From Scot’s Newsletter

Windows Software Firewalls Evaluation Rolls On

For about a year now I’ve been researching software firewalls for Windows. There are at least five previous installments in this series, and several early contenders have been dropped from my prospect list, which has been winnowed down to one or two products in beta. (For links to previous installments in this series, see the end of this article.)

I stopped short of naming Comodo Free Firewall 2.4 the Best Software Firewall of 2007 in the last issue of the newsletter because several SFNL readers reported issues they’re having with Comodo. I asked readers last time to send me their experiences with Comodo, and thank you, many of you did just that.

The results of that little exercise were interesting. Many people are having no issues with Comodo’s 2.4 firewall. That included me at my last writing on this subject. Since then, I have had some of the problems others describe on one of the now five Comodo installations I’ve been testing. Not the worst of the problems, mind you. But at least I’m no longer totally in the dark. And I’ve also worked with two or three SFNL readers to the point that I’m satisfied that their reconfiguration of the product isn’t causing the symptoms they’re having.

There are three different problems with Comodo 2.4 reported by sufficient numbers of readers (also posted elsewhere on the Internet) to make me think they are actual bugs:

1. Comodo forgets user inputs in user permission pop-up boxes. Comodo offers a “remember this” check box, but checking the box doesn’t appear to work.

2. Comodo throws off a blizzard of user-permission pop-ups — so many pop-ups that most users don’t even last 24 hours before uninstalling Comodo.

3. User’s system slows down dramatically after install.

The only problem I’ve seen personally is the first one, and only very recently. I was able to make the second problem occur by making a settings change to Comodo away from the default setting. If you’re seeing a blizzard of Comodo pop-ups, try making this change:

Click the Security button along the top of the Comodo program. Then click Advanced on the left. Then click Miscellaneous on the bottom. A dialog box will open. Set the Alert Frequency Level to Low. That’s the default setting.

A large percentage of the people who’ve written to me to complain about Comodo 2.4 will see significant improvement of the user experience with this step. About the first problem, though, the only suggestion I can make is to uninstall and reinstall the product.

At the end of July, I interviewed Comodo’s president and CEO, Melih Abdulhayoglu, and senior research scientist Egemen Tas. This is a pretty rare thing, but they readily admitted that some Comodo 2.4 users are experiencing the first two problems described above. Instead of trying to fix version 2.4, they said that version 3 (under development now and currently projected to be released in October) has been entirely rearchitected so that these problems won’t reoccur.

The strategy Comodo is employing for version 3 to block malware is different from any other product I’m aware of. Comodo 3 adds a host-intrusion prevention system (HIPS). If you’ve ever tried a HIPS, you probably know that on the desktop, such a system would probably add pop-ups and warnings. To make it easier to work with, Comodo is adding two features — whitelist and program profiling — that when combined should eliminate many pop-ups and warnings. Comodo 3 will be able to online updated with new information to support these features, and presumably users will be able to add their own intelligence about accepted program behaviors.

I’m not 100% convinced about this strategy, but I’ve decided to look at version 3 before I come to a decision. An early look at the first beta of Comodo 3 shows that the program has been heavily upgraded. But since the whitelist and profiling features haven’t been added yet, the product is all but unusable.

Meanwhile, Eset recently released Eset Smart Security Beta 2, which combines Nod32 with a new lightweight software firewall and an anti-spam tool. Beta 2 adds direct support for Outlook Express, in addition to Outlook. I have not had a chance to test Beta 2, but this suite — which did not do well in my leak testing of an earlier beta — is still a possible contender for me.

http://www.scotsnewsletter.com/93.htm#swfw

Thanks for posting Tech…quite fascinating and very impressive.

I’ve been thinking about checking into the Comodo Firewall…maybe I will add it to my test pc.

I’ll have to wait a bit and see how things go otherwise.

But NOD32 isn’t free, is it?

No, it isn’t. Scot does not fear to suggest sharewares… otherwise, I’d rather suggest freewares as much as I can.

For those interested in Comodo,
Here are a few other RECENT discussions.

http://forum.avast.com/index.php?topic=29259.0
http://forum.avast.com/index.php?topic=29792.0
http://forum.avast.com/index.php?topic=29997.0
http://forum.avast.com/index.php?topic=29905.0
http://forum.avast.com/index.php?topic=29825.0

Maybe we’ll turn this into Comodo II Forum ??? ;D ;D

Thanks Tech, WTG Comodo! I’ve been using CFP over a year and have had no problem. Still, I’m waiting for the Avast FW to see what it’s about. ;D

Who’s fw is NOD32 using? I know NOD32 recommends Outpost Pro, but it does very well in leak tests, so it can’t be the NOD32 fw.

I’ve been using PCTFW+ almost a year and have had no problem. Way to go PC Tools! Still, I’m waiting for the Avast FW.

yeap. i want avast to own FW

I think Im gonna stay with windows FW since all FWs have flaws issues

Windows FW is a firewall or M$ says it’s a FW? hahaha

Windows FW is just fine. One of few that can actually stealth your PC properly… Who cares about incredible leak protection if it’s showing “HEY I’M HERE!!!” to the outside world?

If you are using the XP Firewallgrate then it has zero outbound protection. Imagine having a fire-door that only protected from fire from one side of the door, tough if the fire starts on the wrong side.

Whilst the windows XP firewall is usually good at keeping your ports stealthed (hidden) it provides no outbound protection and you should consider a third party firewall.

Any malware that manages to get past your defences will have free reign to connect to the internet to either download more of the same, pass your personal data (sensitive or otherwise, user names, passwords, keylogger retrieved data, etc.) or open a backdoor to your computer, so outbound protection is essential. Or using RejZoR’s terminology, it doesn’t matter how well your stealthing is if the malware is inside already and connecting to the outside world. So there are points for and against.

If you are going to use the Vista firewall you know that outbound protection is disabled by default and by all accounts is complex to set-up your own rules.

Vista Firewall Control, check out this topic for some user friendly help for the Vista Firewall, Outbound protection, http://forum.avast.com/index.php?topic=30234.0

I can confirm I am using it on my laptop and so far there is really no need for anything else. Turbo light on system resources, easy to understand, no extra bells and whistles, but it does what it’s supposed to do. Highly recommended.

Same here. It’s easy to use and uses very little of your precious system resources.