Do Not Rely on Comodo 3’s ‘Basic Firewall’

For an important update to this blog post, please see this more recent post.

Note: This story has been updated for clarity on 1/22/2008 and 2/2/2008. Nothing has changed about my recommendation.

Because I have written in the recent past with an initially positive reaction to Comodo 3’s “Basic Firewall” installation option, I am honor-bound to post this quick message.

I have learned directly from Comodo executives that the Basic Firewall installation option of Comodo 3 offers only marginal outbound leak protection, not up to the levels of Comodo 2.4 or 3.0. The company may add that protection in a future version of Comodo 3.x. The Basic Firewall option turns off Comodo 3’s Defense+ HIPS module (which constitutes the “Advanced” default installation mode). Defense+ provides the leak protection for Comodo 3.

The previous generation of Comodo, version 2.4, provided anti-leak protection without the new HIPS module.

Not only does this mean that Comodo 3’s optional Basic Firewall mode is no longer a contender in this blog’s firewall evaluation, but if you’re relying on the Basic Firewall mode of Comodo 3 for your firewall protection, you should stop doing so. Windows XP users should switch to Online Armor Free version 2.1.0.31 (or newer) and Vista users should uninstall Comodo 3 and reinstall it, choosing the “Advanced” installation option.

[Note: Since I wrote that last sentence, Comodo has pointed out that you don’t have to uninstall and reinstall Comodo to switch to the Advanced mode but can instead do so by turning on the Defense+ HIPS module. The steps for making the change aren’t immediately obvious, however, so here’s how to do it: Open the Comodo 3 program window. Click the Defense+ icon near its upper right corner. On the left side of the window, click the Advanced button. Click the the last icon, Defense+ Settings. At the bottom of the next configuration screen, remove the check in the box beside “Deactivate the Defense+ permanently.” Comodo will prompt you to restart your computer. You must do so to enable full protection.]

Comodo 3’s “Advanced” default installation mode remains under consideration in my ongoing software firewall evaluation process.

More details will follow in the near future.

— Scot

10 Responses to “Do Not Rely on Comodo 3’s ‘Basic Firewall’”

  1. tnorm5828 Says:

    Just wondering if you have heard of the firewall/antivirus/antispyware combo called Blink. It is from eEye Digital Security at:

    http://www.eeye.com/html/index.html

    I heard it talked about on Security Now with Leo Laporte and Steve Gibson. I switched to it just recently after a problem with my current setup and so far I’m really liking it.

  2. panic Says:

    Hey Scot,

    Minor correction – no need to uninstall Comodo V3 firewall to activate the HIPS component. It can simply be enabled in the GUI, although you will need to reboot so the low level hooks are made effective.

    Out of curiousity, imagine a user, installing any firewall, voluntarily chooses to disable the HIPS component (or similar low level hooks) and also ignores the warnings detailing the consequences of doing so, are they reduced to the same level as Comodo? 😉

    Cheers :-)

  3. Scot Says:

    tnorm5828:

    I have heard of Blink, but I’m not a big fan of suite products and so far as I can see, its makers don’t offer a standalone firewall.

    — Scot

  4. leland Says:

    You know if you are running Windows 2000, your only option is to stick with Comodo 2.4 or move to Online Armor (OA hereafter). For XP you still have either choice, plus the newer Comodo. There is also nothing stopping XP users from using the older 2.4 version of Comodo, it is a perfectly fine product. Just because a program is newer does not always mean it’s better. Being in a hurry to upgrade is a sure fire way to run into problems like this.

    Leland

  5. Scot Says:

    Leland:

    Scot’s Newsletter Blog and Newsletter readers have been pretty clear on this point. I received literally hundreds of messages detailing far-ranging problems with Comodo 2.4. According to Comodo, the uptake on version 3.0 has been dramatic.

    Like you, I have very few problems with version 2.4, and I liked it. Comodo still offers it for download as you say. But I’ve had zero problems with Comodo 3 personally.

    One man’s experience does not a trend make.

    But one way I would underline your advice: If you had no problems with Comodo 2.4, XP users who experience issues with Comodo 3 should definitely consider returning to Comodo 2.4 until the issues are straightened out.

  6. leland Says:

    Yes, Scot, that was my basic intent. Sometimes people rush to fix a problem that does not exist rather than taking the time to make sure a product is proven before moving to it.

    On another note regarding OA; I have been using and testing OA quite a bit the last 3 months or so and I can say it’s a quality product to consider. But it is a bit more technically orientated and some users might be put off by that. That and it requires some up front work when installing that other firewalls don’t need, but that is part of it’s strength because then it has less questions to ask later. Also, it’s getting much closer to the next release version which will improve things quite a bit.

  7. panic Says:

    Hey Scott,

    Mea culpa. When I posted my reply above, I should have stated that I am a moderator on the Comodo forums, if only for openness. My apologies for omitting that.

    The first part of my post was just to point out that D+ could be enabled or disabled through the GUI and an uninstall-install was not required.

    The second part was a genuine question. While I have a solid knowledge of CFP V3, I only have a surface familiarity with a handful of desktop firewalls other than Comodo, and was actually asking if other firewalls could be deliberately increased in “leakiness” by altering their configuration.

    Cheers :-)

  8. rickogorman Says:

    For the record, I had a serious problem with Comodo 2.4. Something happened, I’ve no idea what, which disabled the firewall’s components. I tried uninstalling and reinstalling several times to no avail. I have AV and scanned for malware but found nothing. That forced me to uninstall and then go to Comodo 3 (didn’t know about OA) and have been happy with it ever since.

  9. Scot Says:

    panic:

    About whether the “leakiness” of firewalls other than Comodo can be increased by the user, I’d have to hazard the guess that, yes, that’s likely. Most firewalls are pretty configurable these days. That definitely opens the door to making a firewall more porous. As I understand it, the term leaks implies ways to spoof the firewall into believing that any sort of inbound or outbound transmission is one thing, when it is in fact something else masquerading as the former. So this is not so much about opening or closing ports but has more more to do with the identification of processes and programs that are allowed to or not allowed to access the network/Internet.

    I can’t make a blanket statement that all firewalls are vulnerable to user input causing leak-based vulnerabilities. But I would think that most have some degree of vulnerability. After all, users can choose to say yes or not to pop-ups in most cases. And other settings pertaining to trust may come into play. There’s pretty much no way to make these decisions 100% automatic.

    It’s an interesting question. I invite others to weigh in with their two cents. I may well have missed some aspects.

  10. Scot Says:

    Because of contentiousness this post caused elsewhere on the Internet, I’ve decided to close this post to further comments. Thanks.