What version of CIS, or Comodo Firewall, are you currently using:
7.0.317799.4142
1. What actually happened or you saw:
2. What you wanted to happen or see:
3. Why you think it is desirable:
4. Any other information:
Thank you for submitting these suggestions. However, I am sorry, but only one Wish may be submitted per topic. Please edit your first post so that it is specific to only one of the feature request. You can create new topics for the other wishes.
Let me know if you have any questions.
Thanks.
Hello Chiron,
I wonder how you got the idea of multiple wishes imbibed in my request above.
All above relates to one specific wish, which is clearly defined and set in the title of this thread. Further, this is one wish of a new program called “IP Browser”. Then, I needed to describe my proposal.
I do think that the numbering was helpful, until you imposed restriction. To overcome this, I have removed - against my wishes. I want to bring it back, because it is easy to read. Do you agree to bring it back? However, if the numbering is the cause to block my request reaching the developers, although this is clearly supported by the support desk, then they could be removed.
In the mordern world, we could let such discussions free from constraints and refrain from imposing restrictions to soffogate creativity and free or unpaid work to be born without pain.
Now that I removed the numbers, it clearify the same wish. If you believe that it is too long and therefore it is not a wish anymore, please kindly delete this message.
Alternatively, I could also re-open my earlier request to the support team and show them how I was restricted and request them to forward this extremely important request to the developer team.
I’m sorry. It seems I misunderstood your wish earlier. There is not a problem numbering like you did.
I do have a few questions though. Am I correct in understanding that this would keep track of all connections made by each website visited. The user would then be presented with a list of all connections which the website makes, from which they can make rules about whether to allow any other outbound connections, and if so for how long. Is this correct?
If my understanding is correct, then may it not be better for this wish to be made for one of Comodo’s browsers, or perhaps a new extension for advanced users. This sounds to me like a more advanced version of NoScript. I like the idea.
Also, Wishes in this section of the forum must be for added functionality which users would like to see added into CIS. Ideas for new products are submitted here. Had you meant to post this in that section?
Please let me know what your thoughts are on this and whether you have any questions.
Thank you.
Thanks, Chiron.
1) CORRECT FORUM IS HERE
The support team has identified where my messahe needs to be placed. My request relates to Firewall, CIS.
2) RECONSTRUCT THE NIGHTMARE
See here is what is happening:
I WANT TO HAVE A GOOD FIREWALL BECAUSE I USE FIREFOX AND SURF ON THE INTERNET! This is the reason why one has a firewall to interface with a browser, beyond some other local outbound connections.
Do the following to RECONSTRUCT THE NIGHTMARE:
a) Remove the entry “Allow all outbound connections” in firewall.
b) Then you configure “Ask for all outbound connections as default”.
When all outbound connections begins to Ask my, I have a choice to say block, Block and terminate, or Allow, or Treat. Let us say, I choose to block one and allow the other.
What happens is: Everything gets hidden under firefox.exe (if you use firefox, or anyother browser.exe) and is saved in there. Why?
Users do not use this feature extensively. Once you begin to use blocking of outbound connections, you quickly realize that Comodo Firewall is creating a nightmare.
I have - as of now - about 300 entries under firefox in two days of use. I do not know which IP belongs to which website. There are just entries hidden there.
My suggestion, thus, directly relates to a specific enhancement of Firewall.
My wish request terminates IP-Blindness and brings Domain-Awareness to the Comodo Firewall.
3) MULTIPLE CONNECTION CONTROL TO THE SAME WEBSITE
For example, I am making an outbound briowser call to www.Amazon.com. The default Firewall is to Ask the user for all outbound connection.
Did you, or anyone actually work with this FANTASTIC PROACTIVE FEATURE OF THE COMODO FIREWALL? You shall immediately realize that Comodo is so intelligent to detect each and every connection to be made by the workstation with the remote ip address.
This means Comodo will offer all users:
www.Amazon.com or other such websitesConnection to ----->
a. Connection to amazonseveral amazon websites
b. Like others, to ajax.googleapi.xx
c. Google ads
d. Google analytics
d. other additional connections to several ads server
Just one outgoing call makes many outbound connections.
Here, we observe that just ONE OUTBOUND CONNECTION REQUESTS invokes MULTIPLE OUTBOUND CONNECTIONS!
ALTHOUGH COMODO FIREWALL IS EXTREMELY CLEVER TO CAPTURE ALL THOSE CONNECTIONS PROACTIVELY, the user remains in to darkness. He does not know if he is offered by Comodo the IP Address that is making a connection to a., or b., or, c., or d. above!!!
4) CONNECTION DATABASE TO PROACTIVELY INTERACT WITH THE BROWSER
Currently, Comodo does save all decisions by an user of Allow/Block one ip.
It could then be a database of connections made by the user.
Like we have KillSwitch, there could be an IP Browser for connections.
I request to have a sofisticated architecture of this feature.
5) ENHANCED FEATURE of Firewall Connections
After having a good database and Browser, the Alert could easily be enhanced by several other utilities and NetTools. This includes Whois, Ping, TraceRoute, etc.
It is inevitable to identify AT THE TIME OF BLOCK AN OUTBOUND CONNECTION, WHICH WEBSITE WILL GET BLOCKED BY BLOCKING ONE IP!
Now there are many giant companies that has many C-Nets of Ip.
Thus, in the Alert, there must be an option to block the entire C-Net of IPs as well.
The same feature could be in there in the IP Browser.
As all this is missing, I have made a lot of mistakes in blocking legitimate websites on my computer. I do not even know which website is blocked that relates to one IP. How do I find which is the IP belonging to Amazon, which is blocked now?
As this is not possible, I made a wish above.
Hi Chiron,
The differecnce beween NoScript and my suggestion is that an Outbound connection to any remote website IS NOT MADE AT ALL, because the user knows BEFORE A CONNECTION IS MADE, wether he wants to allow it or not.
Lets say, Comodo recognizes the URL in the browser through which an outbound call is made. For e.g. www.Amazon.com. Then it will find the IP of Amazon and present both in the Alert.
Here, an user could say:
Allow Amazon and block all the rest!
Allow Amazon; Allow Google.Analytics.com; Block DoubleClock.Ads.com; Block.OtherAdsServer.com
etc.
If there is a default: “Block all connections except the URL”, then NO ADVERTISEMENT OR ANALYTICS WILL BE LOADED OR CONNECTION MADE!!!
Try and understand this fantastic and powerful feature potential of proactive Comodo Firewall Quality.
Okay, a wish has already been submitted for resolving IP addresses to their respective domain. Thus, if that is fulfilled that will at least make this possible.
First, let me see if I can summarize this wish.
- One outbound connection request for a website may invoke multiple outbound connections.
- Comodo Firewall is currently able to capture all of those connections proactively, but all it currently does if allow the user to either allow all or deny all. It is all done through the main outbound connection IP address.
- As Comodo Firewall currently captures all connections proactively there should be a setting added to the Firewall component which allows users the option to have the Firewall popup show all of the IP addresses which it is connected to, and provide the ability for the user to decide which to allow, which to block, and perhaps even make rules from that very popup for future use.
- By default things should be left as they are. This is because showing that many connections would confuse many users. However, as these connections are already connected, it would be very beneficial to the advanced users who would like this sort of granular control through their Firewall.
Does this correctly summarize this? Please note that I am aiming for succinctness.
Thanks.
Hi,
Uh, you made my long story short. I think you should become the chief of the developers team. Yes, you got in to my idea and have perfectly understood.
BTW, the thing about useability for advanced users is only partly true. Novices may benifit from the default mentioned above, in my message.
I think this feature will bring CIS to a new architecture quality, not available in any other.
Thank you for your kind words. However, I am a volunteer moderator, and not Comodo staff. I have just volunteered to manage the bug and wish boards.
I have just edited the first post. Please look it over and see if what is currently written is correct. Then, please make any changes you see fit. Note that I have left section 3 entirely empty. That is because I believe it’s probably best that you fill that out yourself. However, be sure to keep what you write to a single paragraph of 4-5 lines at the most. We can continue from there.
Let me know if you have any questions.
Thanks.
Hi Chrion,
When I praise your presentation, I do that to convey a thanks for investing your time to understand my work. Thats what you did.
But I did not authorize you change my proposal.
Most of those sentences had programming concepts in the proposal. They are expressing a request to make several features into one combined one. Then, these several features must be proposed in a seperated and understandable manner.
What you did is to make an overview of my work.
I refuse to propose in this manner.
In 1983, I learned Cobol and Fotran. Since then, I have programming experience.
With the synopsis, I see a huge difference in my work, which you dared to twist.
I did not really care to invest a lot of time in polishing my work, in english, but I did care to put functional request into my proposal, which may address very accurately what is the proposal.
So please bring my work back in the right place again.
If you want, I can make a technical analysis of what you removed. Such proposals are not to any normal user but to highly qualified programmers. If they read your proposal, they will come with an entire different solution, whereas in my feature description, there are certain things they needed to consider before begining the work, if they accept.
Thus, you deleted several technical features while let overview remain. You cannot do that.
MrWonder
What you say, there is in FireFox. Most of your sentences should not implemented in the firewall, and should implemented in browser.
Look FireFox extensions
https://addons.mozilla.org/ru/firefox/addon/requestpolicy/
https://addons.mozilla.org/ru/firefox/addon/http-useragent-cleaner/ (see cookie “host” option)
NoScript – Загрузите это расширение для 🦊 Firefox (ru)
They have even broader than you specify, functionality, I think.
I will vote against the introduction of such functionality in COMODO Firewall because COMODO so does not cope with its firewall support.
And your suggestion is difficult and inefficient to implement at this level.
As all this is missing, I have made a lot of mistakes in blocking legitimate websites on my computer. I do not even know which website is blocked that relates to one IP. How do I find which is the IP belonging to Amazon, which is blocked now?
As this is not possible, I made a wish above.
Unfortunately, it is impossible.
For HTTP COMODO could make see the packages for the presence of not only the specified IP, but also a host HTTP header.
For HTTP via TLS it is impossible.
Hi fdsc ,
Your explaination of the nature of your opinion explains very much your competence.
You did not understand technically what things are being addressed and what solutions are proposed.
Actually, I am very upset in wasting my time for this rubbish unpaid activity Comodo compels experts like me to go through a torchorous system.
I do not care what you vote, but I shall invite you to vote negatively. Please have fun in your games of expertise, of having known quite a lot.
Most likely, Comodo devs will require months of work to bring out a new architecture of TCP/IP socket addressing and revamping the connection technology. I also do believe that there must be something like this in the making and devs of Comodo are just not fools to let remain inactive after developing such an extraordinary proactive firewall. They need to be competetive and most likely bring out these things even without my suggestions.
Comodo Firewall shall require an Add-on to interact with the firefox and firewall. But the real technology that handles all proactive calls must be undertaken at the level of TCP/IP socket. Only then there is a perfect sensitivy build to intercept all outbound connections, including http, however does not remain restricted to it.
A website could easily install a keylogger and invoke some other protocol other than a browser call. Here, an Add-on shall fail.
I do have a limited resource to educate you, and other users, to inform why this should be done at this level and why not through an Add-on. But now this has crossed my limits.
MrWonder, I am very sorry to have to say this, but I cannot undo the edit to the first post. If you like please feel free to modify it back to the way it is. I can then back up your new post, and make edits later on. That way I can carefully craft it to a form which is suitable to the forum users, while not losing those parts which you are saying are important for the devs. However, I cannot get back the original.
The importance of simplification is because this post does not go directly to the devs. It is voted on by forum members. The process is explained here. Thus, the post must be phrased in such a way that it is understandable to the forum users, and also detailed enough for the devs to understand how it could be implemented. That was the reason for the simplification. I’m sorry about that. I commonly make changes to user’s submissions, and have not had an issue with it until today. I apologize.
Hi Chrion,
When you edited my post, you took the responsibility to change.
You did not ask my permission to do what you did. Nor did you propose to do that and requested to co-operate.
I do not have my own post because in the last 30 years of working on the internet, and with computers, you are the first chap to challenge my work and deleted blatantly and shamelessly.
How dare you do that and what kind of ideologies do you follow? What non-sense …
As I said before, I am very sorry. In the future I will implement new procedures which should prevent this from happening again. That said, there is nothing I am aware of I can do to get it back. If you would like to report this to the other Moderators please see this topic.
Hello Chrion,
Could you please delete this entire topic.
I shall reopen my request to the Comodo Support Staff and request them to forward it, if they want to, if not I do not care.
I do not have any time to get in such discussions where one user thinks like this and the other plays a different music.
Such an activity is a waste of my time.
I’m sorry that you feel that way. However, although you have requested it to be deleted it would be easier to just move it to the Rejected section. The reason I say that is that if you change your mind I could always move it back and continue with processing.
Also, as fdsc as responded to this topic, I would need their permission to delete the topic. Thus, moving it to Rejected would be easier.
Would it be okay with you if I moved this topic to the Rejected section?
Thank you.
Hi,
It is useless to have such a discussion published and let the general pblic know about how an innovative idea was handled in this forum and how things got lost.
What the other guy said in his message has no real basis with my feature request because the request did not exists at that time.
The request was not rejected and thus is at a wrong place.
If I change my mind, then I can always open a new one. Then all the useless discussions will disappear and one starts from fresh. You meant to be good but it went wrong.
Then there is no reason to publish a real intensive history of this topic, which went or developed in a wrong direction, without you having any bad intention.
Please just delete it entirely without any further fuss.
I have sent fdsc a PM asking if he is okay with his posts being deleted. If they are also okay with it I will delete the topic. However, if they are not I cannot delete the topic, but will instead move this to Rejected. I hope you understand.
Thank you.