CF with CS - Good Enough Alone?

Do you use Comodo Firewall alone or with Something Else?


  • Total voters
    44
  • Poll closed .
Status
Not open for further replies.

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
On this site, I have read many posting touting the virtue of CF with CruelSister's setting. Many infer that it provides enough protection against virus and malware, and one does not need anything else, especially if one wants the lightest, and most effective configuration.

Now, what I want to know is if I download and install the latest version of CF, and configure it using CS, will that be sufficient protection against virus and malware?

In other words, is CF with CS good enough to be used alone without an anti-virus and/or anti-malware?
 
D

Deleted member 65228

Yes but you still need to know what you're doing.

If you use the components properly then you will be safe however do not assume it's full-proof, you still need to be non-click happy and careful. Regardless of using a sandbox and firewall component, only browse to trusted websites and do not aimlessly download and run new software prior to actually determining if its useful, will be beneficial to you, comes from a reputable vendor and is being downloaded from a reputable source. You also need to be careful about what you white-list, because white-listed content can still become compromised (e.g. in the event of exploitation).

Add on an ad-blocker like Adguard or uBlock, a good web-filter/DNS won't harm you either and will be beneficial. There are many more attack vectors than malicious desktop-based software, like web-based attacks for phishing, unwanted crypto-currency mining, etc. also exist. An ad-blocker won't just help improve website loading speeds and reduce tracking, it'll also fight against malvertising.

Since your OS version is Windows 10 according to your profile, you have access to User Account Control and SmartScreen as well. Use them. There is also Windows Defender Exploit Guard (WDEG) which can be applied to enforce policies such as ASLR/DEP for software which does not already enforce it, but be careful if you go down this route as it can cause issues depending on how the software was developed. Features like ASLR and DEP will help make exploitation more difficult. Microsoft Edge, Google Chrome (for example) make use of a wide range of policies to help strengthen things.

The goal is to not put yourself in a situation where the sandbox component needs to be effective, but to avoid coming face-to-face with threats in the first place and have guards in place to help mitigate their presence getting onto the host environment in the first place - the sandbox and firewall component are only there as a last resort in the event of an attacker gaining code execution on your host, most of the time by the users own interaction (e.g. visiting an non-trusted website which happens to be malicious and deploys an exploit kit, or downloading and running malicious content).

Always have a good system image backup which is clean and secured safely to use in the case of an incident.
 
Last edited by a moderator:

Nightwalker

Level 24
Verified
Honorary Member
Top Poster
Content Creator
Well-known
May 26, 2014
1,339
On this site, I have read many posting touting the virtue of CF with CruelSister's setting. Many infer that it provides enough protection against virus and malware, and one does not need anything else, especially if one wants the lightest, and most effective configuration.

Now, what I want to know is if I download and install the latest version of CF, and configure it using CS, will that be sufficient protection against virus and malware?

In other words, is CF with CS good enough to be used alone without an anti-virus and/or anti-malware?

In my opinion Cruel Comodo is almost the perfect solution, very light, non intrusive and yet powerful.

Against virus and malware it is sure enough, but you may add some extensions to protect against malicious Ads, cryptojackers and phishing. (AdGuard or uBlock Origin + Netcraft + Bitdefender TrafficLight).

You can use Comodo alone, but if it doesnt hurt performance in your machine you can add something like Kaspersky Free, Avast! or Windows Defender.

Comodo does a cloud verification when you run new files and while it isnt very strong alone it does add a "traditional" signature detection that complements the isolation protection very well.

Edit: @Opcode was faster than me haha, I am in total agreement with his post.
 
Last edited:

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,463
If there is wisdom and you are familiar with CF, you can use it alone, but since I am very suspicious of myself, I rely on other AVs too. However, depending on the way of thinking, it seems that it may be that you really need knowledge to make other AV and CF coexist well.
 

woodrowbone

Level 10
Verified
Dec 24, 2011
480
As our beloved sister once said, your antivirus of choice does not really matter, it is just a matter of how long you want to wait until it removes the trash from the sandbox.
Do not forget that CFW removes the crap in due time, when their (often very late) signatures gets done.
If you have their cloud lookup enabled that is.

CFW with her settings is the best thing since sliced bread. :)

/W
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
although CF alone is enough, I prefer to use it with a light AV to reduce CF workload, you would get less amount of popups because malwares are blocked before being sandboxed

I recommend installing a free AV which allows us to disable on-access scanning. Disabling it will largely decreases resource usage. Disabling on-access scanning = enabling on-execution scanning
a few good examples: kaspersky free, avast/AVG free, zemana (free if you get a key, on-access scanning is off by default)
not recommended (can't disable on-access scanning): BD free, windows defender
there might be more but I don't know if they can disable it or not
 
Last edited:

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
Well, I have a PC with Comodo Firewall W7 with the configuration of Cs and Emsisoft. And another super obsolete PC with XP also with Comodo Firewall + OSArrmor. But in the past I used Comodo Firewall alone and I never got infected. For more laps I give, I always see that Comodo is the best for me. without underestimating any other Av.:)
 
D

Deleted member 178

Comodo is good enough alone (based on that you ignore important bugs)

My Comodo config is tightest, but i'm the only one that can stand it LOL :ROFLMAO:

To me, using Comodo is about using its HIPS (and especially in paranoid mode); if not i rather use a pure sandbox apps (unless you can't afford to buy one).
 
Last edited by a moderator:

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
Waiting for CS to weigh in on this post if she supplements CFW with anything like Evjl's Rain mentions:

although CF alone is enough, I prefer to use it with a light AV to reduce CF workload, you would get less amount of popups because malwares are blocked before being sandboxed

I recommend installing a free AV which allows us to disable on-access scanning. Disabling it will largely decreases resource usage. Disabling on-access scanning = enabling on-execution scanning
a few good examples: kaspersky free, avast/AVG free, zemana (free if you get a key, on-access scanning is off by default)
not recommended (can't disable on-access scanning): BD free, windows defender
there might be more but I don't know if they can disable it or not

I have used ZAL before because I have a lifetime license but I do not recall an option to enable on-execution scanning just enable or disable real-time protection. I do like the thought of running CFW with ZAL. Sounds like a great combo?
 

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
I rather use CIS than CFW + other AV, because if you configure Comodo properly, you won't need any AV.

So you like using Comodo's Anti-Virus along with CFW as a combined suite hence CIS? Many websites that I have visited, pan the CAV component as weak compared to other AV's.
 
D

Deleted member 178

So you like using Comodo's Anti-Virus along with CFW as a combined suite hence CIS? Many websites that I have visited, pan the CAV component as weak compared to other AV's.
I don't care if it is weak , since it won't be the component that makes my system secure.
if i have to use Comodo again, i wont bloat my system with another AV.
Honestly AVs those days are just "comfort" component, so beginners feel secure.
The true power behind modern AVs are their preventive features whatever it is a BB, HIPS, sandbox ,etc...
 

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
i don't care if it is weak , since it won't be the component that makes my system secure.
Honestly AVs those days are just "comfort" component, so beginners feel secure.
The true power behind modern AVs are their preventive features whatever it is a BB, HIPS, sandbox ,etc...

Well Umbra, if it keeps your systems secure, than that is about as good as I can get for mine. Thanks.

I guess if I configure the firewall component as CS suggests, and just keep their AV, for me the average user, then I should be fine. I think if I go deeper with the settings, I might confuse myself or weaken my security unless you also have a guide like CS for suggested settings?
 

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
Btw, Cruelsister, if you are out there, are you a proponent of CIS as well? I understand, and appreciate Umbra's opinion.

Do you supplement CFW with anything else? Would like your thoughts, as well.
 

SearchLight

Level 13
Thread author
Verified
Top Poster
Well-known
Jul 3, 2017
625
Anyone supplement CFW with Tencent PC Manager? Uses BD AV engine plus a few others.
 

Evjl's Rain

Level 47
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Apr 18, 2016
3,684
Waiting for CS to weigh in on this post if she supplements CFW with anything like Evjl's Rain mentions:



I have used ZAL before because I have a lifetime license but I do not recall an option to enable on-execution scanning just enable or disable real-time protection. I do like the thought of running CFW with ZAL. Sounds like a great combo?
there is no option to enable or disable on-access scanning in ZAL, they force it to be off by its nature, therefore, it's super light because it doesn't scan your file when you copy to your computer, it only scans when you run the file
many people will suggest using CF alone is enough
I suggest running CF with ZAM or ZAL to reduce the amount of popup. It gives you some ideas which file is malware, which is potentially not a malware
life will be more comfortable
 

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Hi Guys! Just saw this thread and curiously enough I also was wondering (as I know some folk NEED to have an AV in place to feel secure) what AV would be the most compatible with CF. Last year this would have been an easy question to answer, but because a bunch of AV's have been screwing around with there basic protection modality, and Comodo has upped the base protection of the Sandbox (Containment) this is no longer the case.

I'm only in the (very) beginning stages, but have already seen that Avast/AVG are not a good match. Kaspersky free, for which the initial build was promising is no longer an option. When installing Kasp Free one of the first screens seen is an alert to uninstall CF (as if...). One can still install Kaspersky Free, but in what seems to be a Quid Pro Quo from Comodo quite a few Kaspersky files are sandboxed; even after marking them as Trusted the resultant system is ponderously slooooooooow,

I'm currently up to Qihoo, which before added something (as far as detection is concerned) in the past. The odd thing is now Qihoo will not detect many things running in Containment! For instance, a CTBlocker will be detected and deleted by Comodo Cloud BEFORE Qihoo even sees it, whereas a Fortress Class ransomware will be detected and deleted by Qihoo within Containment. Nonetheless it seems that Qihoo Essentials has the best AV coverage with the least system impact so far- but I'm still in testing mode...

Other stuff:

1). I have the Upmost Regard for Dear Umbra, but must disagree with the current utility of the HIPS module for those that use my settings. At one time there was a specific case that it would have been needed (a RAT that I did a video on about a year ago), but Comodo has corrected this issue.

However for those that may want to un-sandbox an unsigned application that the user THINKS might be legitimate, then the HIPS could be easily turned on in this case (please don't use Paranoid; after the twentieth popup you'll go nuts).

2). Do I use an AV myself with CF?- I'm on Win10 and haven't yet bothered to turn off WD in Group Policy, so kinda-sorta. But I totally understand why some still feel more comfortable using an AV. Also, a Fun Fact- someone the other day sent me a njRat/Worm combo that was at that time undetectable by anything. Surprisingly enough in the first 18 hours only 6 products detected it, and one was Comodo (even a blind squirrel...)!

3).Last (and Least)- about in-browser crytocurrency miners- these really are no big thing as they are just using you CPU power when you stay on a certain webpage. Browse away from that site and the Miner is stopped. Reminds me of an app I installed when I was a teenager- it was from SETI and would use my CPU power when the system was idle in their serach for Alien Life (they never found any ET's, and the Miners probably aren't finding any Coins). Adding an Ad-Blocker may help, but you also will never see any targeted Ads. Personally my browsing habits are known and I was recently directed to a website that had unbelievably cute shoes (to be delivered next week). If I had an Ad-blocker in place I would have been lesser for it...
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top