Do good looks deceive???

I had read a lot of good about Comodo firewall and therefore decided to install version 2.4.18.184 (geman/english) on my laptop yesterday. However, I have been having issues and questions (doubts) ever since, so let me pitch these to you:

  1. When I hit the “search for known applications button” during install, it immediately found a BSOD. I knew that was a known “application” with Windows, but from there on nothing seemed to move … :frowning:

  2. It took me two hours to recover, because the installation was not complete, no program group, no add/remove programs, but a running and well self-protected firewall with services all nailed down, etc. I had to go through multiple Safe mode sessions to first get rid of the half-born ■■■■■■ in order to de- and then reinstall to get to complete state.

  3. When I finally got it going, it started learning, but in only 50% of all cases did it actually learn, when I told it to remember my answers???

  4. In many cases, even when it did learn or at least showed an entry in the application tab, did the application itself not succeed in doing its lan/wan stuff for no good reason. Nothing to do with parent settings or so, I loosened all that up beyond good. It just seemed to ignore its own settings and came up with the same questions again and again…

  5. Even when I then made these applications trusted (which I do not want to have to default to!) it still came up will all sorts of alerts. Btw. a thing that seemed to do the trick was to set the firewall to “Allow all”, run the application once and then set the firewall back to “Custom”. Ahem, not exactly what I want to do all day…

  6. The thing that amazes me the most ist that it will warn me that some program wants to connect to some specific host on some specific port with some specific protocol and when I then tell it to allow that and remember it, it will create an entry allowing that program to access ANY host on ANY port with TCP/UDP. Seriously, if I am not missing something entirely here, you have got to be kidding! In essence, if my NTP client wants to get the time I allow it all with everyone else on all ports and for TCP and UDP until I remember to enter the firewall, go to the applications tab and manually change these settings??? Lucky he who then remembers or knows by heart what to set. NTP is simple, but what was the port for RDP again and how long will I be sharing my iTunes library with entire hotels, much to the joy of Sony BMG’s lawyers, when all iTunes asked was to contact ITS server on LOCALHOST!!! - The least I would expect is the possibility to shape the rule at create-time. Even good old Kerio Tiny did that beautifully. Also, where do I specify the source port at the application level. I mean, this IS a firewall, right?

  7. Another thing where the problem might actually be located midway between my ears is that there seems to have to be a network rule allowing all for all in order to get any non-local-zone connectivity at all. I killed this (obviously default) rule because it spelled exactly what I would never allow and after that nothing seemed to move until I recreated it. - I don’t know if I misunderstand this, but when I allow an application to access the wan it should be able to do so without me having to replicate this ability on a global scale by setting a “catch and allow all” network level rule, right? How am I ever going to get specific with my permissions if I build a wall for applications and then break it down at the network level? - I tried the docs, but only found info on the howto, not on the why and how. Am I missing something here?

  8. Also, the firewall only created the local zone IP allow in/out rules when I manually “modified” the local zone even though it had detected and created the local zone at first run?? - Oversight, bug?

Summary: If what I describe above is not all my stupidity, then I must say that I see a good start, but a lot of work to do before this is a firewall that I would trust or even want to continue to use. Interface and ease of use, yes, sophisticated and state of the art features and self-protection, yes well done, to well done when it comes to self protection and the need to recover from firewall break-downs, but I can not see e.g. a beginner getting to a stable and safe state with it, without inadvertedly setting a lot of “allow all for all” rules before he/she even gets close to being safe.

Sorry, but this one will likely only survive another day of tests on my network. Granted, you guys know your stuff, I can see that, so I will check back in the forum for advances and will definitely give it another try in the future.

ramgni,

Please refer to the following thread: https://forums.comodo.com/index.php/topic,6167.0.html

Other than items 1 & 2, pretty much everything you would need to know is in there.

A lot of what you’re explaining makes it sound like you cranked up the Alert Frequency to High or Very High. This will create alerts pretty much each time you allow an application to connect/continue to connect, as each and every connection is different. By doing this, you’re telling the firewall you want a rule for each specific IP, Protocol, Direction, Port, etc, and any/every combination thereof, for each application.

As to the Source Port for an application, no, there is not; only Destination. It is not feasible to put a source port into an Application rule in the firewall, as the firewall is not what configures the application. You need to specify within the application what port you want it to use, which probably isn’t going to happen, given that applications don’t typically allow that… If you were to be able to set this within the firewall, the application would never connect (if the rule actually applied), because it wouldn’t be using that port unless you could configure the application in that way; understand?

CFP is currently the tightest firewall out there, due to its layered rules and other security protocol. Might check this out: Learn Bitcoin, buy Bitcoin

Hope this helps set your mind at ease,

LM