|
|
|
|
|
|
| ISP Resources |
| ISP-Lists ISP Glossary ISP News The List ISPCON Events Free Newsletters |
|
|
|
||
| internet.commerce | ||
|
Partner With Us |
Thinking Outside The (Windows) Box,
Part 4: Free Windows Firewalls—Comodo Personal Firewall
While many businesses depend on Microsoft and its various product suites, alternatives exist, some of which are not well known. Part four of this series examines free windows firewalls.
VP Core Competence, Inc. [March 3, 2006] |
 |
We tried Comodo Personal Firewall Version 1.1.005 on Windows XP SP2; it also runs on Windows 2000, with a minimum 15 MB disk and 32 MB RAM. This program is one of several free and commercial Comodo security offerings—in fact, the Launch Pad installed with the firewall is really an advertisement for Comodo's password safe, certificate, and vulnerability testing services. We focused exclusively on the firewall, which runs for 30 days without registration, or one year with free annual registration.
|
Comodo
Personal Firewall |
 |
The installer is straightforward, but does not describe default firewall rules (if any) created during installation. Upon first run, alerts appear immediately as the firewall begins to detect network use—for example, when the firewall itself checks for program updates and registration status. New users are likely to find this disconcerting, because they're required to start making rule decisions before they've had a chance to get comfortable with how this firewall works or must be configured.
Like ZoneAlarm, Comodo uses alert responses to build its ruleset. But Comodo exposes more network detail, showing the IP address and port associated with each alert. As a result, there are often many rules for each application, tied to specific IPs/protocols/ports and parent programs. For example, our Comodo License Check program has four rules: outbound TCP/80 to anywhere, outbound TCP/443 to anywhere, outbound TCP/1984 to anywhere, and inbound UDP/1052 from anywhere (see figure below, left). Creating these granular port filters by hand would be tedious, even overwhelming, so Comodo offers configuration wizards that observe application activity, letting you permit or deny all IPs/protocols/ports used by each program (see figure below, right).
 |
 |
Even with wizards, these rules can get too granular, permitting individual ephemeral ports instead of port ranges. Alternatively, you can decide to trust or ban an entire application. There is no middle ground, like trusting a client to initiate sessions but never open server ports. We found the resulting ruleset long and difficult to manage. On the other hand, there are some nice details here, like configurable connection limits and the ability to stop an unusual parent (e.g., trojan) from launching trusted programs.
Comodo also enforces network layer rules, permitting outbound IP to anywhere, and denying inbound IP from anywhere by default. These rules can be extended, modified, or re-ordered—for example, you can easily add a host or subnet from which you want to accept inbound ICMP pings. Rules can refer to named IP address ranges, but not to interfaces. Traditional firewall administrators will be comfortable with this approach, but end users will find it difficult to simply say "trust my workgroup LAN, but not my wireless connection."
Denial
of Service protection is provided in the form of configurable TCP/UDP/ICMP
rate controls (see figure at right). For example, triggering a
UDP flood alert if more than 20 packets per second are received for at
least 20 seconds, dropping all inbound packets for the next two minutes.
It also successfully detected rapid port scans and ignored the source
IP for the next five minutes. This kind of configurable DoS protection
is a staple in commercial network firewalls, but a welcome surprise in
a free personal firewall.
Comodo's dashboard summarizes application and protocol traffic. Drill-down reports provide real-time active connection and TCP session lists. Its statistics page should enumerate application/IP refusals and bandwidth, but our statistics were incomplete. Nothing appeared on the first day; on the second, a single program was said to have used all bandwidth, and just three IPs were refused. But we had permitted and blocked dozens of applications, and stopped remote pings and port scans from numerous hosts. Many of those events had been displayed in the Alerts list (a wrap-around log file). As a result, we found using this firewall a bit like driving in the rain with spotty wipers. We knew more was happening than we could see clearly, and this left us vaguely uncomfortable.
This personal firewall has a polished GUI that's heavy on advertising and network details. It is a relatively new program, which may account for reporting glitches that we experienced. Wizard-driven configuration holds promise for novice users, but given its ruleset complexity, we think Comodo is currently better for advanced firewall users.
|
Free Windows Firewalls: Comodo Personal Firewall
|
|
|
| Best of ISP-Planet | ||
|---|---|---|
|
ISP-Planet
Guide
ISP-Planet's Principal Studies Directories:
Q2 2008 Top U.S. ISPs by Subscriber (Updated 08/29/2008)
ISP-Planet's Blogroll | ||
ISP-Planet's
RSS feed
Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia
Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers