[PANTUGGeneral] Windows XP Firewall + AV = Comodo
JP Vossen
finding Comodo to be quite impressive, here's why.
As I mentioned, I liked ZoneAlarm but had had problems with it. I've
been meaning to try Comodo for a while, and since Art & Lefty mentioned
it I gave it a shot. No one told me it also included AV and other
stuff! But I was concerned about the resource consumption issue Drew
mentioned, so I tested things a bit. (I love VMware.)
To (roughly) test RAM I used snapshots of the same XP SP3 + AutoUpdater
VM in VMware Workstation 5.5.9. The machine was idle, and I had
previously turned off some unnecessary services. Nothing but stock
Windows XP apps are present, no other applications (e.g. Office,
Acrobat) are installed.
At idle a few minutes after a reboot:
Nothing: 81M (diff from nothing M)
Comodo FW+AV+: 132M (+51)
Zone Alarm FW: 106M (+25)
Avast4home AV: 175M (+94) [1]
Avast+ZA: 206M (+125)
[1] Avast sucked 25-40% of CPU for avast.setup for AV DB update for a
few mins. after rebooting after the install. That is not a problem, but
it spiked RAM and CPU for a while and I was wondering what the heck it
was doing.
I originally forgot to mention that the real reason for the FW is
application egress filtering, since the machines in question are also
NAT'ed behind a M0n0wall Firewall (http://m0n0.ch/, see also
http://pfsense.org/). So to test that without having to install FireFox
or something I tried an outgoing connection to my local mail server
using Netcat (nc.exe). I thought about using MS telnet, but I was
afraid that would already be flagged as "safe" and at least for Comodo
it was.
The Netcat test worked exactly as expected and desired in ZoneAlarm,
that is, the attempt was flagged and I was prompted what to do. Comodo
flagged nc.exe as "unsafe:malware:RemoteAdmin" when I opened the
Explorer window (via UNC to Samba), before I even did anything! Then it
wouldn't even allow me to copy it. I had to go into the Comodo controls
to turn off "realtime virus scanning"; disabling the Firewall and
Defense+ from the toolbar didn't help. Once I did that, I was allowed
to copy nc, and then when I tried to use it I was prompted as expected
and desired. I am impressed.
Also, for what it's worth , both Comodo and Avast passed my trivial
eicar (http://www.eicar.org/anti_virus_test_file.htm) test, which was to
try to double-click on eircar.com in an Explorer window opened via UNC
path to a Samba share on a Linux server. I also tried to drag and drop
it, which failed as expected. See my post about McAfee and AntiVir
which both failed this trivial test in 2006 (yeah, that's a while ago,
but no AV tool should *ever* fail this test for any reason):
http://groups.google.com/group/pantug/msg/aff4e387b17127e3.
Thanks,
JP
----------------------------|:::======|-------------------------------
JP Vossen, CISSP |:::======| http://bashcookbook.com/
My Account, My Opinions |=========| http://www.jpsdomain.org/
----------------------------|=========|-------------------------------
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
_______________________________________________
PANTUGGeneral mailing list: PANTUG...@lists.pantug.org
To unsubscribe yourself or change your delivery options see:
http://lists.pantug.org/mailman/listinfo/pantuggeneral
For the searchable archives see:
http://groups.google.com/group/pantug/
Eric
out.
Anyone have any experience with Blink
(http://www.eeye.com/html/consumer/products/blink/index.html) There is
even a free version for a "limited time".
Eric
--
# Eric Lucas
#
# "Oh, I have slipped the surly bond of earth
# And danced the skies on laughter-silvered wings...
# -- John Gillespie Magee Jr
JP Vossen
> Here is a 1 year free license for Kaspersky if you want to test or
use > it for home.
Eric wrote:
> This is interesting. I've never heard of Comodo before but I'll check it
> out.
>
> Anyone have any experience with Blink
> (http://www.eeye.com/html/consumer/products/blink/index.html) There is
> even a free version for a "limited time".
I'd never heard of it, but I studiously ignore trialware.
<soap-box>
This reminds me of the "Facebook and good anti-spyware" thread I have
going with David. I know I need to get back to it, but I'm reading
http://www.geekonomicsbook.com/, which is making my point far better
than I could, though in a slightly different way. I argue that when we
ask which product(s) to use to attempt to protect windows from itself,
we're asking the wrong question. We should be asking why we need to do
this in the first place. The book implicitly argues the same thing, but
the context and position is that software manufacturers, unlike any
other industry in the world, utterly disclaim any responsibility and
liability for their products. That is unthinkable for anything else,
and should be unthinkable for software too. Great points and examples
in the book.
David and others will be pleased to note that while _Geekonomics_ picks
on MS quite a lot (and justifiably so), it also picks on open source as
not any better and in some ways worse. I see his points but don't
completely agree because I worry about competition and choices (or lack
thereof). I was disappointed with the brevity of the open source
chapter and lack of useful solutions presented therein. And I haven't
quite finished or digested the book; when I do and have time I'll pick
up our thread.
He makes some really great points about innovation, craftsmanship vs.
engineering and some analogies and parallels between software and auto
safely, civil engineering, screw standardization, and much more.
</soap-box>
Eric
is just plain free but they won't always offer the free version.
Perhaps I'm not understanding their offer however.
As for the liability issue I partly agree. I'll take a look at the
geekonomics book.
Windows, as much as I hate it in some ways, is just plain everywhere and
I as a consultant have to deal with it. For most of my customers.
switching to macs or Ubuntu is, sadly, just not an option. Those that
have switched to Macs (2 customers) have been very happy. Also, I don't
hear from them much anymore :-) Those that have had to switch to Vista
are typically miserable.
My day-in day-out workstation is Ubuntu and it does precisely what I
need in a safe, secure way. After 10 years of heavy-duty Linux use I'm
adjusted to most of the quirks.
Thanks,
Eric
--
# Eric Lucas
#
# "Oh, I have slipped the surly bond of earth
# And danced the skies on laughter-silvered wings...
# -- John Gillespie Magee Jr
_______________________________________________