App Review Comodo Firewall 10 Setup

[ZeroDay]

I'd use Kaspersky free over Avast if I were using CF. If you have CF and it's tweaked correctly you have your zeroday protection covered. You just need an AV with really good signatures as a backup and Kaspersky's signatures are much better than those of Avast! And now Kaspersky have a free version those signatures are just going to get better because of the increase in user base. And Don't forget you'd have Kaspersky cloud too. In my opinion if you're running CF and want an AV to go with it you won't beat Kaspersky free.

 

[bribon77]

I'd use Kaspersky free over Avast if I were using CF. If you have CF and it's tweaked correctly you have your zeroday protection covered. You just need an AV with really good signatures as a backup and Kaspersky's signatures are much better than those of Avast! And now Kaspersky have a free version those signatures are just going to get better because of the increase in user base. And Don't forget you'd have Kaspersky cloud too. In my opinion if you're running CF and want an AV to go with it you won't beat Kaspersky free.

Great combo, yes Sir I think the same, Comodo Firewall and Kasperky free. It is of the first category.

 

[Decopi]

@AtlBo,

HIPS:
OK, understood the HIPS question. Thank you!
I can imagine CS' answer: "You don't need HIPS to protect any folder or file. CF with my setting will block everything".

BITDEFENDER:
Yes, I knew about TPSC, and did watch this video months ago. But thank you anyway for attaching it.
My personal opinion is that BD, Kaspersky, Avast etc are 90% ok, almost are the same. The problem is the other 9% (100% doesn't exist).
I personally believe that today most of the AM/AV are tested in wrong way, with old approaches. And I believe that zero-day attacks and behavior analysis should be the trend. Considering that behavior analysis is still immature, CF with CS' settings is one of the best malware stopper alternatives. An AV is only needed for few possible false negatives on CF+CS' settings (as happened in the past with CF' cloud mistakes). In this context, most of the major AM/AV are ok (I just prefer Avast due to low RAM consumption).
As I mentioned, for browsers I like the BD extension, just because I tested and compared with other AM/AV extensions.

CS + Browsers:
I am not particularly worried with malwares downloaded trough browsers.
But I worry about malicious scripts. I also worry about phishing, scams, fake websites, exploits etc.
I can deal with this garbage using UMatrix, BD extension and other extensions + security settings. But most of the average users can't. So, I wanted to know how CS recommends CF without AM/AV for average users, regarding browser dangers.
Could be my ignorance, but I don't know how CF+CS' settings can deal with malicious scripts in browsers, phishing and other online-pests.
I understood and thank you for your explanation about limitations of memory malwares. But as I mentioned before, I believe we are in a trend, where browsers and online-dangers are the focus, and attacks will increase exponentially daily. In other words, we have not idea if tomorrow memory malwares evolve bypassing all kind of protection.
With this, I am not trying to be paranoid. But also, I am not trying to be in the other extreme of dealing with browsers threats only with CF. I believe we need a kind of balanced solution in the middle, having CF+CS' settings along with other tools exclusive for browsers protection.
Again, I don't really asked which AM/AV to use with CF. I also didn't ask how to protect my browser. I asked how CS can recommend to use only CF, considering that today the major danger focus is browsers and online activity.

QIHOO360:
You and CS like Avast and QIHOO.
As I said, I use Avast due to low RAM.
How is QIHOO compared to Avast in terms of RAM, CPU, system resources impact etc? Please, can you give me numbers like quantity of running processes, memory consumption etc? Avast in general has 3 processes running with around 50MB idle.

Again, thank you for your answers and explanations!

 

[Handsome Recluse]

I can deal with this garbage using UMatrix, BD extension and other extensions + security settings. But most of the average users can't. So, I wanted to know how CS recommends CF without AM/AV for average users, regarding browser dangers.

She said on her last post she's trying to avoid social media. It'd probably take long to get an answer.

 

[Decopi]

She said on her last post she's trying to avoid social media. It'd probably take long to get an answer.

Well, avoiding this or that... is not a solution.

But my question was not aimed to CS as a browser user.
My question was aimed to CS as a security expert (I consider her a security expert) regarding average browser users.
Considering that average browser users have not idea how to protect themselves from online-dangers, how CF+CS' settings will work without any other security tool for browsers and online-dangers?
In other words: How CF+CS' settings will solve browser and online-dangers, phishing, malicious scripts, scams, fake websites etc?

 

[Brahman]

Well, avoiding this or that... is not a solution.
In other words: How CF+CS' settings will solve browser and online-dangers, phishing, malicious scripts, scams, fake websites etc?

malicious scripts will be sandboxed, and the payload wont run, even if the script succeeds, the pay load will be either be blocked by firewall or it will be sandboxed.
online-dangers, phishing, scams and fake websites CAN be blocked if you have a custom block lists added to "website filtering", other wise you can say goodbye to your money. comodo blocklist is just for fun. Better use something like ublock origin or adguard. Nothing is 100% so add your "sense" to your online security to make it to 99% at-least or wait for Quantum computing cryptography.

 

[shmu26]

Well, avoiding this or that... is not a solution.

But my question was not aimed to CS as a browser user.
My question was aimed to CS as a security expert (I consider her a security expert) regarding average browser users.
Considering that average browser users have not idea how to protect themselves from online-dangers, how CF+CS' settings will work without any other security tool for browsers and online-dangers?
In other words: How CF+CS' settings will solve browser and online-dangers, phishing, malicious scripts, scams, fake websites etc?

Comodo is mainly trying to protect your system from getting infected, so focus on that. It will block most browser exploits at CS settings, so you are okay.
As for phishing, scams, etc, that's not really Comodo's business what you do online. It comes with a wishy-washy web filter, but don't rely on it. That's not what Comodo is there for.

In short: you need to draw a clear distinction between protecting your PC, which Comodo does quite well, and protecting your online activities,which Comodo does not do very well.

 

[Decopi]

@josinpaul, thanks for your answer.

As I said, I really didn't ask about AV/AM along with CF. Also, I didn't ask about my browser protection.
My original question is still open: There are lot of browser online-dangers that I don't know/understand how CF+CS' settings could block them. Your explanation as other explanations are based in the past, not based in today zero-day attacks or future zero-day attacks able to harm bypassing CF+CS' settings. Also, is not based in pure online-harms.
For example, if a malicious script can steal passwords damaging files stored in the cloud, or if trough fake webpages can steal physical addresses, phone numbers, personal info, credit cards, bank accounts etc... it can harm more than a ransomware, worm, virus etc trough the hard disk/memory etc.
Again, for me the trend of the focus should be browsers online vulnerabilities. And in this context, it is interesting to know/understand how CS recommends CF to average users, to be used alone and without AV/AM etc.

Regarding WebFiltering with hosts... I don't like hosts.
First, I don't know how to update the hosts with the UMBRA solution at the link you attached me (thank you!). I am not going to be every day updating this hosts in CF. And certainly, average users never will do that. It is much more intelligent to use an AV/AM which takes care of malicious online webpages.
Second, hosts files have lot of mistakes and redundancies.
Third, I need to check system resources impact (RAM, CPU etc) of UMBRA solution, in order to evaluate that CF can deal with more than +300k blocked items.

 

[Decopi]

@shmu26, thanks!

I agree with you.

However, after reading lot of CS' comments, and watched most of her videos, I didn't find this kind of distinction in her arguments.
The message is always loud and clear: CF+CS' settings alone is enough. There is no distinction between hard drive/memory dangers, or browsers/online dangers.
For her, I am sure CF is enough, because she is a security expert.
For me, perhaps also is enough, because I know a little how to protect my browser without AV/AM.
However, what about average users? How can CS, a security expert, can recommend to average users that CF+CS' settings is enough... specifically for browsers, online-dangers, phishing, scams, fake webpages etc etc etc?

I am not saying CS is wrong.
I am saying that for today zero-day attacks, or for future zero-day attacks trough browsers and online-activity, I don't know/understand how CF+CS' settings will deal with this.

 

[AtlBo]

How is QIHOO compared to Avast in terms of RAM, CPU, system resources impact etc? Please, can you give me numbers like quantity of running processes, memory consumption etc? Avast in general has 3 processes running with around 50MB idle.

I don't think you would like Qihoo using this comparison. If you look at Processes with "All Processes" checked in Task Manger, QHActiveDefense.exe uses 300K easily. The other active part of 360, called QHSafeTray.exe, uses about 50K.

I can imagine CS' answer: "You don't need HIPS to protect any folder or file. CF with my setting will block everything".

She is right. There is option for doing as you would like, however, if you want to protect backups on a backup drive, or really go all the way protecting files. It's a program called EasyFileLocker. This is written by XOSLab, who also wrote Shadow Defender. Shadow Defender is very trusted here at MTs. EFL is very configurable and very well written. You can name locations to protect and then for each location decide which applications can write to the location. Reguires some configuation, but I use it to protect backups on remote drives.

With this, I am not trying to be paranoid. But also, I am not trying to be in the other extreme of dealing with browsers threats only with CF. I believe we need a kind of balanced solution in the middle, having CF+CS' settings along with other tools exclusive for browsers protection.
Again, I don't really asked which AM/AV to use with CF. I also didn't ask how to protect my browser. I asked how CS can recommend to use only CF, considering that today the major danger focus is browsers and online activity.

Not sure CF will do the job by itself at this point, when adding internet considerations. Comodo has a good system in place with CF. Seems devs are content with that for now, although clearly the game has changed somewhat with Eternal Blue/Double Pulsar (wannacry). The command-line heuristics module is a great idea, but the potential for new types of threats is the reason I would like to see the results of a test of malware against that particular module of CF in a standalone way.

Too bad Comodo hasn't been more aggressive with internet protection, especially considering the firewall is already in place and so much information is already being monitored. They have extensions that are in Comodo Dragon, but they are terrible and broken. Maybe Comodo will refine the Firewall and provide better support for site blocking/internet script protection in the future.

By the way, I actually had a Viruscope alert today . I was testing a script to change the desktop background which also changed the registry. Obviously it takes alot to engage Viruscope. Actually, last I heard, it was inactive/inert in CF and being used by Comodo to gather information. This info is based on a desktop message I received from Comodo about VS, following an update. I hadn't seen a VS alert in probably 8 months or so I guess.

The small bugginess issues with CF I think explain well where the program is overall. I don't consider the bugs a protection weakness, but I can see how someone might feel so. It takes quite some time to understand why Comodo does not respond to things...literally months of hands on use. It can seem that the program is not doing its job. Also, the settings are straight up confusing without a similar committment to using the program. That said, the protection is good and actually solid, just not as a standalone security application, that is unless Comodo is serious about signatures as has been reported they are becoming. In that case, maybe CIS or CCAV could be good enough to be considered standalone for most. I still wish Comodo could give users just a slight bit more on what is a REALLY risky behavior on a PC, such as script activity. This is a bigger deal with the number of alerts that the program can generate. I would feel better about considering CIS and CCAV as all that is required if this were improved. AND I really hope to see a test of the command-line heuristics module LOL . For me it's the key to the whole thing, since I run unsigned software sometimes.

I feel like you are on the right track looking into the deeper issues of protection. For now, it's hard to me to imagine doing it better for free than Comodo + free a-v (avast, BD, QH, Kas) + maybe AppCheck A/RW. I add EMET 5.5 (helps with W7 and earlier) and NVT ERP (sure script monitoring). These aren't a requirement. The best news is there are a good number of serious free a-v applications. BTW, thanks for the tip on the BD extension. Don't know if BD must be installed, but I will take a look.

 

[Decopi]

@AtlBo,

QIHOO:
You are right, for 50MB I stay with AVAST, good enough for me in case of CF' false negatives.

PROTECTED FOLDERS/FILES:
Cloud back up is for me the best and simplest solution.
I just asked about HIPS, only because wanted to know/understand the subject.

Too bad Comodo hasn't been more aggressive with internet protection.

In my ignorant opinion, most of the AV/AM are still more focused in computers/devices protection (which is good), but less focused in internet protection (which is bad).
Browsers also are not helping, because they depend on ads + trackers + privacy invasion etc. There are a few browsers focused on security/privacy, but the price for users is still too high (bad performance, lot of RAM, CPU, slow surfing, no extensions or bad extensions etc). You are right about Dragon.
As I said, I believe that browsers, online-activity, internet etc are going to be the major focus of zero-day attacks, increasingly in quantity, quality, harm, danger etc. And sadly, browsers and AM/AV are always behind and late compared to attackers.

By the way, I actually had a Viruscope alert today.

Today after your first comment, I tested VS and WebFilering "off". And I got a BSOD (first BSOD in past 12 months).
I don't have time and interest on this CF' options, but both options have not RAM/CPU impact in my tests. So, in order to avoid and solve my BSOD, I decided to keep "on".

My final verdict is that CF as a firewall is not something special, and Windows firewall can perfectly do the job. But two things:
a) CF has a very low RAM/CPU impact (fact very important to me).
b) CS' settings are just absolutely fantastic great and good, transforming something no special (CF) into very special.

I still just would like to understand/know, why CS recommends CF alone without AM/AV, in the case for browsers, online-activity, internet etc.

For now, it's hard to me to imagine doing it better for free than Comodo + free a-v.

101% agree with you.

BTW, thanks for the tip on the BD extension. Don't know if BD must be installed, but I will take a look.

I thank you. Another two tips:
a) JSGUARD (tiny lightweight add-on/extension, excellent complement for BD add-on/extension, focused in fighting malicious scripts).
b) WebApiManager (first add-on/extension able to block APIS).
PS: Don't need to install BD in order to use the BD add-on/extension. Are two things, working independently. I use the BD add-on without the BD AV.

 

[Brahman]

@josinpaul, thanks for your answer.

As I said, I really didn't ask about AV/AM along with CF. Also, I didn't ask about my browser protection.
My original question is still open: There are lot of browser online-dangers that I don't know/understand how CF+CS' settings could block them. Your explanation as other explanations are based in the past, not based in today zero-day attacks or future zero-day attacks able to harm bypassing CF+CS' settings. Also, is not based in pure online-harms.

First of all CF with CS setting banks on comodo's enterprise quality sanboxing technology. CF sandboxes each and every unsigned unknown process, be it zero day or first day malware/script. It is not based on definitions unlike traditional av, which needs definitions of a threat to successfully block it. so what i am saying is that CF can only protect your physical system and what ever resides in it and not the things in cloud. It will not give protection from fraudulent sites, it is not meant to also. But it will stop any payload being executed in your physical system. I have not heard anything that can bypass CF+CS' settings till now, but am not an expert enough to say that it is 100% future proof.

Again, for me the trend of the focus should be browsers online vulnerabilities. And in this context, it is interesting to know/understand how CS recommends CF to average users, to be used alone and without AV/AM etc

How can an AV/AM protect you from browsers online vulnerabilities? Please explain it to me cause am in dark. Browser vulnerability can only be fixed by patching the browser itself. No AV/Am can fix that, and i don't think by using AV/ Am is eough protection from legitimate software's vulnerabilities.

 

[Decopi]

@josinpaul,

CF can only protect your physical system and what ever resides in it and not the things in cloud. It will not give protection from fraudulent sites, it is not meant to also.

So my question remains valid: There are lot of browser online-dangers that I don't know/understand how CF+CS' settings could block them. Your explanation as other explanations are based in the past, not based in today zero-day attacks or future zero-day attacks able to harm bypassing CF+CS' settings. Also, is not based in pure online-dangers.

Please, don't misunderstand me!
I love CF+CS' settings. I am using it!
My only point here is to understand/know why CS recommends CF alone, without AM/AV, when most of the average users are going to be hit by browsers, online-activity, an other internet dangers.
I repeat, I am not saying CS is wrong. I just want to know how she foresees average users using only CF without anything else, regarding internet dangers.

How can an AV/AM protect you from browsers online vulnerabilities?

Most of the regular AM/AV have some kind of web-shield or online-protection. I am not saying that these tools are perfect. But at least, for average users are ok, much better than nothing.
These web tools try to cover common online-pests like phishing, malicious scripts, fake websites etc.

Browser vulnerability can only be fixed by patching the browser itself.

I am totally agree with you that browsers have a big homework to do, and can help a lot regarding security/privacy.
The point is that this is not realistic, and never will happen, because browsers need ads, tracking, privacy invasion etc in order to financially survive.
The few browsers taking care of security/privacy, sadly they kill the web experience.

However, as I said, external help exists.
AM/AV can help with web-shields.
And add-ons/extensions can help with lots of security/privacy tools.
So, in my ignorance, I believe that CF+CS' settings needs an AM/AV in the case of 1) False negatives (as happened in the past with CF cloud mistakes), and also needs in the case of 2) Browsers, online-activity, and other internet dangers (where CF has zero protection there).

No AV/Am can fix that, and i don't think by using AV/ Am is eough protection from legitimate software's vulnerabilities.

Again, this is not my point.
I am not criticizing CF+CS' settings.
I am not defending AM/AV alternatives.
I just want to know/understand how CS can recommend CF without anything else, regarding browsers, online-activity, and other internet dangers.

 

[Brahman]

I just want to know/understand how CS can recommend CF without anything else, regarding browsers, online-activity, and other internet dangers.

i don't think she ever said that, she said there is no need for an another Anti virus software on your PC If you are using CF. Besides comodo firewall in default has comodo secure dns, and Internet Security Essentials which is some kind of protection to for average users from phishing and fraudulent websites. Besides i don't think you or some one who cares about comodo/ CS videos are an average user, they know what to do and what to have in their system.

 

[Decopi]

she said there is no need for an another Anti virus software on your PC If you are using CF.

Yes, I agree.
However, the rest of your comment is your personal interpretation. And I respect that. But when we make recommendations, in this case security recommendations, we can't be ambiguous, and interpretations are forbidden in this field.

Again, CS recommends CF without AM/AV.
She never approached explanations about browsers, online-activity, internet dangers etc.
And this is my question.

Again, please, don't misunderstand me!
A question is not a critic, neither a personal attack.
If I am questioning is because I read a lot of CS' commentaries, watched lot of her videos, I love CS, I use her CF' settings, I recommend, I even agree that for computer/devices CF might be enough etc... but I just don't understand CS' argument regarding browsers, online-activity, internet dangers etc.
I confess that I also don't understand why most of the CF+CS' settings users also have not this same question as I have. Most users here just accept CF as enough.

Besides comodo firewall in default has comodo secure dns, and Internet Security Essentials which is some kind of protection to for average users from phishing and fraudulent websites.

Out of my question.
I didn't ask about AM/AV.
I just asked about CS' recommendation.

Besides i don't think you or some one who cares about comodo/ CS videos are an average user, they know what to do and what to have in their system.

Agree.
But CS doesn't discriminate users when she share her comments. Her argument seems to be generalist, for any user.
And I trust CS. I know she has an answer for her recommendation. I just want to know/understand her recommendation, specifically regarding browsers, online-activity, internet dangers etc.

Meltdown and Spectre are good samples of dangers that could arise from a simple javascript. Both bugs can bypass virtual machines, sandboxing etc. This is exactly what I mean when I say that browsers, online-activity, internet dangers should be the main focus. And this is the reason I want to understand CS' arguments.

But @josinpaul, thank anyway for your answers.