COMODO FW is good!

polonus · May 27, 2007, 5:02pm

Hi malware fighters,

No so enthusiastic about ZA 7.0. When you use the COMODO Firewall, you have to read this here:
http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php

And then it is free for life,

polonus

P.S. Click the picture to see the dragon fly!

Lisandro · May 27, 2007, 6:04pm

Glad I’m using the best ;D
Comodo is on the top of the list 8)

system · May 27, 2007, 6:24pm

wish i could of used comodo firewall but no matter what i did or tryed to do…it would block me for accessing the world wide weird world of the internet :
now it’s dragon’s damian ;D

click on both :

DavidR · May 27, 2007, 7:32pm

Personally I don’t like this guys methods and I think his scoring sucks, why 125 points for a default setting and 100 points for tweaked setting. What is wrong with 10 and 7or8 this is a similar weighting and doesn’t produce huge differentials that look like one firewall is considerably better than another or one is useless when in fact they are very much closer and more than capable of protecting the user.

The higher the score, the better the firewall performed against the range of leak tests. For every test the firewall passed on its default settings it gained 125 points. For those tests that the firewall failed on its default settings but passed on its highest security settings it gained 100 points. The number of tests per firewall settings is 77. Thus the maximum score is 77 * 125 = 9625 points.

This just produces big numbers and skews results on his one self-made test where he is out to hit Outpost because it can detect the detections and by all accounts, you only have to search for matousec on the outpostfirewall.com forum to see what they think of his tests which I believe included modifying one of the outpost files. He also offered to tell agnitum of the vulnerabilities as he saw them if they paid for the information, they refused to pay.

Lisandro · May 27, 2007, 9:56pm

It’s not the score, but Comodo fails in less tests than the others. Protection is what counts, not the score itself.
Go Comodo, go… The free, the better.

DavidR · May 27, 2007, 11:28pm

Have a look at the tests that are supposedly failed, outpost fails one of the Tests and that is the self-made so called Fake Protection Revealer, it passes 100% of the other tests. With a hacked outpost file used during the tests it fails this so called FPR test.

When any test is run it should be run against a regular installation or it isn’t valid. This has been covered to death on the outpostfirewall.com forum, so I intend to waste no further time on it and suggest you check it out if you want.

system · May 28, 2007, 1:06pm

Maybe that is why Comodo is going to add HIPS, so it can win for real. ;D :

system · May 28, 2007, 1:09pm

Why wasn’t PC Tools Firewall Plus in that test? I’m glad it wasn’t with the test skewed.

YLAP · May 28, 2007, 2:43pm

Actually this test is a bit older, because tested ZA version was 7.0.302. Current is 7.0.337

Lisandro · May 28, 2007, 5:33pm

All the tests are old… you can’t do a ‘on-line’ test. When you test a firewall and an update come… here the test becomes old. We love to attach test makers ;D

system · May 28, 2007, 8:19pm

I used ZoneAlarm 7.0 and it is a dissaster. Let Z.A. beginning to sell the version bevore this one.
And i take The Comodo Firewall. And it is perfect Firewall. With one weak point.
If you have something to send up,then Close Comodo the internet connect.(not always) but then
you can nothing send up.
Thats the only thing that came over me. But otherwise there are no Better Firewall at the moment.

system · May 28, 2007, 9:23pm

Outpost is a good firewall and COMODO too, but COMODO is free
I use:
AVAST free
Spywareterminator
COMODO FW

SPybot and Adawre SE on demand and ewido microo on demand too.
I’m very clean

system · May 28, 2007, 11:35pm

Hello,

This problem seems rather strange ???
Did you try adding your firewall application to the allowed list ?
Did you use the "scan for known application? (if you did that might be why, that also happened to me)
I am running Comodo Firewall without problems

Al968

system · May 28, 2007, 11:46pm

i tried everything

Did you try adding your firewall application to the allowed list ?

but the kitchen sink and no luck-bob3160 had the similiar problem-both use pctools firewall plus with no problem at all-not bad mouthing the comodo firewall which has great reviews on websites and users-both cannot get it to work
feed the dog…
click the pic :

polonus · May 29, 2007, 6:03am

Hi drhayden1,

I have heard this through the grapevine, but it could well mean that the firewall settings are not accepted by your over-intrusive ISP. Latter guys nowadays try to fancy certain settings so they can watch your hands all the way all the time (Big Brother settings), and that attitude is conflicting with some stealth modes of connecting to them. They would not for instance like you to change your MAC address without them knowing the altered one. So COMODO is too “nose-wise” for you! Wait for WWW2 and you only see what they want you to see, that will be goodbye to the “Web of Old or As We Know It Now”.

polonus

Vladimyr · May 29, 2007, 6:27am

While we all wait expectantly for the release of the impressive and free Avast! Firewall…
Has anyone seen a recent objective comparison test of free firewalls that includes Comodo, Outpost, PC-Tools, R-Tools, as well as the regulars (ZA, Kerio, etc.) and not forgetting…Windows XP SP2 & Vista firewalls?

polonus · May 29, 2007, 11:51am

Halio Vladimyr,

If its rules are a bit like these:


000002	INET_IP="10.0.0.138"
000018	INET_IFACE="eth0"
00002B	INET_BROADCAST="255.255.255.255"
000051	LAN_IP="10.0.0.150"
000066	LAN_IP_RANGE="150.0.0.0/150"
000084	LAN_IFACE="eth1"
00009A	LO_IFACE="lo"
0000A9	LO_IP="127.0.0.1"
0000BE	IPTABLES="/usr/sbin/iptables"
0000DF	/sbin/depmod -a
0000F6	/sbin/modprobe ip_tables
000110	/sbin/modprobe ip_conntrack
00012D	/sbin/modprobe iptable_filter
00014C	/sbin/modprobe iptable_mangle
00016B	/sbin/modprobe iptable_nat
000187	/sbin/modprobe ipt_LOG
00019F	/sbin/modprobe ipt_limit
0001B9	/sbin/modprobe ipt_state
0001DB	echo "1" > /proc/sys/net/ipv4/ip_forward
00020D	$IPTABLES -P INPUT DROP
000226	$IPTABLES -P OUTPUT DROP
000240	$IPTABLES -P FORWARD DROP
00025F	$IPTABLES -N bad_tcp_packets
000281	$IPTABLES -N allowed
000297	$IPTABLES -N tcp_packets
0002B1	$IPTABLES -N udp_packets
0002CB	$IPTABLES -N icmp_packets
0002EA	$IPTABLES -A bad_tcp_packets -p tcp --tcp-flags SYN,ACK SYN,ACK \
00032D	-m state --state NEW -j REJECT --reject-with tcp-reset 
000366	$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG \
0003B1	--log-prefix "New not syn:"
0003CE	$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP
00041E	$IPTABLES -A allowed -p TCP --syn -j ACCEPT
00044B	$IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
000497	$IPTABLES -A allowed -p TCP -j DROP
0004C0	$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 21 -j allowed
0004FE	$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 22 -j allowed
00053C	$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 80 -j allowed
00057A	$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 113 -j allowed
0005BF	#$IPTABLES -A udp_packets -p UDP -s 0/0 --destination-port 53 -j ACCEPT
000608	#$IPTABLES -A udp_packets -p UDP -s 0/0 --destination-port 123 -j ACCEPT
000652	$IPTABLES -A udp_packets -p UDP -s 0/0 --destination-port 2074 -j ACCEPT
00069C	$IPTABLES -A udp_packets -p UDP -s 0/0 --destination-port 4000 -j ACCEPT
0006EC	$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
00072E	$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
000777	$IPTABLES -A INPUT -p tcp -j bad_tcp_packets
0007A9	$IPTABLES -A INPUT -p ALL -i $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT
0007ED	$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LO_IP -j ACCEPT
000829	$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP -j ACCEPT
000866	$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT
0008AA	$IPTABLES -A INPUT -p UDP -i $LAN_IFACE --dport 67 --sport 68 -j ACCEPT
0008F9	$IPTABLES -A INPUT -p ALL -d $INET_IP -m state --state ESTABLISHED,RELATED \
000952	$IPTABLES -A INPUT -p TCP -i $INET_IFACE -j tcp_packets
00098B	$IPTABLES -A INPUT -p UDP -i $INET_IFACE -j udp_packets
0009C4	$IPTABLES -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets
000A01	$IPTABLES -A FORWARD -p tcp -j bad_tcp_packets
000A35	$IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT
000A63	$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
000AAC	$IPTABLES -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG \
000AF5	--log-level DEBUG --log-prefix "IPT FORWARD packet died: "
000B37	$IPTABLES -A OUTPUT -p tcp -j bad_tcp_packets
000B6C	$IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
000B9C	$IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT
000BCD	$IPTABLES -A OUTPUT -p ALL -s $INET_IP -j ACCEPT
000C05	$IPTABLES -A OUTPUT -m limit --limit 3/minute --limit-burst 3 -j LOG \
000C4D	--log-level DEBUG --log-prefix "IPT OUTPUT packet died: "
000C8C	$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP
000CDD	. /etc/rc.status
000CF1	handle_error() {
000D0D	iptables -t filter -A INPUT -p icmp --icmp-type echo-request \
000D4D	-j LOG --log-prefix="filter INPUT:"
000D72	iptables -t filter -A INPUT -p icmp --icmp-type echo-reply \
000DB0	-j LOG --log-prefix="filter INPUT:"
000DD5	iptables -t filter -A OUTPUT -p icmp --icmp-type echo-request \
000E16	-j LOG --log-prefix="filter OUTPUT:"
000E3C	iptables -t filter -A OUTPUT -p icmp --icmp-type echo-reply \
000E7B	-j LOG --log-prefix="filter OUTPUT:"
000EA1	iptables -t filter -A FORWARD -p icmp --icmp-type echo-request \
000EE3	-j LOG --log-prefix="filter FORWARD:"
000F0A	iptables -t filter -A FORWARD -p icmp --icmp-type echo-reply \
000F4A	-j LOG --log-prefix="filter FORWARD:"
000F75	iptables -t nat -A PREROUTING -p icmp --icmp-type echo-request \
000FB7	-j LOG --log-prefix="nat PREROUTING:"
000FDE	iptables -t nat -A PREROUTING -p icmp --icmp-type echo-reply \
00101E	-j LOG --log-prefix="nat PREROUTING:"
001045	iptables -t nat -A POSTROUTING -p icmp --icmp-type echo-request \
001088	-j LOG --log-prefix="nat POSTROUTING:"
0010B0	iptables -t nat -A POSTROUTING -p icmp --icmp-type echo-reply \
0010F1	-j LOG --log-prefix="nat POSTROUTING:"
001119	iptables -t nat -A OUTPUT -p icmp --icmp-type echo-request \
001157	-j LOG --log-prefix="nat OUTPUT:"
00117A	iptables -t nat -A OUTPUT -p icmp --icmp-type echo-reply \
0011B6	-j LOG --log-prefix="nat OUTPUT:"
0011DD	iptables -t mangle -A PREROUTING -p icmp --icmp-type echo-request \
001222	-j LOG --log-prefix="mangle PREROUTING:"
00124C	iptables -t mangle -A PREROUTING -p icmp --icmp-type echo-reply \
00128F	-j LOG --log-prefix="mangle PREROUTING:"
0012B9	iptables -t mangle -I FORWARD 1 -p icmp --icmp-type echo-request \
0012FD	-j LOG --log-prefix="mangle FORWARD:"
001324	iptables -t mangle -I FORWARD 1 -p icmp --icmp-type echo-reply \
001366	-j LOG --log-prefix="mangle FORWARD:"
00138D	iptables -t mangle -I INPUT 1 -p icmp --icmp-type echo-request \
0013CF	-j LOG --log-prefix="mangle INPUT:"
0013F4	iptables -t mangle -I INPUT 1 -p icmp --icmp-type echo-reply \
001434	-j LOG --log-prefix="mangle INPUT:"
001459	iptables -t mangle -A OUTPUT -p icmp --icmp-type echo-request \
00149A	-j LOG --log-prefix="mangle OUTPUT:"

polonus · May 29, 2007, 11:53am

0014C0	iptables -t mangle -A OUTPUT -p icmp --icmp-type echo-reply \
0014FF	-j LOG --log-prefix="mangle OUTPUT:"
001525	iptables -t mangle -I POSTROUTING 1 -p icmp --icmp-type echo-request \
00156D	-j LOG --log-prefix="mangle POSTROUTING:"
001598	iptables -t mangle -I POSTROUTING 1 -p icmp --icmp-type echo-reply \
0015DE	-j LOG --log-prefix="mangle POSTROUTING:"
001612	create_individual_node() {
001630	if [ -e $1 ]; then
001644	  MAJOR_NUM=`ls -al $1 | awk '{print $5 $6}' | awk -F, '{print $1}'`
00168A	  MINOR_NUM=`ls -al $1 | awk '{print $5 $6}' | awk -F, '{print $2}'`
0016D6	  MAJOR_NUM=11234
0016E9	  MINOR_NUM=11234
001702	if [ ! -c $1 ] || [ ! $MAJOR_NUM -ne $2 ] || [ ! $MINOR_NUM -ne $3 ]; then
00174E	  if [ -e $1 ]; then
00176F	    if [ $? -ne 0 ]; then
00178A	      handle_error "Could not rm $1"
0017BE	  /bin/mknod $1 c $2 $3
0017D7	  if [ $? -ne 0 ]; then
0017F0	    handle_error "Could not /bin/mknod $1 c $2 $3"
001830	chmod 0600 $1
001846	make_nodes() {
001858	DEV_NUM=`cat /proc/devices | grep ipf | awk '{print $1}'`
001895	IPL='/dev/ipl'
0018B2	IPNAT='/dev/ipnat'
0018C6	IPNAT_NUM=1
0018D5	IPSTATE='/dev/ipstate'
0018ED	IPSTATE_NUM=2
0018FE	IPAUTH='/dev/ipauth'
001914	IPAUTH_NUM=3
001924	IPSYNC='/dev/ipsync'
00193A	IPSYNC_NUM=4
00194A	IPSCAN='/dev/ipscan'
001960	IPSCAN_NUM=5
001970	IPLOOKUP='/dev/iplookup'
00198A	IPLOOKUP_NUM=6
00199C	create_individual_node $IPL $DEV_NUM $IPL_NUM
0019CB	create_individual_node $IPNAT $DEV_NUM $IPNAT_NUM
0019FE	create_individual_node $IPSTATE $DEV_NUM $IPSTATE_NUM
001A35	create_individual_node $IPAUTH $DEV_NUM $IPAUTH_NUM
001A6A	create_individual_node $IPSYNC $DEV_NUM $IPSYNC_NUM
001A9F	create_individual_node $IPSCAN $DEV_NUM $IPSCAN_NUM
001AD4	create_individual_node $IPLOOKUP $DEV_NUM $IPLOOKUP_NUM
001B14	load_default_rulesets() {
001B31	IPF_CONF=/etc/ipf.conf
001B49	IPNAT_CONF=/etc/ipnat.conf
001B67	if [ -f $IPF_CONF ]; then
001B82	  /sbin/ipf -n -Fa -f $IPF_CONF
001BA3	  if [ $? -ne 0 ]; then
001BBC	    handle_error "Could not load ipfilter ruleset $IPF_CONF"
001C06	  handle_error "Could not find ipfilter ruleset $IPF_CONF"
001C48	if [ -f $IPNAT_CONF ]; then
001C65	  /sbin/ipnat -n -C -f $IPNAT_CONF > /dev/null 2&>1
001C9A	  if [ $? -ne 0 ]; then
001CB3	    handle_error "Could not load ipnat ruleset $IPNAT_CONF"
001CFC	  handle_error "Could not find ipnat ruleset $IPNAT_CONF"
001D42	ip_forwarding() {
001D57	FORWARD_KNOB="net.ipv4.conf.all.forwarding"
001D86	case "$1" in
001D9E	    /sbin/sysctl -w ${FORWARD_KNOB}=1 > /dev/null 2>&1
001DD6	    if [ $? -ne 0 ]; then
001DF1	      handle_error "Starting IP forwarding did not return zero"
001E4B	    /sbin/sysctl -w ${FORWARD_KNOB}=0 > /dev/null 2>&1
001E91	    handle_error "ip_forwarding somehow called without start/stop argument"
001EF3	ip_mon() {
001F01	IPMON_PID=/var/run/ipmon.pid
001F1F	IPMON=/usr/bin/ipmon
001F35	IPMON_ARGS="-s -D -P $IPMON_PID"
001F59	case "$1" in
001F71	    if [ -x $IPMON ]; then
001F8D	      startproc -p $IPMON_PID $IPMON $IPMON_ARGS 
001FC0	      if [ $? -ne 0 ]; then
001FDD	        handle_error "Starting $IPMON was not successful."
00202D	      handle_error "Could not find $IPMON."
002073	    if [ -f $IPMON_PID ]; then
002093	      killproc -p $IPMON_PID $IPMON -TERM $IPMON
0020C5	      if [ $? -ne 0 ]; then
0020E2	        handle_error "$IPMON did not die cleanly."
00212A	      handle_error "$IPMON_PID not found to kill ipmon"
002179	    handle_error "Somehow ip_mon was called without a start/stop argument."
0021E9	case "$1" in
0021F7	    start)
002203	        echo -n "Starting ipfilter"
002228	        /sbin/modprobe ipfilter > /dev/null 2>&1
00225A	        if [ $? -ne 0 ]; then
002279	          handle_error "Could not load ipfilter module"
0022B2	        fi
0022BE	        make_nodes
0022D2	        load_default_rulesets
0022F1	        ip_mon "start"
002309	        ip_forwarding "start"
002328	        rc_status -v
00233E	        ;;
002355	        echo -n "Stopping ipfilter"
00237A	        ip_forwarding "stop"
002398	        ip_mon "stop"
0023AF	        /sbin/modprobe -r ipfilter
0023D3	        rc_status -v
0023E9	        ;;
0023F5	    restart)
002403	        $0 stop
002414	        $0 start
002426	        rc_status
002439	        ;;
00244E	echo "Usage: $0 {start|stop|restart}"

It will surely be OK.

polonus

COMODO FW is good!

Announcements