Comodo 3 Basic Firewall no outbound leak protection

by certifiedbug on January 21, 2008

in Internet Security

Scot’s Newsletter Blog reports:

Do Not Rely on Comodo 3’s ‘Basic Firewall’

Because I have written in the recent past with an initially positive reaction to Comodo 3’s “Basic Firewall” installation option, I am honor-bound to post this quick message.

I have learned directly from Comodo executives that the Basic Firewall installation option of Comodo 3 does not offer any outbound leak protection whatsoever. They may add that protection in a future version of Comodo 3.x. The Basic Firewall option turns off Comodo 3’s Defense+ HIPS module, which provides the leak protection for Comodo 3.

The previous generation of the Comodo 2.4 provided anti-leak protection without the HIPS.

Not only does this mean that Comodo 3 Basic Firewall is no longer a contender in this blog’s firewall evaluation, but if you are relying on this version of Comodo for your firewall protection, Windows XP users should switch to Online Armor FREE version 2.1.0.31 (or newer) and Vista users should uninstall Comodo 3 and reinstall it, choosing the “Advanced” installation option.

Source: Corrine’s Security Garden and Windows Vista Compatible Firewalls

{ 5 comments… read them below or add one }

Computeruser since 1980 January 23, 2008 at 3:45 am

Being a long time computeruser I’ve tried a lot of products. Some fair – other being just a waste of time.
Firewalls always been my major concern when talking protection.
I love some Fw, hate other.

Recently I decided to leave my long time companion Norman, a company with rather good products but the worst support you can imagine. I’d used both firewall and AV from others to, but always found some major drawback. In some they were to simple, not allowing me to shape my own profile, even though they did offer a good basic protection.
Other were made for those that stay with a few simple programs, never trying to mix programs, connections, streaming media, Wifi, remote working and so on.
As I waited for a better product to appear on my “Googling” I noticed a post ’bout Comodo.

I am serious, not easy hooked, so I read all about their products, long before I even tried it.

Now I am hoocked. I even wrote a “loveletter” to the company telling how amazed I was. Not just by the products, or that is was free, but also for the tone, and the efforts they took to support all kinds of stupid questions in their forums.

As a long time firewalluser I noticed one thing. The firewall was easy to me, almost selfexplained, but I was so sure beginners wouldn’t understand how it worked that I included a comment in my email to Comodo.
I got the feeling that a lot of people didn’t understand that the intuition was something you turned on or of, that levels of security could be set as low or “paranoid”, that some people might block to much and others might leave the frontdoor AND the backdoor wide open.
People talked ’bout to much popups, as if the firewall was supposed to read minds.
I was so amazed that I removed all other protections, used just comode freeware firewall and AV and then run tests.
They all came out as “stealth”, blocking all but my own selections, leaving my computer running better than ever.
Of cource I always use the “not default” setting, always making my own settings.

Here Comodo showed it’s power.
Running for 2 weeks in training mode I got tons of popups at first, then just a few eash day.
D+ and firewall keep me alert that something acts strange and I can allow or block it.
Now abouth 5-6 weeks later I can tell it’s the best freeware product I ever came to use.

Remember I’m no kid using computers. I have max 1-2 issues a year, that makes me troubled, regarding security.
Then it is always my own stupidity, installing som free player opening to many ports, or the opposite, I just blocked a port that I needed open.

Comodo firewall is not a firewall for the beginner, but when you know what you are supposed to do helping it to work, it works like those you normally pay a lot for.

I normally like your writings, but regarding Comodo I think it was an overkill.

Even the most simple firewall can block everything, in and out.
Comodo can do that and still let you make secure routes in and out. Doing this it even looks at what is going on and let you decide if a process is friendly or not.
I think you need to use it, in advanced mode, read the manuals and the forumposts, get som rather advanced knowledge about all rules, zones, settings, Hips and the superb support Comodo offers, all for free- before you rate the products.
Do you think I got a personal mail from the CEO from my long time companion, when I asked about a TDI.sys issue that keept putting my computer in a stoperror???
Did they even bother? No the asked me to pay 2$ a minute for telling them they had a problem, that Microsoft was telling about already 2 years before.

On a 10 stars rating I’d give it a 9.
Why not a 10, then?
Well, we must keep them alert, making some way to help you see how good it actually is.
As I said, it’s hard to notice the potentialls if youre a beginner.

I have hopes for you noticing, that in your figth for the users, you sometimes come on to hard.

Thats ok. We’re all just humans. We all makes misstakes.
To keep my respect, you need to be more professional.

Do you even notice you hurt the folks at Comodo by a warning, and some strange advices?
Coming from you a respected person, it’s not like some chatroom kid’s advice. You have an influence on peoples choices.
Your misstake is not speaking your opinion, it’s you not being precise, mabye not understanding the product as I see it.
It’s like telling people to avoid a carmake, since it can be easy stolen.
Then the company tells you, you have to look the doors and remove keys.
Then you keep saying, yes, but if you leave the keys, then…………….
I remember a word from the past,…RTFM…..

It can be a good advice even for your posts.

Sorry ’bout my english, it’s not my first laguage.
And NO I’m just a average user, not an employe, friend of familymember of anyone at Comodo.
I just respect that company’s policy and products.
/Old timer

Reply

certifiedbug January 23, 2008 at 2:11 pm

It’s great to hear someone’s personal experience, thank you.

I wasn’t critiquing, but quoting the post at Scot’s Newsletter Blog. I have not tested myself.

However if a firewall does not offer any outbound leak protection it is a security risk, doesn’t matter which company is offering it or how much I respect them.

Many companies have made improvements to their product when a flaw was brought to light.

In fact Windows XP does not offer outbound firewall protection and MS was hauled on the mat for it.

The improvement; correctly configured, Windows Vista Firewall provides inbound and outbound protection.

If people noticed a potential security flaw and kept quiet, it would be a disservice to the users.

Comodo excels in communicating with its members, let’s see how this all pans out.

Cheers.

Edit to clarify.

Reply

Corrine January 23, 2008 at 5:06 pm

Hi, Computer User since 1980! It really means a lot when someone takes the time to provide an honest opinion. I like that.

You may want to read the follow-up post by Scot Finnie, a man who has been “in the industry” for many years and is the Editor-in-Chief at “Computer World”. In particular, note No. 12 in the data provided to Scot by Comodo and Scot’s further explanation.

Generally comment fields will not allow for a long URL to be posted so you may want to start at http://blog.scotsnewsletter.com and look for the
article entitled “Comodo’s CEO Attacks Scot’s Newsletter Product Decision”, published January 22nd, 2008.

Regards,

Corrine

(P.S. Corrine waves at Tashi.)

Reply

Japo January 23, 2008 at 10:45 pm

Certified,

I think there’s a small misunderstanding here: you say, “However if a firewall does not offer any outbound leak protection it is a security risk”. CFP3 only loses its leak protection if set at the “basic” mode, just like other firewalls by other companies may leak if you configure them below their maximum protection. (CFP3 in basic mode may become leakproof if combined with a good enough third-party HIPS program –other than the built-in Defense+, if you so prefer.)

So in short, CFP3 with Defense+ activated as default does offer leak protection. Also, CFP3′s “basic” and “advanced” (D+ activated) mode are not different products, just configuration options.

Reply

certifiedbug January 23, 2008 at 11:08 pm

Hi Japo.

Yes I should have placed emphasis upon ‘if’.

Thank you for clarifying!

Reply

Leave a Comment

Previous post:

Next post: