v3 should be simplified & re-organized

I’ve been using v3 for a couple weeks & offer this summary of my experience for Comodo & others:

  1. Organization is overly complex for a security utility; it simply makes no sense and renders v3 unintelligible for even a slightly above average user:

[a] what is the difference between Firewall & Defense+ ??? according to the Help, Firewall blocks intrusions & Defense+ monitors executable. Uhh, come again?! So why can I define “Trusted Apps” in Firewall (isn’t apps Defense+ Territory?) but “Trusted Software Vendors” in Defense+ (why can’t I have this approach with Firewall?)

[ii] What’s common & what’s advanced & who decided such things? Who decided, for example, that “My Port Sets” is common, or “Stealth Ports Wizard” (?!?!) while “Firewall Behavior” (including the 2 most common tasks possible: “Firewall Sec. Level” and “Alert Freq. Level”) is advanced (?!?!). Or is the basic breakdown really between “Common tasks requested by p2pers & gamers” and “Advanced tasks for simpleton users that should use Comodo only out-of-the-box”. Again, the developers seem to have become lost within their own convolution. Ditto for Defense+.

[c] combine these 2 points and end up with 8 common tasks & 4 advanced tasks for Firewall, and 9 & 4 for Defense+ – Defense+ must really be serious business, since it’s one more! (to paraphrase Spinal Tap). That’s 25 categories of places to check to understand your security configuration.

[d] Why the differences between “Predefined Security Policies” for FW & D+. This makes the pop-up dialogs confusing. Parts of WinXP cause alerts in both categories, yet for FW I can’t label something as part of “Win Sys App”. Technically there may be some basis for distinction, but in reality this only causes confusion for users. Why, for example do I have to categorize %windir%/explorer.exe in 2 different ways. Maintaining separate FW & D+ lists, without any synchronization between the 2 is completely misguided in my book … more unhelpful convolution.

[e] And I haven’t even counted Miscellaneous. Does this seem insane to anyone but me, for a security utility? This is like the US Tax code : corruption through obfuscation. This detracts unfairly from the confidence a user can have in this powerful security utility.

  1. v3 is not fully compatible with the minimized security model of WinXP Home. On the “advanced” Defense+ Settings, I activated “Block unknown reqs if the (Comodo) is closed.” This sounded like the v2 options of “secure computer until comodo initialized” or similar. It’s not. In fact, it completely disables WinXP login, which of course occurs before Comodo is initialized. Defense+ Couldn’t recognize WinXP logon as safe, even after I’d been allowing logon for weeks, and constantly adding "Win. This completely disabled the computer until I could disable this setting through Safe Mode.

  2. For basic functionality, D+ “Comp Sec Policy” window simply doesn’t work. It fails to properly collapse apps into the categories that I painstaking define. And for some reason, it continually add redundant entries for certain apps, even if I make them “Trusted” everywhere I can find. AVG anti-virus is the most annoying example.

  3. Again, really basic functionality: “Define New Trusted App” is a “common task”. OK, good one. So why isn’t “Review my Trusted Apps” just as basic. I still haven’t found this one, wherever it’s buried in the 25+ task windows.

… I’m done for now, but I’m sure I’m not done done …

08.dec.2007 edit:

  1. Yet more basic functionality: reviewing files that are “waiting for your review” opens a window that is quite buggy. It has a “select all” tick-box and “Remove” and “Purge” buttons. These simply don’t interact well. Plus, for a windows application, why isn’t it easier to select a subset of, say, 20 related files … such as after I uninstall “AppleMobileDevices” bloatware that accompanies an iTunes upgrade – shift+arrows followed by spacebar (standard windows keystrokes) should allow me to quickly select this subset of entries. “Purge” button simply doesn’t purge reliably (poor interaction with subselection and “All?”) and tends to send an unintelligible message: “All entries are valid”. What’s that about?

  2. v3 seems to be unable to handle or interpret short windows 8.3 names. Look what happens to my “advanced” D+ “Computer Security Policy” every single time during boot-up. I’ll let you calculate from the window height and size of the scroll bar just how many custom entries v3 creates for the popular AVG antivirus software … which has been working perfectly for years without any intervention:

http://homepage.bluewin.ch/ditommaso/hidden/v3csp.jpg

I will answer #1. CPF is basically a 2 in 1 application. They could of made both modules into 1 similar to online armor but that would not offer near as much functionality or tuning. The seperation of these also means 1 module can be turned off while the other can stay on.

The firewall controls the internet access and the defence+ controls system processes.

A firewall will stop a keylogger or virus from downloading extra viruses or sending logs while defence+ will stop the keylogger from installing and recording in the first place.

If you think of comodo as 2 applications it will make sense.

Sorry, but for me that explanation has gaps too large to ignore. Mostly, this does not at all explain for me why completely separate component entries (FW vs D+) are necessary for each file (eg, %windir%/explorer.exe).

Further, Comodo themselves describe the minimum requirements for a reliable firewall here.

As I’ve already posted, v3 Firewall alone fails 2 of these 3 tests. The solution? Enable “Defense+”. This proves that V3 Firewall alone is not even acceptable to Comodo, so there are definitely not 2 applications here. There’s a poorly conceived, and overly convoluted application that will alienate average users rather than serve Comodo’s self-professed prime directive of “empower[ing] consumers to create a safe and trusted online experience whenever [they] go online.”

I’m afraid the only thing v3 empowers me to do is find a new firewall app … one I could safely install on my wife’s laptop, as well, without ruining her online experience.

Like I wrote initially, there may be technically there may be some basis for distinction, but in reality this only causes confusion for users. It just seems that technical experts took over the v3 project, but however astounding their technical prowess, they left users way, way behind.

During installation you have the option of custom settings. You have the option of average which may reduce the popups a lot.

And another point. The seperation of these modules also means you could use other products which serve the same purpose which maybe easier for you.

One more request that perhaps I have overlooked is,

When I set the Firewall Security Level to “Block All”

WHY IS THERE NO VISUAL INDICATION THAT IT IS BLOCKING? The systray should at least turn Red or something.

If you set it to block and start doing something else and forget, my god, it’s annoying trying to figure out why you can’t connect.

That to me would certainly Simplify this program.

That’s exactly my point … other products!

v3 will drive people away from Comodo. what a mistake!