本帖最后由 zxyzhlly 于 2011-1-17 12:57 编辑
在COMODO官方论坛看到chiron的一篇文章,非常好,讨论的是如何设置毛豆的默认规则以达到最大安全防御,同时保持最少弹窗。这对于想用毛豆又不想折腾的很有用。现予以转贴,供豆油们参考。我的英文水平一般,只能看懂个大概,希望英文好的能帮翻译下。
原帖见:http://www.techsupportalert.com/content/how-install-comodo-firewall.htm
简单翻译下要点: 毛豆的默认规则已经是很强大了,但是仍然可以通过改变一些设置以进一步增强安全性。 首先,启用默认规则中“Proactive Security”。具体怎么做不用翻了吧。 然后,打开防火墙设置,点击“端口隐藏向导”,选择“拦截所有进入连接并对其他人隐藏我的端口”,但如果程序联网出现问题,改选“当有人连接时警告我并根据情形隐藏端口” 再打开“防火墙行为设置”,选“警告设置”,除非你共享网络连接,不要勾选“这台计算机作为INTERNET连接网关”; 打开“高级设置”标签,选择“执行协议分析”。如果你的计算机处于局域网中,再勾选“保护ARP缓存”及“拦截GARP帧”。 下面设置D+: 打开“D+设置”,点“可执行控制设置”,系统默认的是“部分限制”,建议选“限制性级别”,这可以拦截已知的所有攻击。
How to Install Comodo FirewallUpdated 9. January 2011 - 17:14 by Chiron
This guide was written for version 5.3, also known as 2011, of Comodo Firewall. If you are instead using Comodo Internet Security you should be aware that the free version is now called Comodo Internet Security Premium.
If you're concerned about your PC's security using a Host Intrusion Prevention System (HIPS) is a great addition to your protection regime. A HIPS prevents unknown programs from altering any part of your system without permission. Therefore, malware is automatically prevented from doing any damage.
In this way HIPS is superior to detection-based software, such as traditional antivirus applications, because it will stop any type of malware. It will even protect you against zero-day malware, i.e. malware that has just been created and for which no detection signature yet exists. It is able to do this because it automatically blocks any files that have not been verified as safe and asks you if they should be allowed access to your computer. Of course the obvious downside to this approach is that just as there are millions of malicious programs there are also millions of safe ones. As HIPS vendors cannot instantly analyze every possible legitimate program, it's quite possible that you will receive questions about some safe programs, as well as malware.
In response to this, HIPS vendors have developed extensive whitelists, i.e. databases of known safe programs. If a program is known to be safe, or is produced by a trusted vendor, then you won't have to answer any questions about it and the program will be allowed complete access to your computer. Thus the number of alerts you get for everyday applications is, thankfully, very small.
You may be wondering if you still need to run traditional antivirus software alongside a HIPS. While you can theoretically do without one, if you know which programs to allow or block, my advice is that it's still a good idea to install an antivirus. With a traditional AV in the loop most threats will be eliminated before the HIPS can even examine the suspect file. Thus if a signature for the particular malware already exists, which is not always the case, you will be protected from making a bad decision. There are pros and cons to both HIPS and antiviruses, but I find that they complement each other very well.
Comodo Firewall is one of the best known HIPS firewalls, and for good reason. In addition to providing rock solid protection, it's also completely free. If you like you can even download Comodo Internet Security, which includes Comodo Antivirus. This is also free. Regardless of the AV you choose to install alongside Comodo Firewall you won't need to worry about any compatibility problems. However, remember that it's very important to never run more than one antivirus program at the same time. They can cause conflicts or even crash your computer.
Installing Comodo Firewall
Before installing security software designed to protect your computer, I find it's best to first ensure it's clear of malware. I know it sounds like strange advice, but this can prevent problems further down the road. Assuming you already have an antivirus scanner installed, run a full scan of your computer. It’s also a good idea to scan with a few alternative programs like Hitman Pro and the programs reviewed here.
If these scans don't find anything suspicious then you can proceed to download the installer. Here are the download locations for both Comodo Firewall and Comodo Internet Security. When installing either program please follow the advice given in these installation instructions that is pertinent to your situation. Trust me when I say that it will help avoid many problems and make life altogether easier for you. (As a disclaimer I'm only talking about installing Comodo Firewall. The rest of your life is up to you.)
After installation is complete you can now safely disable User Account Control. The same protection is included, and improved upon, in Comodo Firewall.
Configuration
Configuring Comodo Firewall actually isn't that difficult. The default configuration is quite robust, but there are still some changes that can be made to increase the protection even further.
First you should change the default configuration to Proactive Security. To do this right click on the icon in the taskbar and select the option for "Configuration". Select "Proactive Security". This is the most secure configuration of Comodo Firewall available. Also, I'd like to break the flow of this paragraph to point out that my screenshots are from Comodo Internet Security. The configuration steps will be the same for Comodo Firewall, but some of the screens may look slightly different.
There are also some changes that can be made to the Firewall component. Open the program and go to the Firewall tab. Click on "Stealth Ports Wizard" and select the option to "Block all incoming connections and make my ports stealth for everyone". In general this is the best choice, but it may interfere with some programs. If you have problems getting a program to connect to the internet, then instead select the option to "Alert me to incoming connections and make my ports stealth on a per-case basis". This will configure the firewall to ask your permission any time there is an incoming connection that Comodo doesn't already know to allow or block.
While still under the Firewall tab, go to the "Firewall Behavior Settings". Select the tab for "Alert Settings". Unless you are using Internet Connection Sharing on your network, and this PC is the "gateway", you can safely uncheck the box that says "This computer is an internet connection gateway". You can read more about Internet Connection Sharing on this site, but if you don't already know what it is chances are very high that you don't have it enabled.
Now open the "Advanced" tab and check the box to "Do protocol analysis". If your computer is part of a network you should also check the boxes to "Protect the ARP Cache" and "Block Gratuitous ARP Frames". If you are not part of a network then you do not gain any security by checking them. After configuring the firewall portion of Comodo Firewall this is what your configuration may look like. Now open the tab for "Defense+" and go to "Defense+ Settings". Open the tab for "Execution Control Settings". I would recommend changing the option to "Treat unrecognized files as" from "Partially Limited" to "Restricted". Previously I recommended that you keep it set on "Partially Limited", however, due to a vulnerability that is discussed in this post on the Comodo forums I now recommend that you set it to "Restricted". This will protect you from all malware I'm aware of, but will likely cause unknown applications to fail. To learn more about how Comodo's Sandbox works you can read this Introduction to the Comodo Sandbox. If you do notice malware behavior on your computer restart it and the problem should be gone. That's the way the sandbox was designed. Also, if you have unknown programs on your computer, you can join the Comodo forum and post them in this topic. They will be analyzed and added to the whitelist, if appropriate.
There are also other options for how to treat unrecognized files, and one of these is "Blocked". If you're a paranoid person, like me, who doesn't like the idea of malware being able to access any part of your computer, then perhaps this option is for you. Just prepare yourself for the inconveniences that come along with it. If you select "Blocked" then any unknown files will essentially be quarantined until you manually add them to your list of trusted files. This means that if even one file of a program is unrecognized then the entire program could crash. Don't say I didn't warn you. If you choose this option and there are programs in the sandbox that you don't recognize you can follow these methods to check if a file is malicious before you add them to your trusted files list. There are also other options for how to configure the sandbox. You can read about them on this page.
Further Questions
Now Comodo Firewall should be configured for maximum protection and maximum usability. At this point restart your computer and see if there are any problems. If you have any questions then please peruse these FAQ's. If you still find your questions unanswered then you can search the Comodo Forums for a solution. The community will do their best to help you with any problem that you may have.
If you believe this article deserves anything less than 5 stars then please leave a comment below explaining how you think it can be improved or where you find fault. In fact I'd appreciate any feedback, positive or negative, so that I can improve the article. Your opinions and advice will be much appreciated.
This software category is maintained by volunteer editor Chiron
| 
发表于 2011-1-16 22:54:24
发表于 2011-1-16 23:10:18
这贴转的容易,看着好难
