Firewall question

first off, let me mention that i'm still using an older version of comodo (2.4), and i'm assuming you have the newer 3.x --- so things may not be exactly the same...

when comodo pops up with an alert, there's a box toward the bottom which you can click-on (check) for "remember my answer for this application".   If you do so, it should not ask you about that program again....

unless/until that program is updated [=changed], and it will alert you (that its "cryptographic signature" has been changed) to be sure the change was something you intended [as opposed to a change by malware].

have you been checking this box?   if not, doing so may take care of your problem.

if you have been checking the box, and are not satisfied with comodo, a recommended alternative (provided it runs under your operating system) would be Online Armor firewall.

I am currently using version of Comodo 3.0 on the Vista machine I am writing this on. It has pretty much settled down now and the alerts have dropped off. But I really do not recommend Comodo for the average user like myself and most forum members. It just seems to be too strict and tight in its application, and needs to be babysat at every minor change to an application that is already trusted. It also seems at times not to remember the approvals that are given to it. It is supposedly a good firewall, but to me it is a pain in the ....

to use.

I have Online Armor on my XP machine and have been quite pleased with it. It does go through a training period at setup, and alerts at times on things it is not sure of, but not to the annoying extent that Comodo does. As soon has they come out with a version for Vista I will be installing on this XPS as soon as I can. Online Armor appears to be as good as, or superior to Comodo, and is much more user friendly and easier to use. The worst thing about Comodo is that it presents so many alerts that a person could get careless and allow something malicious in. Below is link to Online Armor

http://www.tallemu.com/

let's start with a more basic question first:   have you tried [and ruled out] Vista's built-in firewall?    that should be the simplest option, for someone who's a beginning-to-average user.

also, is your system connected through a router?   if so, most routers include a hardware (NAT = Network Address Translation) firewall, which many believe offers you superior protection to software firewalls.

EDIT:   alternatively, what firewalls have you used in the past, that you felt comfortable with?   it may be entirely reasonable to fall back to one of those [provided it has a vista-compatible version]...

the "limitation" on XP's firewall [yes, I want to say XP here] is that it's a one-way firewall only:   it protects you against INcoming threats.   If you have your other necessary defenses running --- a good resident anti-virus program, and a good resident anti-malware program --- IF [and this is a big IF] these can keep the threats off your computer in the first place, then an incoming firewall may be all that someone needs.

however, when/if something manages to "sneak through" your anti-virus / anti-spyware programs and "gets into" your computer, it may then try to "phone out" --- either to alert its "maker" that it got through, and/or to try to further infect your machine by downloading additional malware.   this is where an OUTGOING firewall can be of use:   Windows XP firewall will NOT stop anything already on your system from "calling out".   so that's why people often want a "third-party" software firewall, such as comodo or online armor, which monitor this OUTGOING traffic (in addition to the usual incoming traffic).

But as you've seen, there's a "price to pay" [intellectually, not in terms of real money]:   whenever a program attempts to "phone out" (for the first time), the firewall "catches" it, and then asks for your "permission" before allowing the call to go through.   But this means you have to be capable, and ready, of making such decisions.

You might say a "good" firewall should be able to decide this for you.  well, that might be the case to an extent:   in my (older) comodo 2.4, there's a feature to "scan for known applications", "such as Internet Explorer, Skype, or MSN Messenger, and automatically allows you to create the Internet access rules for them".   But the problem is, there's just SO many software programs "out there", that even if the firewall knows about some of the current "popular" ones, there's no way it can know about EVERYTHING that people might be using [nor about newer programs yet to be created... keep in mind that unlike anti-virus programs that get updated regularly (often daily), a firewall does not obtain such routine updates.  

      (if any one does, perhaps someone can inform us about it).

the point being, i think that even if you opted for a paid firewall, you'd find that you'd still have to "go through the ropes" to "teach" it about the specific programs you want to allow to access the internet.

having taken some time to explain all this, let's now get to Vista [which I don't have... so I'm going to be careful how I state this]:

it is my understanding that Vista's firewall either is, or can be configured to be, a two-way firewall.   hopefully, some vista user can chime-in here to confirm [or deny] this, and possibly elaborate on how it works.

as for your netgear rangemax router, you didn't mention the model number, but if it's WPN824, then it does have a "double firewall":  

• Network Address Translation (NAT) to hide PCs & files from outside users
• Stateful Packet Inspection (SPI) firewall to deny outside requests for personal information

• see under SECURITY, here:  http://www.netgear.com/Products/RoutersandGateways/RangeMaxWirelessRoutersandGateways/WPN824.aspx?detail=Specifications

   if this is the one you have, then I'd be willing to speculate that the Vista built-in firewall will be more than enough for you.

   

  Message Edited by ky331 on 08-31-2008 06:59 PM

The impression I got from various threads was that Vista's Firewall was just OK - not the best thing a person could use.  That's why I installed Comodo.

I have a NetGear RangeMax wireless router.  I don't know if it has the Network Address Translation you mention.

Several years ago I used a McAfee suite that had a firewall and, more recently, before I installed Comodo, I used Trend Micro's PC-Cillin.  The reason I quit using PC-Cillin was a matter of principal.  They wanted to charge me $30 more to automatically renew than what I would pay if I purchased it at a retail store.  It had to do with being a Dell customer.  There is a thread on this forum explaining it.

I really appreciate your help.

Vista does have a two way firewall. 

http://www.microsoft.com/protect/computer/firewall/vista.mspx

I have been using it on my two pc's with no complaints. 

My NetGear router is a WNR834B.  Their website says it has:

• Advanced wireless security encryption protects your data
• Double firewall protection from external hacker attacks
• Supports Wi-Fi Protected Setup (WPS) standard

•  

  The other programs I have are:

  Avast

  Spybot Search & Destroy

  Spyware Blaster

  Malwarebytes

   

  Having said the above, do you think it would be reasonable for me to rely on my Vista firewall and uninstall Comodo?

   

  Thanks to everyone for helping me.

I can't thank you enough for all of your help! 

Since your netgear router offers "Double firewall protection from external hacker attacks"... and since BB says it's good, you should be just fine with the Vista firewall.

avast is a good choice of anti-virus (and the current version, 4.8, also includes some degree of anti-spyware protection).

Vista also offers you some good protection of its own:

1) UAC (User Account Control) --- those "nagging" popups asking for permission to allow certain actions, are there for your protection!   Unfortunately, some people get so annoyed that they disable this feature --- and doing so is a big mistake.   UAC offers you some excellent protection, provided you know how to properly respond to its requests.

2) Windows Defender is pre-installed with Vista, and offers you resident [as well as on-demand scanning] anti-spyware protection.

If you're using IE7, be sure the anti-phishing filter is enabled.

by "MalwareBytes", i'm assuming you meant MBAM:  MalwareBytes Anti-Malware [they offer other programs as well].   the free version is an on-demand anti-malware scanner/remover.   a superb program!

however, no single anti-malware program catches everything, so it's strongly recommended that you use at least two such scanners.   For your second, I would suggest SAS [SUPERAntiSpyware] FREE version for home users

http://www.superantispyware.com/

Alternatively [or in addition to SAS], another good [second/third] choice would be A-squared FREE

http://www.emsisoft.com/en/software/free/

as for SpyBot, while it can't hurt to keep around, it's no longer considered "top of the line" as it once was years ago (on win98/ME).

[EDIT - Clarification:  however, i do believe that XP users can still benefit from Spybot's Immunization, TeaTimer, and SDHelper-BHO features.]

finally, concerning SpywareBlaster, there's a debate as to how useful it is under Vista... while some still use/advocate it, others maintain that, given all of Vista's security enhancements, SpywareBlaster really doesn't add anything that's not already there.   My suggestion (since you already have it), if things seem to be running fast-enough, and without any problems, you might as well keep it.