Comodo’s CEO Attacks Scot’s Newsletter Product Decision
Comodo’s president and CEO, Melih Abdulhayoglu, used his forum today as a podium to blast this Scot’s Newsletter Jan. 20th blog post. In that post, I notified readers here of my decision to stop considering one of the two modes that his company’s software firewall product, Comodo 3, offers during installation.
In the Jan. 20th post, I explained that because Comodo 3’s “Basic Firewall” installation option does not offer leak protection, and because my first impressions of Basic Firewall’s user-interface were favorable, I needed to make a statement to my readers that:
a) Comodo 3 Basic Firewall installation mode is no longer under consideration in my review (see my firewall review criteria).
b) My recommendation would be to use Comodo 3 Advanced or some other software firewall (such as Online Armor, the only other software firewall I’ve had a favorable reaction to).
At the urgent request of Comodo’s marketing department, I even made some tweaks early today to the Jan. 20th post to make doubly sure that people would understand I was talking about one mode of Comodo 3, not the entire product.
Abdulhayoglu took me to task for everything from my terminology to my advice to SNB readers to my understanding of what his company has communicated to me over the last week. Nothing he writes in his diatribe changes my mind one iota about my recommendation to my readers. Do not use Comodo 3 Basic Firewall. It does not provide leak protection. The Advanced installation mode does offer leak protection, which helps protect you from threats that might, for example, cause your personal data to be accessed.
Now, as to the facts. Abdulhayoglu claims that I misunderstood information that Comodo imparted to me. Well here is that information, which was written by Comodo senior research scientist Egemen Tas and relayed to me in a lead-up email prior to our meeting last Thursday by Comodo vice president of marketing Judy Shapiro:
CFP 3 BASIC vs CFP 2.4
CFP 3 BASIC New Features
1 – CFP 3 consumes 2/3 of the memory of 2.4(7 MB vs 22 MB), consumes less CPU time
2 – CFP 3 has many user interface enhancements over 2.4
3 – CFP 3 introduces Predefined Rule Sets(e.g. Email Clients/Web Browsers etc)
4 – CFP 3 does not require the users to create manual firewall rules. For example, to make CFP 2.4 work with P2P applications (to get a high ID), the users had to create network security rules. CFP 3 shows popup alerts for incoming connections (CFP 2.4 did not have this functionality)
5 – CFP 3 has the defense against Layer 2 attacks (ARP spoofing)
6 – CFP 3 rules interface is much more flexible and powerful
7 – CFP 3 has a unique feature called “application grouping” i.e. File Groups. For example in CFP 3, more than one applications can be grouped together and treated as 1 application. For example: “Windows System Applications” etc. And CFP 3 supports wildcard characters and environment variables (e.g. %windir%, *, ?)
8 – CFP 3 automatically detects the new networks and can create a trusted zones on the fly
9 – CFP 3 has a Training mode for GAMERS and GAMING friendly
10 – CFP 3 BASIC can detect 70%(According to our local analysis) of unknown viruses with a unique static heuristic analysis algorithm. This is not related to Defense+ or any behavior analysis. When an application tries to connect the internet, CFP FIREWALL alert can show a clear virus warning.
11 – CFP 3 supports Vista and x64 processors
12 – CFP 3 current does not have an Anti-Leak mode similar to CFP 2.4. If Defense+ is disabled, unless it is detected as a virus, leaking is possible.(3.1 or 3.2 will have an anti leak mode)
13 – CFP 3 has a blocked IP addresses/hosts list e.g. spyware sites etc(My Blocked Network Zones)
14 – CFP 3 has 1-Click stop all activities feature.
CFP 2.4 does not have a hips i.e. does not prevent the harm however it can detect known leak techniques and show an alert if there is an internet connection attempt.
There are some user transparent features in CFP 3:
1 – A new enterprise strength stateful inspection engine,
2 – It can be managed remotely
3 – It performs stateful layer 2 inspection
4 – It detects routers, switches and optimizes MTU in slow networks
I asked Shapiro for a clarification on point #12 above. Here is her response from Monday of last week:
As far your question around whether 3.0 “Basic” is less “protective” . Not sure how to answer that. 3.0 is meant o run with Defense + running but it would be accurate to say that Defense + module is needed to protect against “leaks”
Abdulhayoglu, in his forum post, never directly comes out and admits that Comodo 3 Basic Firewall doesn’t have anti-leak protection. That’s part of the problem! My readers weren’t aware that this was the case because I wasn’t aware until SNB commenters drew my attention to it. I then asked Comodo for verification of that fact — and got it.
At this writing, I am unable to find a document on the Comodo Web site that provides a features/functionality comparison of Comodo 2.4, Comodo 3.0 Basic Firewall, and Comodo 3.0 Advanced. Without that information, Comodo’s users are left to guess.
My concern was that my readers might guess that they had protection with Comodo 3 Basic Firewall that they do not, in fact, have. So I moved to make that point clear. I just wish I had made the point sooner.
My only responsibilities are to the interests of my readers and to being as accurate as I can be. I believe I’ve met both goals.
Added on January 23, a picture of the Comodo 3 installation screen that offers the choice between the Advanced Firewall and the Basic Firewall: