CPF or the Comodo Personal Firewall

[Kerodo]

Please explain what these link to, since they go directly to download
URLs. Is this Sygate Personal Firewall, free version 3408? Hmmm. I'm
using v5.6 build 2808; I thought that 2808 was the final free version.

Would you please enlighten me?

My only complaints about the version that I'm using now is that there's
a limit of 20 custom rules, the report windows are extremely klutzy in
use, and there's only one "whois" route available (there used to be at
least five).

Both of those links above are simply beta versions, not official
releases. They may or may not have bugs/problems. The first link is to
a Sygate Pro beta, actually it's not even the last beta available. The
second link is to a beta of Sygate Free. Your 20 rule limit would still
be there, the same, in the beta of the free version. The Pro version
has no rule limit. I tried several beta's of 5.6 Pro and saw no real
advantage in using them, even over 5.5 Pro. I doubt there is much to
see in the beta of the Free version either. Also, use at your own risk.

 

[Richard Steinfeld]

Both of those links above are simply beta versions, not official
releases. They may or may not have bugs/problems. The first link is to
a Sygate Pro beta, actually it's not even the last beta available. The
second link is to a beta of Sygate Free. Your 20 rule limit would still
be there, the same, in the beta of the free version. The Pro version
has no rule limit. I tried several beta's of 5.6 Pro and saw no real
advantage in using them, even over 5.5 Pro. I doubt there is much to
see in the beta of the Free version either. Also, use at your own risk.

Kerodo, you've got my interest.
I assume that these beta versions were created before the acquisition by
Symantec -- as far as I've seen, Symantec yanked the Sygate presence
altogether like a hot potato, except that they're maintaining support
for a year for existing customers who'd bought the commercial version.

By the way, I did indeed max out the rule limit; it was frustrating
because I needed to create a rule to accomodate my ISP's latency tester
-- which is still shut out.

Which version do you recommend, and do you have the URLs for the
additional betas? Also, I'd like the URL for the source site for these
downloads -- I never feel comfortable when a poster presents the
download window exclusively; you see, I may want to sniff around the
source site myself and see what I can dig up. Context is really
important to me.

I hope that Comodo incorporates some of the un-patented aspects that
have made Sygate a really useful tool for me. In my experience with two
different Sygate versions, I found the program's usability and the
interfaces a lightyear beyond other products I'd used. In these
respects, I feel that Sygate just blows Kerio away.

I prefer Sygate's rules-based design to having to maintain a list of bad
guys, and when I downloaded someone else's bad guy list for Kerio, I
then found that it was blocking sites that I actually wanted -- and then
it became a slog in order to edit the list. Such a list can become a
hodge-podge of multiple pre-existing lists.

Sygate had put quite a lot of horse sense into their user interface,
which I really appreciated. It wasn't perfect and still handled with
some klutziness, but it still succeeded where the others failed for
flesh-and-blood use. As far as Zone Alarm goes: yeah, there are a number
of people who swear by this program. But I've also read a number of
complaints by people about serious issues with ZA -- enough to make me
want to avoid it.

Thanks very much for bringing these options to my/our attention.

Richard

 

[Kerodo]

Kerodo, you've got my interest.
I assume that these beta versions were created before the acquisition by
Symantec -- as far as I've seen, Symantec yanked the Sygate presence
altogether like a hot potato, except that they're maintaining support
for a year for existing customers who'd bought the commercial version.

Yes, all of the beta versions are more or less where Sygate was prior to
the Symantec acquisition. And they are probably the last versions
you'll ever see of good old Sygate.

By the way, I did indeed max out the rule limit; it was frustrating
because I needed to create a rule to accomodate my ISP's latency tester
-- which is still shut out.

If you need more than 20 rules, then the only solution is to use the Pro
version.

Which version do you recommend, and do you have the URLs for the
additional betas? Also, I'd like the URL for the source site for these
downloads -- I never feel comfortable when a poster presents the
download window exclusively; you see, I may want to sniff around the
source site myself and see what I can dig up. Context is really
important to me.

The last versions for both the Free and Pro seem to be .3408. Here is
where I first heard about them back in December '05:

http://wilderssecurity.com/showthread.php?t=110215&highlight=sygate

Unfortunately, all you get is the direct download link. There isn't any
site where you can browse thru beta's. I think they used to get posted
on the old Sygate forum when it was there (I think it's gone now).
That's about it. These above are safe, I have installed them myself
without harm.

I personally chose to stick with the older 5.5.2710 Pro version. It
seemed to use the least ram and cpu resources on my system, and I
preferred to stick with an official release rather than a beta. The
beta's (in their defense) do seem stable enough though. I believe that
the Pro .3311 beta had a couple of bugs, one was if you hide the tray
icon you can't ever get it back. So beware of that one.

If using the Free version, 5.6 was already released officially, so I
think I'd just stick with that one. But if you're so inclined, feel
free to experiment.

 

[Richard Steinfeld]

Hi, Kerodo.

Would you please contact me off the NG. Reply to the above munged
address. Thanks.

Richard

 

[Comodo]

Richard

Could I please ask you to help us identify what aspects of the GUI you
like and how you would see that in Comodo firewall. I would like to
take this feedback from you and feed it to our Usability Engineers
please.
thank you very much Richard.

Melih

 

[Comodo]

Ok, we are about to launch our Comodo Personal Firewall v.2 (its going
to be the only firewall that passes all the leak tests! yes we already
tested it ) This version will have the licenses done so that it
only requires one time registration. Also, we just launched a free
Backup product thats bundled with this firewall, you can see how the
licensing work for that, which will be exactly same as the licensing
for V2. Once activated it says: This license will never expiry. As you
can see we are taking your valuable input very seriously and trying to
turn around and deliver products that you feel comfortable with.

BTW: pls let us know what you think our backup product too. We are
trying to create a Secure PC environment that users can enjoy for free.

Thanks
Melih

 

[Craig]

Ok, we are about to launch our Comodo Personal Firewall v.2 ...

Melih;

Let us know when it's ready. (I'd gone to your site after reading your
post but didn't see any explicit indication of what version was available).

And, btw, congratulations. Major releases are always such a...relief!

-Craig

 

[Comodo]

Thanks Craig

its certainly has been a huge work and all the credit goes to the
Comodo Personal firewall team.

We are arranging the launch for the week after (subject to marketing
guys doing their stuff etc).

We also discovered a new type of attacks against firewalls and created
a "leak test" that we are calling Comodo Parent Injection Leak test. We
will make the code available at launch. Its an interesting attack. And
of course, Comodo firewall is the only one that passes that

So lots of fun stuff ahead, including some gui changes to make it
easier to use. I will let you know the exact launch date sometime next
week.

cheers

Melih

 

[meow2222]

Richard

Could I please ask you to help us identify what aspects of the GUI you
like and how you would see that in Comodo firewall. I would like to
take this feedback from you and feed it to our Usability Engineers
please.
thank you very much Richard.

Melih

Now theres a type of post I'd like to see more of. Thats how you build
a great user interface.

NT

 

[David]

Ok, we are about to launch our Comodo Personal Firewall v.2 (its going
to be the only firewall that passes all the leak tests! yes we already
tested it ) This version will have the licenses done so that it
only requires one time registration. Also, we just launched a free
Backup product thats bundled with this firewall, you can see how the
licensing work for that, which will be exactly same as the licensing
for V2. Once activated it says: This license will never expiry. As you
can see we are taking your valuable input very seriously and trying to
turn around and deliver products that you feel comfortable with.

BTW: pls let us know what you think our backup product too. We are
trying to create a Secure PC environment that users can enjoy for free.

Thanks
Melih

My immediate reaction is why bundle extras with a firewall. If I want
a firewall then that is _all_ I want. Other bundled products are only
making it like Zonealarm with its 10MB, bloated download. By all means
include an unobtrusive ad for your backup program but only display it
once. A menu item to display the ad again is generally acceptable.

You still do not prominently display the information that this program
will not work on Win9x. In my opinion this should be on the first page
so that those interested don't spend time downloading other pages
and/or the program only to find it will not work on their system.

That comment also applies to your BackUp program although you do
display it at the top of the second page in a reasonable size font.

If all your programs only work in NT, 2000 and XP why can't you state
this in a large font at the top of your main page.

 

[WhItE RaBBiT]

Ok, we are about to launch our Comodo Personal Firewall v.2 (its going
to be the only firewall that passes all the leak tests!

So, will it accept and track domains [i.e. ftp.domain.com] as trusted
elements? If not, maybe a return to the drawing board is in order,
provided that you want a more useful, choice PF application. ;-)

Also, remember that even passing all of the "leak tests" does not exclude
the possibility of some git maliciously compromising leaky code.

 

[Comodo]

David

You are right! Bundles should not make the firewall bloated like other
people have done and we don't!

Let me explain: The architecture of Comodo Launch Pad (the integrated
application we built) is such that if you download lets say just the
firewall, u simply get the firewall! nothing else! however, it does
have a very small menu that also makes other applications available.
Please note the other applications are not installed, until you choose
to install them and these applications are not installed or downloaded
when you just install firewall. So everything is on demand! you install
firewall, you only get firewall!

I have asked our web design team to make the changes and it will be
scheduled very soon. Thanks for the feedback David.

 

[Comodo]

White Rabbit!

of course our firewall can do that! go to the "configuration"
click on "network rule" then add a network control rule. you can
specify a lot more details than just ftp.domain.com eg:traffic
direction, port, source, destination etc.

of course leak tests are only one threat model and there are many
others and our Digital Trust Labs are continually working to improve
the way Comodo Personal Firewall fights these threats.

thanks for the feedback.

Melih

 

[Comodo]

NT

Thanks, we really are trying to build firewall (and other desktop
security products) with the best GUI possible. The only way to describe
the best GUI is what the majority of users will like. For that we need
feedback, afterall the feedback we get will determine the development
roadmap. This is truly how each user can determine how they want their
firewall to be! We really want our users to be the determining factor
for the future development of our products. There is a direct feedback
mechanism we have set that continually feeds the user feedback back in
to the development (of course there is a prioritisation aspect to it as
you would expect). All our Desktop Security software will be free,
today, tomorrow, and forever. This is a great opportunity for all of
our users to come and contribute to create the firewall that we all
like and get to use it for free.

thanks for the feedback.

Melih

 

[meow2222]

White Rabbit!

of course our firewall can do that! go to the "configuration"
click on "network rule" then add a network control rule. you can
specify a lot more details than just ftp.domain.com eg:traffic
direction, port, source, destination etc.

of course leak tests are only one threat model and there are many
others and our Digital Trust Labs are continually working to improve
the way Comodo Personal Firewall fights these threats.

thanks for the feedback.

Melih

Maybe you need an faq.

CPF couldnt be reached via your front page, probably because the links
there come out on top of each other. A lot of people arent using the
very outdated IE these days. Assuming you want people to get it via
your front page, it needs to be IE, firefox and opera compatible at
least. Perhaps not Lynx

If theres one thing I've never understood, its why these type of
products often require IE, and wont install without them. A substantial
percentage of people arent using IE these days, its no longer a
minority thing to not use IE. You'll lose a lot of users /
recommendations etc this way.

Your english phone no is not what UK customers would dial. Many are
familiar with the clunky international system and how to convert
internat number to domestic, but a lot arent.

Tech support for freeware is unusual, I cant help wondering if that
will empty your funds unnecessarily.

One of the security reviewers made a lot of mileage about ZA's stealth
mode, and how it was absolutely the way to go. Your page makes no
mention of this. Its a selling point that has already been advertised
by others.


NT

 

[Comodo]

Firstly, thank you very much for the feedback NT, very useful indeed.

the CPF is in the front page of our Comodo dot com site where its
listed under free products. (but I will see if the marketing people are
prepared to give CPF more room in the index page)

Strange about links, all our sites designed to be compatible with IE,
Firefox, Opeara, Safari etc. Can you pls email (e-mail address removed) with
the problem pls so that we can see if this is problem our end and if it
is, make sure we resolve it asap.

we will continue to offer tech support (by email and have a forum on
comodo dot com under support menu) for free.

Excellent point about ZA's promotion and how we should also use it, we
should be marketing the features more.

Again, much appreciate your feedback.

thanks
Melih

 

[meow2222]

Firstly, thank you very much for the feedback NT, very useful indeed.

the CPF is in the front page of our Comodo dot com site where its
listed under free products. (but I will see if the marketing people are
prepared to give CPF more room in the index page)

Strange about links, all our sites designed to be compatible with IE,
Firefox, Opeara, Safari etc. Can you pls email (e-mail address removed) with
the problem pls so that we can see if this is problem our end and if it
is, make sure we resolve it asap.

we will continue to offer tech support (by email and have a forum on
comodo dot com under support menu) for free.

Excellent point about ZA's promotion and how we should also use it, we
should be marketing the features more.

Again, much appreciate your feedback.

thanks
Melih

done

NT

 

[WhItE RaBBiT]

White Rabbit!

of course our firewall can do that! go to the "configuration"
click on "network rule" then add a network control rule. you can
specify a lot more details than just ftp.domain.com eg:traffic
direction, port, source, destination etc.

Eh ... perhaps we are on the same page ( or not ;-).

There is, to my knowledge, only *one* software $$-firewall-$$ which can do
what I have described, so far.

Most of the SF apps allow *only* entry of the IP number/range
(i.e. X.X.X.X) as a trusted element and will not accept a domain name
(i.e. my.domain.net), although some will take a domain name, quickly
convert it to an IP and then neglect to update (TRACK) it successfully,
adequately, or at all.

Thus, the road warrior with a dynamically updating domain, who uses
various, constantly changing IP numbers will not be able to have access
to their home base files, when the firewall will not update their IP
changes to continually allow them access.

Hopefully, this makes what I attempted to convey more clear.

 

[Comodo]

Well I think we are on the same page!

You want an ability to add domain name (http/ftp etc) and make sure its
updated regulary against IP changes it might have! No problem, we got
it covered it for you ;-) Go ahead and do the following in the firewall
and your wishes will be granted!

1- Add a new Network Control rule
2- Select Source IP -> Build
3- Select hostname option write the host name www.google.com;
4- Press ok
5- Select destination IP - > build then select any Press OK
6- Select Direction In
7- Select Action = Allow
8- Select Protocol IP
9- Select IP Protocol any

we check it periodically (every 3 hours at most).

BTW: what is the only firewall you know that does that too?

White Rabbit, pls go ahead and give it a try and please let us know
what you think of it. And pls suggest ways we can improve it further..
thanks
Melih

 

[meow2222]

Just like a musical instrument, we need
to refine CPF and we need help from all the "musicians" out there!
Afterall, we are building this product for them! So this is a great
opportunity to help contribute to the tuning so that they can have a
better instrument for themselves. Its not hard to look at other
firewalls and build something similar, but what we want is to build
something for the users, by listenting to their needs, wants, wishes!

So many companies dont seem to realise this or do this. Many shoot
themelves in the foot as a result.

The parent process issue further up strikes me as a communication
issue, as perhaps it does all of us. I've long wanted to see a change
to the way software generally communicates with the end user. If I
worked on eg windows I'd add a 3 column monologue with each yes/no
question box. Each column would explain the situation, but in 3
different ways.

Column 1 would be aimed, quite ilterally, at 6 year olds and drunken
half asleep people that cba to read anything, and really couldn't care
less anyway.

Column 2 would be aimed at those who make an attempt and have some but
limited understanding.

Column 3 would be the technical explanation.

Each column has a different tint to it for quicker more effortless
choice. 'Im a blue tint person' 'Im a cream person' etc.

Now, no matter who your end user is, or what state theyre in, your
software communicates to them effectively.

I would also always add an extra button, something along the lines of
'just get on with it.' This default button is for people that either
dont understand whats being asked, do but dont know what the answer is,
or just arent interested anyway.


Understand that end users dont know you from Adam, and are not trusting
of software until its proven itself. What you may perceive as the
latest greatest user protection freeware, some users will probably
perceive as suspected of being hijack/spammer/trojan-ware, because they
just dont know yet. Any attempt of any new unknown software to connect
to the net raises the suspicions greatly, and may in many cases prompt
immediate removal of it. If the software does anything, or appears to
do anything that even _could_ be interpreted suspiciously, you have a
red warning light in user's head situation.

One solution is to be careful how you present the info, so it is seen
as not the fault of the software. Eg instead of IE connecting in
repsonse to playing with cpf, a message says some other app has
requested a connect, so you stay blame free. Add a 'dont show this
again' option and youre home and dry.

Another solution, which surprisingly often works, is a text explanation
of what its doing and why it needs to override the user's security, or
why it gets detected as a virus etc. This is usually enough to get the
user to say 'oh ok then, click.'


I'm saying all this without having tried cpf, so its really nothing but
generalisations in repsonse to some concerns raised in this thread, and
may or may not apply to cpf, microwave meals, power tools, or any other
entity in the known universe. Or outside of it.


NT