is the comodo firewall ok?

Mrarnold · June 19, 2012, 10:34am

hi
ive been reading about an issue that involves avast 7 and the comodo firewall.
Could anybody tell me if the firewall is still ok .
People were trying to say that there was a flaw in the comodo firewall and i dont really want to believe this at all.
Any confirmations please…?

stormer · June 19, 2012, 11:00am

Things you’ll hear:

It’s Comodo’s fault.
It’s Avast’s fault.

Mrarnold · June 19, 2012, 11:47am

that is exactly what ive been hearing.
I like comodo and i wouldnt like to believe it has a defective firewall.
I visited the avast forum and a member of the avast team has stated that the comodo firewall has problems filtering web proxies which is what the avast web shield is apparently.
Im not very up on web shields and firewalls but the avast forum seem to believe there is a fault in the comodo firewall not handling web proxies.

Dennis2 · June 19, 2012, 1:08pm

egemen post:1:

Hello Guys,

The issue is avast intercepts WEB connections at the driver level and redirects connections to its own local proxy.

Because CIS operates at NDIS layer i.e. the lowest layer of the protection, it sees the actual connection i.e. avast proxy. Normally CIS should have blocked the loppback area connection to the proxy however because of the limitations in Windows 7, it fails.

CIS uses TDI, WFP and NDIS to provide its firewall functionality. WFP maybe enough ti implement an average firewall but it is not enough for a firewall like CFW so that it could not be used alone wihtout the support of the other 2 technologies. Windows 8 allowed us to use WFP more than previous windows editions and it should not be a problem with the next CIS editions which support Windows 8.

snip

Radaghast post:189:

There’s probably a more reliable way than the last ‘kludge’ I came up with but it’s a little more involved. basically, you’ll have to:

Disable the DNS client service.

Add a block rule to AvastSvc.exe that blocks DNS

For the applications you wish to allow, create individual DNS rules

Crete a rule for ‘All Applications’ that blocks DNS queries

Place the ‘All Applications’ at the end of the Application rules list

This should only allow connections that can do DNS resolution themselves, then use the avast proxy for the connection. You could probably do this in a couple of different ways, but this is probably the easiest.

Just don’t forget, whatever we do with these makeshift rules, they’re only bandages, they’re not designed to completely fix anything. Also, they might not even work as you might think. You’re probably better off, either allowing browser traffic only through the proxy or disabling it altogether. There’s still plenty of protection, or should be.