其实我也是在12月15日之后开始使用Comodo的,时间不是很长,也谈不上了解,之前使用杀软或者防火墙对于排行榜是很迷信的,选择Comodo也是出于这样的原因,但是.今天到上次公布这个排行的测试网站看了一下,12月19日在该网站的新闻版头条又公布了关于comodo的最新的测评新闻,令人意外的是口径却与上次测评大相径庭,才觉得对于安全类软件的使用需要理性的选择,于是翻译了这些文字.由于是首次翻译技术性的文章,涉及一些专业性的术语有可能不准确,请包涵。大家有兴趣可以到原网站浏览,希望大家对防火墙能有一个全面和理智的认识,而不是单纯迷信于排名,合适的就是最好的。附原网站链接:http://www.matousec.com/projects/windows-personal-firewall-analysis/Comodo-Personal-Firewall-2.3.6.81/
Comodo Firewall not much better than others (2006/12/19 17:49)
We have finished the analysis and published a review of Comodo Personal Firewall 2.3.6.81. Except its great ability to fight leak-tests, Comodo does not have a good security design and the implementation is also quite poor and buggy. Nevertheless, its final score, also because of its excellent anti-leak protection, is better than the score of ZoneAlarm and thus it took the first place in our ranking.
Comodo防火墙并非出类拔萃
我们已经完成并发布了关于Comodo个人防火墙2.3.6.81版的分析和报告。尽管凭借在漏洞防护测试中的优异表现,最终战胜诸如ZoneAlarm等著名防火墙而高分夺魁,但是除了在Leak-test的测试指标中表现良好 外,Comodo尚缺乏良好的安全性设计,同时在软件运作方面也显得差强人意。
Comodo Personal Firewall 2.3.6.81 - Review
Comodo Personal Firewall is a free Windows personal firewall that offers an extraordinary user interface but its security design is far from perfection and so is its implementation. There are many security holes that have to be fixed before this product is able to fight the modern malware techniques and skilled attackers.
Comodo个人防火墙概览
Comodo个人防火墙是一款具有出色的用户操作界面的免费防火墙产品,然而它的安全性设计以及运作能力还远称不上完美,要想有力的对抗现在流行的恶意软件以及技术娴熟的黑客攻击者,Comodo还有许多的安全漏洞需要完善和加强。
Tested version
We have tested the latest stable version of Comodo Personal Firewall available, which was 2.3.6.81. This version was recommended to us by its vendor Comodo Group. This firewall is more and more popular according to our poll. Comodo Personal Firewall is a free product with lifetime licence and this can be a strong argument for many desktop users.
测试版本描述
我们测试的是comodo的最新的稳定版本(2.3.6.81),这个版本由comodo公司推荐,同时根据我们的投票统计看,更多的人选择使用这个版本。Comodo防火墙是一款终身免费授权使用的产品,也许正是这样的做法才使得这款产品拥有如此众多的使用者吧。
Installation and initialization
The installation package, which is about 8 MB in size, can be downloaded directly from the vendor's website. The Installation Wizard asks you only about the installation directory before it copies all its files. Then, the Firewall Configuration Wizard is run to help you configure the firewall. At first, you can choose whether you want this wizard to configure your settings automatically, which is recommended for common users, or manually, which is an option for power users. If you choose the automatic configuration, the installation is finished and all you have to do, is to restart your computer.
We chose the manual configuration. This allowed us to select whether the firewall should approve Internet connections to known applications automatically or to scan the computer for applications that would be allowed to establish Internet connections. If you select the scan option, you will have to approve system applications manually after the reboot, because the internal database of programs that are allowed to connect to the Internet will contain only a few applications like the Internet browser or the email client. Then, we could configure detected network interfaces, and set some advanced settings like Alert Frequency.
After the reboot, Comodo Firewall Licence Activation dialog appeared. As mentioned above, Comodo Personal Firewall is a free product and the licence can be get from the vendor for free. So, the product activation is just a formality, but you have to provide a valid email address to the vendor to be able to receive the activation code.
The installation process was very fast, easy and completely trouble-free. The default settings are ideal for common use and need only a little tweaking if you want to run with the highest security that Comodo Firewall offers. Comodo received no penalty for the installation process.
安装和初始化
Comodo的安装包体积为8M,可以直接从官方网站上下载,在复制安装文件前,会询问安装文件解压的目录路径,然后设置程式将帮助你进行防火墙的一般性设置:首先你可以选择自动还是手动设置防火墙,当然,选择自动设置对普通用户来说是普遍的做法,如果使用者选择了自动设置,那么程序将自己完成安装,而用户只需要重新启动电脑就可以了。
我们选择了手动设置,这样方便我们选择是否允许互联网自动连接已知的应用程序或者对于那些被允许连接互联网的应用程序进行扫描。如果你选择了扫描选项,那你需要在机器重启后手动设置对系统应用程序的许可,因为核心数据库所允许的与互联网连接的程序仅仅包含浏览器或邮件客户端。然后,我们可以设置已经侦测到的网络连接端口并进行一些诸如警告频次的高级设置。
重新启动电脑后,Comodo的授权激活对话框将跳出,如上所述,Comodo是一款免费的防火墙,它的使用授权可以从官方网站上免费获得。所以,激活只是个形式而已,但是你必须向Comodo官方提供有效的邮件地址以便获得激活码。
整个安装的过程非常迅速便捷,没有丝毫的困难,默认设置为普通用户的通用设置,如果需要更高级别的安全等级,只需要进行少许的调整。Comodo不对安装过程的任何意外负责。
Hardware requirements
Comodo Personal Firewall occupies about 17 MB on the hard disk, which is a reasonable size of this kind of software. On the other hand, its memory usage of more than 26 MB RAM is a little too much but today's computers will handle it without problems. The performance of common working with system resources is reduced to about 70%. Such a performance reduction is also quite big for a personal firewall software. As for hardware requirements, Comodo Personal Firewall belongs among more demanding products.
硬件要求
Comodo个人防火墙需要17M的硬盘空间,对于软件来说,这个需求是合理的,另外,大于26M的内存占用稍显偏高但按照现在的计算机配置,运行没有任何问题。防火墙的正常运作将占据大约30%的系统资源,这样的占用比率对于一款防火墙软件来说同样是偏高的。总体来说,Comodo防火墙能够适用于现今大多数计算机硬件的需求。
Common behaviour and control
The main impression of Comodo Personal Firewall is its simplicity. The main control panel window contains three sheets. Summary gives you a brief information about a current state of your firewall and settings. Security allows you to view and change the settings. Activity sheet offers online monitoring of Internet connections as well as going over logs of your personal firewall. All controls contains only the necessary information.The simplicity may not be comfortable for advanced users who might want to play with detailed protection settings a little more, but most users would be very satisfied.
Comodo also implements a simple tray icon that can be used to open the user's interface or to quickly adjust the Security Level. Only three levels are available. Allow All allows all incoming and outgoing network connections, whilst Block All denies all connections regardless of your configuration settings. Custom level allows you to define the behaviour of four security components, these are Application Monitor, Component Monitor, Network Monitor and Application Behaviour Analysis. We highly recommend you to have all these components enabled.
Application Monitor cares about processes that attempt to establish network connections. If this component is enabled, you are alerted when a process, for which there is no rule in the database, tries to access the Internet. If it is off, any application, including those that were banned before, can access the Internet.
Component Control manages the database of known components. Every application that wants to be allowed to access the Internet can contain only allowed components. This protection fights against well known DLL injection attacks. Component Control can be enabled, disabled or work in the learning mode, in which it asks you to make a decision if the unknown component is detected.
Network Monitor is a standard packet filter, for which the user can define custom rules to allow or block connections from or to single hosts or computers in defined IP ranges or networks. If this component is off, all network connections are allowed unless another component stops them.
Application Behaviour Analysis monitors various actions of running processes. Using this component Comodo Firewall is able to recognize malware applications, when they attempt to control trusted applications to perform privileged actions.
A small problem we have found in Comodo Personal Firewall is that its Security Alerts, that ask for the decision about potentially dangerous activity, sometimes display wrong or insufficient information. This problem can result in a decision that users would never do if they receive correct informations. For example, if a malicious application replaces the executable of your Internet browser (i.e. iexplore.exe) with its own program, and you try to run your browser, then the only information you get from Comodo is that 'iexplore.exe is trying to connect to the Internet'. However, if it is not your default browser but some other trusted application that is changed, Comodo correctly reports that its cryptographic signature has changed. Fortunately, in most of the situations Comodo behaves correctly and displays valid informations that are sometimes supported with Security Considerations.
Another imperfection is that firewall logs are not saved when your computer is rebooted. Comodo saves firewall logs from time to time under unknown circumstances, usually when the user works with logs. Logs that were not saved before the restart will disappear. The whole interface for log viewing is not developed very well.
Our verdict is 90% for the Easy of use of Comodo Personal Firewall.
习惯性应用和操作
Comodo的使用便利性给人留下了深刻的印象。软件的主控窗口包含三个列表,概览表显示了防火墙现状和设置的简要信息;安全性列表允许你察看并修改设置;活动列表提供对互联网连接的在线监控并同时生成防火墙的相关日志记录,所有的操作都将只保留必要的信息。也许这样的便利对于一些希望能够进一步实现细节设置的高级用户来说很不适应,但是对于大多数用户来说,应该说这样的设置是能够让人满意的。
该防火墙同样也提供了系统托盘图标,以便于使用者切入用户界面进行相应快捷的安全设置。整个系统提供3个级别的防护等级。[允许全部],允许所有的进出的网络连接;[阻止全部],不管你是否进行了设置,禁止所有的连接;[自定义],允许你自己定义习惯的安全模块,比如应用程序监控,组件监控,网络监控以及应用程序使用习惯分析。我们强烈建议您打开所有的模块。
应用程序监控模块主要着眼于试图与互联网建立连接的进程,如果启用这个组件,那当一个在数据库中没有规则记录的进程试图进入互联网时,您将得到警告提示。如果关闭这个组件,那么任何应用程序,包括之前已经被禁用的,都可以与互联网进行连接。
组件控制模块主要是对已知组件的数据库进行管理。所有希望获得允许接驳互联网的应用程序只能含有被该模块所允许的组件。这种保护措施主要是针对常见的Dll文件导入攻击。组件控制模块可以被设置启用、禁用或者在学习模式下使用---当未知组件被侦测到,防火墙将询问您的决定。
网络监控模块是一个标准的数据包过滤器,可以使用户自定义规则,以允许或阻止往来于一个设定的局域网或IP范围内的单台主机或多台计算机的连接要求。如果这个模块被关闭,那么所有的网络连接要求都将被放行直到同网络内另台机器上的该模块被启用。
应用程序使用习惯分析模块根据运行的进程的变化而变化。通过这个模块,Comodo防火墙将能够在恶意软件试图通过控制已获得信任的应用程序,从而取得运行许可的时候被识别。
在使用过程中,我们发现comodo防火墙的安全警告存在问题,简单说就是在询问对潜在危险活动的是否放行的警告中,有时候会给将错误或者缺失的参考信息提供给使用者。这样的问题将直接导致用户对于类似问题辨别和判断的模糊,即使防火墙的警告信息是正确的,用户也可能不会采取任何行动。比如一个恶意程序用自己的代码替代了系统中合法的IE可执行程序(如iexplore.exe),而用户正好运行这个已经被替换的浏览器,那么Comodo所提供的警告信息仅仅是“iexplore.exe正在试图与互联网连接”。当然,如果被替换的不是你的默认浏览器而是其他的执行程序,并且该程序已经被使用者列为“可信任”,Comodo还是能正确的提醒你该程序的密码或类似编码性质的签名已经更改。幸运的是Comodo防火墙在大多数情况下都能够正确反映并提供有效的信息,这些信息中常包含合理的安全性建议。
另一个缺陷就是当你的机器重新启动后,Comodo的日志不能保存。通常当使用者调用日志配合进行操作的时候,Comodo都将在未知的状况下对日志进行多次保存,然而这些未设置为保存的日志在机器重新启动前就会不翼而飞。总体看它的日志查看界面需要进一步的改进和完善。
我们给Comodo防火墙在易用性方面的表现打90%分。
[ 本帖最后由 daryl 于 2007-1-31 22:05 编辑 ] |
发表于 2007-1-9 12:41:19
楼主
发表于 2007-1-9 12:54:49
