I have used comodo for a long time, and I have always think of it as a program that by default does not allow any internet connection, unless I allow it to let any software do its job properly.
I was recommended to check my security by using “nessus”. But now I do have questions:
1-Nessus delivered the same results with comodo “on” and comodo “off”. (BTW: Nothing important was discovered). So what is doing comodo firewall?
2-If I get a message from comodo saying that an unknown-for-me program wants to connect to internet, I would deny it. Could be spyware, for example, and if it’s good software, I would delete the blocking rule. But in this case, for example, if it is a web server, why would I want to block all ports except 80 for this server, which is supposed to listen only on #80?
3-Why would I want to block only incoming traffic? How can an application work sending only traffic? It needs (at least in the theory, and I think exceptions would be very few) at least an acknowledge that sent data was received…
I would not block input traffic for my web browser neither for a server…
If I get a message from comodo saying that an unknown-for-me program wants to connect to internet, I would deny it. Could be spyware, for example, and if it's good software, I would delete the blocking rule. But in this case, for example, if it is a web server, why would I want to block all ports except 80 for this server, which is supposed to listen only on #80?
Nobody but you could answer that question
You should configure it based on how YOU USE the internet. What’s good for one person, might be terrible for someone else
Why would I want to block only incoming traffic?
Again, You should configure it based on how YOU USE the internet. What's good for one person, might be terrible for someone else
P.S. You don’t want to tighten the security to the point where you start to loss “usability”
OK Jay, thanks for the response, humm…
sorry for insisting, but Why when I run nessus the result is the same independently of running or stopping Comodo?
1-Nessus delivered the same results with comodo "on" and comodo "off". (BTW: Nothing important was discovered). So what is doing comodo firewall?
Could you describe your testing methodology and provide comparative result sets for the firewall in both states.
2-If I get a message from comodo saying that an unknown-for-me program wants to connect to internet, I would deny it. Could be spyware, for example, and if it's good software, I would delete the blocking rule. But in this case, for example, if it is a web server, why would I want to block all ports except 80 for this server, which is supposed to listen only on #80?
Most server services may be configured to use virtually any available port. For instance, if you run a web server, by default it will listen for inbound connections on TCP port 80. However, if you wish to change this behavior, you may choose another port, such as 8080.
3-Why would I want to block only incoming traffic? How can an application work sending only traffic? It needs (at least in the theory, and I think exceptions would be very few) at least an acknowledge that sent data was received...
I would not block input traffic for my web browser neither for a server...
This is an effect of SPI (stateful packet inspection) request-response:
SPI is the process where the firewall keeps track of certain attributes from all initiated requests and so that when there is a return response, the firewall automatically checks to see if the attributes of the return response matches up with the initial request’s attributes. If there is a successful match, the response is allowed access into the network, otherwise, the response is denied access.
The only situation where a port9s) needs to be opened explicitly is for server services (web, ftp etc.) or p2p.
OK, files attached (■■■■= comodo on, coof = comodo off). In comodo on I am using my current config (custom), which allows browser and servers full traffic access.
Only differences are in scan time and another network PC that appears when comodo is active, but seems it disconnected, since it is not listed when comodo is off.