[AccessD] OT: Comodo Firewall

Dan Waters dwaters at usinternet.com
Thu Dec 27 08:50:04 CST 2007 

I used Comodo for several weeks, but finally gave up.  After clicking 'OK'
several hundred times, I realized that I had no way of knowing if what
Comodo was telling me was about to happen was OK or Not OK.  

And that was just wasting my time.  I'm back to BitDefender which is
well-reviewed, low cost, and pretty unobtrusive.  

BitDefender provides a small graphical activity indicator for File activity
and Internet activity, which is just nice to have.

Dan

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of jwcolby
Sent: Thursday, December 27, 2007 8:25 AM
To: 'Access Developers discussion and problem solving'
Subject: Re: [AccessD] OT: Comodo Firewall

In which case turn off the proactive defense thing.  IMHO that part is not
ready for prime time.  IIRC Comodo has several million installed users and
the majority have no problems but some of us do (me too).  The Review /
Pending thing is you telling Comodo that the files are OK, you approve of
them.  The huge number occurs as Comodo does the initial scan of your
system.  I think that there is a "select all" and you can then "approve".
Basically that is telling the Active Defense thingie that these files are
known to be good and stop worrying about them.

I am not a security guru, I just use it.  My understanding of the Active
Defense thingie is that it is a monitor that does several things.

1) Watches what programs load and alerts you to any not on the "OK list",
those being possibly infections that slipped in some how.
2) Watches running applications to see how they interact.  Programs "use"
each other all the time.  FoxFire "uses" quick time to display or play
something etc.  Supposedly you tell the Active monitor ONCE that it is OK
for program A to use program B.  If the interaction is not in the OK list
then you are warned that the interaction is happening.
3) Watches that programs try to modify the registry.  This is waay more
common that I realized but occurs mostly at install and so can signal that a
nasty is installing itself, or that it is attempting to disable another
program (AV, firewall etc).

So Active Defense is a program that sits in memory and watches Windows do
its job looking for signs of danger, keeping a list of which things you say
are OK and alerting you to things that you have not said is OK.  These
"Active Defense" programs are becoming more common as the normal infection
vector (email) becomes the least used vector.  Nowadays the most common
vector is malformed HTML, but that is certainly not the only vector.
Messenger, file sharing programs, Office documents (and now access
databases), PDF files, pictures, music, all of these things have been used
to spread infections and so an "anti nasty" system has to do more than just
scan email for viruses.  It pretty much has to watch Windows DYNAMICALLY run
and look for suspicious activities from moment to moment as you use your
computer.  Thus "Active protection" .

Unfortunately by its very nature it is NOT unobtrusive.  All it can hope to
do is to keep track of things you say are ok and not ask you about those
things again.

John W. Colby
Colby Consulting
www.ColbyConsulting.com 
-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of pcs at azizaz.com
Sent: Thursday, December 27, 2007 8:15 AM
To: Access Developers discussion and problemsolving
Subject: [AccessD] OT: Comodo Firewall


John Colby recommended Comodo Firewall and I installed it ...

I have no time to read all the Help etc. 
I had placed the Proactive Defence to PC Clean Now I have over 7,000 files
for review / Pending Files!!??

What should I do?

Apart from Purge?

What does Move To.. My own safe files do? Does it physically move the files?

Remove ?  Does that mean remove from the list of Pending Files? What good
will that to, will the files just start accumulating again for my
review(?!).
For sure Remove wouldn't mean remove from the System - that's the Purge,
right - not in the mood to test that one out %( .

What is your recommended setting for this Proactive Defense thing?
 
I don't roam the www wildly - I just want to install a firewall and then for
the most part forget about it...

Confused,
Borge
--
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

-- 
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com

More information about the AccessD mailing list