I swapped to Comodo Firewall from Outpost Pro 3.51 after my subscription expired and I was unsure about the benefits of continuing my OP subscription and upgrading to the latest version especially since I wasn’t using many of its facilities. I have used a number of the main software firewalls over the years including Zone Alarm (still installed on my folks PC), Sygate Pro, Kerio 2.x and 4.x (the latter installed on another of my machines) and more recently Outpost Pro 2.7 - 3.51 on my main PC. Each of these have had their quirks and some good and bad features.
My initial impression is that Comodo reminds me a lot of a cross between Kerio PF 4.2x and Sygate 5.5 in terms of interface and how the rules are presented. The interface can be a bit sluggish compared to both Outpost Pro and Sunbelt Kerio 4.3 mainly when acknowledging alerts. Generally my impression has been very positive with this firewall with a few minor niggles that I am used to from some of the firewalls i have used in the past.
I would like a way to save the firewall configuration (preferably in a human readable format a la OP Pro 2.x before they encrypted them in the latest version or Kerio’s XML config saves).
I would like the ability to edit a rule upon creation i.e. when clicking allow and asking for the rule to be saved to have the option to check a box that would open that rule for editing so that it can be refined. I am running with the Alert frequency set to “Very high” as I like to get all the pertinent info about the request and then go in and setup the rule with the exact level of access I desire.
When entering IP addresses I would like the ability to enter a list of addresses in a similar manner to the ports. This is useful when setting up rules for DNS servers and mail servers etc. where you dont want to allow a range or everything withing a specific mask but just two or three addresses.
The ability to disable fragmented IP datagrams and protocol analysis for specific applications such as P2P where these being enabled seems to cause problems.
Ordering of application rules as per kerio’s packet filter so that for example an application specific block rule can be placed after its allow rules. Having to allow input in the network monitor as well as the application monitor is also a bit confusing.
When the component filter is in learning mode perhaps the protection strength shouldn’t say “Excellent” as this is not entirely accurate as any component is allowed but as learning is also clearly displayed on the same screen this isn’t a big issue IMO
I like Comodo Firewall and have decided that I will use it as the software firewall for my main PC without bothering to try the OP 4.0 trial as I am generally happy with its feature set, interface and level of security offered. This is a very good firewall as far as I can tell and is recommended in a number of security related forums that I trust which prompted me to give it a try in the first place. Hopefully as development continues it will go from strength to strength whilst still maintaining its focus on its core purpose instead of becoming another suite with features that cannot be uninstalled as seems to be the current trend.
Unfortunetly, unencrypted rule formats aren’t good ideas. What if the hacker can overwrite or change the rules? That would be too easy (my opinion).
There are switches for these (at least for the frag problem). You can switch them on and off be checkings. (Security tab, then at Advance tab, Advance Attack Detection and Prevention | Miscellaneous)
1. I would like a way to save the firewall configuration (preferably in a human readable format a la OP Pro 2.x before they encrypted them in the latest version or Kerio's XML config saves).
I would like the ability to edit a rule upon creation i.e. when clicking allow and asking for the rule to be saved to have the option to check a box that would open that rule for editing so that it can be refined. I am running with the Alert frequency set to “Very high” as I like to get all the pertinent info about the request and then go in and setup the rule with the exact level of access I desire.
I’ll second these two suggestions.
It would really be nice to be able to import, export, and merge rules from one computer/installation to another. I hate having to re-create many of my common rules every time I install CPF. Perhaps to address Arkangyal’s point, a password would be required to complete an import/merge operation.
It would be absolutely FANTASTIC though if I could fine tune rules before un-/checking “Remember my answer for this application” and clicking “Allow” or “Deny”. This would especially be useful for apps that use multiple ports and various combinations of TCP and UDP on those ports.
This was only for the exported rules so that you can for example manually edit them if you change drive letter etc. It also allows users to share “golden” rules see this Outpost Pro example of how it used to work pre 3.x. I wouldn’t suggest unencrypted config files for day to day running. Obviously there has to be a control on the import i.e. a password as per ShadesOfGrey’s suggestion.
Just to clarify I found the way to globally disable the switches as you describe but I would like to be able to do this on a per application basis as opposed to globally so that these would still be in force for everything except specified applications.
I agree on that encrypted and maybe password protected (what you can share with friends, group members, etc.) rules are fine, as you must see the password at least once (~so you know where the rule come from). I’d also make it possible to get view about the rules (so even if you got the password you can think it over). But if i’m right, maybe you want from comodo to create a simple Firewall rule editor tool, just to let you organize/edit rules. Just to update your idea, am i right?
Err… do you use applications on the same system working with different MTU settings, how???
Yes your updated idea sounds like a more secure version of what we used to be able to do in Outpost Pro 2.x where the rules were unencrypted as shown in the example link for Shareaza and could be viewed in any editor. In OP these were actually added as preset rules for given applications and thus if you started Shareaza and didn’t already have a rule in place you were given the option of using the preset (which you could then modify before applying it) or creating your own. This was the standard means of adding shared application rules to your presets often retrieved from from the forum linked in the example and inserted into your own preset rules manually (via a text editor) which is how the “golden” rules were shared between users. However your idea of an editor/viewer and encrypted “golden” rule files protected by a password or requiring a password to be imported into CPF would be great.
Alas no the MTU is fixed in the TCP/IP stacks registry settings IIRC and can only be changed upon a reboot. However the only application i have personally seen have problems with these settings enabled is eMule and various other posts on this forum seem to suggest that it is a problem usually found with P2P apps hence if it were possible to selectively enable/disable the protocol analysis and fragmented datagrams on a per application basis you could have maximum security when for example running firefox with these disabled when running emule.