I’ve been using comodo for a couple of months on a new laptop.
Pretty much everything in comodo is on default settings.
I left the firewall in training mode until I got all my software installed, and then switched to ‘safe’.
I took at look at the network policy tonight and noticed that all the rules that were made during ‘training’ are:
allow IP out | from IP any | to IP any | where protocol is any
a few programs also have:
allow IP in | from IP any | to IP any | where protocol is any
Having both these is basically the same as ‘do whatever you want’ isn’t it?
Is there any difference between these rules and the ‘trusted application’ predefined rule?
I’ve used @guard and outpost software firewalls before, and both would not do this during ‘training’. They would create more finely grained rules based on specific ports or port-ranges, direction and protocols. The ‘allow all’ rules would be seen as an unsafe way to use a software firewall.
I just wanted to get an opinion on this. Should I delete all those training rules and start again, but this time in safe mode, so that I can write the rules manually? Or is Comodo following a safe enough practise, balanced between security and ease-of-use?
Note that I did the same with Defense+. It was in training mode for a month, and is now in safe mode. I tried ‘clean PC’ mode, but hated the ‘my pending files’ thing. Is the security policy is safe if it was created by the training mode?
Finally, every two hours or so, I lose my internet connection and ‘repairing’ displays a DNS error message. I have to switch my router & cable modem off for 15 seconds, and may have to do this two or three times, before I get back online. I think my either the wifi router or laptop is finding it difficult to get/renew/maintain an IP by DCHP. I haven’t had time to research it yet, but could Comodo be blocking DCHP data? Unfortunately I got my new laptop, Vista, wifi router and Comodo all at the same time, so it is quite hard to determine where to start looking for the problem.