Saturday, January 21, 2012

Comodo Firewall 5


Most experts agree that the minimum acceptable level of PC security must include at least antivirus and firewall protection. If you've found a favorite free standalone antivirus, what you need is a free firewall like Comodo Firewall 5 (free) to pair with it. But be warned, Comodo comes with a lot of baggage above and beyond the typical firewall. If you don't like firewall popup queries, you may be staggered by the even more complex queries from its behavior-based Defense+ component.

One thing you won't have to worry about is wading through screen after screen of installation options. The initial screen offers to switch your system's DNS to Comodo SecureDNS and lets you choose whether to submit unrecognized programs for cloud-based behavior analysis. With one click you agree to the license agreement and start the installation?simple! Note, too, that it's free for both personal and business use.

Straightforward Firewall
As expected, the firewall stealthed all the test system's ports and passed the port scans and other Web-based tests I threw at it. However, I was surprised to find that after these tests the summary screen still reported zero intrusions blocked and that the firewall event log was empty.

The firewall has five security levels for controlling how programs access the network, or three if you skip the extremes of blocking all traffic and blocking no traffic. In the default Safe Mode, it blocks outbound connections and allows inbound connections for known safe programs, creating a rule so the safe program will always be able to connect. If it detects an unknown program it asks the user whether to allow or block the connection and, by default, creates a rule to remember the answer.

The less strict Training Mode should only be used on a computer that's guaranteed clean. In this mode the firewall allows all inbound and outbound traffic by any program, and also creates a rule so that the connection will always be allowed.

Why create rules? When you choose the stricter Custom Policy level, only connections for which rules already exist are permitted. For any other connection the firewall queries the user. Running for a while in Safe Mode or Training Mode cuts down the number of popups. You can also manually mark any program as trusted or blocked.

Do note that by default you'll get no popup alerts regardless of the security level, because by default the program suppresses popup firewall alerts and treats them as if you chose to allow the connection. Most users have no idea whether to allow or block a given connection. Some just always allow it. Others start by blocking everything but switch to allowing everything after they disable something important. Perhaps Comodo's always-allow default is just a pragmatic nod to what actually happens.

I'm not impressed with firewalls that push security decisions off on the user. Advanced firewalls like those found in Norton Internet Security 2012 ($69.99 direct for three licenses, 4.5 stars) and Kaspersky Internet Security 2012 ($79.95 direct for three licenses, 3.5 stars) automatically configure permissions for millions of known good and bad programs and make their own determination on how to handle unknowns. ZoneAlarm Free Firewall 2012 (free, 4.5 stars) is more like Comodo in that it asks the user how to handle unknowns, but it, too, has a database of millions. ZoneAlarm popups are relatively rare.

Comodo Firewall's program control is overshadowed by its Defense+ module, a kind of behavior-based malware detection that I'll describe in detail later in this article. Defense+ proved effective against leak tests, programs that attempt to connect to the Internet behind the firewall's back. I consider a product successful if it detects the attempt, since the whole purpose of leak test techniques is to connect invisibly. Comodo detected sneaky actions like trying to modify Internet Explorer in memory, trying to launch and control IE, or trying to modify a program's user interface in every case, even one that got past ZoneAlarm.

It's worth noting, though, that leak test control is only necessary when firewall program control relies either on simple rules or on user queries. Norton and Kaspersky ignore leak tests because analysis shows they're not actually malicious.

Like ZoneAlarm, Comodo Firewall didn't actively detect or block any of the thirty-odd exploits generated by the Core IMPACT penetration tool. Norton and Kaspersky block exploit attacks at the network level. When last tested, Norton blocked all of them and identified almost all by name.

Unfortunately, this firewall isn't quite as well-hardened against attack as ZoneAlarm. I couldn't kill it using Task Manager, and I couldn't stop its essential Windows service. However, setting the service's startup type to disabled and forcing a reboot disabled the firewall. It visibly launched, but its protection never started.

The basic firewall settings are fairly general, and accessible to non-expert users. Even so, most users shouldn't change the defaults. Clicking Network Security Policy brings up a dialog with a vastly more complex set of options. If you can look at a line like "Allow ICMP In from MAC Any To MAC Any Where ICMP Message Is TIME EXCEEDED" without fainting, then you may be qualified to review and adjust these settings.

Source: http://feedproxy.google.com/~r/ziffdavis/pcmag/~3/vkfLlBFruQc/0,2817,2399024,00.asp

fox news forgetting sarah marshall meteor shower tonight annie oakley edc paranormal activity 4 lovelace

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.