Little disappointed with Comodo

When someone installs a firewall, there is an expectation of a certain behavior. The default behavior of a firewall is not to let anything out without the user’s permission. This has not been the case with Comodo. I’m a little disappointed because there appears to be a disturbing trend that worsens with each major release.

With version 2.x, personally I thought was the best release as far as handling rules and operations. It was tight and uncompromising with security. It did have its bugs - it was version 2 after all, but the functionality, layout and default settings were unparallel to any other release. This particular release really was forged for technical users. Other people complained that it was too difficult to work with and Comodo couldn’t capture that many new users.

So with version alpha & v1.x, Comodo probably was thinking (I wasn’t around for this release) let’s see what we are made of and the infancy stages of development began. They liked what they saw and decided to push it to the extreme and v2.x came out. Technical users loved this release because for the first time, they had true control over their system and Comodo was becoming well-known. Due to the publicity, many new users were drawn to their site and tens-of-thousands of downloads happened. Then the unexpected happened… many uninstalled. Comodo realized something at this point, they became too technical for the average user, so they compromised by lessening security rules. After all, several users complained that they want to “set-it and forget-it”. They didn’t want to take the time to learn anything.

Those who loved v2.x downloaded v3.x with much anticipation… but was unaware of how much Comodo compromised their security to make the release more dummy-ized. I installed the new version on 3 highly-customized dual-boot systems and found out that several apps updated automatically because of this new “white-list”. I was so angry that Comodo didn’t give an option during install to turn this list off. Or at least warn users that their security was compromised and let them know that they can fix it by setting the firewall to “Custom Policy Mode”. Fortunately, I had Ghost images of all the drives and it only took 7-8 hours to fix instead of 17 hours per OS. I never said anything because I figured others would complain who were in the same boat as me. I let it go, thinking they wouldn’t do something like that again.

Then version 4x came out. Even though I figured Comodo wouldn’t compromise users again, I have trouble trusting once bitten. So I disconnected the net and uninstalled all the old versions and updated to 4x. Changed all the firewalls to “Custom Policy Mode” (just-in-case) because I don’t want anything getting out without my permission - plugged everything back in and was happy with that.

A few days passed and once again… software got out without my knowledge or permission. I can’t begin to tell you how disappointed I am. This time I don’t have a Ghost image and I have to rebuild 6 highly-customized OS’s from scratch (over 100 hours of work - a little ticked) all because of this “Network Security Policy” rule: ALL APPLICATIONS - Protocol: IP, ALLOW. (That includes spyware you know and who knows what else)

That’s why I’m disappointed. Each release is more lackadaisical than the last. Now not only do I need to remember to change the firewall to ‘Custom Policy Mode’, I now have to remember to dig through and find ALL APPS rule to delete it. The “set-it and forget-it” thinking is out-dated. We just don’t live in that kind of world anymore - the black-hats are too aggressive.

Comodo, if you are going to intentionally loosen security on your users, please let us know and offer an option to undo what you did during installation. Better yet, raise your standard back up and assume nothing is OK to go out. For all outbound communications, disable the white-list by default and offer an option to enable it during installation under advance settings, only. This way, newbies don’t know about it right away and season users don’t have to be scrambling around fixing, disabling and rebuilding things every time a new major release is out. The idea is, hopefully Newbies will learn about the ramifications of enabling this setting and can make an informed decision on whether or not they should.

The motto should be - when in doubt, block it - not let it out.

In 4.1 it will be like version 3 series nothing will be allowed out without an alert. In saying that as a long time user. (2 series) I agree with you the set and forget crowd has make a rock solid firewall less secure but I guess that is what happens when something hardcore starts to appeal to the masses.

Yeah, default Allow All Out is a mistake but I really don’t understand that

I have to rebuild 6 highly-customized OS's from scratch (over 100 hours of work - a little ticked)
Why?

Good question. ^

Pardon me for saying so but although there is a significant amount of control/security freaks (no offense) who want to know every small detail about their PC’s, the vast majority of computer users prefer a balanced combination of security and ease of use from their security products…Although the ideal would be for each individual to have a security solution tailor made to their standards, this is impossible…so what a security software company can do is to achieve the best result in balancing the level of security and ease of use to accommodate the needs of as many people as possible…Forgive me again for saying so, but although you want to receive an alert for everything that happens in your PC, more people want to have security but also to be able to work a bit without answering alerts all the time…in this respect I think Comodo is on the right track…

With CIS you can be as paranoid as you want but default config is a balance between usability and paranoia.
So even with Firewall in Allow All Out mode D+ should catch unknown malware at execution and AV should catch known malware that’s why I don’t understand why FW with Allow All Out brings havoc on those 6 computers. ???
Indeed is no more set and forget for a paranoiac guy but that guy should know how to configure it to his needs.

I’d say Comodo made it pretty simple for you to save yourself over 100 hours of work!

~Maxx~

Not every software lets you control its updates and therefore needs to be controlled through a firewall. There are certain situations where someone may not want something to be updated automatically or at all. I don’t like ANY software updating without my knowledge because I have a couple that don’t play well together. I like to know how often software wants to go out and when. I want to read about the update first because I might not want it on my system. When I do decide to let something out (depending on the app) I often sandbox it with Sandboxie to see if it will cause conflicts. If satisfied that it won’t be an issue, then it can be installed on the real system. Please don’t ask me what software I’m referring to, because that’s not the issue here. The issue is I want to know before-hand (during installation), when my security has been compromised by Comodo lowering their standards and not after the damage it done.

I understand and appreciate the position Comodo is in. Often times they probably think they’re ■■■■■■■ if they do and ■■■■■■■ if they don’t because you can’t please everyone. All I’m saying is, don’t set a rule like “LET ALL APPS OUT” without warning the user and giving them an option to delete the rule during installation. That’s a dangerous rule to begin with because too many people have this false sense of security that they are 100% secure (safe) with Defense + and AV, so it’s ok to let everything out. First of all, nothing is 100% secure. When a Trojan or virus is first released, there is a time period (sometimes days to weeks) before a definition is released and it can do a lot of damaged during that time. People can argue that is where the D+ kicks in. The problem with that, it has become the “little boy who cried wolf too many times”. D+ is set to flag everything that it is not familiar with by default. Eventually, user’s figure this out and realize that there are a lot of apps like Pinnacle Game Profiler or Open Expert for example, that are not a threat, (but still flagged by Comodo as dangerous) so they add it to their own safe lists. This is ok because Comodo can’t keep track of every software release, so this is a reasonable work-around solution. However, I noticed some user’s, have seen this too often and now are adding everything to “their own safe list”. (MS went through a similar issue in Vista with the permissions thing and that was a HUGE failure. The majority of people either use TweakUAC to disable it, or they just click “continue” without any thought because it became a habit) Same thing with the “own safe list”, they now have rendered that feature completely useless and the LET ALL APPS OUT has now become dangerous for them to have it enabled on their system. This rule causes more harm than it helps.

Besides, in v3.x by default the firewall is set to “Safe mode” and that let’s everything out on the white-list. There wasn’t a need to loosen security even further than that.

I’m just saying, Comodo should have warned users that they added rules like that and give them an option to delete it upon installation, rather than assuming they know what users want or need.

I think that’s the definition of default settings.

Besides, they are removing that rule for V4.1 because there are many people who agree with you (at least about this one topic). I agree letting everything out by default was a bad idea, but for any advanced user the first thing they would do is shift into Proactive of Paranoid configuration and the rule would be gone.

I’m surprised you decided to stay with the default settings. :wink:

That’s really good news - thanks for letting me know.
Hopfully, there are no more surprises in future releases.

That’s no problem.

The trusted software vendors is also activated in Firewall.That’s maybe why some apps getting out without permission.
And Del the ‘LET ALL APPS OUT’