CPF or the Comodo Personal Firewall

[toodeloo]

I downloaded the CPF to know better what I'm talking about.
I didn't test the CPF fully because some basics are so bad that I don't want
to risk any computer to this/these hole(s).
I will recommend ( and install ) an other firewall.
Yes, even if the CPF is only used for privat purpose.

Downloaded CPF version : 1.1.005
- it is still difficult to find the CPF for downloading.
- still no CPF or firewall info at the Comodo site ( www.comodo.com )
Melih, don't be afraid. CPF is so hard to find that there would never be a
download hype I'm afraid.

There are two programs launched ( CPF and Launchpad ) and there is no CPF
tray icon .
- that should be an option in the config settings if you want tray icons or
not.
- how to kill/stop Launchpad by clicking your right mouse button?
Maybe it's possible, but in that case it could be much easier.

CPF options.
- maybe CPF has the option, but I miss the option to block all until the PC
has been fully startuped.
- there is NO password security. Every idiot can disable or exit
CPF/Launchpad.
( without this option I would never recommend CPF as a serious firewall ).
- viewing applications.
I see a lot but no simple application list.
- setting security to high seems to mean : block all.
Name it 'block all' and not high security. Very misleading.
- setting security to low seems to mean : allow everything.
Again, very misleading. Call it : allow all.
- because of the missing CPF tray icon you couldn't see your security level
if you move with your mouse on the CPF tray icon.
- incoming connection alert screen.
Not possible to move this screen to another position.
Very annoying.

It would be nice to have a <- buttom for going back to your previous
screen.

I got an 'outgoing connection alert' from CLPConfig.exe.
That's the Comodo Launchpad Updater checking for updates.
I prefer a config option to disable that "checking for updates".
I know how to kill it; I killed it and nothing happened. CPF is still
running ( you need another program to watch the running processes, but a
tester should know how to do that ;-) ). Again, there is no CPF tray icon so
you couldn't see or know that your PC is most likely still protected by a
firewall.
Why must Launchpad be a running program? I couldn't find Launchpad by my
startup programs, so it costs more time and other programs than to remove a
startup-program from the default starting up programs.
You know: the less programs are running, the more stable your system could
and should be.

Two positive conclusion :
- CPF seems CPU friendly
- the OS check seems to work.
I need to test it with more software to see if there are no items
installed or left, but the first impresssion is okee,
no garbage left.

 

[Craig]

I downloaded the CPF to know better what I'm talking about.

- there is NO password security. Every idiot can disable or exit
CPF/Launchpad.

About the above, I've only tried Zone Alarm...it doesn't have password
security. What personal firewall currently does? Is it that critical
for NT-based OS's (which can require login)?

Thanks for the write-up Toodeloo, very informative.

Craig

 

[David]

I downloaded the CPF to know better what I'm talking about.
I didn't test the CPF fully because some basics are so bad that I don't want
to risk any computer to this/these hole(s).
I will recommend ( and install ) another firewall.
Yes, even if the CPF is only used for private purpose.

Downloaded CPF version : 1.1.005
- it is still difficult to find the CPF for downloading.
- still no CPF or firewall info at the Comodo site ( www.comodo.com )
Melih, don't be afraid. CPF is so hard to find that there would never be a
download hype I'm afraid.

Still no information as to the OS required to run the program.

Melih, I would fire your site designer as I agree with toodeloo that
finding anything is a nightmare.
--
David
Remove "farook" to reply
At the bottom of the application where it says
"sign here". I put "Sagittarius"
E-mail: justdas at iinet dot net dot au

 

[Gert van der Kooij]

Still no information as to the OS required to run the program.

Melih, I would fire your site designer as I agree with toodeloo that
finding anything is a nightmare.

I don't know where you and toodeloo are talking about. You go to that
site to find a free product, so what's the logical selection to
choose on the home page?
You're right, you go to the free product page. The third product
mentioned is the Comode firewall. You can download it and/or read
more information. If you click on 'More Info' and go to the bottom of
the page you can read that only Windows 2000 and Windows XP/SP2 are
supported.
I'm not familiar with the product but their website shouldn't be the
problem.

 

[Comodo]

Toodeloo

Honestly, Thanks for taking the time to evaluate it. I really
appreciate it.

All of your feedback will be considered in an effort to make CPF a
better product (not promising that everything you say will be
implemented , but they will fully be considered in the design
stage)

I would love to understand what you mean by "some basics are so bad".
Can you please expand on this.

I can't understand why you couldn't find the firewall info. just go to
www.comodo.com look at the menu.. click on Free Products and voila! its
there..But maybe we should make it more prominent on the home page
(because we have many products its difficult to put one and not the
other etc. we are not a single product company but I will see what we
can do).

can you pls expand on what you mean with the following statement: " It
would be nice to have a <- buttom for going back to your previous
screen.". Which screen are you referring to?

Comodo Launchpad: Let me explain what we are trying to do: A user
should not have to worry about, firewall, av, anti-spyware, anti-spam
etc etc. We are trying to bring all that under one Product called
Comodo Launchpad. So that you can interact with all "security" related
products from one interface. That is why we have chosen not to put CPF
icon on the sys tray.

Thanks for the feedback, pls let us know as you have more feedback.

Melih
CEO/President
Comodo

 

[Craig]

...you go to the free product page. The third product
mentioned is the Comode firewall. You can download it and/or read
more information. If you click on 'More Info' and go to the bottom of
the page you can read that only Windows 2000 and Windows XP/SP2 are
supported.
I'm not familiar with the product but their website shouldn't be the
problem.

Agreed. Two clicks off the home page. Whether going to
comodogroup.com, comodo.net or personalfirewall.trustix.com...they all
led to the same home page with the same, fairly easy to navigate, menu
system.

-Craig

 

[s|b]

I'm not familiar with the product but their website shouldn't be the
problem.

I was sort of surprised too. Didn't take me long to find it. One thing
surprised me though:

<http://www.comodogroup.com/products/free_products.html>

"Comodo Personal Firewall FREE for 365 days"

 

[toodeloo]

toodeloo had to finish the previous message

I still have problems finding that firewall info but that must be my problem
I think. I hope to try it tomorrow on a complete other configured computer.
Maybe some security settings are preventing to display the whole page.

This morning I was going to remove the CPF but found some very unwanted
things.
Where are the logfiles? I wanted to find out why my browser started up
unasked yesterday.
Well, a CPF component hijacked ( so do I call this ) my browser ( with the
help from today's info! ).
CpfLicChk.exe was the parent of my browser and when I started my browser I
got a warning that the parent was changed.
Huh, why should my browser and port 443 be a child from this application?
I got an alert screen that the parent from my browser was changed and if I
do allow that.
I was still wondering what to do but after maybe 20 seconds that screen
diasappears. Did I allow it? Did I deny it?
I don't know.

I prefer working without the CPF firewall then with this sneaky product.
I don't trust the CPF at all.

 

[toodeloo]

Hi Graig,

About the above, I've only tried Zone Alarm...it doesn't have password
security. What personal firewall currently does? Is it that critical
for NT-based OS's (which can require login)?

currently? Oops.
Sygate ( free and pro ) have, but Sygate isn't any more.
But SPF don't need keys or licence renewal or ...... .
Even if there is no support and the company isn't anymore the product does
it job.
I don't know why people stopped using there firewall because somebody else
buyed the company.
You can still find the latest Sygate Personal Firewall version on the
internet.
I don't know if there are more free firewalls.

Is it critical? No, but it must be a possibility if you want to.
You could have a bios password, login security, netnanny's, etc.
There has been virusses/trojans/give-it-a-name programs wich could
disable/exit firewalls/AV software ( don't know if that was true, but what
if it is true. )
If you are the only user of your PC I don't think it's neccesary to work
with a password, but if you aren't?
Some sites are asking to exit your firewall for whatever reason.
A/my firewall must have that protection possibility.
If you pretent to make the best firewall this must be an option.

 

[Comodo]

s|b

Comodo personal firewall is free, it requires registration after 365
days. However, we are trying to figure out the best way to remove this
so that it will not have this re-registration restriction. I can
categorically state that its a free product even after 1 year. But we
will fix that and let you know soon.

thanks
Melih

 

[toodeloo]

Melih,

let me thank you for your answers.

I would love to understand what you mean by "some basics are so bad".
Can you please expand on this.

sorry, but I refuse; I already gave you some hints in other newsgroup
answers. I'm not willing to become a tester for this product. And no, I
didn't already test something. I only installed the CPF and had a first
impresssion.
If you test software it is good to know which version you are testing. If
you are a beta-tester it is a must. If you look in a CPF logfile you see
something like used version is version 1.0 and not version 1.1.005 ( I don't
know exactly which file, but your software people should ). No accurate
information.
It is also very well possible that what I call a bad design that you call it
a great feature. But I'm a afraid that's not the case.
If CpfLicChk.exe becomes the parent of my default browser I call that
hijacking.
Offcourse you have a good explanation for this behaviour. But getting a
warning that the parent is changed when I doubleclick my browser icon
doesn't make me feel good. What should your XP zombie user do?
After a cold restart there are not the same programs active as when you
start your computer the first time.
No licence check ( I didn't see CpfLicChk.exe become and/or stay active )
and I missed more programs. But because I'm not testing it I didn't know
which programs ( I didn't start my monitor software ). What I missed was the
non-asked start from my browser.

I can't understand why you couldn't find the firewall info. just go to
www.comodo.com look at the menu

I also don't understand it.
I will try it tomorow on a complete other build-up computer ( linux based ).

can you pls expand on what you mean with the following statement: " It
would be nice to have a <- buttom for going back to your previous
screen.". Which screen are you referring to?

the follow-up screens I think.
I already removed the CPF from my PC.
Going back to the central CPF screen or was it the Lauchpad screen? What
matters? Every browser has that function, even explorer, to go back to your
previous viewed screen.

Comodo Launchpad: Let me explain what we are trying to do: A user
should not have to worry about, firewall, av, anti-spyware, anti-spam
etc etc. We are trying to bring all that under one Product called
Comodo Launchpad. So that you can interact with all "security" related
products from one interface. That is why we have chosen not to put CPF
icon on the sys tray.

I don't agree. A user should be worried about his AV, etc. software.
And you are arrogant if you say that your product should become the shell
for all security related products.
Agggghhhhhhh a real terrible idea.
When I looked into the application screen I saw some info about the firefox
application but the info for my AV software was empty. There are a handfull
AV application, so how difficult is it to show some info.

Thanks for the feedback, pls let us know as you have more feedback.

I have tons of feedback but this is not my type of firewall.
Taken over my security thinkings about how to prevent a PC? Oh no.
As I already said : I need a firewall, no total security solution.
If you say 'it works as designed' or better 'it isn't a bug but a feature'
what should I do?
I'm happy with my firewall and the CPF is miles behind it.
We think maybe very different about how and what a firewall should do and
not do.

 

[Comodo]

Toodeloo

I think you are getting confused with the comprehensive information
that CPF provides with its advanced features.

CPF is the only Firewall that provides full information about the Child
and Parent processes for any application making a connection.
After all, you need to know who the caller of IE is when IE is trying
to make connection to Internet (if it has any). It could be a spyware
making connection by piggy backing on IE's connection and other
firewalls would simply tell you that its IE trying to connect, but in
reality it could be a spyware trying to connect using IE! Also, CPF
knows when a Parent Process has changed. What that means is, if spyware
has hijacked a current process you would be alerted to it. Of course
not every parent change is a spyware. It also shows parentless
processes. All these features are fairly advanced features that should
be used by advanced users only as it could be confusing, not knowing
what these are. That is why in our CPF we are putting all these
features under the Advanced section and trying to keep it simple. This
advanced feature simply tells you (shows you very clearly) what
applications are connecting to internet and how!

You said: "CpfLicChk.exe was the parent of my browser and when I
started my browser I got a warning that the parent was changed" This
is simply because cpflicchk.exe uses IE to make a connection to
internet. Thanks to this new feature you know how each application
connect to internet. And There will be other applications that use IE
to connect to internet and IE will be their child process (eg those
applications will be a parent process to IE). Its very important to
know who is using who (in terms of processes) to make connection to
internet.

http://www.codeproject.com/threads/processes.asp (an explanation of
Parent/Child process)
http://msdn.microsoft.com/library/d..._process_with_redirected_input_and_output.asp
(not exactly the right stuff I was looking for, but a good start)

http://forum.avast.com/index.php?topic=17020.0 (they liked this new
feature of giving full visibility about parent/child processes, here is
what one of the users said: "It certainly looks colourful and I like
the identification of the parent application in the Outbound Connection
alert" Also you can see the tests that users of this group has run,
like tooleaky etc. Come to think of it, if you run tooleaky you will
see that CPF will show it as the parent process for iexplore.exe also.

http://forum.avast.com/index.php?topic=17001.30 and some more
discussions..


Toodeloo, I am assuming you have not seen this "feature" in other
firewalls before, is that correct? CPF gives you more visibility about
whats happening in your machine. It's a powerful advanced feature
that, as you rightly suggested, could confuse people thinking "hey
whats all this, whats happening on my machine"! It's a feature that
your average firewall don't have. I think we are the only ones that
provide "Parent Based Rules" in our firewall. This is why we will
put this ability into the advanced section in our next version of CPF
(CPF2).

The Usability issue you mention about the alert screen disappearing is
something we have taken care of and new CPF2 has this resolved.

Thanks for the feedback Toodeloo. (pls keep it coming)

Melih

 

[Comodo]

Toodeloo

I am sorry that you feel so strongly. I really appreciated your
feedback.
You publicly called our firewall "some basics are so bad". I thought it
would only be "fair" for you to explain what that meant so that
everyone and us could know what aspects that related to. So I am at a
loss as to why you refuse? You were eager to tell everyone publicly
that "some basics are so bad". But not prepared to explain why. Yet you
carry on and explain other things! I am puzzled!

Toodeloo, I think you need to know how Processes work first! Otherwise
you would not make the following statement "If CpfLicChk.exe becomes
the parent of my default browser I call that hijacking." I posted
few links for you to read about what a Process/child process is in my
previous posting with examples of how other people (who understand the
Processes and appreciate this advanced feature).

I take your point about back button on board and will discuss this in
our design meeting.

Toodeloo, the wording I have used might not be very clear, let me
re-phrase it: There is no point in having many sys tray icons for all
sort of security related applications, also in my opinion, all security
products should "work" together. At the moment they are all
discrete and don't communicate with each other. I am trying to change
this. Of course people should care about their AV etc. that was not the
point. The point was the "discrete" nature of the security products
today and their inefficiencies. Also that statement did NOT relate to
3rd party security products but just to Comodo Security Products. We
are not interested becoming the total security solution for other
company's products, just for Comodo products.

Also, I would love to hear from you, please, identifying the main
features of your firewall that CPF lacks. (again pls don't forget, I
sincerely appreciate your feedback).

Toodeloo, I appreciate your feedback, its not about making you use our
product or make you accept my way of thinking, far from it, I was
merely appreciating the feedback. Please don't get defensive (I
really appreciate your feedback), I was enjoying our communication and
hoping that all the good feedback you give will benefit others.

Thanks
Melih

 

[Richard Steinfeld]

Hi Graig,




currently? Oops.
Sygate ( free and pro ) have, but Sygate isn't any more.
But SPF don't need keys or licence renewal or ...... .
Even if there is no support and the company isn't anymore the product does
it job.

I've been using Sygate in both the free version and a version that used
to be bundled with the commercial program System Suite for at least four
years. I've never seen any password facility in this program, although
it would be logical that the commercial versions would incorporate it as
an option.

I don't know why people stopped using there firewall because somebody else
buyed the company.
You can still find the latest Sygate Personal Firewall version on the
internet.
I don't know if there are more free firewalls.

My experience with Sygate has been very good. The reporting and menu
functions are somewhat klutzy, but the protection seems solid. I just
installed it on two more computers. The registration web page is still
active, so users can kill the opening nag screen just by essentially
entering an email address on the company database (which has never
launched any communications at me).

Some sites are asking to exit your firewall for whatever reason.
A/my firewall must have that protection possibility.
If you pretent to make the best firewall this must be an option.

There are some mighty stupid web designers out there; I have also come
across a few sites that tell users to turn off their firewalls (require
permanent cookies, require script execution as a condition of entry,
come up in Flash, etc). Since these are usually commercial sites, these
are examples of people who would rather play games with customers than
collect money from them. If such a programmer worked for me, I'd fire
the bastard (end rant). My largest regional public TV station uses
RedSherrif spyware to gather stats from all site users, requiring users
to play along. I suggest letting these outfits know why they aren't
getting your business or donations (that is, if you care -- end rant #2).

I think that toodeloo's post is a little harsh on Comodo, but on the
other hand, I really appreciate that he did it -- he's made a few
excellent points, and I hope that the company is listening.

Richard

 

[Richard Steinfeld]

Toodeloo

I think you are getting confused with the comprehensive information
that CPF provides with its advanced features.

CPF is the only Firewall that provides full information about the Child
and Parent processes for any application making a connection.
After all, you need to know who the caller of IE is when IE is trying
to make connection to Internet (if it has any). It could be a spyware
making connection by piggy backing on IE's connection and other
firewalls would simply tell you that its IE trying to connect, but in
reality it could be a spyware trying to connect using IE! Also, CPF
knows when a Parent Process has changed. What that means is, if spyware
has hijacked a current process you would be alerted to it. Of course
not every parent change is a spyware. It also shows parentless
processes. All these features are fairly advanced features that should
be used by advanced users only as it could be confusing, not knowing
what these are. That is why in our CPF we are putting all these
features under the Advanced section and trying to keep it simple. This
advanced feature simply tells you (shows you very clearly) what
applications are connecting to internet and how!

Hi, Melih.

I've been enjoying this dialog. I've worked in software and enterprise
development, mostly as a writer. In that role, I'm usually the only
person on a project who is in the shoes of the end user; in other words,
writing doc and simultaneously providing usability testing and
articulate feedback. At least, that's the way that I do it: I'm the user
advocate in the shop. It's very different from the way that software
testers work, and a different perspective. In the development
environment, I'm patient and diplomatic (mostly).

Within this forum, people can sometimes become testy and emotional about
products -- and strong reactions can come with the territory. It's
understandable: I've been there myself, too.

The realm of "freeware" includes some people who are looking for free
solutions -- they come into the forum, then disappear. It also includes
people who are interested in exploring new functionality and new ways of
working (and more). The realm of freeware offers the ability to explore,
to try out ideas and products that would otherwise be totally
prohibitive: one simply cannot afford to buy every commercial product in
order to try it out; my own experience has often been that I sometimes
have to live with a package for six months in order to decide whether I
want to buy it or not. I think that I can safely say that this newsgroup
includes many people who are, in varying degrees, software hobbyists and
explorers.

One tries a product with some curiosity, sometimes hope. And then,
strange things can happen -- in the worst case, one's platform is
damaged so badly that it requires a total hard disk wipe and
reinstallation of everything: five days of solid work. As you
undoubtedly know, some programmers write irresponsible code -- I'm sure
that you have had to clean up the wreckage yourself. So, human feelings
can come into play at these times.

And then, sometimes, all the effort has been worth it -- one comes up
with a jewel, such as Irfanview, or the still slightly-rough Spybot
Search and Destroy. It's a pleasure to see some of these packages
develop and become increasingly refined. I sometimes think of
superbly-designed software being as well-crafted as an artist-grade
musical instrument (I'm a musician). I have worked with two writing
programs that have facilitated writing in this way, so I know how good
it can get. Within this forum, you'll experience a range of perspectives
and experiences.

In reflecting on what you've written about your design objectives for
the firewall, I'll make two suggestions here: I'd like to see the
control menus designed so that aspects of the program can be engaged in
the manner of peeling an onion -- making the program usable
out-of-the-box with good defaults, but also allowing for customization
by advanced users. Clear documentation, as well as clear function names,
will be important so that the virtues of the package can be easily
understood and implemented by the end user.

Richard

 

[Comodo]

Richard

Thanks for the reply. I really appreciate the time you have put into
your answer.

Usability is one of the most important aspects of any product. We have
a new and improved version with better usability and GUI for CPF2 which
will be due out in few weeks. Just like a musical instrument, we need
to refine CPF and we need help from all the "musicians" out there!
Afterall, we are building this product for them! So this is a great
opportunity to help contribute to the tuning so that they can have a
better instrument for themselves. Its not hard to look at other
firewalls and build something similar, but what we want is to build
something for the users, by listenting to their needs, wants, wishes!

Again, thanks for the very useful feedback Richard.

Melih

 

[toodeloo]

Hi Richard,

I could download the CPF without any problems and it was a 30 day trial.
You could ;-) look the CPF yourself.

I've been using Sygate in both the free version and a version that used
to be bundled with the commercial program System Suite for at least four
years. I've never seen any password facility in this program, although
it would be logical that the commercial versions would incorporate it as
an option.

options - general - password protection ( down under ).
I used version spf2808 and I have seen it also in version
spf-pro-3311-debug.
But spf-3408-debug and spf-pro-3311-debug have this feature.
If you want I can give you links to these versions or ask someone to
upload it to alt.binaries.freeware.
Spf is freeware; spfpro isn't so you need already a valid spf-pro key.

 

[toodeloo]

supplement

http://207.33.111.31/pspf/Debug_Build/pspfb3311_Debug.exe

http://ftp.sygate.com/spf/Debug_Build/spf3408_Debug.exe


even if they are debug versions, they are rockstable.

 

[bambam]

About the above, I've only tried Zone Alarm...it doesn't have password
security. What personal firewall currently does?

Kerio 2.1.5 has password protection.

 

[Richard Steinfeld]

supplement

http://207.33.111.31/pspf/Debug_Build/pspfb3311_Debug.exe

http://ftp.sygate.com/spf/Debug_Build/spf3408_Debug.exe


even if they are debug versions, they are rockstable.

Please explain what these link to, since they go directly to download
URLs. Is this Sygate Personal Firewall, free version 3408? Hmmm. I'm
using v5.6 build 2808; I thought that 2808 was the final free version.

Would you please enlighten me?

My only complaints about the version that I'm using now is that there's
a limit of 20 custom rules, the report windows are extremely klutzy in
use, and there's only one "whois" route available (there used to be at
least five).

Thanks.

Richard