Video Review Comodo Firewall 10 Setup

Discussion in 'Video Reviews' started by cruelsister, Jan 28, 2017.

  1. Decopi

    Decopi Level 1

    Oct 29, 2017
    28
    60
    Paradise
    Hi @Telos! Thank you for your answer.

    It is true that in the original CS' video (you attached), CF' settings are those you pointed. However, at CS' Youtube Channel, you can see other videos with different settings in CF, related specifically to my questions. By the way, that is the reason of my questions (taking into account other CS' videos with different settings).

    Now, with regards to "AV has no effect on the threats you enumerated", most of the AV/AM I tested somehow take care on the on threats I enumerated.

    But once again @Telos, thank you for your answer.
    I repeat my questions, hoping someone else here wants to answer:
    1) With CS' settings in CF, does ViruScope option need to be enabled? Is it adding anything to CS' settings?
    2) If I disable HIPS, will this also disable "Protected Data Folders"?
    3) Website Filtering? On? Off? Does this option add anything relevant to CS' settings?
    4) Enable or disable Cloud Lookup with CS' settings?
    5) I can understand CS' opinion about "CF is enough, doesn't need an AV or AM". However, what about browsers? How to deal with phishing, scams, fake websites, tracking, spying, privacy issues etc? Don't we need an AV or AM to take care of this browsers garbage and other online-dangers?
     
    CodaPG and AtlBo like this.
  2. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,273
    13,595
    Utopia
    The main thing with Comodo is to make sure it is actually working. Sometimes it doesn't block, and sometimes the blocking is inconsistent. If it works, it is good.
    Try executing unusual files, and if they are allowed to run, check in the file list. If they are unrecognized, but Comodo let them run, I think you may have a problem.
     
    AtlBo likes this.
  3. Decopi

    Decopi Level 1

    Oct 29, 2017
    28
    60
    Paradise
    Hi @AtlBo, thank you for your answers:

    Here I am confuse.
    I disabled HIPS following CS' settings.
    However, my "protected folders" are still there.
    Again: By disabling HIPS, will this also disable "Protected Data Folders"?

    I tested both, Avast AV and the AVAST add-on, and in my ignorant opinion both are terrible detecting browser online-dangers.

    I tested the BD add-on along 6 months, comparing with other security add-ons. And I found BD add-on the best one, not perfect, but catching more pests, without affecting browsing performance.

    I just want to understand how CS deals with browsers security, using just CF.

    I use UMatrix. But I don't use hosts files. I just block everything with UMatrix.
    Of course, I also have other security/privacy add-ons & settings.
     
    AtlBo likes this.
  4. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,144
    4,515
    Qihoo 360
    #444 AtlBo, Jan 2, 2018
    Last edited: Jan 2, 2018
    On these:

    Yes, disabling HIPS will disable protected files and folders protection. You can see the "Protected Files and Folders" setting is there at the settings location above, so it is HIPS that monitors files and folders and provides this protection. If you look at each of the protections in the list, you can see what HIPS actually monitors specifically. Each HIPS alert will be of one of the types with the check boxes. These are the actions that HIPS blocks, (until you allow). In the list, you can see all the check boxes for each protection, and one of them is "Protected Files and Folders". If the Comodo HIPS module is deactivated, however, Comodo will not be monitoring using any of the HIPS block protections listed, even if they are checked and including "Protected Files and Folders". This is true, even if you have configured some files and folders to be monitored. HIPS must be on to have that monitoring.

    Seems pretty good to me, but haven't ever done any testing. I did see MalwareBlocker's YouTube video where I think it blocked 5/10. Not very good, true, but I haven't ever been abused running avast. I like the extension. It's not much, but I don't want a dramatic extension for website recommendations.

    Have you looked at Bitdefender? This video seems impressive with the internet blocks for a free program:



    I believe she handles that with extensions mostly. She is super confident that Comodo will catch malware when it attempts to run. It's easy to understand this, because even memory based malware has limited potential to do damage if it can't drop a file somewhere without being detected. Now if it's running as part of your browser, masquerading as the browser, like a rogue extension, things can become problematic. Since the malware would likely want to drop something, the only defense Comodo would have is "Command-line Heuristics". This is because your browser is automatically whitelisted, so malware running as part of it can basically do anything. This is really the only scenario you need to be aware of as far as the browser and Comodo go. Make sure you are getting safe and reputable extensions and you can also run the browser in a sandbox like sandboxie (also MS Office Applications). This is the best defense.

    BTW, I use Qihoo 360 Total Security on a few PCs. If you block a few Qihoo processes, the ads are non-existent. I can't recommend it because of them, but 360 has a good sandbox. Problem is it doesn't love Chrome. Big problem I know. Anyway if you ever try Q360 make sure to activate the Bitdefender and Avira definitions.
     
    Decopi and bribon77 like this.
  5. ZeroDay

    ZeroDay Level 22

    Aug 17, 2013
    1,118
    3,188
    Birmingham UK
    Windows 10
    Kaspersky
    I'd use Kaspersky free over Avast if I were using CF. If you have CF and it's tweaked correctly you have your zeroday protection covered. You just need an AV with really good signatures as a backup and Kaspersky's signatures are much better than those of Avast! And now Kaspersky have a free version those signatures are just going to get better because of the increase in user base. And Don't forget you'd have Kaspersky cloud too. In my opinion if you're running CF and want an AV to go with it you won't beat Kaspersky free.
     
  6. bribon77

    bribon77 Level 10

    Jul 6, 2017
    497
    3,427
    spain
    Windows 7
    Emsisoft
    Great combo, yes Sir I think the same, Comodo Firewall and Kasperky free. It is of the first category.
     
    simmerskool and silversurfer like this.
  7. Decopi

    Decopi Level 1

    Oct 29, 2017
    28
    60
    Paradise
    #447 Decopi, Jan 2, 2018
    Last edited: Jan 2, 2018
    @AtlBo,

    HIPS:
    OK, understood the HIPS question. Thank you!
    I can imagine CS' answer: "You don't need HIPS to protect any folder or file. CF with my setting will block everything".

    BITDEFENDER:
    Yes, I knew about TPSC, and did watch this video months ago. But thank you anyway for attaching it.
    My personal opinion is that BD, Kaspersky, Avast etc are 90% ok, almost are the same. The problem is the other 9% (100% doesn't exist).
    I personally believe that today most of the AM/AV are tested in wrong way, with old approaches. And I believe that zero-day attacks and behavior analysis should be the trend. Considering that behavior analysis is still immature, CF with CS' settings is one of the best malware stopper alternatives. An AV is only needed for few possible false negatives on CF+CS' settings (as happened in the past with CF' cloud mistakes). In this context, most of the major AM/AV are ok (I just prefer Avast due to low RAM consumption).
    As I mentioned, for browsers I like the BD extension, just because I tested and compared with other AM/AV extensions.

    CS + Browsers:
    I am not particularly worried with malwares downloaded trough browsers.
    But I worry about malicious scripts. I also worry about phishing, scams, fake websites, exploits etc.
    I can deal with this garbage using UMatrix, BD extension and other extensions + security settings. But most of the average users can't. So, I wanted to know how CS recommends CF without AM/AV for average users, regarding browser dangers.
    Could be my ignorance, but I don't know how CF+CS' settings can deal with malicious scripts in browsers, phishing and other online-pests.
    I understood and thank you for your explanation about limitations of memory malwares. But as I mentioned before, I believe we are in a trend, where browsers and online-dangers are the focus, and attacks will increase exponentially daily. In other words, we have not idea if tomorrow memory malwares evolve bypassing all kind of protection.
    With this, I am not trying to be paranoid. But also, I am not trying to be in the other extreme of dealing with browsers threats only with CF. I believe we need a kind of balanced solution in the middle, having CF+CS' settings along with other tools exclusive for browsers protection.
    Again, I don't really asked which AM/AV to use with CF. I also didn't ask how to protect my browser. I asked how CS can recommend to use only CF, considering that today the major danger focus is browsers and online activity.

    QIHOO360:
    You and CS like Avast and QIHOO.
    As I said, I use Avast due to low RAM.
    How is QIHOO compared to Avast in terms of RAM, CPU, system resources impact etc? Please, can you give me numbers like quantity of running processes, memory consumption etc? Avast in general has 3 processes running with around 50MB idle.

    Again, thank you for your answers and explanations!
     
  8. TerrakionSmash

    TerrakionSmash Level 16

    Nov 17, 2016
    750
    2,127
    Somewhere underwater or over water. I am water!
    Windows 10
    Microsoft
    She said on her last post she's trying to avoid social media. It'd probably take long to get an answer.
     
    Decopi likes this.
  9. Decopi

    Decopi Level 1

    Oct 29, 2017
    28
    60
    Paradise
    Well, avoiding this or that... is not a solution.

    But my question was not aimed to CS as a browser user.
    My question was aimed to CS as a security expert (I consider her a security expert) regarding average browser users.
    Considering that average browser users have not idea how to protect themselves from online-dangers, how CF+CS' settings will work without any other security tool for browsers and online-dangers?
    In other words: How CF+CS' settings will solve browser and online-dangers, phishing, malicious scripts, scams, fake websites etc?
     
  10. josinpaul

    josinpaul Level 3

    Aug 22, 2013
    125
    411
    Lawyer
    Kochi
    Windows 10
    Default-Deny
    #450 josinpaul, Jan 2, 2018
    Last edited: Jan 2, 2018
    malicious scripts will be sandboxed, and the payload wont run, even if the script succeeds, the pay load will be either be blocked by firewall or it will be sandboxed.
    online-dangers, phishing, scams and fake websites CAN be blocked if you have a custom block lists added to "website filtering", other wise you can say goodbye to your money. comodo blocklist is just for fun. Better use something like ublock origin or adguard. Nothing is 100% so add your "sense" to your online security to make it to 99% at-least or wait for Quantum computing cryptography.
     
    simmerskool, AtlBo and Decopi like this.
  11. shmu26

    shmu26 Level 53

    Jul 3, 2015
    4,273
    13,595
    Utopia
    Comodo is mainly trying to protect your system from getting infected, so focus on that. It will block most browser exploits at CS settings, so you are okay.
    As for phishing, scams, etc, that's not really Comodo's business what you do online. It comes with a wishy-washy web filter, but don't rely on it. That's not what Comodo is there for.

    In short: you need to draw a clear distinction between protecting your PC, which Comodo does quite well, and protecting your online activities,which Comodo does not do very well.
     
  12. Decopi

    Decopi Level 1

    Oct 29, 2017
    28
    60
    Paradise
    #452 Decopi, Jan 3, 2018
    Last edited: Jan 3, 2018
    @josinpaul, thanks for your answer.

    As I said, I really didn't ask about AV/AM along with CF. Also, I didn't ask about my browser protection.
    My original question is still open: There are lot of browser online-dangers that I don't know/understand how CF+CS' settings could block them. Your explanation as other explanations are based in the past, not based in today zero-day attacks or future zero-day attacks able to harm bypassing CF+CS' settings. Also, is not based in pure online-harms.
    For example, if a malicious script can steal passwords damaging files stored in the cloud, or if trough fake webpages can steal physical addresses, phone numbers, personal info, credit cards, bank accounts etc... it can harm more than a ransomware, worm, virus etc trough the hard disk/memory etc.
    Again, for me the trend of the focus should be browsers online vulnerabilities. And in this context, it is interesting to know/understand how CS recommends CF to average users, to be used alone and without AV/AM etc.

    Regarding WebFiltering with hosts... I don't like hosts.
    First, I don't know how to update the hosts with the UMBRA solution at the link you attached me (thank you!). I am not going to be every day updating this hosts in CF. And certainly, average users never will do that. It is much more intelligent to use an AV/AM which takes care of malicious online webpages.
    Second, hosts files have lot of mistakes and redundancies.
    Third, I need to check system resources impact (RAM, CPU etc) of UMBRA solution, in order to evaluate that CF can deal with more than +300k blocked items.
     
    AtlBo likes this.
  13. Decopi

    Decopi Level 1

    Oct 29, 2017
    28
    60
    Paradise
    #453 Decopi, Jan 3, 2018
    Last edited: Jan 3, 2018
    @shmu26, thanks!

    I agree with you.

    However, after reading lot of CS' comments, and watched most of her videos, I didn't find this kind of distinction in her arguments.
    The message is always loud and clear: CF+CS' settings alone is enough. There is no distinction between hard drive/memory dangers, or browsers/online dangers.
    For her, I am sure CF is enough, because she is a security expert.
    For me, perhaps also is enough, because I know a little how to protect my browser without AV/AM.
    However, what about average users? How can CS, a security expert, can recommend to average users that CF+CS' settings is enough... specifically for browsers, online-dangers, phishing, scams, fake webpages etc etc etc?

    I am not saying CS is wrong.
    I am saying that for today zero-day attacks, or for future zero-day attacks trough browsers and online-activity, I don't know/understand how CF+CS' settings will deal with this.
     
    AtlBo and TerrakionSmash like this.
  14. AtlBo

    AtlBo Level 22

    Dec 29, 2014
    1,144
    4,515
    Qihoo 360
    #454 AtlBo, Jan 3, 2018
    Last edited: Jan 3, 2018
    I don't think you would like Qihoo using this comparison. If you look at Processes with "All Processes" checked in Task Manger, QHActiveDefense.exe uses 300K easily. The other active part of 360, called QHSafeTray.exe, uses about 50K.

    She is right. There is option for doing as you would like, however, if you want to protect backups on a backup drive, or really go all the way protecting files. It's a program called EasyFileLocker. This is written by XOSLab, who also wrote Shadow Defender. Shadow Defender is very trusted here at MTs. EFL is very configurable and very well written. You can name locations to protect and then for each location decide which applications can write to the location. Reguires some configuation, but I use it to protect backups on remote drives.

    Not sure CF will do the job by itself at this point, when adding internet considerations. Comodo has a good system in place with CF. Seems devs are content with that for now, although clearly the game has changed somewhat with Eternal Blue/Double Pulsar (wannacry). The command-line heuristics module is a great idea, but the potential for new types of threats is the reason I would like to see the results of a test of malware against that particular module of CF in a standalone way.

    Too bad Comodo hasn't been more aggressive with internet protection, especially considering the firewall is already in place and so much information is already being monitored. They have extensions that are in Comodo Dragon, but they are terrible and broken. Maybe Comodo will refine the Firewall and provide better support for site blocking/internet script protection in the future.

    By the way, I actually had a Viruscope alert today :rolleyes:. I was testing a script to change the desktop background which also changed the registry. Obviously it takes alot to engage Viruscope. Actually, last I heard, it was inactive/inert in CF and being used by Comodo to gather information. This info is based on a desktop message I received from Comodo about VS, following an update. I hadn't seen a VS alert in probably 8 months or so I guess.

    The small bugginess issues with CF I think explain well where the program is overall. I don't consider the bugs a protection weakness, but I can see how someone might feel so. It takes quite some time to understand why Comodo does not respond to things...literally months of hands on use. It can seem that the program is not doing its job. Also, the settings are straight up confusing without a similar committment to using the program. That said, the protection is good and actually solid, just not as a standalone security application, that is unless Comodo is serious about signatures as has been reported they are becoming. In that case, maybe CIS or CCAV could be good enough to be considered standalone for most. I still wish Comodo could give users just a slight bit more on what is a REALLY risky behavior on a PC, such as script activity. This is a bigger deal with the number of alerts that the program can generate. I would feel better about considering CIS and CCAV as all that is required if this were improved. AND I really hope to see a test of the command-line heuristics module LOL :love::rolleyes:. For me it's the key to the whole thing, since I run unsigned software sometimes.

    I feel like you are on the right track looking into the deeper issues of protection. For now, it's hard to me to imagine doing it better for free than Comodo + free a-v (avast, BD, QH, Kas) + maybe AppCheck A/RW. I add EMET 5.5 (helps with W7 and earlier) and NVT ERP (sure script monitoring). These aren't a requirement. The best news is there are a good number of serious free a-v applications. BTW, thanks for the tip on the BD extension. Don't know if BD must be installed, but I will take a look.
     
    Decopi likes this.
  15. Decopi

    Decopi Level 1

    Oct 29, 2017
    28
    60
    Paradise
    @AtlBo,

    QIHOO:
    You are right, for 50MB I stay with AVAST, good enough for me in case of CF' false negatives.

    PROTECTED FOLDERS/FILES:
    Cloud back up is for me the best and simplest solution.
    I just asked about HIPS, only because wanted to know/understand the subject.

    In my ignorant opinion, most of the AV/AM are still more focused in computers/devices protection (which is good), but less focused in internet protection (which is bad).
    Browsers also are not helping, because they depend on ads + trackers + privacy invasion etc. There are a few browsers focused on security/privacy, but the price for users is still too high (bad performance, lot of RAM, CPU, slow surfing, no extensions or bad extensions etc). You are right about Dragon.
    As I said, I believe that browsers, online-activity, internet etc are going to be the major focus of zero-day attacks, increasingly in quantity, quality, harm, danger etc. And sadly, browsers and AM/AV are always behind and late compared to attackers.

    Today after your first comment, I tested VS and WebFilering "off". And I got a BSOD (first BSOD in past 12 months).
    I don't have time and interest on this CF' options, but both options have not RAM/CPU impact in my tests. So, in order to avoid and solve my BSOD, I decided to keep "on".

    My final verdict is that CF as a firewall is not something special, and Windows firewall can perfectly do the job. But two things:
    a) CF has a very low RAM/CPU impact (fact very important to me).
    b) CS' settings are just absolutely fantastic great and good, transforming something no special (CF) into very special.

    I still just would like to understand/know, why CS recommends CF alone without AM/AV, in the case for browsers, online-activity, internet etc.

    101% agree with you.

    I thank you. Another two tips:
    a) JSGUARD (tiny lightweight add-on/extension, excellent complement for BD add-on/extension, focused in fighting malicious scripts).
    b) WebApiManager (first add-on/extension able to block APIS).
    PS: Don't need to install BD in order to use the BD add-on/extension. Are two things, working independently. I use the BD add-on without the BD AV.
     
  16. josinpaul

    josinpaul Level 3

    Aug 22, 2013
    125
    411
    Lawyer
    Kochi
    Windows 10
    Default-Deny
    First of all CF with CS setting banks on comodo's enterprise quality sanboxing technology. CF sandboxes each and every unsigned unknown process, be it zero day or first day malware/script. It is not based on definitions unlike traditional av, which needs definitions of a threat to successfully block it. so what i am saying is that CF can only protect your physical system and what ever resides in it and not the things in cloud. It will not give protection from fraudulent sites, it is not meant to also. But it will stop any payload being executed in your physical system. I have not heard anything that can bypass CF+CS' settings till now, but am not an expert enough to say that it is 100% future proof.
    How can an AV/AM protect you from browsers online vulnerabilities? Please explain it to me cause am in dark. Browser vulnerability can only be fixed by patching the browser itself. No AV/Am can fix that, and i don't think by using AV/ Am is eough protection from legitimate software's vulnerabilities.
     
  17. Decopi

    Decopi Level 1

    Oct 29, 2017
    28
    60
    Paradise
    #457 Decopi, Jan 4, 2018
    Last edited: Jan 4, 2018
    @josinpaul,

    So my question remains valid: There are lot of browser online-dangers that I don't know/understand how CF+CS' settings could block them. Your explanation as other explanations are based in the past, not based in today zero-day attacks or future zero-day attacks able to harm bypassing CF+CS' settings. Also, is not based in pure online-dangers.

    Please, don't misunderstand me!
    I love CF+CS' settings. I am using it!
    My only point here is to understand/know why CS recommends CF alone, without AM/AV, when most of the average users are going to be hit by browsers, online-activity, an other internet dangers.
    I repeat, I am not saying CS is wrong. I just want to know how she foresees average users using only CF without anything else, regarding internet dangers.

    Most of the regular AM/AV have some kind of web-shield or online-protection. I am not saying that these tools are perfect. But at least, for average users are ok, much better than nothing.
    These web tools try to cover common online-pests like phishing, malicious scripts, fake websites etc.

    I am totally agree with you that browsers have a big homework to do, and can help a lot regarding security/privacy.
    The point is that this is not realistic, and never will happen, because browsers need ads, tracking, privacy invasion etc in order to financially survive.
    The few browsers taking care of security/privacy, sadly they kill the web experience.

    However, as I said, external help exists.
    AM/AV can help with web-shields.
    And add-ons/extensions can help with lots of security/privacy tools.
    So, in my ignorance, I believe that CF+CS' settings needs an AM/AV in the case of 1) False negatives (as happened in the past with CF cloud mistakes), and also needs in the case of 2) Browsers, online-activity, and other internet dangers (where CF has zero protection there).

    Again, this is not my point.
    I am not criticizing CF+CS' settings.
    I am not defending AM/AV alternatives.
    I just want to know/understand how CS can recommend CF without anything else, regarding browsers, online-activity, and other internet dangers.
     
  18. josinpaul

    josinpaul Level 3

    Aug 22, 2013
    125
    411
    Lawyer
    Kochi
    Windows 10
    Default-Deny
    i don't think she ever said that, she said there is no need for an another Anti virus software on your PC If you are using CF. Besides comodo firewall in default has comodo secure dns, and Internet Security Essentials which is some kind of protection to for average users from phishing and fraudulent websites. Besides i don't think you or some one who cares about comodo/ CS videos are an average user, they know what to do and what to have in their system.
     
  19. Decopi

    Decopi Level 1

    Oct 29, 2017
    28
    60
    Paradise
    Yes, I agree.
    However, the rest of your comment is your personal interpretation. And I respect that. But when we make recommendations, in this case security recommendations, we can't be ambiguous, and interpretations are forbidden in this field.

    Again, CS recommends CF without AM/AV.
    She never approached explanations about browsers, online-activity, internet dangers etc.
    And this is my question.

    Again, please, don't misunderstand me!
    A question is not a critic, neither a personal attack.
    If I am questioning is because I read a lot of CS' commentaries, watched lot of her videos, I love CS, I use her CF' settings, I recommend, I even agree that for computer/devices CF might be enough etc... but I just don't understand CS' argument regarding browsers, online-activity, internet dangers etc.
    I confess that I also don't understand why most of the CF+CS' settings users also have not this same question as I have. Most users here just accept CF as enough.

    Out of my question.
    I didn't ask about AM/AV.
    I just asked about CS' recommendation.

    Agree.
    But CS doesn't discriminate users when she share her comments. Her argument seems to be generalist, for any user.
    And I trust CS. I know she has an answer for her recommendation. I just want to know/understand her recommendation, specifically regarding browsers, online-activity, internet dangers etc.

    Meltdown and Spectre are good samples of dangers that could arise from a simple javascript. Both bugs can bypass virtual machines, sandboxing etc. This is exactly what I mean when I say that browsers, online-activity, internet dangers should be the main focus. And this is the reason I want to understand CS' arguments.

    But @josinpaul, thank anyway for your answers.
     
    bribon77 likes this.
Loading...
Similar Threads Forum Date
Video Review Comodo Firewall 8 2 0 4508 Setup and Test Part 2 Video Reviews May 21, 2015
Video Review Comodo Firewall 8.2.0.4508 Setup and Brief Test- Part 1 Video Reviews May 18, 2015
Video Review Comodo Firewall 8.2 Beta Setup and (very) Brief Test Video Reviews Mar 15, 2015