I actually wanted to fully test the most recent version of this out before actually commenting. Pretty much everywhere says this thing is one of the best free software based firewalls out and it always seemed to come within one of the top two recommendations everywhere I've looked. Was it actually that good and as good as all the hype was making out?


 
XP users wanting a serious (but free) firewall need to check this out
  

If you're still rockin' an XP rig as it will definitely sure up your firewall defenses without a doubt, but generally I did most of the hands on testing of this on a bare metal hardware based instance of Windows 7 64-bit of the OS and it did little to impact on the overall performance of the system whilst doing its thing. Anyone who's taken the time to delve into the control features of the built in Windows 7 firewall settings will know its far more in depth and potentially far more secure then the built in firewall that comes with XP in both default and advance configurations. The strange thing was that even after I installed Comodo to my hardware based instance of Windows 7 my computer did in fact start to run significantly faster then before whilst being online. 

What do I mean by this? Well, have you ever noticed how much faster your computer runs when you completely disconnect from the internet by either closing all connections down or physically removing all means of connecting your system to the general consumer accessible end of the internet? Well it was almost running like that meaning that it must have automatically closed off a fair number of ports that I'd overlooked.

Not to mention that it did little to disrupt regular usage of the internet, not once did I get an unable to connect error through inadvertently activating some setting with no clue as to how I did it or how to undo it. 



Apparently the difference is...
 
Where as other firewalls are application based potentialy still allowing for unwanted connections with or without your knowledge Comodo firewall is very much so a "rule based" firewall and every step of the way it will inform you of anything that is trying to use your internet connection to then give you the option of deciding what to do whether that be:


-  allowing it just the once to let whatever it is do its things whilst you see what it actually does to then ask you again each and every time if its something you want to personally keep track of

- permanently allow a process that is trying to access the internet if you know its something that you can trust based on knowledge, testing or maybe general lack of actually caring what it does. There's also an option to revoke access that individual processes have but you have to dig around a bit in its settings

- "sandboxing" the process where by it partially limits a process by allowing it to run but keeps a closer check for malicious or unwanted activity that could compromise the security of your system/do something you don't want it to do. However you still have the option to "un-sandbox" it at your discretion if you feel you know better or need it to run

Further to that it automatically stealth's many of your unused and potentially vulnerable ports by default in order to prevent access to them  but there are additional options to step this up even further. If you're feeling extra paranoid you can even turn up the setting to inform you at every single connection access related event including the default processes that are actually essential to making your actual OS work whilst connected to the internet. I wouldn't recommend this option if you don't know what it is you're looking for that maybe hiding as you might inadvertently block something that's required. 

Need even more security? There are also additional "data packet" filtering options to chose from with further options to auto disconnect when a suspicious pattern of usage occurs out of context that might be unwanted against your hardware setup.

There's even the option to monitor all the outgoing and incoming connections in real time giving you the information you might need to narrow down which processing trees are doing what in terms of port hogging with the option to terminate individual branches of multiple ports being accessed by any particular process. 

What could be classed as obviously suspicious? Of the top of my head and as an extreme example a process tree that suddenly instantly sprouts 50 plus active branches of outgoing IP addresses and port ranges with relatively broad connections and loads on each individual branch.

Speaking of port ranges there's also the option to specify individual or multiple port ranges and apply specific tailored rules sets to them if you so choose. Its definitely come a long way since I first and last used it over 6 to 7 years ago and even then I remember it being pretty good for the time for something that was free. This pretty much offers a lot of premium like firewall features for nothing.

Still want more? Well if you're a home user that’s not behind a corporate firewall how about going through Comodo's secure DNS servers for anonymous and more secure internet surfing? The last time I checked this kind of feature was something  that you had to pay for where as it comes free to use if you optionally choose to do so.


In summary
 
Basically if you find the idea of delving into the built into the relatively comprehensive  Windows 7 firewall a little daunting Comodo firewall kind of repackages and adds to it for greater accessibility to make it as simple or as in depth as your needs require based on your level of knowledge and ability to use  it. Either way it provides a very in depth and simplified visible control over an additional layer of internet security that does actually work by yielding directly noticeable results straight after installation. 

Overall I'd highly recommend this and I'm generally suspicious and critical of most things. I'd certainly recommend it if you're still running XP and don't already have some sort of premium or hardware based firewall already. The GUI definitely didn't leave me thinking it needed a design consultant when compared to other free firewall interfaces as it generally came across as being very slick and professional as far as the old eyeballs were telling me.


If you need even more security and features on top of what you already get in their quite comprehensive free version Comodo also provide a premium version with even more, is that even possible?? 




Addition notes:

Its not really  a big deal if you don't use VM's but it didn't play too well with VM's on my current rig possibly due to current hardware limitations and a less than optimum hardware configuration on the machine I had it set up on

I've also tried installing Comodo firewall to a VM and initially it did have the same desired effect of speeding the VM up. But over the duration of about a month and as the updates came the performance of the VM started to gradually deteriorate. It was only by removing Comodo firewall from the virtualized OS instance that the VM started to run quickly again. So I wouldn't necessarily recommend it for use a in a VM unless you had the necessary hardware resources to allocate within an appropriate configuration for optimum performance. I might also point out that I wasn't really running it under the most optimum of conditions for a 64-bit VM. For a start I was running a 64-bit instance of Windows 7 on a Host machine running Windows 7 64-bit too all from the same hard drive! Ideally the VM should have been configured to use a separate physical hard drive. On top of that because of the larger memory requirements of 64-bit OS 4GB on the host is enough but isn't ideal for running virtualized 64-bit Windows 7 instances in a hardware based host instance 64-bit windows 7 instance and multi-tasking other apps.  I guess it would have been more sensible to use 32-bit VM's within the current bounds of system hardware limitations I have as they would have ran much more quickly with lower memory requirements per VM in order to actually operate to an actual usable standard.

The same issues still applied to virtualized 32-bit XP based instances where performance  initially improved but gradually deteriorated as the updates came. Again it was the case that removing the Comodo firewall from the VM's helped to speed them up again.