1. You may have noticed things look a little different around here - we've switched to a new platform (XenForo) and have some new forum styles and features. This how-to guide will help you find your way around. If you find anything that looks strange, post it in this thread.

Comodo vs Windows Firewall

Discussion in 'Security and Anti-Virus Software' started by nu_D, Jul 12, 2011.

  1. nu_D

    nu_D Notebook Deity

    Reputations:
    741
    Messages:
    1,577
    Likes Received:
    1
    Trophy Points:
    55
    I was using NIS 2010 and then started using the 2011 version before I finally switched to MSE. Although in the task manager it uses around 65mb compared to about 10mb for NIS, the total amount of physical memory available is more with MSE (was NIS lying about it's memory usage?) and everything just seems smoother.


    I've heard about Comodo firewall a lot and how great of a firewall it is, but I was wondering about how it's resource usage compared with the Windows firewall? I'm not sure how much memory Windows firewall uses, if someone could tell me, that would be great and I'd compare the two myself.

    Thanks. :)
     
  2. Steven

    Steven God Amongst Mere Mortals

    Reputations:
    705
    Messages:
    989
    Likes Received:
    2
    Trophy Points:
    31
    I'm sure Hungry Man will comment on this shortly since he uses Comodo as well and got me to use it.

    Basically, Comodo is very light and effective. I'm not exactly sure how light but I can tell you it is lighter than MSE and does not cause any type of system slow down. I have uninstalled MSE and use Comodo Defense+ and Firewall as well as MBAM, (Which I use to scan at least 5 times a week) and Firefox with No script, WoT, Ad-block plus, and HTTPS Everywhere. I have yet to see my system lagging or acquiring a virus.

    I would recommend it to you over the standard version of Windows Firewall anyday since it does a good job of sandboxing and keeping out the nasties you don't want to acquire.
     
  3. nu_D

    nu_D Notebook Deity

    Reputations:
    741
    Messages:
    1,577
    Likes Received:
    1
    Trophy Points:
    55
    What's Comodo Defense+? Is that their antivirus?
     
  4. Steven

    Steven God Amongst Mere Mortals

    Reputations:
    705
    Messages:
    989
    Likes Received:
    2
    Trophy Points:
    31
    No, you have to purchase Comodo in order to get the anti-virus, although there is a free one year trial going on for that but I would pick MSE over the Comodo AV.

    Defense+ helps sandbox programs and limits which programs can do what. Basically, with Defense+ you can sandbox Javascript and break malware.
     
  5. nu_D

    nu_D Notebook Deity

    Reputations:
    741
    Messages:
    1,577
    Likes Received:
    1
    Trophy Points:
    55
    I see. I'd rather just use their Firewall along with MSE...
    Can you tell me how many MB Comodo is using in your resource manager? Thanks man. +rep.
     
  6. Hungry Man

    Hungry Man Notebook Virtuoso

    Reputations:
    661
    Messages:
    2,357
    Likes Received:
    0
    Trophy Points:
    55
    In terms of MB Comodo only ever uses about 6MB of RAM. It also has VERY low disk I/O and CPU.

    Firewall technology hasn't really changed much in the last decade. What Comodo offers over Windows 7's Firewall is that it tracks outbound requests as well as inbound, as well as the standard packet inspection services you'll find in most every firewall that's been updated in the 2000's. The GUI is also easier to manage and you can configure how "loud" it is and how often it alerts you.

    What's so good about Comodo's Firewall is that it comes with Defense+. Defense+, in my opinion, negates the need for antivirus software.

    To explain this you have to understand what most antiviruses are made up of. MSE for example is very simply, you have a blacklist and heuristics. Both of these react to files that are downloaded/ on your computer and it either says "this file is on my list of bad files" or "this file seems likely to behave badly" and then it decides what to do based on those two decisions.

    Defense+ takes unknown files and sandboxes them. This limits what these files are able to do based on which sandboxing scheme you decide on. This allows you to run software that may be malicious but it won't infect your system. If you run the software and it's unknown it is first scanned, in the cloud, by Comodo's blacklist and heuristics. If the malware somehow isn't picked up by Comodo (it happens sometimes, though in my own tests very rarely) and it continues to run it is still stuck in the sandbox, which prevents it from seriously harming you. You can always delete that specific sandbox and its contents and that will remove the malware.

    Basically, it comes down to this:

    Antiviruses are bloaty and reactive measures. Defense+ is a HIPS (host intrusion prevention system) and it uses barely any resources.

    EDIT: It is also worth nothing that you can force applications into a sandbox. I personally have Java and Digsby and IE9 forced into a Limited sandbox. This means if any of those applications are exploited the malware/ hacker will have to then try to break out of the sandbox.

    Attached is a screenshot of my task manager showing resource usage of Comodo.
     

    Attached Files:

  7. nu_D

    nu_D Notebook Deity

    Reputations:
    741
    Messages:
    1,577
    Likes Received:
    1
    Trophy Points:
    55
    Well, I've installed it. Seems like a sweet piece of software. It is however using around 14MB for some reason...maybe it goes down with time?

    What settings are you using? I've got it on "safe mode."

    I did keep MSE installed but disabled Windows firewall...
     
  8. Hungry Man

    Hungry Man Notebook Virtuoso

    Reputations:
    661
    Messages:
    2,357
    Likes Received:
    0
    Trophy Points:
    55
    It's maybe a bit higher because you just installed it and it's working on things? I don't know. I've never seen mine go beyond 8MB.

    I have both my Firewall and Defense+ at Safe Mode. I have firewall alerts set to low.

    Defense+ I have unrecognized files treated as Limited.

    I have Java and Digsby sandboxed as Limited. I have IE9 and two Sony applications sandboxed as Partially Limited.

    That's about all it takes in terms of setting up. You may have to whitelist some applications like games but otherwise it should work fairly quietly and effectively.
     
  9. nu_D

    nu_D Notebook Deity

    Reputations:
    741
    Messages:
    1,577
    Likes Received:
    1
    Trophy Points:
    55
    That's basically what I had, but I have sandbox disabled...

    It's dropped down to 4MB...this is pretty sick software guys.... i'd rep you but stupid thing says I've given out too much..I'll hit you up tom.
     
  10. Hungry Man

    Hungry Man Notebook Virtuoso

    Reputations:
    661
    Messages:
    2,357
    Likes Received:
    0
    Trophy Points:
    55
    Yup, Comodo is my favorite software for defending computers.

    Play around with the settings and see what you like.

    I used it with MSE for a while and then I realized that my antivirus was completely unnecessary.

    I've literally downloaded dozens of malicious files and exploits and Comodo has prevented infection every single time.

    To be fair I also have my default Downloads folder set to low integrity. But Java exploits were easy to deal with since I have java in a sandbox. I simply deleted the Java sandbox and that was it. Running scans with about 6 different very good scanners results in no results (I ran them in safe mode and normal mode just to be sure and even used RKill to make sure they were effective.)
     
  11. nu_D

    nu_D Notebook Deity

    Reputations:
    741
    Messages:
    1,577
    Likes Received:
    1
    Trophy Points:
    55
    To be honest I'd be fine not running any time of security software but I just prefer it...it's more of a placebo effect more than anything, so I think I'm going to keep MSE.

    On that note, should I disable the defense+? Or keep it enabled? Or lower the threshold? Would it make any difference performance wise? Thanks man... (it let me +rep u :) )
     
  12. Hungry Man

    Hungry Man Notebook Virtuoso

    Reputations:
    661
    Messages:
    2,357
    Likes Received:
    0
    Trophy Points:
    55
    Performance wise you'll see no difference with Defense+ enabled or disabled. It uses very little disk IO and RAM. I mean really really little.

    Yes, I would keep defense+ enabled. I would also force Java into the sandbox as Java exploits are fairly common and very dangerous.

    By automatically sandboxing unknown applications as limited or partially limited you stop malware from performing methods of infecting your system while allowing safe software to perform properly.
     
  13. Steven

    Steven God Amongst Mere Mortals

    Reputations:
    705
    Messages:
    989
    Likes Received:
    2
    Trophy Points:
    31
    All credit goes to Hungry Man for showing me this and telling me about this but: here is the setup I use and enjoy using which Hungry Man has shown me.

    Firewall: Safe Mode

    General Settings
    Create Rules for safe applications
    Enable IPv6 filtering

    Alert Settings
    Low

    All boxes checked

    Advanced
    All boxes checked except for Monitor NDIS protocols other than TCP/IP

    ---------------------------------

    Defense+: Safe Mode

    General Settings
    Checked:
    Create rules for safe applications

    Execution Control Settings
    Enabled
    Everything checked
    Treat unrecognized files as Restricted

    Sandbox Settings
    Enabled
    All boxes checked

    Monitoring Settings
    All boxes checked
     
  14. Hungry Man

    Hungry Man Notebook Virtuoso

    Reputations:
    661
    Messages:
    2,357
    Likes Received:
    0
    Trophy Points:
    55
    Forcing any applications into a sandbox?
     
  15. nu_D

    nu_D Notebook Deity

    Reputations:
    741
    Messages:
    1,577
    Likes Received:
    1
    Trophy Points:
    55
    I'm using the same settings now as Steven, do you recommend something else Hungry?
     
  16. Hungry Man

    Hungry Man Notebook Virtuoso

    Reputations:
    661
    Messages:
    2,357
    Likes Received:
    0
    Trophy Points:
    55
    I would suggest two things -- the first of which I've personally seen stop malware from infecting my computer (through testing in VM's and my test Windows XP computer.)

    1) Sandbox Java.exe, javaw.exe, javaws.exe for both program folders (86 and 64.) Java's a big vulnerability and I've found that Limited will secure your computer while still allowing Java applications to function. If you find a site not working you can try Partially Limited. This has shown to stop exploits on my computers.

    2) Play around with settings and see what you can get away with. I've tried quite a few programs and some are able to sandbox and some aren't. The fact is that if an application CAN be sandboxed with no issues it should be, there's no real reason not to.

    My internet-facing applications are Digsby, Chrome, and Java. I've found that I can't sandbox Chrome, which is fine because Chrome is already sandboxed but I CAN sandbox both Digsby and Java, which allows me to secure two of my three major security vectors.

    Edit; To force a program into the sandbox simply go to your Defense+ tab, go to Computer Security Policy, and go to the "Always Sandbox" tab.
     
  17. Hiker

    Hiker Notebook Deity

    Reputations:
    448
    Messages:
    1,718
    Likes Received:
    1
    Trophy Points:
    56
    That's wrong. You can get Comodo Internet Security (CIS) which includes the Firewall, Defense Plus and the AV for free.

    I've been using the AV and so far find it light and problem free. It also updates more than MSE
     

    Attached Files:

  18. Hungry Man

    Hungry Man Notebook Virtuoso

    Reputations:
    661
    Messages:
    2,357
    Likes Received:
    0
    Trophy Points:
    55
    Ah, it seems you're right about that.
     
  19. nu_D

    nu_D Notebook Deity

    Reputations:
    741
    Messages:
    1,577
    Likes Received:
    1
    Trophy Points:
    55
    Isn't it just a 30-day trial? If not can you paste the link?
     
  20. Steven

    Steven God Amongst Mere Mortals

    Reputations:
    705
    Messages:
    989
    Likes Received:
    2
    Trophy Points:
    31
    Not 30 day, there is a one year trial going around for that on the Comodo Forums. And hes right, the anti-virus is free off Comodo's official site.

    Here is the one year free trial with Geek Buddy if anyone wants it:
    CIS Pro (new package) free for 1 year!

    However, If you want to use an anti-virus alongside Defense+ and the Firewall I would recommend something like Avast or Microsoft Security Essentials since they have better detection rates.
     

Share This Page