User Fear

I have a suggestion that COMODO forums, specifically some of the FAQ writers, tone down how much fear they seem to be trying to instill in users.

These security suggestions can be said with less of a fear campaign mixed in.

I really hate reading fear posts, basically knowing how risky of a user you are determines the need for more of less security.

This is what i mean:,979.0/topicseen.html

cheers, rotty

Hey rotty,

“Yes” with an “if”, “no” with a but". While the tone or the language may not be perfect, we should all bear in mind that the authors of the FAQs are not professional writers and some don’t even use English as their primary language. Despite this, the respones are, on the whole, accurate. The hardest bit is trying to write an answer that doesn’t go over the head of the intended audience.

The example you quoted is a good example of both our points. It started with a relatively simple question from a new user. The facts in the responses answered the question, but probably provided too much detail.

If you want to help, please feel free to contact the moderators if you see a posting that you think is too harsh. We all want to provide answers in the best manner for Comodo users.

Thanks for your observation and good to see you on the forums.

ewen :slight_smile:

OK, maybe i did not explain myself well enough, the writings seem to try to instill too much fear into the person reading it, so that they will use not necessarily needed firewall software.

cheers, rotty.

Hi rotty,
since it seems you are reffering at me, will you be kind enough to point out fraces that instill too much fear to readers? Also give some hints on how to modify them for being less “aggresive”.

I will change them.


I understand Rotty’s point of view. However, I’m unable to explain the reason why everyone needs a firewall without it sounding fearful. Hardware Firewalls do well but still things can get through that’ why software firewalls are always required whether you connect through a router or not. (It’s the dangers of not having a software firewall that is impossible to explain in a nice unfearful way).

Have you got an example of how to explain it without instilling fear Rotty?


Hi rotty,
Are you saying by instilling fear into the person reading they will NOT use a firewall?

On a related note, I tell everyone I know to use a firewall and usually get a response of “I have xyz company ISP and they protect me with software”
They think incorrectly that their ISP is protecting them.
Usually these friends are the ones that call me and ask for help fixing computer that has gotton some nasty bug.
I think the biggest hurdle for firewall makers is a balance between ease of use and protection.

My personal opinion on the article is very general in nature answering basic questions and doesn’t instill fear.

I would also welcome the changes you would suggest so people would be clear about the need and that fear shouldn’t enter into a decision.

I would call it common sense to keep your doors locked if you live in a neighborhood where there are thousands of people walking by your front door :slight_smile:

Thank you for the valuable input.

Dr Pete

I am concerned that if you put TOO MUCH fear into an article, people will shut their minds to the message and reject it accordingly. When i was reading it, i thought it was too much, hence i ignored it . The Risk/Cost was not being quantified, if a person was to download and use every free thing on the internet IE. Free POrn, Illegal software, new sites , Smiley packages then you are stuffed, with or without the firewall.

One point that is forgotten is that Windows xp Needs to stay up-to-date for the firewall to fully protect the user.

If you keep Java, windows and flash up-to-date, your browser up-to-date and running as a restricted user is the most important, then comes CPF.

With the above active, and a safe user you would not need CPF. Although if you need to run as admin (Like i do), and like to try new sites, then CPF is more needed.

cheers, rotty

I never claimed it is an article. And for that reason the risk is not quantified. The risks depends of the activities of the users. If someone don’t use internet for transactions, the risks are less from those that buy or transfer money through the net.
There is no need to download something. When you open a page things are downloading at your hard disk. Or do you browse by viewing only the text of the pages? Images, java apps and activeX progs can are downloaded during your navigation. Legitimate sites get infected too. At april some old printer drivers from HP where infected by a virus.

One point that is forgotten is that Windows xp Needs to stay up-to-date for the firewall to fully protect the user.
It was not forgotten. It was not a general guide for what you should do for staying protected. It was about if a user should have a soft/firewall or not. That is why I don't mention other kind of protection as hips, sandbox, etc.
If you keep Java, windows and flash up-to-date, your browser up-to-date and running as a restricted user is the most important, then comes CPF.
This depends on the priorities and the needs of a user. If a service on windows is disabled it is not crussial to be updated. ( I will add this, reminding that the system and the security software need to be updated)

But I’ll ask you again. Please point the fraces that you would like to be changed and write how to change them. :wink:


OK. fair enough.

I personally think that their are more important aspects to put emphasis on then having a software firewall for the issues brought up such as getting infected from a malicous site.

anyway, for the purpose, it is fair enough.

Cheers, rotty

My Personal opinion is at the start of the article
Add 2 steps

  1. Make sure Windows is fully up-to-date
  2. If you can, run as a restricted user
  3. Have good anti-spyware, anti-virus (Maybe Comodo, when out of beta ;D )

If you have a Privilege excalation vulnerbility then running as a restricted user, and if their are vulnerabilities in windows such as the DNS Remote access and other problems. THen CPF is not going to work. IE. You go to a site, and their server attacks you, the firewall will not help because you initiated the connection. And if the vulnerable service is listening.

cheers, rotty

The latest BETA does help you to prevent such bufferverflow attacks that can cause priviledge escellation for Windows XP SP2 and later. It activates Windows Data Execution Protection during the setup.

For example, you can try to create a sample buffer overflow and see it will be detected and terminated.

I gather this would NOT change the default XP pro SP2 install from “/noexecute” option. If you are meaning that the firewall would “optin” for DEP for it’s own service, then i cannot see any problem.

Otherwise this needs to be considered as a possibly problamatic action if you are editing the Boot.ini /noexecute option.

cheers, rotty

My second point is that if you were to miss one pop-up and gave a virus access to a process so that it could exploit it, and gain root permissions, then a rootkit or backdoor could be installed and the process could be infected. From their-on-in you would not know that you have a compromised computer.