CPF or the Comodo Personal Firewall

[meow2222]

Susan Bugher wrote:

Thanks for explaining this, Susan. Not listing 2000 and XP only programs
makes good sense. Of course, as time goes by, more and more programs are
going to be this way just as W95 got left in the cold by many programs.

Very true, but it will take years yet, longer than the keepage time of
the next computer. Why? 98SE has by far the most software available for
it of any OS on the planet, and by a long way. XP or more likely its
later variants will take the lead some day, but most of us want
software for 2006-2008, not 2012. By then we'll have another machine. A
98 machine is more powerful in the sense that you can do much more with
it. Including reboot it more often


NT

 

[Kerodo]

I shouldn't have been so cryptic in previous post.
I don't know the impact but I use: Firefox/1.5.0.1; ThunderBird/1.5;
Gravity/2.60 and Kerio/2.1.4

Which time sync program please?

I'm using NTPTime, runs as a service. Here's a link:

http://home.att.net/~Tom.Horsley/ntptime.html

I'm not sure what was going on, but it looked like Comodo was just
creating bad rules. It should have created a rule allowing outbound and
inbound traffic, but it created a rule instead only allowing inbound,
which is very weird. Yet it did allow the outbound traffic. So it
pretty much looks like a bug of some sort in the rule creation routines.

 

[Kerodo]

Sorry, missed this post, but yes, it's NTPTime and it runs as a service
on my Win2k machine here.

There are other reasons for not using Comodo as well. One has to
connect to their site to complete the registration process. That isn't
required by Zone Alarm and numerous other firewalls. I suggest people
give Comodo a big pass.

Regards, John.

Yeah, John, I agree, I gave it a pass for now. Given the rule making
glitch and the fact that I wasn't that impressed with it anyway. Looks
like they are working on it, but it's not yet where it ought to be. So
for now, I'll go with other products..

 

[Craig]

Sorry, missed this post, but yes, it's NTPTime and it runs as a service
on my Win2k machine here.




Yeah, John, I agree, I gave it a pass for now. Given the rule making
glitch and the fact that I wasn't that impressed with it anyway. Looks
like they are working on it, but it's not yet where it ought to be. So
for now, I'll go with other products..

I've installed & uninstalled already. Am looking to re-install sometime
this weekend to put it through the hoops again. Should have some
feedback later next week.

fwiw,

-Craig

 

[Daniel Mandic]

Very true, but it will take years yet, longer than the keepage time of
the next computer. Why? 98SE has by far the most software available
for it of any OS on the planet, and by a long way. XP or more likely
its later variants will take the lead some day, but most of us want
software for 2006-2008, not 2012. By then we'll have another machine.
A 98 machine is more powerful in the sense that you can do much more
with it. Including reboot it more often


NT

Hi meow!


Memory protection going with NT based systems is very nice. If the
AmigaOS would not be better than Win9x/ME, I would use it, but the NT
memory protection gives space for longer sessions. Well, it is
dazzling, that's why it is a office-machine, but it is pretty fast with
today Pentium and Replikas far beyond 200MHz. For Standard work. I
still have some of my AMIGA stuff for a pleasant gaming session on the
TV-set.


My XP-Setup is paired with MS-DOS 6.22, which gives me the last
compatibility. Far below 1988 year Software ;-))). 8086, 8088 etc. No
Problem! And the i686 is doing more than satisfying with NT5.1, which
is also very compatible by DirectX Software. Beside, I use Win95 (other
machine) for older Windows Software (Soundblaster AWE32 is working best
with 3.1, 3.11 or 4.0 Windows Chicago, nice soundcard with its own
memory)

Personally I dislike Windows95, and especially Windows98, or 98 Second
Edition. Me is at least nice, but Win95 is the fastest of that
digital-junk.





Kind Regards,

Daniel Mandic

 

[Comodo]

John

We are monitoring and I have reported this to our developers. Thanks
Melih
Comodo

 

[Comodo]

Guys here is what our developers have said:

CPF performs stateful inspection for connections. This means if you
allow for a connection whether inbound/outbound, this means you
automatically allow for the replies for those connections. This is to
prevent number of popups to the user. For the time sync program, it
uses the same socket for which it accept the connections to connect to
the Internet. Stateful inspection ensures not to ask any questions for
approved sockets. This is not a threat or anything that can lead to a
security breach. But since it caused confusions, we have modified the
logic in this handling so it will ask for the new connection attempt
even If the socket is approved. Update will be posted soon. CPF will
automatically update itself when the update is posted.

Another point is, if users want to see verbose version of popups, they
must disable basic popup logic option, which is enabled by default, by
unchecking
Security->Advanced->Basic popup logic checkbox. So CPF does not have
any
Security->Advanced->bug
in rules creation. If users want to create simple rules, they need to
turn off basic popup logic which will increase number of popups.

thanks for the feedback guys. Once more your feedback helped make CPF
better for other users.

thanks again
Melih
Comodo

 

[Kerodo]

Guys here is what our developers have said:

CPF performs stateful inspection for connections. This means if you
allow for a connection whether inbound/outbound, this means you
automatically allow for the replies for those connections. This is to
prevent number of popups to the user. For the time sync program, it
uses the same socket for which it accept the connections to connect to
the Internet. Stateful inspection ensures not to ask any questions for
approved sockets. This is not a threat or anything that can lead to a
security breach. But since it caused confusions, we have modified the
logic in this handling so it will ask for the new connection attempt
even If the socket is approved. Update will be posted soon. CPF will
automatically update itself when the update is posted.

Regarding the time sync program, you should make sure that the rule
created shows outbound as well as inbound approval. I am sure the
firewall was probably handling it properly, however, the resulting rule
it made was very strange. I'd expect to see perhaps outbound approval,
or out/in both, but not just inbound like it did. At any rate,
hopefully the next version will be ok.

 

[Comodo]

Thanks for the feedbak Kerodo. I hope you realise that by trying and
putting that feedback you helped us make CPF better and that will
benefit every other user who is going to use CPF in future.

Our developers have already started working on it (and yes its the
weekend )

thanks
Melih
Comodo