Overall viewpoint of a new user

Rik · May 8, 2007, 5:46pm

My last firewall is Outpost. I also know Zone Alarm (too simple) ad CoreSecurity (too detailed to be handy, is almost a debugger!). I also know Ashampoo and many others.

I was giving a try to Comodo. This is my opinion at a first glance.

I see these problems (maybe I’m wrong):

(1)
When Comodo alert for an inbound/outbound of an application on a specific port, the rule is set ANY on address/ports. This is equivalent to trusted application on other firewalls. This is not very good. :-[

(2)
In the case 1, if you try to edit the rulee (e.g. Outlook port 25), if the OL try to exit on other ports (e.g. 80), Comodo alert “Comodo is trying to exit on port 80” correctly but if you say “Yes is right, remember”, Comodo invalidate the limit of port 25 deleting that rule or in other cases creating a new rule that say “Go wherever you want!” (ANY for address/ports). This is even still worst than case 1 because destroy security without advice! :-[

(3)
So, I can’t make rules based on ports unless I decide to never say “remember” if a Comodo alert arise (because if I do, that could change existing trimmed rules).

(4)
If on the contrary I want to create limitation with specific rules (e.g. Outlook not able to exit on port 80) I encounter another problem: rules priority. What Do I mean? Let’s say I accept the auto-rule of Outlook any/any. I create a new rule where OL is blocked on destination Any, port 80. Until this rule stay on top of OL rules it works, BUT, if you touch manually or automatically another rule of OL, this lock on port 80 stop working because the other rules come first.

(5)
Related to point 4, to make the lock rule be on the top of other rule of that application, the only way is touching (open/save) all the other rules (the touched go bottom). There are not arrow like those in
security-network monitor (move up/move down). It should be simple to implement and very useful to have.

In other word, at a first glance it looks manually unmanageable.

pandlouk · May 8, 2007, 5:50pm

Welcome at the forum (:HUG)
You must change the Frequency alert level from low to High.

CFP is the most configurable firewall that I have ever used. It is good for novice users and e great toy for the advanced ones. ;D

Rik · May 9, 2007, 8:31am

I don’t see how it could help with the 5 problems above.

Yes is configurable, but it is also auto-sconfigurable!
And the rules it auto-creates don’t respect what is asked in the alert!

If it say:

“Hey guy, Firefox is outputting on port 80. Is that right?”
and I say
“Yes and remember”,
and looking the rule saved I see the statement
“Let Firefox exit on ANY ports for any Address”,
it doen’t seem something sound!!! :o

It is the first firewall I encounter that act this way (letting apart those like Zone Alarm Free that don’t manage ports by design).
So, to me, it seem a half way from a very simple firewall like Zone Alarm Free and a complete firewall that really manage the application ports like Outpost.

grampa · May 9, 2007, 11:36am

Very true!!!

If you set the “Alert Frequency Level” to “low” (default), CPF will only display alerts for unknown applications (if “Component Monitor” is turned on, it will also alert you if an allowed application contains a new, not yet allowed component). Thus it will create quite general rules in “Application Monitor” when you say “allow and remember”.

If you set the “AFL” to “high”, CPF will show alerts for outgoing and incoming connection requests for both UDP and TCP protocols on specific ports for an application. If you then tick “allow and remember” your rules will be more specific. You can also set the “AFL” to “very high” and get even more specific rules in AM.

If you leave the “AFL” set to “low” you can edit a respective “application control rule” to make it more specific.

Thus:

is very true indeed.

(R)

Hope that helps.
Cheers,
grampa.

pandlouk · May 9, 2007, 1:42pm

If you set the alert frequency level at high, CFP changes the mode of controlling the rules and instead of automatic it goes in manual mode. The rules will not be generic but very specific. And CFP will not change the rules that you create.
If you want even more control you can use very high, but you will have to create rules for specific IPs too. This one is a “paranoid” level of security and CFP will bombard you with popups until you configure it.

Little_Mac · May 9, 2007, 6:05pm

One thing to note, in regards to the Alert Frequency…

By default, AF is set to Low; this will provide only details of Application, and Direction of traffic (ie, Out or In). If you leave it there, and create a rule in the Application Monitor that contains more information detail (such as Protocol or Port), the next time you check “Remember” and click Allow for that application on a popup alert, the detailed rule you created will be overwritten by a more generic rule, as the rules are written based on your AF level. If you want more detail, you have to increase the AF level, as grampa and pandlouk have noted.

LM

Rik · May 10, 2007, 7:55am

GREAT!!! :BNC (V)
I suspect I must lack something because everywhere I see great score to Comodo FW.

However, I think these “problems” must be consider because many other users, advanced people I know, uninstall Comodo for this problem! Beeing a freeware and looking simple, nobody suspect it could have such important features in submenus. I have spent 2 minute looking for it after reading your answer, and finally found it using “Search: alert frequency” in the help.
(…and Alert frequency sound like “Change the timing I alert”. It should be more clear “Alert level” erasing Frequency that is only a consequence).

However this main feature of the FW shoul be in main window, not in Security-Advanced-Miscellaneous!!! :THNK

With this simple grafic restyling I thing Comodo will get MANY more users, avoiding many uninstall after a little try.

Thank you very much for your help! (:HUG)

grampa · May 10, 2007, 8:45am

Glad to hear that you are happy with CPF.
I agree that Comodo is “hiding” some of it’s real potential from the first time user. I’ve been using it for quite some time now and can still learn a lot about this magnificent firewall.
However, IMO that’s the price you’ll have to pay if you want a firewall that offers the best possible protection: it’s bound to be more complicated to set / to discover all its features.
I think it’s great that you didn’t give up and posted your observations.
If you have any further questions, plz do not hesitate to ask.
We’re always happy to help.
Cheers,
grampa.
(CNY)

Rik · May 10, 2007, 9:29am

I will help others first users of CPF here in Italy avoiding them to uninstall after the first try!

Putting the Alert Frequency Level in the main windows should anyway be a great solution for the first user. I’m sure will avoid many uninstall.

grampa · May 10, 2007, 9:32am

(:CLP) (:CLP) (:CLP)

Little_Mac · May 10, 2007, 3:34pm

A couple more things to keep in mind, Rik…

There is an Italian forum here; that may be useful to you as well
In this thread: https://forums.comodo.com/index.php/topic,6167.0.html you will find “Set & Forget” configuration information that may be helpful, as well as some other good info, all in one nice neat place.

LM

Opus_Dei · May 17, 2007, 9:38pm

After playing with it quite a bit and studying Application rules sets both in the forums and using the Application I have found that Whan adjusting the order of the ruls in one set the order of anouther set will automatically readjust itself.

While I think Comodo is potentially one the best Firewalls available to the general consumer, that can be puchased or freeware. These problems also make it more difficult for the advanced users. After reading this Thread I have moved The (AFL) Alert Frequancy Level to high and will continue to play with it some more. I was just disapointed when I saw the great potential that Comodo has. Perhaps I have not worked wih it enough yet. Also V3 could change everything

I think (R) And I have great hopes for V3 :BNC

Opus