Sorry for any confusion about application rules. It can be a little frustrating for some users, so I’m trying to explain it thoroughly.
Alert Frequency level is a global setting (ie, applies to ALL applications) that involves the level of detail in the rule. Very Low is Application only. Low is Application and Direction. Medium Application, Direction, & Protocol. High is App, Direction, Protocol, & Port. Very High adds IP Address to the previous. By default, it is set to Low (application, direction).
Let’s say you leave it at Low, but want to specify that Internet Explorer can only use destination ports 80,443 for standard web browsing. You can do that, no problem. The next time you update Windows, and that update includes any components or upgrade for IE, you will get a popup alert from CFP regarding the change. Naturally, you will Allow w/Remember for IE, as you are aware of the change. This will cause CFP to overwrite your existing rule to the level of detail in the Alert Frequency, thus removing your port specification; you would have to go back in to re-add those ports. If you chose to Allow without Remember (so as not to overwrite your rule), you will continue to receive alerts for IE every time you use it.
On the other side, let’s say you move the AF to Very High, because you want to control the IP addresses that svchost.exe is allowed to connect to (for Windows Updates, time server, etc). This setting will apply to every application that you allow to connect to the net. So every time you open a new website in your browser, you will get a popup from CFP about it (because IP address changes). If you Allow w/Remember for these, you will create multiple Application rules for IE that are all the same except for IP address information.
Where it can be confusing is that regardless of the AF level you select, the popups will include Application, Direction, Protocol, Port & IP Address. Any rules you create from popups will only have a level of detail equal to the Alert Frequency level.
So the answer is, yes, you can create individually-tailored, detailed application rules. Just keep in mind how CFP’s Alert Frequency level works in relation to that.
A lot of users have expressed concern over various aspects of privacy and Comodo, responding to their own fears and (mis)information published on the web. As Leoni notes, you can find plenty of threads on that here (and elsewhere). Comodo has always gone above and beyond to respond to and provide information regarding user privacy. They have discontinued one product (trust toolbar) and changed their software activation process due to concerns about privacy (even tho’ these were shown not to be any risk). Their position is basically that being in the business of creating/developing internet security/privacy TRUST, they’d be fools to do anything that would negate this. Anyone is fully welcomed to run a packet sniffer on any connections that any Comodo product generates, to investigate to their heart’s content.
Not sure what you mean about the full hash not being downloaded… If you’re talking about the safelist being updated, CFP needs to connect to their servers to get updates to the list; the full available list is installed when you install the application, but must update from there, just like an antivirus updates its definitions. At present, this list is relatively small. The next version of the firewall will feature a much larger list, and the ability to profile your system to build a local custom list.
For the ad-blocking, if the only browser issue is speed, then you might try Opera or K-Meleon, as both are faster than Firefox and provide the ability to block ads, popups, and scripts. There are also applications like SpywareBlaster that will integrate block lists into IE (or FF). You can also sign up for services that will provide you a hostname to use in your firewall to block such sites; this would be added to CFP’s network monitor (threatstop is one of these).
Hope that helps answer your questions.
LM
