” as trusted, that’s your problem,
I say it’s the highway for troubles.
My firewall is set to the highest level of security, it asks me on any activity for any process just because i don’t believe in santa claus.
all the process are set to custom because i want to know what they do when, where, why,
that’s give a lot of alerts but for exemple I’ll never set svchost.exe as trusted or outgoing or whatever,
I want to know about any activity,
So if you set your Firewall to tust anything, just shut up instead of coming and cry here because you have no idea about security.
I’m sorry but the subject is : “Comodo Firewall worse than windows firewall”
How do you think I would reply when I read that ?
And I moderated my post, because i could be more explicit on what I really think about this topic.
And what is wrong with the fact that to set any application you use as trusted application is the worst thing to do ?
Am i telling ■■■■ when I say that or is just the reality ?
I understand that for users that dont know a lot about computers, to receive all those alerts is more than annoying, they hate that their machine asks them all the time to reply to something they often dont understand.
But no security software that takes decisions for the user will be able to give something as secure as you ask for.
that’s not possible.
The program will not create a rule automatically for each alert about network activity with some process, that’s impossible.
you’ll have one rule for it and that’s it.
So to ask for ultimate protection by doing nothing that would be equal to an advanced user creating his own rules, setting comodo exactly like he needs to, that’s not possible. you have to chose between a product that doesnt alert for anything or to learn on how to use comodo with your own rules.
Here I agree.
Simply I expressed the opinion. I know who can’t adjust as doesn’t understand everything. (These are not advanced users. These are my acquaintances to whom I offered Comodo. Through certain time, they passed to more unpretentious products. )
Therefore they don’t use Comodo.
Though for me Comodo Firewall - while isn’t present alternative.
There’s a big difference between wanting protection and being ridiculously paranoid. There is no need to know about and have to allow safe and necessary actions. Being alerted to only possibly malicious action by applications not known to be safe is sufficient for me and many others. Making rules for known safe things is useless and unnecessary.
So, if there really have been existing “RDP” and “Ping” vulnerabilities, they’ve now vanished at least from public attention. ironic
COMODO Firewall now surprisingly gets a “5 C’s” rating by them as of April the 16th (without any further explanations or hints at any real kind of testing… 88))
