I am trialling Comodo for the second time. Congratulations on a much improved product.
I have a very important question, though…
As far as I can see, the rules which can be seen and manipulated by the owner are (ceratinly to start with) very trivial. We seem to be told that the various monitors have special knowledge about applications and their behaviour. This ‘special knowledge’ does not seem to be available to the user.
If I can’t see what the firewall is really doing, how do I know that it is really doing its job? A good analogy would be that no encryption scheme is trusted unless its algorithm is known and public.
Another question - I am sure you check the version number (if there is one) in executables. Do you also keep MD5 (or better) checksums to ensure that “executable substitution” has not occurred?
I think if you downloaded the 2.3.1.20 Beta & selected Manual config, you would be able to set the verbosity level as high as you’d like… CPF could prompt you for every port, every protocol, every parent, every application, etc… if you want it to be set that way.
One of the ways to test your firewall is to run “leak tests” on them to see if your firewall is leaking or not.
the best place to find this is: www.firewallleaktester.com
Comodo Firewall passes all of them apart from WallBreaker 2 (BTW, this is more than any other firewall in the market today, so you have the most secure firewall). WallBreaker 2 is a theoritical threat with no exploits in the wild, hence we are spending our development resources in making CPF better with better features, HIPS etc.
Sorry about this being off-topic. The Firewall Leak Tester site is indeed a good site, with lots of leak-tests to try. But, the score/results table looks horrible for Comodo. It’s not been udated since 11-Mar-2006, the CPF version referred to is 1.1.005 & it only scores 3 out of 10 (blocking only 50% of leak tests). If someone looked at this site looking for a good firewall, I don’t think they would even give Comodo a chance.
