 | Firewalls are great tools, but some people find them a bit frustrating. This week I explain a bit about firewall technologies, firewall performance, how to extract and use information from firewall logs, and how to remove a certain firewall if the need should arise. |
How to uninstall the Comodo firewall
Several weeks ago in the Jan. 11 edition of this newsletter I mentioned Comodo firewall, which was recommended by one of our readers. Many of you tried it and found it to be problematic. Lloyd Lamouria wrote to share his experience:
- “After seeing the recommendation about Comodo, I decided to try it. After half a day of unsuccessfully trying to get it to play nice with my system, I finally decided to uninstall it. After the uninstall, nothing worked. No Internet connection, nothing in the Control Panel would work, Firefox would not start, Spy Sweeper hung, etc. Had to resort to a system restore. After doing some research, a lot of others have had problems as well. Just a word of caution.”
What ‘stateful inspection’ means for you
There are two basic types of firewalls; one is a "stateless" filtering system, while the other is a "stateful" inspection system. Bill Norrie wrote to ask about this:
- “I installed Comodo on my wireless laptop after reading the article in the Jan. 11 edition. However, I came across this information below on a forum and wonder if you would like to comment on it:
- “Comodo is not a stateful firewall. It makes little difference how good Comodo does in the leaktests; it omits the one thing the firewall was originally invented for, and that’s keeping ALL intruders out at ALL times, not just when ports are closed and hidden. The only technology with this capability is SPI, which is why it’s the one you’ll find in a hardware firewall.”
- “Comodo is not a stateful firewall. It makes little difference how good Comodo does in the leaktests; it omits the one thing the firewall was originally invented for, and that’s keeping ALL intruders out at ALL times, not just when ports are closed and hidden. The only technology with this capability is SPI, which is why it’s the one you’ll find in a hardware firewall.”
A stateless filtering system is basically a system that filters data packets without any regard to why the packet is arriving at your computer. It performs its filtering based on a simple set of rules that govern whether packets are allowed in or not, and it bases its design on parameters such as desination port numbers, protocol types, etc.
Stateful packet inspection (SPI) also filters packets, similarly to a stateless system. But it does its work based on a table of "connection states," thereby offeringan added layer of protection.
For example, when your browser opens a connection to a Web site, the firewall makes a record of that connection and keeps track of the state of the connection — whether it’s open or closed, etc. Then, when a packet arrives at your computer, the firewall compares data in the packet to the firewall state table to determine if the packet was intended for any of the connections the firewall knows about. A stateful inspection system can also base its decisions on the actual data content of the packets it receives. Overall, stateful inspection makes for a stronger type of firewall.
Stateful inspection can slow down your system
In the previous item, I briefly explained stateful inspection, but what I didn’t discuss was how stateful inspection affects system performance. Adib Behi noticed a performance lag on his system and wrote to ask about it:
- “Whenever there is a noticeable slowdown in response time on my system, I check Comodo and it reports a flurry of ‘Inbound Policy Violation.’ Most of the time, those violations come from the same few IP source addresses, mostly based in Australia or China.
“I’m happy that Comodo catches them and prevents access. Now, since this attack happens a few times every second, sometimes with short delays of five seconds in between, I presume this may be causing the slowdown. I’m no techie or Internet wiz, but that’s the only odd activity that I see.
Related posts:
