Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Debating Chamber > Security

Reply
 
Thread Tools Display Modes
Old 30. Nov 2009, 10:14 PM   #1 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,141
Default Comodo Firewall (V3) Mini Tutorial

Setting up a firewall correctly is not just a matter of common sense, it's also highly personal. What I might like mine set to for instance may well not suit someone else's preferences. One thing for certain though is that you will need to do at least some additional configuration in order to gain the maximum benefit from your chosen program.

I've decided to concentrate on Comodo here because it currently tops the Matousec ratings (strong HIPS) and since the last two versions gives none of the problems often associated with this software in the past. I'm still seeing odd issues reported with the AV component install but I much prefer to use Avira anyway, so this doesn't become a consideration.

The following suggests and assumes that during the original installation maximum “Proactive Security” was chosen, and that the AV component was not installed.

FIREWALL

Right click the tray icon and select Display Balloon Messages. This will enable even novice users who wish to learn about their system to see how the various components interact with each other and how CIS deals with them. If you don't like seeing the messages after a while then you can switch them off again later but it's impossible to obtain an optimum level of security without at least some notifications appearing from your chosen program. I know that some vendors would have you believe otherwise because they know a lot of people prefer not to see them, but this isn't encouraging users to be as safe as they might otherwise be.

When following the suggested options below always remember to check either Apply or OK to set your choices at the end of each operation.

Right click the tray icon and select Open - Firewall - Common Tasks - Stealth Ports Wizard. Open and select the last box Block all incoming connections – stealth my ports to everyone. Users of P2P may wish to adopt a different policy but this is best done by following one of the dedicated guides for your preferred torrent client. There are rules for all of these available in many places including the Comodo forum.

Next, select My Network Zones - Add then New Network Zone. Name it (My DNS Servers). You can then add your DNS server addresses to the zone create by clicking in the space provided and add - A New Address for each one. I call mine Comodo DNS Servers and use their addresses accordingly - 156.154.70.22 and 156.154.71.22. If you are still using you ISP's DNS addresses, then now might be a good time to consider switching to something safer!

Next, select Firewall - Advanced - Network Security Policy (Application Rules). Click on the entry for System then Edit - Use a Predefined Policy and select Blocked Application.** see footnote.

Next enter the section Predefined Firewall Policies. Select each rule in turn and click Edit. Any containing a rule for outgoing DNS requests should be edited to change the Destination Address from Any to Zone followed by the one you just created earlier from the drop down menu.

Next select Attack Detection Settings - Intrusion Detection. Tick the two boxes for Protect The ARP Cache and Block Gratuitous ARP Frames.

Next select the Miscellaneous tab and tick the Do protocol analysis option.

Next select Firewall Behavior Settings (General Settings) and set the slider to Safe Mode.
Next select the Alert Settings tab and set to Medium.

DEFENSE PLUS

Click Defense+ from the main menu and then Advanced - Defense + Settings (General Settings tab) and set the slider to Safe Mode. Then underneath, un-tick the box Trust the applications digitally signed by Trusted Vendors.

Finally, tick the box Block all the unknown requests if the application is closed.

I'm not making any attempt here to guide users on how to answer the main pop-up windows generated by Comodo. If you take you time reading them first then they are not too difficult to work out, and won't keep re-appearing so long as you remember to check the “remember my decision” option. If pop-ups or the need to answer them bother you then ignore third party firewalls altogether and just stick with Windows own.

The above is just a flavour of what is possible with the Comodo configurations but it will help to strengthen the default settings applied at install.

**My thanks to J.L. for pointing out that users on a LAN may need to keep this option at it's default setting to enable their PC and shared folders to be visible on the network.
__________________
Buy a Hoover and prove technology sucks.

Last edited by MidnightCowboy; 05. Dec 2009 at 10:45 AM. Reason: Added network footnote
MidnightCowboy is online now   Reply With Quote
Old 01. Dec 2009, 02:32 AM   #2 (permalink)
Member
 
Join Date: Jan 2009
Posts: 12
Default

Thanks for that. I'm not hugely technical but Comodo Firewall has been good for me. It seems that the more you interact with it (following the kind of guidance you provide), the less warnings you have to bother with.
One problem I'm not sure there's been a conclusive resolution to is the thing where it goes doolally (told you I wasn't that techie ;-) & takes up 98% of RAM till you press the On button in for 5 seconds & then start again.
The second prob is trying to update Comodo manually & getting an error message (off the top of my head it's Error 106 or 108).
Oh, their online support is pretty defensive too. They seem to deny or obfuscate problems when they could be learning from user input to improve things.
Having said all that, Comodo Firewall 8/10. It's staying on my pc...
shruggy63 is offline   Reply With Quote
Old 01. Dec 2009, 05:27 AM   #3 (permalink)
Senior Member
 
Join Date: Dec 2008
Location: Space
Posts: 366
Default

--Shruggy

I also had bad luck with Comodo's updater. It just broke my connection every time and had to start back from scratch, never actually getting anywhere; I had to download the full setup of the current version.

--MC

Excellent mini guide; I'll have to try it out later. I also remember experimenting with its isolation feature in the past but opted for GeSWall instead.

I don't think I understood the whole DNS policy change. Is it plugging a potential hole? Could something avoid the Comodo DNS servers if setup through the windows networking settings?
Rizar is offline   Reply With Quote
Old 01. Dec 2009, 10:25 AM   #4 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,141
Default

Replying to both the above posts, Comodo is indeed still a funny bird for some systems although I'm convinced that much of this is to do with what else might be (or have been) on there prior to CIS's arrival. I've never had a problem with updates for instance but my broadband modem still throws the odd wobbly sometimes requiring me to connect twice before it's recognised. I think the key to updates is not to attempt a manual check. If an update is available it will filter through automatically and this is how I've always handled mine.

The DNS edit just means that your firewall will only allow outgoing traffic to the specified DNS servers on port 53. This will prevent the possibility of a trojan application trying to hijack this service. The same rule can be applied to any firewall with the ability to make custom settings and can be adjusted for OpenDNS or another provider of choice. You could strengthen this even further by making a global rule entry allowing this traffic for port 53 with a blanket "any-any" block rule to port 53 immediately underneath. As this would be applied before the application rules it would then cover the whole system.

You are sure right about the forum. I guess that next to Ubuntu, Wilders and the like, the Comodo forum is one of the most active on the net and the fan-boy mod base ensures a truly defensive attitude from the outset. I'm lucky in that if I have a problem I can go straight to Melih. I appreciate that he also answers on the forum too but in general it can be quite a challenge for average users to cut through the smoke. The other related problem with all large forum communities is that it takes so long to search for anything and I'm sure a lot of people must give up.

In general terms, what is possible with Comodo, especially with the D+ settings is nothing short of awesome. That said, this degree of control requires 100% system ownership so nothing else likely to be looking at the same files for similar reasons should be installed.
__________________
Buy a Hoover and prove technology sucks.

Last edited by MidnightCowboy; 01. Dec 2009 at 10:30 AM.
MidnightCowboy is online now   Reply With Quote
Old 01. Dec 2009, 11:31 PM   #5 (permalink)
J_L
Co-Author, Best Free Security List
 
J_L's Avatar
 
Join Date: Dec 2008
Posts: 2,003
Default

Thanks for the guide, I'm a newbie at networking so it helped.
What I don't get is why you need to block the System process from accessing the internet, and why does it need acess in the first place?
J_L is offline   Reply With Quote
Old 02. Dec 2009, 12:19 AM   #6 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,141
Default

Quote:
Originally Posted by J.L. View Post
Thanks for the guide, I'm a newbie at networking so it helped.
What I don't get is why you need to block the System process from accessing the internet, and why does it need acess in the first place?
Good question. It's mostly Microsoft connections we can all do without. The best way to decide if you need or want this traffic is to allow the default Comodo setting for "System" at install which will appear automatically in your Application Rules. Then, monitor your firewall logs for a while and then set "System" to block and monitor again. You'll be surprised how many more blocked entries appear. I've used this setup for ever and so far nothing on my system has stopped working so to my mind these connections are not necessary for the normal function of it and every one is one less potential exploited service to worry about
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is online now   Reply With Quote
Old 05. Dec 2009, 05:36 AM   #7 (permalink)
J_L
Co-Author, Best Free Security List
 
J_L's Avatar
 
Join Date: Dec 2008
Posts: 2,003
Default

I've found out that the System process requires internet access for my computer (and its shared folders) to be visible on my network. Therefore it is necessary for me.
J_L is offline   Reply With Quote
Old 05. Dec 2009, 10:40 AM   #8 (permalink)
Site Manager
 
MidnightCowboy's Avatar
 
Join Date: Aug 2008
Location: South American Banana Republic, third bunch from the left
Posts: 15,141
Default

This sounds logical for LAN users which is why as a non networked single user I can get away with blocking it. There's probably no risk to allowing these connections through CIS anyway, just my partial paranoia thinking that if I don't need 'em then shut 'em down
__________________
Buy a Hoover and prove technology sucks.
MidnightCowboy is online now   Reply With Quote
Old 08. Dec 2009, 02:33 PM   #9 (permalink)
Member
 
Join Date: Apr 2008
Posts: 7
Default

Many thanks for your efforts here: I've been using Comodo for some years (thanks to Gizmo's recommendation), and everything you have written was new to me.

With regards to the update problem, it may not be relevant but Comodo used to use Internet Explorer settings for web access. Following another of Gizmo's tips, to disable IE rather than try to remove it, I set the IE proxy server to 0.0.0.0 and found Comodo couldn't update.

Perhaps there is still some kind of dependency?

Thanks again and best regards.
luckyjim1968 is offline   Reply With Quote
Old 09. Dec 2009, 12:20 AM   #10 (permalink)
J_L
Co-Author, Best Free Security List
 
J_L's Avatar
 
Join Date: Dec 2008
Posts: 2,003
Default

I believe quite a lot of programs depend on Internet Explorer Settings, even other browsers.
J_L is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 05:11 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.