Comodo vs PcTools Firewalls

Sorry you had problems with Comodo. FYI, regarding the option to "allow once" when the firewall intercepts a connection attempt, this is available in ZoneAlarm - you can click "Yes", but the choice will not be remembered if you don't put a check in the box to save the setting. ZoneAlarm also distinguishes between allowing an application internet access Vs allowing it to function as a server. I don't think PC Tools Firewall Plus currently makes that distinction.

Thanks for the info. PcTools sounds like it has a long way to go before it's really ready for prime time.

Things went from bad to worse and I discovered that several other utilities were malfunctioning - probably really from Comodo. Eventually, while trying to fix each thing, the system gave up and suddenly couldn't boot into windows.

One more rave for Ghost! I restored the drive image from one week ago and as a result, I was back with Sygate. I think for now I'm going to stay with Sygate. This fiasco has taken me several hours (I even missed a movie we'd bought tickets for), and it is a testament to the addage: if it ain't broke.......

How important do you think a software filewall really is if you keep Windows updated, use an NAT router, run NOD32 and SuperAntiSpyware. Perhaps I'm into overkill anyway. I'm certainly into exhaustion :-)

Louise

About is important is without a NAT router (which bestows no security functionality by itself), NOD32 or SuperJunkGarbage: not at all.

Sure you are. You've been messing about with all the problems this Sygate stuff is supposed to create.

Yeah, recommended by people who have no fuc^W clue that this simply doesn't work.

Eh... except that it's totally broken and makes the system vulnerable in first place?

You mean this old software that has many known unfixed vulnerabilities?

It's proven to be broken, that's rather like it actually is.

Following your logic, a stone can keep away a tiger. Seeing any tiger around you?

Yeah, you'd wish.

The recommended setup is using a software firewall for application control, even if you have a router. What I don't understand is why you quit using Sygate if you were pleased with it. There really is no reason to switch. It's not like an AV that has to be updated with new signatures. I've tried both Comodo and PC Tools and don't feel either is nearly as good as the old Kerio 2.1.5, which I went back to. Don't get caught up in the hype about leaktests, etc, as most of that stuff is meaningless in the real world - even though the hype becomes popular in the marketplace. Sygate is a proven a very good firewall, which you can used to control which apps access the Internet. I believe it is a better firewall than most of the newer ones, including Comodo and PC Tools. Also, have you considered running HIPS software rather than AS apps? Much more effective, as it is not signature based. My combo of Kerio 2.15, NOD32 and System Safety Monitor has kept my system clean for quite some time. SAS is a good app, and I use it for on-demand. However, running AS software in real-time is a waste of resources. NOD will catch things before it even gets to your AS (at least that has been my experience). If anything does get through all the signature software, a HIPS application will keep it from executing.

Thanks for your thoughtful reply.

At the moment I've gone back to Sygate. My experience with Comodo was dreadful due to conflicts with some other applications, pctools is not configurable enough and Sunbelt/Kerio is very demanding of resources providing all kinds of AS, popup blockers etc., all of which I do not need.

What is HIPS software? I gather you are saying it is superior to resident anti spyware software.

Also, where do you get the old Kerio 2.1.5? That is something I would like to try.

Thanks again.

Louise

HIPS is an acronym for "Host Intrusion Protection System". HIPS software looks at the behavior of applications running on the computer and intercepts activity that is potentially dangerous. It's similar to outbound firewall protection in that it pops up warnings and permission requests for the user to evaluate and respond to. I think it adds a significant level of protection - you just have to be prepared to respond to the additional permissions pop ups while the software is learning your system. Sometimes I will turn my HIPS off when I'm installing new software to avoid the pop up storm, then scan the system later so it can incorporate the new application. Currently I'm using SpywareTerminator which includes a HIPS module (as well as real-time spyware detection, and it's free).

No.

"Application control" is a marketing lie snakeoil sellers are telling you. You don't need it.

With such security design flaws?

Yours, VB.

So are you a security expert, or just another moronic jerk who thinks he knows it all?

Like there's any that aren't vulnerable? All or vulnerable if the person clicking the mouse is an idiot.

Kind of like the newer software that is even worse.

Again, do some research and then maybe your statements will have a little credibility.

Well, my logic has kept my computer with not so much as a tracking cookie for the entire time I've owned my system. Why the tigers - are you hallucinating. Better lay off the meth.

Yes, and it works, even without drugs.

You don't have to be an expert to understand the technical details. Not to mention that understanding the concepts would already be sufficient.

Of course, there are many.

Even if the person clicking with Sygate would know everything, he couldn't do anything about being trivially vulnerable.

Kind of like other software exists which don't have known vulnerabilities. And reasonable person considering known unfixed vulnerabilities as unacceptable in any way.

It's vulnerable to a Shatter Attack, since its Windows service spawns windows in SYSTEM context. Hm... I just wonder why you doubt credibility, since this has been known for years now.

Further it's vulnerable to being circumvented with overlapping IP fragments (IP fragment reassembly attack) and vulnerable to a flooding with a mixture of SYN, UDP and ICMP packets.

Since something like "tracking cookie" simply doesn't exist, this shows what you know.

Since be principle it can't work, you'd have to prove how it should work. And since it's trivial to counter-proof, you're simply talking nonsense.

You can still get Kerio 2.1.5 at the following website:

If you do so, I would suggest using Blitzenzeus' ruleset, available from here:

Also, there are older versions of Kerio available that aren't nearly as resource-heavy as recent versions. Versions 4.1.2 through the present can be found at the following:

The HIPS question has already been answered by another person. The simplest and most basic (at least my own opinion) is Process Guard. I'm sure someone will throw some comment in here saying it isn't effective, but for the basic user it's pretty decent. Free version available at:

Another popular HIPS is System Safety Monitor, but a lot of people think it's difficult to use or hard to understand. Another suggested Spyware Terminator. I've used it, and didn't care for it - has a lot of bugs IHMO. Just some ideas, anyway.