For the longest time I’ve used Tiny Personal Firewall 2005. I really enjoyed the paranoia and rules-based functionality it had (Helps me block ads in AIM), and to this day, I won’t own and operate a desktop without that. When I switched to an x86_64 platform, even though I had to scavenge the net for it, TPF had an x64 version and came along with me. Sadly, having been discontinued software, it was no longer updated, and if I were to apply Windows hotfixes that modified the kernel, including SP2, to XP Pro x64, it would blue-screen on reboot. I had been stuck on XP Pro x64 Service Pack 1 for at least two years and .NET and ATI’s Catalyst Control Center didn’t work, but TPF kept me safe.
A few days ago, I decided it was time to move on. I felt it was probably best that I actually got rid of TPF and finally update. I found out about CPF and figured I’d give it a spin. I got the latest 3.0 flavor and installed it on my auxiliary PC with Vista (32bit). Configured it, poked around. The Defense+ module in Paranoid Mode did what I needed it to do, so I made the switch. Now, with CPF, I can actually run Windows Update, and ATI’s CCC actually works.
Of course, having used TPF for years, I have found a few things in Comodo that I’m probably just going to have to get used to:
One of the main irks I have is that Comodo doesn’t differentiate between a program trying to run and a program trying to launch another program. I’ll use explorer.exe in my example. I don’t mind when Explorer tries to launch certain programs, like the calculator or Solitaire, so I’d put it in my Trusted programs list. Explorer’s my shell, it should have access to my system. If Explorer should decide it wants to launch a program that I don’t trust or don’t know about, TPF would give me a popup saying “I don’t know what this program is, but it’s trying to run. What do you want to do with it?”, and it give me options, including one to kill it. Comodo, on the other hand, would actually end up running the program and I wouldn’t be alerted till it tried to do something naughty. Then I have to load up Process Explorer or Task Manager and kill the ■■■■ thing before I can dismiss the security prompt (So I don’t have to deal with more). In short, I’d like the behavior where if a program loads and Comodo doesn’t have any rules for it, I would be given the option of killing it.
I also don’t have any idea what the Cancel button does on the alerts. I don’t know if it automatically blocks or automatically allows.
Everything else that comes to mind right now is pretty minor. I wouldn’t mind being able to select where the alerts pop up (Any of the corners of the screen, or the center. Might want to be able to select which monitor, for those multi-display people).
Edit: Another thing I’d like go suggest is a big Undo button on the notifications received while in Training Mode, and maybe a popup list of all the newly recorded actions once Comodo is finished learning. I figure if something unacceptable decides to run while CFP is learning and generates a few rules for itself, the user should be able to preview as well as veto those changes. Any thoughts?