I changed from ZA Pro to Comodo and I like it very much…
My questions is why when I allow a program, the default settings aloows it “in and out” tcp, udp otr both? Many programs do not need both “internet and server” rights.
ZAP could let me choose when the program had to access the network.
I do not want to have “normal” program to have server rights. Only those like Skype used to have server rights before.
Is there´other settings that could let me “choose” first time the program starts…
You can adjust the pop-ups to your needs. By default the alert level is set to LOW (will show alerts for outgoing and incoming (or act as server) connection requests for an application). You can adjust it to VERY LOW and therefor only getting one pop-up for each application by going to: Security>>Advanced>>Miscellaneous. In the current version I don’t think it’s possible to differentuate the rules for ACTING AS A SERVER. The good news is that the next version is due to come out in Beta at some point this week and is going to include a Host Intrusion Protection System and is rumoured that it’ll be a completely different ball game. It’s been a long awaited Beta (Since December). I’ve been using Comodo for some time now and it keeps getting better and better and have had very little problems with it.
On a competely different note, you might also want to check out the next version of Comodo BOClean! Version 4.24 is due to come out possible this week as well if not the next. It really saved me when I downloaded a program that contained a trojan. It even picked it up and removed it before my antivirus had a chance to catch it.
Act as a server has a different meaning for CFP than for ZA. In CFP it only means that the application is prepared for a connection; similar to a “listening” port. As I understand it, ZA gives the alert for applications that are actually connecting.
A any rate, for CFP, it is not necessarily a thing to be concerned about.
Yes, acting as server means only establishing an inbound connection. You must have the alert level set to very low (?), that means one allow-all rule for each program+parent; at low you give separate permissions for inbound and outbound connections (what you want I reckon?); at medium CFP also discriminates between TCP and UDP connections; at high it uses different rules for each port too; and at very high for IP as well. Even very low can be safe provided you specify the parent for each program.
ZAP alerts me when a program like Skype will have access to internet and act a server, meaning incoming and not only outgoing, why Word or IE7 only needs to have outgoing access…
I feel a bit unsecure not beeing me “allowing” but just saying “yes” to everything in that program.
I use also Antivir Premium… and in ZAP I allow only outgoing access in CPF it’s showed access in both direction…
I’m sure I’m safe, but I just “feel” I’m not… without the double warning.
I told you yes you can have separate warnings and rules for outbound and inbound connections in CFP. Just move the alert level from “very low” to “low” or higher if you wish. Here at work I don’t have CFP installed but I think you could set this up in Security > Advanced.
It’s in Spanish but I guess you can identify stuff. “Entrada” measn “In”, “Salida” means “Out” and “Baja” means “Low”.
Oh wait I think I know what’s happening. If you want separate in and out rules to be created you must set the level to low, but also delete the in/out rules created at very low, so that new rules can be created, otherwise the old ones created at very low will stay in place unless you manually edit them.
Let me add something since you mentioned using Skype in a hope that it might help you understand how Comodo works.
I have such rules for Skype in Comodo app monitor as Allow:
Any Any TCP Out
Any Any UDP Out
0.0.0.0 20293 TCP In
These rules are as a result from running CPF with a “very high” level of alert frequency and then widened up as I edit them to allow more so as not to get any more popups but having quite a restricted rules to applications.
Last one is for incoming connections to “address” 0.0.0.0, and my specific higher numbered port that is specified in Skype connection options.
But I could almost just as well and this is also what I want to point out to you, allow skype also all incoming. And thus use that low level setting you were talking about. Why?
Well, if you look at the Comodo Network Monitor rules. There are by default no incoming ports open for tcp and udp.
Most applications these days, Skype included, don’t need to listen to unsolicited connections. They work with SPI (or pseudo SPI in UDP) connections.
So unless you have some program(s) that need to open a lots of unsolicited listening ports in network monitor, it really is not much risk having applications allow all incoming too in application monitor rules. You should not open any network port lower than 1031 !
I have only one higher numbered port allowed cause utorrent bittorrent client needs it and also another higher numbered port for my netphone program.
But regarding making tighter rules in app mon, usually you need to only allow for incoming tthe localhost address 127.0.0.1 and in some cases like Skype to 0.0.0.0.
And then for outgoing connections you can restrict browsers as an example to ports 80, 443 adn a few others. For Comodo making it safer, it is desirable to restrict outgoing connections in application monitor rules.
Comodo is different than many other firewalls since network and application monitor rules are separated.