Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is the Firewall COMODO Almost Worthy of the Commode?


  • Please log in to reply
11 replies to this topic

#1 Upbloat

Upbloat

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 10 July 2015 - 01:31 PM

.
I don't know how happy clams are, but I'm sure I was as happy as a clam while "Windows Defender" was silently protecting me with my previous Vista computer. I can't say how effective Windows Defender was, but psychologically I thought it was making me safe, while never bothering me.
 
Enter my first Bleeping Computer problem, and not one but two of the marvelous helpers we have around here recommended COMODO. When it was time for me to get a new computer, I looked around, and sure enough: everyone was raving about COMODO.
 
We may safely assume COMMODO is good in what it does.
 
With the current problem I have, my new helper at Bleeping Computer is theoriznig COMODO"s "Chromodo" browser could have well been the culprit. If true, that soils COMODO a little bit; even though we shouldn't judge COMODO by the possible failures of a family relative.
 
Here's the thing; COMODO is getting in the way of my happy computer experience. Frequently I get messages like this:
XXX.exe is a safe executable. However, the parent application XXX.bat could not be recognized. Once the application is executed, its parent will have full control over its execution. If XXX.bat is one of your everyday applications, you can safely allow the request.
 
This kind of message may be eaten for breakfast by many of our knowledgeable experts, but for the usual computer lunkheads (like me), what's the step to take?
 
When the messges first started appearing, I would take the time to research the file. (A process that could sometimes be even more exacerbating, with the need to copy the very long strings of numbers and letters that constitute the name of a file, such as -- and this is arbitrary -- 03928HJ5757202--WW3629676697342.bat)
 
The results are often indefinite, telling us that it's up to the user to determine whether there is malware involved.
 
Then what? You're in a hurry to get on with your business, so maybe... maybe it won't hurt if I "temporarily" allow this one to go through. (I'm never comfortabkle with checking that box at the bottom of the warning message, making the permission permanent.)
 
Sometimes I click "Allow" and the messge keeps coming back! Then I look into that last option (forgot what it's called, the one below, I guess, "Deny"), which allows one to treat the file as a Windows Application, or an Isolated Application, or whatnot.) I then just close my eyes and choose the latter "Isolated" one.
 
If one can't be sure what one is dealing with, clicking "Deny" could open up another can of worms. (I don't think I've ever clicked "Deny.") What if you click Deny, and the program you want to use can no longer be used? Good luck trying to undo that mess.
 
Well, these interruptions are all becoming a big pain in the farce. I looked around for a User's Guide for Dummies, and I couldn't find one. (I did read what the COMODO site has to offer, but I didn't see much help as far as the decision making process, as far as criteria to use for allowances.)
 
I guess there must be other lost souls as myself, because I just tried downloading what seemed to be the kind of users' manual I'm looking for, and then I got a warning from AVAST that it contained a virus.
 
Are there ways to pleasantly co-exist with this darned COMODO? Or does it become wiser to choose a firewall program that quietly works in the background (if you agree, any suggestions?), even if the alternative program is not as snazzy? (After all, let's face it; if COMODO is a great program, wouldn't the in-the-dark user be undercutting COMODO's advantages by making the wrong decisions?)
 
Thank you.
 
 
.

Edit: Moved topic from All Other Applications to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:35 PM

Posted 10 July 2015 - 02:08 PM

Hello,

What you are seeing is very common with Comodo Firewall as it includes HIPS (Host Intrusion Prevention System) that monitors the system for suspicious activities and report them. In the right hands it is very powerful security, but for non-savvy users it is troublesome and not worth it to use.

Which OS are you using? If you are using 7 or 8.1 then the Windows Firewall is enough for everyday use.

#3 JerkyMcDilerino

JerkyMcDilerino

  • Banned
  • 241 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 10 July 2015 - 03:53 PM

quietman said that advanced users use Comodo firewall. 



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 AM

Posted 10 July 2015 - 04:21 PM

quietman said that advanced users use Comodo firewall.


Not really. I think that quietman says that COMODO Firewall is mostly used by advanced users since the way it works will confuse the casual user. I'm an advanced user (and so are many other users here) and I don't think any of them uses COMODO Firewall.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Upbloat

Upbloat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 10 July 2015 - 05:02 PM

.

Thank you for your responses; I deeply appreciate it.

 

As noble Bleepin' Dark Ranger Alexstrasza mostly addressed the raised issue, I will direct my following comments to her. (I have no idea who the mentioned "Quietman" is. I am just a pitiful soul.)

 

Hello, Alexstrasza; the irony is, one of your colleagues who had recommended COMODO to me added that it is too complicated for the average user, but the free version -- if I recall correctly -- should be doable for the average lunkhead. (Which would make me more lunkheaded than the average, causing my battered ego to take quite the nosedive.)

 

A question I had asked at the time was, if I should install COMODO, would it conflict with Windows' built-in firewall? The response I received was that COMODO would automatically annul the Windows firewall.

 

I just checked "Windows Firewall" (I have Win 7 as my OS), and both "Home or work (private) networks" and "Public networks" are green checkmarked, indicating they are on (although the former confusingly states "Not connected"; guess that means I have no private network, which happens to be the case). Traveling to a link provided by your link that reviews Comodo, we are told the 2013 "pro" version of the program does not disable Windows Firewall. So it looks like I've been living with both, proving once again ignorance is indeed bliss.

 

I take it then that should I uninstall COMODO, I will keep getting protected by Windows Firewall, and will not need to do anything extra.

 

I am getting the idea from the page you linked to and the page linked from it that COMODO is not all it's cracked up to be. (One complaint: "Too many false positives.") Yet first impressions stick, and my two Bleeping Computer helpers did make it seem like COMODO was simply the dandiest. I guess there's no easy way around the problems I outlined, rendering the program to be more trouble than it is worth.

 

One of the commenters from your linked page (named "Tata") remarked, "Have you tried Windows Firewall Control from binisoft.org ? This makes Windows Firewall to be even more easier to configure and also have outbound notifications." I have no idea what this is, but if you have awareness, do you think it would be worth investigating?

 

If you have other firewall pearls of wisdom, I would feel even more embarrassingly grateful.

 

.



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 AM

Posted 10 July 2015 - 05:08 PM

Hello, Alexstrasza; the irony is, one of your colleagues who had recommended COMODO to me added that it is too complicated for the average user, but the free version -- if I recall correctly -- should be doable for the average lunkhead. (Which would make me more lunkheaded than the average, causing my battered ego to take quite the nosedive.)


COMODO Firewall is free, there's no paid version of it from what I know.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Upbloat

Upbloat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 10 July 2015 - 06:22 PM

.

Hi Aura; your remark coaxed me to dig up what my helpers had to say. You could be correct about COMODO having no paid verson. I was influenced by what Helper #1 had written:

 

"What you may want to consider is installing a 3rd part Firewall, Comodo has a good one, just do the free edition."

He then went on to suggest checking my system security at this site; after installing COMODO, he opined I would see a difference. I now took the test and received the message, "THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES! (That's good news!)"

 

What Helper #2 had told me:

 

In my opinion the best way to prevent an unknown malware from gaining access is to use some HIPS programs (like COMODO Firewall, OnlineArmor, PrivateFirewall, Outpost Security Suite Pro etc.) to control the access rights of legitimate applications, although this would only be advisable for experienced users. (so if you don't feel comfortable using such software then you can skip this advice).
 However, you should be aware though that (if you install Comodo Firewall and not the whole package Comodo Internet Security) this is not an replacement for a standard antivirus application. It's a great tool to add another layer of protection to your existent antivirus application (avast). Also note that if you have an antivirus installed then you should install Comodo Firewall (and not Comodo Internet Security to avoid conflicts).
It takes some time and knowledge to configure it for individual purposes but once done, you should not have a problems with it.
There are so many reviews on YouTube and blogs about all these programs.
More information about HIPS can be found here: What is Host Intrusion Prevention System (HIPS) and how does it work?

 

This raises the significant point that Windows Firewalll apparently lacks this HIPS feature, and how bad a liability is that?

 

Any opinions on whether the other mentioned "HIPS" alternatives (OnlineArmor, PrivateFirewall, Outpost Security Suite Pro etc.) may be easier to live with?

 

By the way, I spent some (obviously not enough) time configuring COMODO, yet I am continuing to have the problems I outlined. When the notifications appear, I keep saying, What do I do now?

 

.



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:35 AM

Posted 10 July 2015 - 09:40 PM

Is it possible for you to link me the thread where you were given such recommendations?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:35 PM

Posted 11 July 2015 - 02:39 AM

Hello Upbloat, I see that you have been talking to my good friend Aura. :)

The mentioned quietman is Global Moderator quietman7. He might come by with additional advice soon.

@Aura: See this post for the previous recommendation.

I will address your issues one by one to avoid confusion. :)

Hello, Alexstrasza; the irony is, one of your colleagues who had recommended COMODO to me added that it is too complicated for the average user, but the free version -- if I recall correctly -- should be doable for the average lunkhead. (Which would make me more lunkheaded than the average, causing my battered ego to take quite the nosedive.)

No need to be shamed since everybody is different :) What works for one person may not work for another.

Comodo Firewall (the firewall only) is strictly freeware - if you upgrade it to paid it will turn into Comodo Internet Security which is the full AV suite. So there is no "paid Comodo Firewall".

I am getting the idea from the page you linked to and the page linked from it that COMODO is not all it's cracked up to be. (One complaint: "Too many false positives.") Yet first impressions stick, and my two Bleeping Computer helpers did make it seem like COMODO was simply the dandiest. I guess there's no easy way around the problems I outlined, rendering the program to be more trouble than it is worth.

As I stated above, you need a certain amount of security knowledge to use HIPS correctly. Since it throws a lot of warnings for all kinds of actions - benign and malicious alike - I consider HIPS firewalls more suitable for control freaks. :P

One of the commenters from your linked page (named "Tata") remarked, "Have you tried Windows Firewall Control from binisoft.org ? This makes Windows Firewall to be even more easier to configure and also have outbound notifications." I have no idea what this is, but if you have awareness, do you think it would be worth investigating?

The commenter is referring to Binisoft's Windows Firewall Control, which adds functionalities to the Windows Firewall to make it more useable. A similar software is TinyWall.

In my opinion using these with the Windows Firewall from Vista+ is enough, since Microsoft put a lot of effort into improving the WF for home users.

He then went on to suggest checking my system security at this site; after installing COMODO, he opined I would see a difference.

That site is for testing your hardware equipment (in this case, your router) and not your software firewall.

This raises the significant point that Windows Firewall apparently lacks this HIPS feature, and how bad a liability is that?

Because with safe surfing, you don't need HIPS. In fact HIPS is more of a reliability if the person does not know how to use it and just let everything through - which negates potential benefits that one might gain from the HIPS firewall.

Any opinions on whether the other mentioned "HIPS" alternatives (OnlineArmor, PrivateFirewall, Outpost Security Suite Pro etc.) may be easier to live with?

By the way, I spent some (obviously not enough) time configuring COMODO, yet I am continuing to have the problems I outlined. When the notifications appear, I keep saying, What do I do now?

The technology by itself is a tradeoff of convenience for security - and even then that security is not foolproof. So my recommendation to you is to ditch HIPS firewalls and use the Windows Firewall instead. You can use Windows Firewall Control or TinyWall to enhance it, if you want.

Just a side note, Emsisoft Online Armor is on its deathbed and will be gone soon.

If you have any additional questions, I will be happy to answer. :)

Regards,
Alex

#10 Upbloat

Upbloat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 11 July 2015 - 12:38 PM

.

Hello, Aura; I see Alexstrasza has (amazingly) dug up the source that you have asked for. Regarding the source for Helper #2, I made use of his gracious and valuable mind molecules via PM'ing.

 

Dear Alex, here I was living in this fool's paradise where I always have believed no one could possibly best Park Ranger Smith (the one from Jellystone Park, keeping Yogi and Boo-Boo in line), and yet here you have emerged, as the heretofore unknown Dark Ranger. Frankly, I now think you put Ranger Smith to shame.

 

Superbly knowledgeable, a sparkling personality, and ... so extremely important ... just so terribly thorough. You have not allowed for a relevant question or even point to slip past you, and such attention to detail is absolutely impressive. Any stumblebum who ventures upon these Bleeping parts and lands you... well, no need for such a soul to eat Lucky Charms cereal that day, is there?

 

I humbly thank you  for sharing such precious brain bits. I suppose you have taken care of everything, but if you or any others are of the mind, I've now got lesser curiosities.

 

Say I masochistically may consider maintaining the HIPS feature, given that it's installed anyway. (Even though such a decision may be self-defeating, because, as you astutely put it, "...If the person does not know how to use it and just let everything through - which negates potential benefits..." My point as well, only I could not articulate it as beautifully.) I have noticed the COMODO right-click control thingie by the clock allows for:

 

Firewall

Auto-Sandbox

HIPS

Viruscope

 

(I believe COMODO had also offered "Geekbuddy," but I uninstalled that.)

 

Would disabling the firewall in order to avoid conflicts with Windows Firewall constitute a worthwhile thing to do?

 

A mini-curiosity that now emerges is whether "Viruscope" may conflict with one's anti-virus program (in my case, AVAST).

 

Another stupid curiosity I have is that COMODO encourages users to contact them (by phone, too) to configure the program. Since the program is free, this struck me as unusual... unless they are figuring such would be a sales pitch opportunity for their full bag of tricks.

 

Lastly:

 

No matter how experienced or brilliantly in-the-know a computer whiz may be, the fact is the number of files out there is too numerous for all of them to be known. What does such a smarty-pants do, in contrast to the usual idiots, when the COMODO notification announces, Beware of 85247-907-39045083407-51Q74717-H.bat? Wouldn't the experienced user need to do the same thing I've been trying to do, look the file up on the Internet to try and get a bead on it? Guess if this kind of distraction happens occasionally, it can be lived with... but if there is a bombardment of such notifications, would not the smarty be frustrated as well?

 

 

.


Edited by Upbloat, 11 July 2015 - 12:57 PM.


#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:35 PM

Posted 11 July 2015 - 03:12 PM

The true Dark Ranger charms you into being her minion, or raises you from the afterlife to work for her... Fortunately for you, I do neither. :lol:
 

I believe COMODO had also offered "Geekbuddy," but I uninstalled that.

Comodo GeekBuddy is just a software that connects you to Comodo tech support. It doesn't serve any useful security function beyond that.
 

Would disabling the firewall in order to avoid conflicts with Windows Firewall constitute a worthwhile thing to do?

Windows Firewall should be automatically disabled. You can check it in the Action Center, as the Firewall section displays Comodo Firewall's status instead of the Windows Firewall.
 

A mini-curiosity that now emerges is whether "Viruscope" may conflict with one's anti-virus program (in my case, AVAST).

Despite the name, it has nothing to do with antivirus software... See here for an explanation of how Viruscope works.

You can keep that link should you need information later, as Comodo Firewall is basically Comodo Internet Security without the antivirus module.
 

Another stupid curiosity I have is that COMODO encourages users to contact them (by phone, too) to configure the program. Since the program is free, this struck me as unusual... unless they are figuring such would be a sales pitch opportunity for their full bag of tricks.

My guess is probably because a lot of people have trouble with Comodo software, so they have to add "advice on tweaking settings" into their list of support items.

The antivirus solution that I use (Emsisoft Internet Security) is ready to use and offers optimal protection right out of the box, so the support team does not need to offer advice on how to tweak their products.
 

No matter how experienced or brilliantly in-the-know a computer whiz may be, the fact is the number of files out there is too numerous for all of them to be known. What does such a smarty-pants do, in contrast to the usual idiots, when the COMODO notification announces, Beware of 85247-907-39045083407-51Q74717-H.bat? Wouldn't the experienced user need to do the same thing I've been trying to do, look the file up on the Internet to try and get a bead on it? Guess if this kind of distraction happens occasionally, it can be lived with... but if there is a bombardment of such notifications, would not the smarty be frustrated as well?

I do not speak for other users, but if I used Comodo Firewall then I would have to know nearly exactly what is going on in the system, know which file is related to what process, etc. So I could click "Allow" and "Deny" respectively, or "Sandbox" if it is suspicious but not enough evidence to conclude that it is malicious. That kind of obsession make me cringe, to be honest.

To conclude... no need to beat yourself up over losing a firewall. It is best that you use what is comfortable for you while maintaining adequate security, so as to keep yourself clean and also help other people by not sending malware to them.

You might want to read these:

Best Practices for Safe Computing - Prevention of Malware Infection
How Malware Spreads - How did I get infected
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)

Regards,
Alex

#12 Upbloat

Upbloat
  • Topic Starter

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 11 July 2015 - 10:36 PM

.

Dear Alex:

 

My humble appreciation; thank you so very much.

 

.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users