As this is a direct question to you, (and probably thought by others), I hope you dont mind my asking this in this area?
I see that comodo (version 3) is going to be more “HIPS”, and although this is probably due to how the market is, and coming to a point where some users expect this. I would ask if this could be more of an option, where the “Hips” would be an option/module, so that users who already have an HIPS installed would then not have possible conflicts.
OR
I have seen a number of posts with reported problems of the latest comodo full release, where rules are lost etc. Do you think it would be possible to maybe update this, where, as example the rules are kept away from the registry and can be saved/loaded.
I do know that trying to have 2 firewalls active in progress may not be feasable, so maybe the “module” possibility?
Yes. You can easily disable the HIPS and use the firewall only. HIPS will always be installed but it can easily be made dormant.
I have seen a number of posts with reported problems of the latest comodo full release, where rules are lost etc. Do you think it would be possible to maybe update this, where, as example the rules are kept away from the registry and can be saved/loaded.
I do know that trying to have 2 firewalls active in progress may not be feasable, so maybe the "module" possibility?
Yes. We have fixed those bugs. Plus configurations can be saved to / loaded from the disk as well. in CFP 3, Misc->Configuration Management wizard will do all these tasks.
When you say “made dormant”, do you mean no alerts to certain actions? As I see from some firewalls where certain features can be disabled, the installation is still made, and for such as HIPS, where there is system hooking/ redirects in place, these can cause problems to other software.
As an example, lets say I have an HIPS installed with kernel hooks (SSDT) in place, these hooks will be protected by that HIPS, I then install a firewall with HIPS, the firewall will then attempt install on top of my already hooked system, and the firewall will probably try and protected its own installation, even if the actual option for this is turned off (some form of protection would be needed in case the user wanted to re-enable this option?). We then end up with possible conflict due to 2 HIPS trying to protect its own installation, or corrupted installation by one or both HIPS functions.
Yes it will be installed but deactivated. When hips is disabled, even the self protection is disabled. Hooks will be in place but will do nothing. We have tested with major products in the market. We havent observed any conflicts so far.
Ofcourse this is for 3.0 release. Other planned releases will be different with many different things.
With full respect to you, I would personally still have some doubts to this. We did see some problems with Comodo 2 and some HIPS, even when functions within Comodo where disabled,… are you saying the installtion as now been fully revised? So that “on intallation” such options can be disabled, and therefore no possible problems with low level system interceptions (hooked by comodo~ to pre-hooked system)
What I would really like to see:-
An option for:-
Base firewall installation (good SPI, which on some of my basic tests Comodo has), with an option to install HIPS, if not wanted, then no low level installation is made in this area.
What I personally see in the firewall market now, is the lack of a basic application/packet filter firewall, not something we will see again from a vendor looking for sales from this, but something I believe is needed for users who prefer to go via a “layer” approuch, those who have an HIPS/AV they know, and just want to add a good application/packet filter firewall.
And me too.
Following the discussions on this forum and based upon my experience with running cpf 2.4.18 I do not believe that v3 will be released in a reliable, waterproof version in a decent time.
Why don’t you finish the current version and give it to public as an option to your new project? V2.4.18 is based on perfect concept and should you manage to debug it sufficiently, it could become the major firewall for the wide public.
Unfortunately, with bugs and flaws unanswered it can never reach wide expansion. How can I convince my friends to use the cpf, when I cannot explain, why its errors and deficiences are not addressed…
I know I am not alone in my thoughts with this, and thank you for your own thoughts.
I know the main direction from “Melih” is to have the “Best firewall”, so why not take a step back and look. To have a base application/packet filter firewall that is solid/correct SPI function, is hard to find, Why not have this base and then build,… maybe with another application for HIPS that can integrate.
I do have respect for the coders here, as I do see some good interception within the firewall, but, with respect, maybe “Melih” could possibly be pushing too soon too hard?
Of course, this is just my personal opinion, and mean no disrespect.
I think you should. Prior to any release of v3, when discussing the next generation of FW software, and integration of HIPS into it, Melih stated that the user would have the option to have or not have the HIPS. I do not recall if it was specific to install/not install rather than just use/not use, but wholly agree with Stem’s proposal to have the option to not even install it.
Just like you did with DEP on v2.4; have a check-box on the install window.
ps. Plus it makes room for a separate Comodo HIPS in case someone prefers to use a non Comodo Firewall and Antivirus. And it will help to collect more samples to add at the comodo database. ;D
(B) (L) (R)
I was feeling bad for being one of the few (that i could see) saying it.
Egemen confirmed what i also thought, it was being considered. But in a minor release.
I agree with Stem in that it would be preferable if HIPS were modular. The problem is how development is going and if this is a problem for you guys at this stage :-\
I’ve also always been a fan of customizable installations. Choosing directory, and which components to include, rather than enabling/disabling specific functions in an already installed software.
Hello,
I’m a new user, very cautious about my use with free products and Internet. I just post this simply to tell everybody that I’ve used shields up which is for me the most (or among) accurate tests for firewalls and Comodo passed it a good way. All ports were stealth or closed, except the few used, no packets were received outcoming and incoming, no ping answers passed, so, I think this a very good result, congratulations for the team !
Tom
ps, my next “free contribution” will be with the antivirus, making it pass, the Eicar test.
(:CLP)
Hi, I would like to make a question for egemen, I realize I’m not an expert and that’s the reason for this question: I’m seing this difference between V2.4 and V3:
since v2.4 doesn’t have HIPS but HIPS like functions everything is reduced to alert the user of actions that would lead a program to connect to the internet using itself or another program, and that makes it an excellent leak tester. Now v3 using HIPS alerts the user of any program that attempts to do things to the system or other programs that could potentialy lead to taking control of the injected application, and thus leading to a leak, but, how do we know when an alert from the HIPS will lead to a leak and when it will not?? Do you see what I mean??
With v2.4 I allways know that if I get an alert it’s because a program is trying to do something legitimate or not in order to connect to the net, with v3 I don’t because the HIPS and the firewall don’t work together, and I feel like i’m loosing security.
I believe that the HIPS in v3 should be Firewall oriented, and alert when behaviour of programs will or can lead to a leak and thus prevent the user about allowing that particular behavior because the firewall is pretty much useles without this kind of advice.
I have an antivirus and what I need from Comodo’s Firewall is to alert me of things related to the use of my internet connection, nothing else…
Can you make that possible???
We will provide 2 more modes for the new CFP. One will allow it to act like 2.4 and one will allow it to be compatible with internet connection sharing hosts. I dont think we will be able to put these 2 modes to 3.0 final release but the release after it will have these modes of operation.
While answering the hips alerts, the key is to identify the applications in the question. For example, if an application is one of your everyday applications, it is safe to allow almost all the requests coming from it. Why not? Afterall, you know it is not a malware. In case of execution control popups, you need to identify both of the applications mentioned in the alert.