Firewall for a non-geek?

Just put CIS (CFP and D+ only) on a new PC that I’ve built for a mate. Trouble is, he might do something silly such as Isolated or Limited App and have a serious problem.

Is there a good, free firewall that I might use instead of CIS? In the past I’ve used ZA as being faitly simple but I don’t know what the recent versions are like.


Online Armor, or Zone Alarm…

I don’t know any others,


Hey what about just installing the firewall without defense+?

Kyle has a good point.

Firewall without D+ is same behaviour as many network firewalls. And the “Firewall” of Comodo is still one of the best, even without D+. And I’m taking about network not malware.


ZoneAlarm Free or Online Armor Personal Firewall (Free Edition) CFP without Defense+ has no power!

Thats Not True,
(Was CFP 2 Good Yes It Was So That Just Pretty Much Discards Your Statement)
CFP 3 Is Still The Best Firewall…


If your turn off Defense+ how much leak tests do you pass?

You Still Have The Strongest Network Protection…


Strongest network protection that doesn’t pass on leak tests… It’s not COMODO fault, it’s the way that his firewall was developed. Others, like Jetico, doesn’t use HIPS technology, I guess, but have a strong network protection that pass on leak tests…

So, what does the Firewall without D+ do? Does it have HIPS and can it stealth the computer?

How would it be with D+ in Clean or Training Mode? I run in Safe Mode and that’s quite noisy.


Without D+ you have a pure firewall. Control of traffic in/out based on rules.
No it wouldn’t have HIPS. D+ is Comodo’s name for it’s HIPS (Host Intrusion Prevention System).

Stealth is set up by a certain configuration of Network control rules. So yes Stealth is still a go.

Training mode will basically Allow everything and make up rules as you go, in anticipation that
once done training you would switch to Safe or Custom mode. So that the rules would be applied
and anything new (without a rule already) would generate a pop up asking what to do.

Clean PC mode assumes everything currently on the PC is Safe and will create rules as you go
and only alert you when a new process gets added to the mix. This also generates those
pending files that seem to cause so much confusion.

The twist or difference between Safe or Custom is the whitelist of trusted apps.

Safe mode uses the white list of trusted vendors digitally signed apps cleared and provided by
Comodo so it’s secure but somewhat quieter than Custom mode. As it won’t pop up for apps
on the whitelist or in your own designated Safe apps. These actions will be learned and rules
created. Any action from an app not whitelisted gives a pop up. And you make a decision.
Gets quieter over time. ( I run in Safe for both FW and D+. and use installation mode to
install new apps)

If there is a request for some action in Custom mode and there is no existing rule.
You get a pop up.
Make a decision which creates a rule. So you get a lot of pop ups which quiets down over time.

Paranoid mode I won’t go there I’m not that anal. = pop up hell.

I think that’s it except, unless your friend is a doofus just spend a little time and show him.
Install a couple of apps, generate a few pop ups. The average Joe has no need for Limited or
Isolated app really. And a real good backup for a Noob would be to install a little extra insurance.
Like Threatfire. So even if he screws up and allows something bad to run he gets a second
opinion. And should quarantine and call… you?

I think that covers your questions and then some. Feel free to ask anything else.

Now Eduardo,

Get a grip man.
Just because Jetico or anyone else doesn’t call it HIPS they ARE monitoring processes and
they have all kinds of goodies above and beyond a pure firewall.
So strip away all the extras and what do you have.?
A pure firewall that fails leak tests, that use various techniques.
So please lay off the negative FUD.


The Firewall is Network Prevention/Detection Firewall

Defense+ is Computer Malware Prevention

HIPS is a Application Firewall

Firewall is the one that make it able to stealth your ports and protects/prevents hackers getting into your machine.


Thank you, both Bad Frogger and CGPMaster, your answers have not only helped but also told me a lot!

I’ve been using Safe Mode for both and Installation Mode for new apps (often unticking Remember if it’s asking about Temp files running things, or internet access when I’m not sure).

I’ll see how he goes and advise him how to change the level if he rings up in a panic.

I once selected Restricted App. and had a lot of trouble - alsmost had to reformat. Would it be OK to remove that option (it seems to be possible)?

This might be off topic… But If your friend thinks D+ is too much then I highly reccomend threatfire.

Ah, thanks for the reminder. I tried it once but CFP sort of took over and TF seemed unnecessary. I’ll have another look if D+ is too much.

Before I found COMODO I was using Tiny . CA bought Tiny so I went without a firewall for some time ! I used ip blockers and good practice to do what ever i had to do . I also kept my AntiVirus up to date and turned features off like Guest account , again good practice . I ended up reading and researching COMODO and found that not only was it the best software firewall but it also came with modules for any type of configuration that a person could want . On top of that it comes with a forum of dedicated technicians . For Free ! What really sold me was the Behavior Blocker module . The behavior blocker suits my needs well and work flawlessly along side my trusted Antivirus program . I’m convinced that COMODO is the best firewall around .

[b]Comodo Firewall Pro is freeware that performs far beyond its price tag. This thorough firewall features one detailed configuration screen after another. If you’re into monitoring every single network-related action taken by any bit of software on or affecting your computer, you can probably find what you’re looking for in the various menus and submenus Comodo offers.

During installation, users choose between the standard firewall and Firewall With Defense+. The latter mode is the better option and includes significant improvements over the 2.x versions. After installation, Comodo runs a full scan for viruses and other malware to make sure that it is starting out with a clean machine.

Comodo will pummel you with details if that’s what you want. The program’s links lead to highly customizable configuration settings. Users can create scenarios for dealing with specific actions taken by particular programs by modifying rules used by common types of programs. Each individual rule leads to even more settings for fine-tuning exactly what programs may and may not do with or through the network.

Average users need not get too swept up in the minutiae of traffic monitoring, however. Comodo’s Train With Safe Mode setting allows you to go about your average computing day while the firewall learns exactly how known network-related programs behave on your particular system and creates rules to ignore common activity in the future. The extensive built-in safe list means that programs such as Internet Explorer or Outlook won’t throw up any red flags for Comodo, but unusual (read: suspicious) applications still get the full treatment.

As with other firewalls that “learn” what to expect, alerts should diminish over time. When alerts do appear, Comodo is pretty good about explaining what is happening and what you might want to do about it. The result is a good firewall for both experienced and novice users.[/b]