PROS / The Comodo firewall thwarts the most sophisticated hacker techniques.
CONS / Despite 25 million product installations in 100 countries, the brand is just beginning to gain recognition.
VERDICT / Comodo is the most bulletproof firewall for Windows.
Editor's note: A newer version of this product is available. The manufacturer lists version 8 as offering 24/7 365 day remote support. We will evaluate, rank and review the new version of this product when we next update the Personal Firewall Software reviews.
Comodo Internet Security Pro from Comodo Group (Jersey City, New Jersey) frustrates the hacker community. In general, all firewall software can scan, filter, block and stealth ports, making it difficult for cybercriminals to access the sensitive information on any personal computer. Since the Windows operating systems come with some form of firewall as part of the system, it's up to users to determine if that is sufficient to the task of ultimate protection. Because there are regular virus outbreaks and subsequent security updates issued within the Windows community on a regular basis, there seems to be evidence to suggest that augmentation or replacement of the standard Windows firewall security is still beneficial. Comodo is our Top Ten Reviews Gold Award winner in personal firewall software.
There are differences among Windows firewall-software products. And although they all meet a minimum-performance standard to filter incoming and outgoing data packets, as long as the creative genius of evil evolves, firewall technologies must evolve. There may come a day when we connect to the Internet with absolute assurance of security. But there are no known limits to human creativity and intelligence, so the competition to deploy the most secure firewall is a metaphor for the struggle between order and chaos.
The Comodo firewall passes leak tests that attempt to connect with internet servers in order send data. For example, Comodo successfully filters ICMP traffic as well as outbound TCP and UDP traffic. Comodo has control over the launching of Windows Explorer and it can prevent a suspected process from changing or launching the default browser. Some hackers attempt to replace the executable code of the default browser, but Comodo prevents such a thing. If a malicious HTML page attempts to execute, Comodo can deny the attempt.
Spying tests such as keyloggers and packet sniffers attempt to discover patterns in order to deduce information to exploit. The Comodo firewall successfully squelches spying tests with relative ease. If a keylogger repeatedly scans for the key-code status to infer which keys the user is pressing, Comodo detects and stops the action.
Another hack tactic is to install system infections that survive reboot. Comodo passes autorun tests. If malware attempts to install itself in the system registry so that it can run whenever the user invokes Windows Explorer, Comodo clobbers it. The Comodo firewall also prevents malware attempts to remain persistent in the system by altering machine-wide registry settings for the Command Processor.
System-integrity tests check whether a security product defends against attempts to modify the system to allow sufficient privilege to subvert it. One example is that Comodo will not allow malware to load a driver to the kernel of the operating system. Comodo protects registry keys if any process tries to manipulate the security descriptors associated with the registry keys.
When all else fails, hackers construct attacks designed to crack specific security products. Hackers know that each security product relies on specific registry entries and files. Therefore they attack known product components with the intention to damage certain files or terminate the processes that are necessary to the product. Comodo protects its own processes and processor threads from termination. If a suspicious process attempts to terminate a product by sending a shutdown message, Comodo does not kowtow.
Additional Security Features
Because Comodo Internet Security Pro is more than a firewall, it has the wherewithal to detect and block viruses, Trojan horses, worms, keyloggers, rootkits and other malware in real time. For any program that attempts to run on the PC, the product checks the signature against a database of files known to be good or bad. Comodo runs unknown files in a virtual sandbox until their behavior reveals whether they should be released or removed. Even though the product includes an antivirus component, it is modular so that it can be installed independently of the firewall. Users can opt to leave Comodo’s antivirus module uninstalled in favor of an antivirus product from a different vendor without losing interoperability with the Comodo firewall.
In order to protect users while surfing from public Wi-Fi networks, Comodo provides an encrypted internet proxy service (128-bit encryption). To encourage users to back up data on a regular basis, Comodo provides 2GB of online storage space.
Comodo Internet Security provides features that make it easy for novices to understand how to respond to alert popups when malware attacks. The user can see “Security Considerations” generated by Comodo’s expert-system database in order to decide how to respond to the alert. Should the user require more information, each alert includes a “ThreatCast” feature, which reveals how millions of other members within the Comodo community have responded to the specific threat. The Comodo installation process invites each user to join the Threatcast community in order to benefit from the collective knowledge of the hive mind. After taking into account the product’s expert-system advice as well as the Threatcast community’s response, the user can allow, block or apply predefined security policies. Based on the context and nature of the alert, Comodo prompts the user to decide whether it should remember the answer so that it can apply the response to similar situations in future without an alert. The user may also submit the file to Comodo for analysis. If the user senses impending doom, it is possible to create a Windows system restore point in order to quickly recover in case the threat is uncontainable by other means.
Comodo’s graphical user interface is excellent and intuitive. A summary screen is the foundation of the interface and a starting point for forays into screens dedicated to system status, virus and network defense, and firewall reports and tasks. There are policies and wizards preset to help beginners and average users establish rules. Users can apply rules for access rights per application or on a global basis. Malware alerts use color codes. Yellow is low severity. Orange is medium. Red is high severity. All antivirus alerts are coded with a red upper strip.
Help and Support
The user guide is a wonder to behold: excellent, precise and complete. Every user has 24/7 chat access (“LivePCSupport”) to support technicians from within the product console at no additional cost. If chatting proves insufficient, the support person can remotely access the user’s desktop. If the PC is not functioning, a toll-free number in the user manual (and confirmation email) provides telephone access.
Comodo Group has such confidence in Comodo Internet Security that if any PC becomes infected while under Comodo protection, the vendor will rid the PC of viruses for free. Furthermore, if the vendor fails to disinfect the PC and get it up and running, the user receives up to $500 toward repair. The offer applies to USA residents only and requires that the user must have installed the antivirus component along with the firewall component and Comodo LivePCSupport. The offer is also contingent on the user having run and passed a scan from the latest Comodo Antivirus signature database.
The performance of the Comodo firewall under extreme security testing demonstrates that not all Windows firewalls are created equal. Comodo Internet Security is a firewall with an antivirus module that conveniently and graciously allows the user to install one or the other or both. Comodo gathers and maintains a database of threat signatures to automatically protect users without unnecessary alerts, if they so choose. Comodo anonymously monitors threat responses from the volunteer ThreatCast community and aggregates response percentages in real time so that all users benefit from the wisdom of the collective response trends. Comodo directs unknown files to a virtual sandbox until their true character is revealed so that they can be categorized or exterminated.
Online chat and the ability for support technicians to remotely access a problem installation are available all day and every day. For residents of the United States, the vendor will restore an infected PC or contribute money toward repair.
Comodo Internet Security Pro is an excellent personal firewall software choice.