After hearing so many great things about CPF, I decided to try it. I installed Version 2.2.0.11 on Saturday. Now, for the inevitable newbie questions.
Is this the newest version?
I’ve heard that you shouldn’t surf with adminstrator privileges, so I’ve created another login name under which I’ll surf the Web as a “limited user.” My question is when I click in the Comodo Icon in the tray on the bottom when I’m logged under the limited account, I get a message that says somthing like, “Another user is using the GUI. Your computer is protected. You must wait until he shuts down.”
What does this mean and why does it show? Am I still protected while surfing under the “limited user” logon under which I didn’t install Comodo, or do I have to install it again under my limited account logon?
Also, we only surf the net with one computer, and we don’t have a netwok of home computers. In the interest of greater security, is it more secure to set up a “one computer network”? How would I do this if it’s recommeneded? Do I need to create a Trusted Zone if I’m only using one computer?
On the main CPF screen, is the IP address under the System Info tab on the left the IP address of my computer? What’s a “Subnet Mask?”
I have a DSL modem connection. If I click on my “LAN Settings” icon, and disable the connection here, does this protect my computer, meaning could I leave everything else connected and having this disabled would disconnect me safely from the 'Net? If I leave the modem on at night, but turn off the computer, am I still suscptitble to attacks?
Any help would be much appreciated. I applaud everyone at Comodo for making this product available for free. Furthermore, that you have such a great forum only adds to my admiration of Comodo.
This version of CPF does not support fast-user switching - although CPF will protect you fine, you will not be able to open the program from that account, unless you first log off the other account before logging into another. The latest stable CPF is 2.2.0.11 although there is a beta at version 2.3.2.21 which solves any issues with fast-user switching.
If you use one computer you don’t need to setup a trusted zone. CPF’s default settings will configure as needed.
Using a limited account reduces your privilages - which could increase your safety when browsing (for example new programs like spyware may not be able to install themselves without administrative rights, although you should be fine on an administrative account as long as you have up-to-date security with proactive features.
If your computers off you are not susceptible to attack.
2.2.0.11 is the latest official release version. All subsequant versions are Beta at the moment. One drawback to the beta’s is that they do not update. So if you choose to use one of the existing Beta’s, you would be guaranteed to have to uninstall and reinstall the next version you’d want.
I must also add however, that the Beta’s are top notch. Many good features and fixes… Just not so convenient with the uninstall/reinstall upgrade path.
Sounds like you were using the “Fast User Switching”. The current official release doesn’t play very nice with this feature of WinXP, although the latest Beta and the future release version will.
Yes, I beleive you are still protected as CPF is still running.
Although creating a Trusted Zone is not a must if yours is the only PC, it certainly could be convenient when making rules… Alot easier to select a Zone from a dropdown list than it is to memorize and type your IP Adress all the time.
That is correct, your PC’s internal IP address. Subnet is short for “Sub Network”.
In as easiest terms that I can muster, Subnet Mask’s help to describe what part of the IP address defines your machine, and what part describes the network (or subnetwork) that your PC is connected too.
If you look at an IP address it has 4 parts, separated by decimals… 192.168.0.100… If we then look at the Subnet Mask of 255.255.255.0, the part with 255’s define the network, and the 0’s define the devices (PC’s) on the network.
If the subnet mask was different between 2 PC’s with similar IP’s, they wouldn’t be able to see each other, as they would be on different networks.
The network in our example is 192.168.1 … leaving 0-255 on the last part of the IP address for other PC’s and network devices to join in.
If you disable the Lan connection, that is like turning your network card off… you’d be oblivious to the outside word… therefore safe.
If your Modem is on, but PC is off… you’d be safe unless your machine’s BIOS is set to wake up on LAN activity… which I don’t think is the norm, but a possibility.
This is probably a good time to mention Routers (with firewalls). These devices sit betwen your PC and your DSL modem. Anything that tries to go through to the modem to your machine is stopped by the router (unless you open holes in it, which are sometimes needed). With a router, it wouldn;t matter what you had left turned on, the firewall controls access to your PC/network, and it’s normal rules are to Block.
So why use software firewalls like CPF? The power of software firewall is to control activities starting from your PC… your friend sends you an e-mail with a virus/trojan they didn’t know they sent… it loads and wants internet access to download more bad stuff… the software firewall alerts you that this is happening… the router would say “I only block coming in, not going out”. The combination of a router and software firewall are highly recommended and very powerful.
Wow! Thanks for the well written, informative replies to my Qs. The support of the Comodo community was one reason I chose Comodo.
Now, for the inevitable follow-up questions–
Since I’m using the latest released version, will CPF automatically update to any new version changes?
Did my DSL provider assign me a static IP address? How is this different from the IP address of my computer? If I had a home network, would I have two IP addresses–the static one that allows me to get online and another that differentiates my computer and any others attached to it on a home network?
How do I know if my BIOS is set to wake upon LAN activity?
Is the subnet mask always 255.255.255.XXX for any given network?
I think I will try scanning my computer and see how that goes.
CPF will automatically update to the latest OFFICIAL RELEASE version. The beta versions that some of us have been playing with cannot be updated. This is to prevent “leakage” between officially released code and test code.
2) Did my DSL provider assign me a static IP address? How is this different from the IP address of my computer? If I had a home network, would I have two IP addresses--the static one that allows me to get online and another that differentiates my computer and any others attached to it on a home network?
Firstly, computers don’t have an IP address - IP stacks have IP addreses. An IP stack is the IP component that uses a network interface to send and receive data. In your case, the network interface is the USB ADSL connection to the internet. When you connect to the internet, the first things that is usually done (after authenticating your username and password) is for your ISP to allocate an IP address, net mask, gateway and DNS details to the network adaptor (your ADSL device) that is trying to connect to them.
If you had a home network, you would have another network interface in your PC and it would have a different "IP address to your ADSL device’s IP address. Private networks have reserved ranges of IP addresses - 192.168.X.X, 172.16.X.X and some of the 10.1.X.X range. Your thinking is exactly correct on this.
3) How do I know if my BIOS is set to wake upon LAN activity?
This depends on what BIOS you have in your PC. When you first switch the PC on, you will generally get a message on screen saying “Press XXX to enter setup”, where XXX could be DEL or F2 or ESC or F10 or something else entirely. The “Wake on LAN” function is usually under Power Management, or it could be under Advanced Chipeset. You will need to hunt around.
Golden rule - it you don’t know what something in the BIOS means, don’t change it. Seek help.
4) Is the subnet mask always 255.255.255.XXX for any given network?
Yes with an “if”, no with a “but”. It is usually because it’s the simplest way to set it up, but doesn’t have to be.
