Thanks for the advise to not use (CIS Firewall in) IPv6 at all.
Do not use IPv6.
But definitely use CIS\CFW. Comodo does the right thing by not worrying about IPv6 because no matter what Comodo does, IPv6 is a deeply flawed, insecure networking protocol.
Are you going to advise / inform every single person who is using or wants to start using CIS FIrewall and is connected to an IPv6 native network about this IPv6 problem?
Nope. Not my responsibility. The responsibility is ALWAYS on the user to put in the effort to figure it out. This is how it works.
Again, there is no problem with Comodo. The problem is IPv6 protocol itself. Those problems cannot be fixed by filtering IPv6. Therefore, it makes no difference if Comodo filters IPv6 or not. It just isn't necessary. The correct security solution is to disable IPv6 on all systems.
Are you going to ask Comodo to put your advise to not use CIS Firewall in IPv6 mode and to disbale IPv6 alltogether on the OS in their CIS User's Manual? You could do so but they will refuse to add it to their CIS manual.
Nope. There are governmental agencies out there that have issued IPv6 protocol advisories. People pay taxes to receive these Public Service Announcements (PSAs). Not anyone's responsibility to compensate for the user not checking the advisories.
Comodo has no obligation to inform anyone about anything. Comodo has no moral or ethical duty to do anything. It is only obligated to do what is required under the prevailing laws. Which, in the case of all software, users that use software do so at their own risk and they accept the software "As-Is."
See that's the problem, nobody is getting informed and nobody is willing to inform all others about this IPv6 CIS problem. CIS users just use CIS as is with default out-of-the-box settings or with CS settings, which seting doesn't matter IPv6 filtering is disabled in CIS in all cases.
It is not anyone's responsibility to inform anybody about anything. So you can stop with the whole strawman concern.
Nobody is being harmed. Saying that they are is misinformation and a blatant lie.
Furthermore nowadays OS do prefer/prioritize IPv6 connections above IPv4 connections and MS does advise people not to switch off IPv6 in the OS (by registry hack) as that might cause OS problems or instabilities (those are MS words not mine).
Microsoft does not set the standard for network security best practices. There are other entities that perform that function. The general working security industry standard is to disable anything that is not critical to operations. That is the fundamental security industry best practice.
It is completely wrong to say "If it ships with an OS, then it should be allowed." This statement is so absurd that anyone that says it cannot be taken seriously. There are many, many things shipped with operating systems that do nothing more than inject complexity, attack surface, and\or exploitation potential to the system. What is appropriate to an administrator system is definitely not appropriate for a typical user system. Furthermore, all operating systems are meant to be hardened. The responsibility of figuring that out is on the user.
LOL. Microsoft does advise to disable IPv6 - but that advisory is only provided via internal Microsoft Security services to enterprise and government.
Disabling IPv6 has no affect on Windows OS - nor any other OS - stability. Nor does disabling IPv6 destabilize any applications.
Now you are making stuff up as you go along because you have an anti-Comodo agenda. You are stating misinformation and FUD. Why? Because your objective is to use any means available - including lies and speculation - to dissuade others from being interested in or deciding to use Comodo.
IPv6 was invented to overcome the limited and running out IPv4 addresses. IPv6 can't be ignored anymore these days it will replace IPv4 sometime (no not within the next year or two).
Sure IPv6 can be ignored (disabled). The reason why it was developed has nothing to do with the security - or lack thereof - of the protocol itself.
IPv4 addressing will never be deprecated nor phased out. It shall live until NAT is done away with - and that will never happen. Getting rid of NAT would be like getting rid of water or oxygen. IPv4 will be around until the cockroaches inherit the Earth.
