COMODO Free Firewall

[Thor.]

Hey speaking of comodo, does anyone know of a firewall that doesn't popup every time you want to install something or go online. Comodo was really bad for that sort of thing.

[tyreil829]

you sure about that thor? it never had done so with me unless it was a scan or update

[LHammonds]

Hey speaking of comodo does anyone know of a firewall that doesn't popup every time you want to install something or go online. Comodo was really bad for that sort of thing.

I'd also wonder why it would continually popup if it was configured initially. When I setup a new system, I make sure the system is free from virus/trojans/whatnot and the set Defense+ and the Firewall in Training mode and go through all the programs and games that I use and let them initiate their updates...example: Start SpywareBlaster and do a manual update to get the latest files.

 

Once all the applications that I use that touch the Internet have been opened and checked for updates, I then switch the system from training mode to safe mode. I then examine everything that it found to make sure applications are accessing the net that I want to have access. I typically do not allow Java or Adobe to connect and place them in a blocked profile so they never can access the Internet for updates. I also create a special profile for MS IE so that it always asks for permission to connect to the Internet since I never want a trojan to use MSIE to send private info to a host server somewhere. You'd freak out if you knew how easy it was to create a simple VBScript program that could grab info on your PC and create an invisible instance of IE and connect to an external site and close IE without you ever knowing it. ;)

 

Once the system is set, the only popups I get are new and unidentified programs that try to access the LAN or programs that were updated (thus changing their hash values...kinda like what a virus might do). So if you are looking for a firewall that will not block programs when their base files are altered, you do not have a protected system. Imagine letting IE (or Firefox) have free reign to access the LAN/Internet anytime they want no matter the program version or filesize. A virus/trojan could alter or replace the iexplore.exe or firefox.exe and have complete freedom on your system. I for one would want to be notified of attempted LAN/Internet access if a prior trusted application had been altered. If it is due to a new version/update, not a problem. If it is unexpected, then I'd be happy that I blocked a clever zero-day attack that virus detectors do not know about yet.

 

LHammonds

[Thor.]

It was a clean install, thats why i found it really anoying when trying to get everything installed again, note to self, installl comodo last.

[Birrii]

Not to ruin everyone's joy of that firewall, but now that it is free, I do kind of suspect that it's pretty bad. Why would it be free?

 

Just my suspicions, so don't take it as anything offensive or destructive!

[Thor.]

No its not a bad firewall at all, infact its better then most out there, and the fact its free. It also comes with an antivirus to, witch is pretty good as well.

[LHammonds]

Not to ruin everyone's joy of that firewall, but now that it is free, I do kind of suspect that it's pretty bad. Why would it be free?

 

Just my suspicions, so don't take it as anything offensive or destructive!

As a long-time free software consumer, I have that initial gut feeling about everything. But you need to dig a bit deeper as to why it is free as well as see how it compares to similar products (payfor or not). It actually has NO competitors in the free market. Comodo can embarrass even the big boys when it comes to protection.

 

Why Comodo Products are FREE

 

Comparison Results @ Matousec - Comodo Internet Security suite ranked #3 out of all products and is the #1 FREE product.

 

Best of Free Firewalls @ TechSupportAlert.com

[TheTerminator2004]

Not to ruin everyone's joy of that firewall, but now that it is free, I do kind of suspect that it's pretty bad. Why would it be free?

 

Just my suspicions, so don't take it as anything offensive or destructive!

As a long-time free software consumer, I have that initial gut feeling about everything. But you need to dig a bit deeper as to why it is free as well as see how it compares to similar products (payfor or not). It actually has NO competitors in the free market. Comodo can embarrass even the big boys when it comes to protection.

 

Why Comodo Products are FREE

 

Comparison Results @ Matousec - Comodo Internet Security suite ranked #3 out of all products and is the #1 FREE product.

 

Best of Free Firewalls @ TechSupportAlert.com

 

Mm, I still think Zonealarm works better. And thats free too.

[LHammonds]

I still think Zonealarm works better.

Works better? That's kind of like a statistic. Just about anything can be placed in a good light if looking at the right angle (and ignoring all others).

 

A big part of it is knowing what works for your environment (which ZoneAlarm might be best for you but not for me)

 

If you have a very good hardware firewall and only one PC on your network, you simply do not need a software firewall that blocks incoming traffic or at least it will not be a major factor in picking which software firewalls block outgoing traffic.

 

But even the "best" overall protected system design is worthless if the user of the system is not educated on safe practices. For example, it is a well-known fact that Internet Explorer is a highly (and successfully) attacked web browser that also facilitates malware that is already on your system. Allowing Internet Explorer to have 100% access through your firewall defeats the purpose of having the firewall. The safer practice would be to configure a firewall rule that asks you for permission before allowing iexplore.exe to access the Internet...either every time or allow it to have a grace period of free access after you have given the OK before it gets locked down again.

 

Opening attachments in our email from people you do not know is a bad idea. Opening attachments from people you DO KNOW but were not expecting such attachments is also a NO-NO until you verify with the person that they meant to send you an attachment. Some viruses, trojans and worms spread by infecting a PC and using the persons contact list to send out infected emails to known friends!!!

 

Some places are so infected that you are at HIGH risk just visiting the sites unless you use a safe browser that is locked down very tight. Example: FaceBook or MySpace are high-risk sites that are constantly targeted with highly effective zero-day viruses that can slip by anti-virus systems. For that reason, I block those kinds of sites (too many PCs under my care have been destroyed in this way). If a customer just "had" to have access to a high-risk site, I would have them access it from a PC that is not connected or trusted to other PCs on their network (or something like an iPhone) and use a program called Sandboxie that makes sure nothing that happens during the time browsing will be permanent.

 

No matter what you go with, make sure you are educated about the possible threats as well as the strengths and weaknesses of the software you employ to protect your system. The only "secure" system is one that is completely enclosed (not connected). The biggest risk to any system is the nut behind the wheel. :thumbsup:

 

LHammonds

[TheTerminator2004]

A big part of it is knowing what works for your environment (which ZoneAlarm might be best for you but not for me)

 

But even the "best" overall protected system design is worthless if the user of the system is not educated on safe practices.

 

Very good point there. Back when I still used Comodo, I didn't pay a huge amount of attention to security, whereas now (while I do use Zonealarm), I keep things locked down a lot tighter, plus I use things like Peerguardian to add extra layers of security on top.

 

Then again, back while I used Comodo, I had a NAT router between my PC and the net, whereas now its DMZed straight to my pc. It really does depend on each persons individual situation though, yes.

 

Actually, one major irritation I've found with Zonealarm recently is that the free version doesnt let you unblock specific ports, only specific applications, which has caused me problems, although it probably wouldn't affect most users.