- Apr 2, 2016
- 109
I would like to know if CFW is good against attacks from the web?
Bad IP's, etc.
Thanks in advance.
Bad IP's, etc.
Thanks in advance.
Is Comodo Firewall good enough against web attacks?
- Thread starter Arrabida Rock
- Start date
Please provide comments and solutions that are helpful to the author of this topic.
- Status
- Feb 13, 2017
- 1,486
CF is one of the best firewall, and it should protect from most attacks.
Normal users usually are not the object of targeted attacks, and often criminals localize a target (for example an IP belonging to a company or an institution) launching tools to test the vulnerability, and trying to use exploits to enter the system.
In this case, by using a firewall it is possible to notice an unusual high number of packets coming from the same IP address, this is a clear indication that the machine is under attack. The firewall is aware of these attacks likely blocking them.
However, depending on how many services are exposed to the Internet, the firewall may fail to protect from a direct attack to a service made available to all. In this case, it is necessary to temporarily block the IP until the connection is suspended and create a rule on that IP address.
But I say again, these are targeted attacks not so common to the normal user.
Normal users usually are not the object of targeted attacks, and often criminals localize a target (for example an IP belonging to a company or an institution) launching tools to test the vulnerability, and trying to use exploits to enter the system.
In this case, by using a firewall it is possible to notice an unusual high number of packets coming from the same IP address, this is a clear indication that the machine is under attack. The firewall is aware of these attacks likely blocking them.
However, depending on how many services are exposed to the Internet, the firewall may fail to protect from a direct attack to a service made available to all. In this case, it is necessary to temporarily block the IP until the connection is suspended and create a rule on that IP address.
But I say again, these are targeted attacks not so common to the normal user.
- Aug 30, 2015
- 1,928
It's protection is probably decent, why switch from Windows Firewall though? As a default firewall and it works well. Based on my use of Comodo Firewall, it is a really system destroyer, slow and buggy mess. After my run with it I wouldn't even stand a mile anywhere near it.
You mean URL filtering\blocking of malicious webpages ?
- Feb 13, 2017
- 1,486
The Windows firewall is good against incoming connections, but it is not easy to manage the outbound ones.
- Dec 29, 2014
- 1,711
From what I have seen, there seem to be "smart firewalls" and then firewalls like Comodo uses, which are basically a strict blocker. Some of them can warn of unusual attempts to connect to a port or to one port after another or from risky/strange IPs. With Comodo, you get none of that intelligence, but you do have the logs which can help as @Winter Soldier stated.
Comodo is a good security program, but maybe you could add AdBlock or Heimdal to go with it. Been thinking about it myself.
If your system is behind a NAT router and you have not configured port-forwarding, then worrying about incoming malicious connections is pointless. No one can see anything but your router's IP address.
Does anybody understand this - or users are thinking they are getting some kind of anti-hacker protection by adding a firewall behind a NAT router ?
Does anybody understand this - or users are thinking they are getting some kind of anti-hacker protection by adding a firewall behind a NAT router ?
- Feb 13, 2017
- 1,486
Yes the first protection from the outside is provided not by the firewall but by NAT mechanisms implemented in all routers.
The fact is that to access the Internet, any device needs a public IP address through which it will be tracked on the network. The IP protocol allows to define a limited number of unique addresses and because of that, ISP provides a limited number of IP addresses .
NAT takes care of transforming the IP packets in transit on the router changing the IP address of the sender and the recipient, and even in "one-to-many" mode.
This system allows to share the single public IP address provided by ISP. From the other side, this configuration is an implied protection, from the moment that a packet coming from the outside has no way, if not under indication of the router itself, to reach a specific local device, knowing only the public IP address.
Of course, the router firewall can block DoS attacks, Syn-Flood and Ping Of Death, etc but these attacks do not aim to penetrate the local network to steal information or data, but have the simple goal of crash systems by sending bad packets or in excessive quantity.
You should make it your mission to explain this to people - because it seems very people here get it. There's a lot of people who think that a software firewall behind a NAT router is needed or provides them some kind of protection in the absence of port-forwarding. It doesn't.
They'd be better off with something like Windows Firewall Control - that is if they wish to monitor outbound connections. And then that subject - monitoring or blocking outbound connections - is a debatable one, but overall it does provide a protection edge.
It's the usual mentality... "I do not care if I am at-risk or an attack is even possible - I want the protection on my system anyways even if I do not need it."
Last edited by a moderator:
And the only vendor that I have seen that has been straight-up about not needing a firewall behind a NAT router has been Emsisoft.
- Apr 2, 2016
- 109
In my system isn't it, but i noticed an average slow down at start-up!!!
- Apr 2, 2016
- 109
Yes, i know it has web filtering but.... Some pages i see no red circle!!!
COMODO's web filtering is not the best.
Should you be worried about it ?
Have you actually looked at some of the malicious URLs - 99.99% of them are ones you will never visit - unless you are an adventurous surfer.
If you are paranoid about it, then there is uBlock Origin or Adguard - which basically use the same filters. uBlock is a browser plug-in, whereas Adguard offers both a browser plug-in or a system-wide installed program.
The value of malicious URL blocking is debatable. Let's say something like a university webpage got hacked - it might take days or weeks before a webpage hack is detected and then added to a URL filter. Whereas if MT got hacked - @Jack is going to take care of it before it even gets pushed to the URL filter databases.
Just go look at some of the malicious URLs on malc0de.com and nictasoft (at the very bottom of their webpage).
A lot of the time Smartscreen or the browser URL filtering kicks-in before an internet security suite or adblocker. Sometimes it is the other way around.
I install uBlock Origin and don't worry about it. I don't worry about malicious URLs. There is a malicious URL filter used by it, but I only care about how good the adblocking filters improve my web surfing experience.
Worrying about malicious URLs is a waste of time. You are using COMODO, so a download from a malicious URL is likely to be Unrecognized and auto-sandboxed if you have it enabled.
Worrying about malicious URLs is a waste of time. You are using COMODO, so a download from a malicious URL is likely to be Unrecognized and auto-sandboxed if you have it enabled.
- Apr 22, 2015
- 637
when discussions is going on I would like to get my doubt clear.
say I am doing some online transition and I am responsible for what is running in my system be it malware or MalwareTips
how can I secure the other end or man-in-the middle kind of things ,this is my biggest worry
say I am doing some online transition and I am responsible for what is running in my system be it malware or MalwareTips
how can I secure the other end or man-in-the middle kind of things ,this is my biggest worry
There are different types of man-in-the-middle attacks. I just love when people ask a vendor "Do you protect against ALL types of MitM attacks ?" And vendor's reply is vague.
You have to research MitM. It is not limited to one single thing, but the concept of MitM = session hijacking.
Pfffff.... security softs MitM https all the time by installing a certificate. So all malware need do is to install a certificate - on your local system or the remote system. The attack could be client or server side. There are possible attacks along the entire route. It's very broad and not all are MitM\session hijacking.
Then there are related:
- Sidejacking - This attack involves sniffing data packets to steal session cookies and hijack a user’s session. These cookies can contain unencrypted login information, even if the site was secure.
- Evil Twin - This is a rogue Wi-Fi network that appears to be a legitimate network. When users unknowingly join the rogue network, the attacker can launch a man-in-the-middle attack, intercepting all data between you and the network.
- Sniffing - This involves a malicious actor using readily available software to intercept data being sent from, or to, your device.
- Keep system clean
- Don't use public Wifi without VPN for financial stuff
- Don't use public computer systems
- What is happening on systems that you connect remotely to - not much you can do about that other than to stay off of them
I actually used to worry about MitM, but after I looked at how few times I ever login to banking or buy something online - perhaps a few times per year - I said "Pffff, forget everyday VPN use..."
- Apr 22, 2015
- 637
@Lockdown thanks for making it very clear. i am already using all the recommendations suggested by you.
I never use public WiFi or public system .
I never use public WiFi or public system .
System security is not so difficult. Being confident in the choices you have made and what you have done to protect the system is the difficult part.
- Apr 22, 2015
- 637
@Lockdown system security is not at all difficult for me.the most difficult part for me is to keep any security solution for long in my system. I just keep changing them
They cause problems and\or you are disappointed in them ?
- Status
Similar threads
