still on comodo 3.14, update or not ?

hello comodo people,

do you think that this new comodo 4 is working good enough to replace comodo 3.14 about the FW and the D+ ?
are you happy with this new version or are you still on comodo 3.14 ?

i hesitate to install this new version as comodo 3.14 is working very good here.

i tried the comodo 4 on some VMware OS and i’m not sure that the sandbox is that trustable, i don’t know what is blocked, what is not… it works without any infos…

what do you think ?

Install v4.0, choose Proactive Security and disable the Sandbox. Don’t import your settings from v3.14. You’ll have to retrain v4.0. You will have the same performance you do with v3.14. I would wait a while to enable the Sandbox until they get it working better in future versions.

Exactly what I would have said (but I would change one thing). The performance is not the same as with V3. With those settings you will have the same protection, but with less popups. The sandbox is the only problem.

Oops! I agree. The performance may not be the same, the protection is the same. :-TU

Not exactly. The protection can be considered slighter higher if we evaluate Defense+ alone on that bug that affects versions before 4.

See related thread: https://forums.comodo.com/install-setup-configuration-help-cis/should-i-up-to-v4-t54299.0.html

I went from 3.14 to 4.0 and back again. 4.0 was slower and buggy but showed promise. I need to know that the latest CIS has corrected all the problems including the sandbox before I try it on this business system again.

I also made a few trips back and forth :-. In fact, if my experiment with SRP tomorrow works well, I may even drop Defense+ and just stick with plain old 2-way firewall.

I think I’ll stick with v3.14 for the time being. Lets see how this goes. Maybe comodo will reach the v4.1 it’ll be the right time to leave v3.14 that way this will give them more time to resolved issued and problem with the v4.0.

Would you agree with me and not rush into v4.0 CIS :wink: ??? until they are fully ready, and I believe the v4.0 platform is still to early and buggy.

Yes. If lucky it’ll be like what history dictates in CPF/CFP 2.x and CIS 3.x

SRP is good only if you have LUA and then its good only if you NEVER install anything new. Coz if and when you do, its a bitch. I know I’ve tried it with SU-RUN and what-not. Its way too much trouble. Besides vbs/wsh attacks are still possible.

IMO, 3.14 is good to go for a very long time, atleast for my kind of setup (=anti-executable type i.e clean-pc/safe + parental controls). :a0

for me, the sandbox ruined cis. :-\

lol. I can already see the annoyance. Navigating to that screen takes roughly 6 clicks with shortcuts included (fastest method I found so far). But then again, I also find it slightly annoying with CIS to have to:

  1. double-click CIS tray icon

  2. click Miscellaneous

  3. click Settings

  4. enter password

  5. press Enter (a bit quicker than having to move the mouse first then click OK ;D)

  6. click Parental Control tab

  7. click to disable Parental Control

  8. press Enter

  9. install program

  10. possibly switch to Installation Mode if it’s a non-portable program

  11. complete house Defense+ chore (i.e. check my pending files list or purge them)

  12. switch off Installation Mode

  13. possibly need to manually sort Defense+ rules (if one is a real clean freak like me)

  14. reverse all steps starting from #8 (with the added nuisance of having to click else and then back to Parental Control due to the bug)

This process seems quicker than one might think. Or maybe I’ve been doing it for so long that I’m used it? ;D

I’m so used to version 3.14 and to date I am still not sure how to really utilize the sandbox so I just disabled it and have it on proactive defense and everything has that good old version 3.14 feel again.

@ soya

Arrrrgh. are you installing stuff from astalavista.org or cracks.db, that you need d+ active??? ;D

I do it the easy way.

  1. right-click CIS shield.
  2. navigate to D+ and click “disabled”.
  3. type password (mine is “v”)
  4. install program.
  5. right-click CIS shield.
  6. navigate to D+ and click “clean pc mode”
  7. type password.

99% of my “new” program installs are version upgrades, and honestly firefox is the only thing i upgrade (opps forgot AxCrypt). ha. I haven’t needed/installed a new program in ages.

Programs I use: Metastock, Excel, 2 softwares for trading (which in-explicably access the system32 directory), firefox, iron, kmplayer…

I use utorrent and other program in a vbox without any security.

You really are using it as an anti-executable in the purest form ;D. I thought: why not make use of installation mode that Defense+ offers? (certain) HIPS have that one advantage that AE’s don’t - just as an added insurance in case our trusted installers happened to be corrupt if you know what mean. Because installation mode allows up to 3 levels parent-child executables to load without alerts, and just in case anything beyond that there will be alerts and one should be suspicious. (BTW my password was “a” ;D).

On this subject, CIS 4 dropped Installation Mode. Just FYI for those who don’t know :-.

“a” - :smiley: My initials are VJ hence the “v” as password.

v4 introduced a lot of changes; some overt some under the hood. I wonder why line of thought prompted it. My feeling is the acceptance of 64-bit windows in the mainstream. As we all know 64 with patch-guard is impossible to protect in a fool-proof way. Hence the next best thing-policy restrictions. There’s a guy on a security forum whose made an art-form out of this. grin

Honestly, I love an AE. Simple, effective and elegant. And, there is always ubuntu on vbox to do whatever browsing/torrenting/downloading etc one has to do. To try out software there is always xp in vbox or even 7. I use vbox like Returnil. Do my business and then restore image=> all the stuff reset to base-one.

I am very comfortable with v3.14 and so will a lot of power users, my advice stick with v3.14. Its good enough for everything. A good example is ProcesssGuard from the defunct DiamondCS. On xp its unbeatable and totally effective. Combines with a simple AV it rocks forever.

I feel that for windows 7, 32-bit (me) cis3.14 is 4-life. :-*

…until they quit supporting the AV database updates.

That has no effect non-AV users :slight_smile:

No kidding! ;D

[quote author=Soyabeaner link=topic=55043.msg387902#msg387902 date=1270987423]
You really are using it as an anti-executable in the purest form ;D. I thought: why not make use of installation mode that Defense+ offers? (certain) HIPS have that one advantage that AE’s don’t - just as an added insurance in case our trusted installers happened to be corrupt if you know what mean. Because installation mode allows up to 3 levels parent-child executables to load without alerts, and just in case anything beyond that there will be alerts and one should be suspicious. (BTW my password was “a” ;D).

On this subject, CIS 4 dropped Installation Mode. Just FYI for those who don't know :-\.
It is still there when you disable the Sandbox. In that case you get the old Installer/Updater policy back.