Comodo blocking port forwarding

We are not talking about the DMZ, and besides, no PFW has one, and it is not a FW, period. That's what we are talking about. The junk being called a FW, when it's not that.

When did oil become an animal? I'll put it to you another way. You have been took. You have been bamboozled into thinking that something like Commando is a FW solution.

One can call it Commando, Comodo or Commode it doesn't make any difference to me about a PFW solution. They are all junk. You see any of that trash running on the Linux platform?

No, they don't, when the user is running with admin rights and the malware is running under those rights, which they can and do manipulate the FW rules or some of that, toilet bowl, application control junk in them, punch right through it. And beside, there is the fallible human being factor too. It's not that hard to circumvent them.

Thst's BS, because I have tested the 3rd party PFW(s) for this, and they CANNOT get to the connection first, because they are not an integrated part of the Windows O/S platform. No Windows NT service is dependent upon or is made to wait on the PFW service, none of them. If the PFW service is not up and running, then how is it stopping anything that's gotten to the connection first? It can't do it. The ones that can do it are the Windows XP and the Vista FW(s), that's is, they get to the connection first and protect the network connection, before anything else can use the connection.

You can put it to the test. You install Gator on that machine, and you set all the rules you want to stop Gator form connecting outbound to one of its many sites with your PFW solution, and you see if that PFW you hold in such high regards can stop Gator at boot and logon. You can use Active Ports or Currpotrs, and the best you might see is the connections being closed after Gator has done its thing.

It's doing everything that it's not suppose to be doing. It's doing everything but acting like a packet filter stopping unsolicited inbound traffic from reaching the computer. It's a jack of all trades master of none trying to protect *you* from *you*. If I don't want something to communicate, then I stop with the O/S, or better yet, I don't install the software at all.

Obviously you've never been working as an admin in a company. Indeed, there is some press at the beginning, until they learn how to sit down and shut up. After all, you're supposed to work, and thus only get access to the resources you need for getting the work done.

Well, I'd say the latter is always more serious, especially since it's typically an implementation problem.

Persuade? The default hypothesis is that you don't use something until you actually need it. A virus scanner can be a useful intrusion detection system, and a god junk filter, but anything bezong is quite furtile.

That is, if they really decide to use a virus scanner, I'd persuade them to not rely on it as a security measure, since (sadly) most of them do. Which also typically means that it's of no value to them any more, and thus they should simply stop using it at all.

Wrong direction. By principle, any additional software increases the system's complexity and therefore reduces its security. Unless this can be justified by the additional protection introduced, it's absolutely wrong to use it. And for PFWs this case always holds.

And now a wrong analogy between the analogue and the digital world (hint: the latter has an enumerable possibility space, and doesn't know the equivalence of "just use more force"), as well as a wrong analogy between biological diseases and computer security problems (hint: biological bodies are open systems, by design).

You shouldn't post while being drunk or stoned. This absolutely doesn't make any sense.