Comodo firewall is great if you like to micromanage every single process on your computer. Nothing slips past Comodo, seemingly even if you set the firewall to “disabled”. On the one hand, it’s a bit idiot-proof to the extent that it’s hard to accidentally disable the whole program by some mistake. On the other hand, I’m rarely able to get it to do exactly what I want. For example, just to get a simple P2P program working required making 4 non-intuitive application rules (one for port 80 for tracker announces, one for TCP in/out, one for UDP in/out, one to deny everything else) and a global rule. I also had to make these 5 new rules top priority or else they didn’t take effect. There’s a section for managing programs on an application-by-application basis so you’d think I could just point the firewall to P2P_program.exe and tell it something along the lines of “trust everything P2P_program tries to do; it’s safe” but that doesn’t work. Even the “allow all” setting doesn’t really allow all. You have to dig deep in the forums to figure out how to allow a single program access through the firewall on a single port or port range, as though this were some sort of uncommon task that only superusers need to know how to do. It’s not though. Whenever you install a program that needs relatively unfettered access to your Internet connection you need to let it through your firewall but there’s so much prerequisite knowledge needed to be able to do that in Comodo firewall that it can be extremely frustrating and time consuming. I should be able to choose a program, specify some ports and a direction (ie. IN/OUT) and be done with it. I shouldn’t have to mess with global rules, stealth port settings, and application-specific rules or be familiar with some arcane settings buried in an obscure “advanced” menu.
Comodo is not a bad firewall. Of course, I know nothing really about computer security, so even if it were a bad firewall I wouldn’t be qualified to judge. What I can say though is that Comodo makes it so difficult to actually allow a program to run normally that I may as well unplug my Ethernet cable for 100% security. The program is so secure that it makes it a real challenge to weaken it even slightly. A more user friendly approach is what I’m looking for, even if it may put me in a less secure environment than Comodo. I’d rather be put in a bit of danger by human error resulting from my own foolishness than do things safely but painstakingly with Comodo.
My other problem with Comodo though is cfp.exe, which unexpectedly jumps to 25% CPU utilization occasionally. I’ve read that this can be caused by conflict with another firewall or AV program but I don’t have another firewall and I’ve tried uninstalling my AV program Avast, with attention to meticulous detail including using CCleaner and the official Avast manual removal tool. I’ve also specified the entire “COMODO” directory to be excluded when Avast does virus scans. In the Defense+ settings of Comodo I’ve likewise specified all the Avast folders to be excluded. Neither of those ideas helped. The high CPU usage is not a reproducible reaction. It’s totally unpredictable and has no upside, which is what makes it so aggravating, unlike the strictness of the rules system which at least has the benefit of preventing me from doing something stupid. Sometimes I’ll simply be browsing the web without any P2P program open at all and cfp.exe will cripple my computer, sometimes for just a few minutes, sometimes for as much as a half an hour.
I didn’t want to use a commercial firewall as a replacement. I did a google search for “lightweight firewall” and came across PrivateFirewall. I’ve only been using it for about 30 minutes now but I already know how to make global rules, new application rules, how to trust an application completely, and how to make application rules that allow a program through the firewall only under certain conditions such as only via specific ports or only in one direction or the other. These are all things that were not satisfactorily covered in the Comodo help menus which meant I had to read countless threads on the Comodo forums before I could figure out how to do them and even then, my rules did not always work properly because I had missed some other minor setting that would render them ineffective.
I also like the PrivateFirewall taskbar icon of a friendly police officer.