Regarding this and this. (:NRD)
It so happens that most firewalls, in their pursuit of leakproof-ness, have added some limited HIPS capabilities; CFP v2 did. Now CFP v3 has changed its approach, since leak protection needed all this HIPS capabilities, why not extending them so they protect the whole system instead of the firewall only? It does make a lot of sense.
But for users it means that they must pay attention to control not only network traffic (which could be already troublesome enough with all this OLE thingy and whatnot), but now also to all other activity in their computers.
I know this is to protect against malware, I understand it and I have Defense+ enabled myself. But for some reason people have been educated that they need (leakproof) outbound protection but not HIPS. Yes it may sound crazy being happy when malware is free to roam your computer as long as it can’t connect back :o --although nowadays vandalizing malware is not of great concern (and is rarely see), being more common the professional, stealthy thieving kind.
I won’t advocate that Comodo changes its approach since it’s a good one. Moreover, Comodo should continue promoting A-VSMART, and of course making it as usable as possible (ThC).
(:CLP)
However I think Comodo should provide a solution in the form of a leakproof firewall without full-blown HIPS. Comodo has done awesome so far, but if now Comodo starts to ignore customer demands, however uninformed they may be, CFP will go downhill. Yes educate about A-VSMART and promote it, but if someone just doesn’t want don’t try to force him because he’ll go away to another solution. The customer is always right, and being a free product doesn’t change this since the aim for Comodo is still being used by the most people possible.
Yes I know v2 would cover what I’m talking about, but since it’s not the current version people will sooner look for other solution. I know that v2 can still work no matter that it’s not in development, but still people will flee.
And still I’m NOT talking about developing a new product separate from CFP v3. One just has to customize Defense+'s settings and define a policy that still checks for everything that could be used to leak out (“run as executable”, “interprocess memory access”, etcetera) as Defense+ currently does and v2 did, but allows anything that can’t be used to leak out on its own (“protected files and folders”, “protected registry keys”, etcetera). And presto, 8) you have a leakproof firewall like v2 or some solutions by competitors, and it won’t annoy users more than the others leakproof solutions do. Again I know this will cause horror to the security experts at Comodo, but Comodo must not neglect customer demands no matter what.
Right now we can already offer such a configuration here at the forum, thanks to the export/import feature of CFP v3. However in the near future the ideal solution would be that the installer gave an additional option, call it leakproof firewall without extended HIPS, well you know what I mean. The product itself needn’t be changed, only the installer and the help file (including “educational” information on why it’s better to use the full HIPS).
What do you think? :THNK