The Award-Winning Comodo Firewall Pro
- PC Magazine Online's Editor's Choice
- Secures against internal and external attacks
- Blocks internet access to malicious Trojan programs
- Safeguards your Personal data against theft
- Delivers total end-point security for Personal Computers and Networks
Comodo Personal Firewall 2.0
REVIEW DATE: 05.30.06
By Neil J. Rubenking
Last summer, PC Magazine rounded up free personal firewall products from Agnitum, Kerio, Sygate, and Zone Labs. (Symantec has since purchased Sygate and pulled it from the market; Sunbelt has purchased and rebranded the Kerio product.) They all did a decent job, though none was up to the standard of the best for-pay personal firewalls. Comodo Personal Firewall 2.0 brings excitement back to the free-firewall category with a spiffy interface and impressive performance. It protects any Windows 2000 or XP SP2 system from hack attacks, and it blocks unauthorized programs from using the Internet—even programs whose malware-style trickery fooled the other free firewalls.
Comodo Personal Firewall 2.0 installs inside the Comodo Launch Pad, a control center that pulls together various free and free-trial products from Comodo. Among the free offerings are Comodo Antispam (a challenge/response-based spam blocker), Comodo BackUp (a traditional file-based backup utility), and VerificationEngine (an antiphishing browser add-in). You may want to give these a whirl; to date, I've tested only the firewall.
As soon as I started installing Comodo Personal Firewall, it noted the presence of an existing firewall (the ZoneAlarm free edition) and asked me to remove it. That's smart, because two firewalls running at once are liable to get into a fight. A free code obtained from Comodo's Web site activated my installation for a lifetime subscription. The Windows XP SP2 Security Center recognized Comodo Personal Firewall as my system's new firewall protection and started tracking its status.
Comodo successfully put my test-bed system's ports into stealth mode. They weren't just closed to hackers' manipulation; they were completely invisible from outside. I confirmed this with the ShieldsUP! test from Gibson Research (www.grc.com) and several other Web-based port scan tests. Of course, all the other free firewalls do this too, even the built-in Windows Firewall.
Like any new personal firewall installation, Comodo initially bombarded me with pop-up warnings about programs accessing the Internet. It even warned about some of its own modules! In general, however, its pop-ups are smarter than most. They identify over 7,000 known programs as safe (a feature found in the Pro version of ZoneAlarm but not in the free edition), and multiple related pop-ups are automatically combined. Rather than wait for Comodo to notice each application's first attempt at Internet access, I told it to scan the system for known applications and authorize them. That cut down the number of pop-ups dramatically-a nice feature.
Comodo Personal Firewall 2.0
Plugging the LeaksIt's no great trick to control Internet and network access for well-behaved applications. Virtually all personal firewalls handle this task, differing mainly in the clarity and elegance of their confirmation pop-ups. The trouble starts when malicious applications deliberately circumvent normal program control by masquerading as authorized programs. Comodo's Application Monitor watches for this sort of trickery, aided by its Application Behavior Monitor and Component Monitor. Like the Component Control feature in ZoneAlarm Pro, Component Monitor starts off in learning mode. That means when you authorize a program for Internet access, you're also authorizing all its components. After a while, you switch Component Control all the way on. After that, any application component accessing the Internet for the first time generates its own confirmation pop-up.
I turned Component Control on and tested the firewall with a dozen leak tests-programs that exercise specific malware-inspired techniques. Comodo blocked every single one-an impressive performance. The ZoneAlarm free firewall doesn't provide this level of protection (though the Pro version does a fantastic job), nor does Agnitum's Outpost Firewall. Kerio did better in testing, but it still missed a third of the test programs and blocked other legitimate events. In most cases, Comodo provided a very clear message about the problem, for example: "copycat.exe has modified iexplore.exe in memory. This is typical of Virus, Trojan, and Spyware behavior" or "iexplore.exe is a safe application. Wallbreaker.exe may be using iexplore.exe to connect to the Internet." I noticed in the detailed activity log that most leak-test protection was credited to the Application Monitor, with a few trapped by the Application Behavior Monitor.
There's no point in having a firewall if Trojan horses or other malicious applications can kill it or turn it off, so I tried directly attacking the Comodo firewall as malware might do. In last summer's round of testing, I killed off Outpost by tweaking its Registry settings and then crashing the system; Comodo shrugged off that attack. Outpost and Kerio both succumbed to termination by the Task Manager, but Comodo riposted with a warning message and didn't terminate. Finally I tried to stop the firewall's system-level service—a trick that successfully wiped out Kerio, Outpost, and Sygate. The Comodo service couldn't be stopped, so I set it to Disabled and rebooted. Even then, the ports were still stealthed and the firewall popped up a warning asking me to reinstall it. The only attack that successfully shut Comodo down involved an elaborate series of simulated mouse clicks, an unlikely and highly visible attack. Among the earlier group of free firewalls, only ZoneAlarm resisted all four types of attack.
Experts can use Comodo Personal Firewall to define firewall rules of dizzying complexity. There are advanced features for nonexperts, too. A wizard automates the process of defining the local network as a trusted zone, and you can easily tell the firewall to allow or block all access for any specific program. I'd recommend leaving other advanced settings at their default values, unless you really know what you're doing. These settings control such things as how long the firewall will block a domain after an apparent port scan and how long it will stay in invisible "emergency mode" after an attempted denial-of-service attack.
Comodo Personal Firewall offers truly excellent protection, on a par with the better for-pay personal firewalls. If you don't have firewall protection, your system is a train wreck waiting to happen—install Comodo now!
Download....
