Online Armor Firewall Shows Strong Promise

Tall Emu, a small but dedicated software company based in Australia, has been quietly developing and refining Online Armor almost as if it were reading Scot’s Newsletter’s specifications for the ideal software firewall for Windows XP and earlier. Some of those specs include (updated 1/22/2008):

  • Very low system overhead with a strong preference for standalone software — no full-blown security suites
  • Full compatibility with popular third-party standalone software from other security application categories
  • Excellent outbound security protection, as pre-screened by Matousec.com
  • Simple, informative, and highly usable user interface
  • Reliability
  • Works quietly, alerts you when there are real problems not for the heck of it
  • Strong, responsive development team behind the product that is actively developing the product in a rational manner
  • A feature that lets users rapidly shutdown all inbound and outbound activity
  • Protects but doesn’t cause intermittent problems with Windows local-area network functionality.

Another specification is that the firewall support Windows XP (at least) and Windows Vista. (At the moment, Online Armor does not support Vista. Tall Emu plans to add that support in a forthcoming though possibly not imminent release.)

This post is a sneak peek into my current testing and research on software firewalls for Windows since I last wrote about this topic six weeks ago. In that article, I admitted Online Armor as a last-minute entry into the comparison to give Comodo 3 one last run for the money.

Over the last month and a half, I have received scores of helpful messages from Scot’s Newsletter readers detailing their experiences with Online Armor 2 and Comodo 3. I have also tested the paid version of Online Armor. My research has not concluded yet. I’m waiting for the next version of Online Armor because of a handful of issues with the product (installation mode doesn’t work that well and the documentation for the paid version is very spotty). Overall, however, people testing Online Armor who’ve written to me about it are very positive about it. Few people are reporting serious problems. The same cannot be said for Comodo 3, whose makers have released three or more iterations of Comodo 3 because of several bugs, crashes, and errors.

When you install Comodo 3 in its Basic Firewall installation mode — which doesn’t install the HIPS (host-intrusion-prevention system) — it’s a much more reliable and usable product. But it’s also potentially less protective than Online Armor’s built-in HIPS protection. I’m also beginning to become disillusioned with Comodo’s approach to software development. The company culture appears to favor hurry and time to market over testing and polish. I realize the product is entirely free. But when you experience a serious problem as some people have with Comodo 3, it becomes your time and frustration.

I have to stress the point that I have not had trouble with Comodo 3. It works pretty well for me (except for a bug related to its Help facility that caused a crash in the first release of Comodo 3). But I have had numerous emails from readers about their problems with Comodo 3. Many of those people have gone back to Comodo 2.4 or switched to some other firewall.

So, at this juncture, I’m leaning toward Online Armor, which has been 100% trouble free for me. I still have to perform security tests on Online Armor. Plus I need more time with it. And I’m waiting for an update to the product to see whether a few areas improve. Online Armor is a relatively young product. Its makers are still adding significant new functionality.

I’m still looking for your input on the latest versions of these two products. If you’re using Comodo 3 or Online Armor 3 (or both), please take a moment to send me your experiences, positive or negative, with the two software firewalls:

Or you can post them right here as a comment to this blog entry.

Stay tuned for a final software firewall recommendation. For more information on Windows software firewalls, check out the entire software firewall evaluation series.

18 Responses to “Online Armor Firewall Shows Strong Promise”

  1. Jojo999 Says:

    Scot says “I’m also beginning to become disillusioned with Comodo’s approach to software development. The company culture appears to favor hurry and time to market over testing and polish.”

    Really? I’m still on Comodo 2.4 and the last thing I would call them is fast. Their response to problems with 2.4 that I filed ages ago was slow to non-existent. Comodo 3 was supposed to come out in April 2007 originally I think. Then it was pushed off to June, July, September and I think they actually released it for real in November or December 2007.

  2. JanPoko Says:

    Yes, I confirm everything Jojo said.
    The Comodo team evidently overestimated their capabilities when they started to work on completely new HIPS instrument. To make things worse – at least from customer’s point of view – they
    stopped support for existing (and quite good but for small bugs) version 2.4, devoting all their sources to the new version.
    The result is a screwed product, pottentially dangerous (it can damage your OS, on their forum there appeared somewhere even the advice to re-format, it can switch off without warning that you are unprotected) and very annoying with eternal pop ups.

    For about a month I have been using On Line Armour (now 2.1.0.56 beta) and so far I am very satisfied.

  3. Scot Says:

    JoJo:

    I didn’t say they’re fast, I said they hurry. They’ve released at least three versions of Comodo 3 in only a couple of months. They hurried 3.0 to market without adequate testing. I agree that from a support perspective, Comodo’s response to customers is barely adequate (although there are other software firewall makers that are much worse in this regard).

    On 2.4, you might need to consider the situation. It appears to me that Comodo is effectively abandoning all previous versions with the release of 3.0. Since the product is quite comprehensive, can be installed in both a version that’s similar to 2.4 (Firewall Basic) and with a HIPS (Advanced), and most of all because it’s entirely free — Comodo decided to stop working on the 2.x line and is asking you to clean install v.3.0 to solve problems.

    For all the complaints I’ve received on Comodo 3, they don’t hold a candle to the number of annoying, serious problems that people have reported to me concerning 2.4. I think the product is improved in version 3, but it still has kinks and seems to me to effectively be a public beta test without the label. Any expectation that 2.4 will be retro-fixed is, I think, a hopeless one. Their fix is version 3.

  4. Scot Says:

    JanPoko:

    Don’t want the HIPS? Install the “Basic Firewall” installation of Comodo 3. Very few people have given me feedback on this version of the program. But it is very nice, very light — and a LOT more quiet than the default installation, “Advanced,” which adds Defense+ (the HIPS).

    Comodo 3 Basic Firewall’s Install Mode works better than the current version of OA, too. I can’t vouch for this version’s firewall protection, however. My guess is that it’s just fine, but guesses are worth less than zero relative to security.

    Because security testing is labor intensive, my approach is to find something that’s done well in previous tests and then vet the product for reliability first. That’s where I am with OA 2 and Comodo 3.

    — Scot

  5. JanPoko Says:

    “Don’t want the HIPS? Install the “Basic Firewall” installation of Comodo 3.”

    Scot: That is not a wise solution. You certainly know that basic firewall in v3 is less effective than the v2.4. In other words, it would be a downgrade from the previous version.

    And if you read Comodo forum (I am sure you do) then you know that even with the basic there are some bugs left (like not remembering some settings).

    After all, reading all the posts – not my sole experience – made me to declare that the task was above the team capabilities. I’ve been a life time professional programmer, so I think I can estimate what a heap of problems they got into…

  6. Scot Says:

    JanPoko,

    We’re going to have to disagree about whether there are problems with the Basic Firewall version or whether it’s better than v.2.4.

    I don’t do my hard research by reading forums. I actually *test* products. My experiences with the Basic Firewall version of Comodo 3 so far have turned up zero problems. If you’ve had issues, let’s hear what they are. Otherwise you’re just casting aspersions based on hearsay.

    The same is true of whether Comodo Basic Firewall 3.0 is more or less protective than version 2.4. Did you test it? Is there a reputable testing agency whose data you can cite showing that its protection has been reduced? I’m all ears if you’ve got hard data. And I will seriously eat my words, willingly.

    Otherwise, please stop spreading unsupported rumors.

    From my point of view, a lot of this may be moot. If you read the story that started this thread, I am leaning in favor of Online Armor. It’s the reliability and bugginess issues with Comodo, as well as the company’s lack of proper development and esp. testing procedures, that may keep me from picking the product no matter what. If that’s the case, I’m not going to spend hours and hours of time testing its level of security. I’ll reserve that time for products that are still contenders in my evaluation.

    — Scot

  7. ken10254 Says:

    My Comodo 3 experience has been very mixed. Using the advanced installation was a nightmare. I wrote to you about those issues, and you mentioned the basic install. I tried that and have had no problems since.I am using it on most of my computers, but I have not replaced Ver. 2.4 on my most critical machines. I’m not sure what that means about my faith in the company, but I will eventually upgrade to ver. 3 unless you talk me out of it and into trying the other product you are testing.

  8. Scot Says:

    Interjection into this thread (having nothing at all to do with Ken10254’s post!): Posting comments on Scot’s Newsletter Blog is a privilege, not a right. I reserve the right to delete anyone’s post — especially when they attack me or someone else in a snide or rude manner. I don’t care if people who like to do that stop reading my stuff. And I’m happy when people who like to do that stop posting comments here. What’s important to me is that people who like to have constructive dialog feel comfortable doing so.

    I have also received many messages from long-time Scot’s Newsletter readers asking me not to allow the comment threads to get out of hand. They say that blog sites sometimes get ruined by people who like to post maliciously. I agree, that’s to be avoided if possible.

    So, fair warning: If you post in a way that I deem to be attacking of me or others, your post will be deleted and your registration may also be terminated.

    There were three posts like this recently in this thread that were deleted. Since that’s the first time it’s happened here, I’m posting public notice about it. But I won’t always do that.

    I want to stress, disagreeing with me is welcomed. Disagreeing with me in a snide or attacking way — especially when the points you’re making aren’t factual or supported in any way — well, let me just say I feel no compunction about deleting stuff like that.

    — Scot

  9. Scot Says:

    ken10254:

    I’m in the process of getting hard information from the Comodo people about the differences between Comodo 3 Advanced, Comodo 2 Basic, and Comodo 2.4. I still need to clarify some points in this document, but here’s some information Comodo sent me yesterday when I asked them to clarify differences between Comodo 2.4 and Comodo 3.0 Basic Firewall. I’ve already asked for clarification on point #12 below, about version 2.x’s anti-leak mode, which appears to be missing in both installation options of Comodo 3. It sounds to me, though, that there is both new protection and some protection potentially lacking in Comodo 3 Basic Firewall. However, neither of these points mean anything in terms of the product’s actual protection — which can only be established by objective testing, not guess work.

    One point that should be made. For the folks that make decisions based on specs alone (the same people who don’t actually test drive a car before buying it, presumably), Online Armor offers a very similar experience to Comodo Basic Firewall. On paper, though, Online Armor has a HIPS running, and Comodo 3 Basic Firewall does not. So, theoretically Online Armor should offer better protection. I’m just not a big fan of theoretical distinctions when it comes to hardware and software.

    The document from Comodo:

    CFP 3 BASIC New Features
    —————————————–
    1 – CFP 3 consumes 2/3 of the memory of 2.4(7 MB vs 22 MB), consumes less CPU time
    2 – CFP 3 has many user interface enhancements over 2.4
    3 – CFP 3 introduces Predefined Rule Sets(e.g. Email Clients/Web Browsers etc)
    4 – CFP 3 does not require the users to create manual firewall rules. For example, to make CFP 2.4 work with P2P applications (to get a high ID), the users had to create network security rules. CFP 3 shows popup alerts for incoming connections (CFP 2.4 did not have this functionality)
    5 – CFP 3 has the defense against Layer 2 attacks (ARP spoofing)
    6 – CFP 3 rules interface is much more flexible and powerful
    7 – CFP 3 has a unique feature called “application grouping” i.e. File Groups. For example in CFP 3, more than one applications can be grouped together and treated as 1 application. For example: “Windows System Applications” etc. And CFP 3 supports wildcard characters and environment variables (e.g. %windir%, *, ?)
    8 – CFP 3 automatically detects the new networks and can create a trusted zones on the fly
    9 – CFP 3 has a Training mode for GAMERS and GAMING friendly
    10 – CFP 3 BASIC can detect 70%(According to our local analysis) of unknown viruses with a unique static heuristic analysis algorithm. This is not related to Defense+ or any behavior analysis. When an application tries to connect the internet, CFP FIREWALL alert can show a clear virus warning.
    11 – CFP 3 supports Vista and x64 processors
    12 – CFP 3 current does not have an Anti-Leak mode similar to CFP 2.4. If Defense+ is disabled, unless it is detected as a virus, leaking is possible.(3.1 or 3.2 will have an anti leak mode)
    13 – CFP 3 has a blocked IP addresses/hosts list e.g. spyware sites etc(My Blocked Network Zones)
    14 – CFP 3 has 1-Click stop all activities feature.
    CFP 2.4 does not have a hips i.e. does not prevent the harm however it can detect known leak techniques and show an alert if there is an internet connection attempt.

    There are some user transparent features in CFP 3:

    1 – A new enterprise strength stateful inspection engine,
    2 – It can be managed remotely
    3 – It performs stateful layer 2 inspection
    4 – It detects routers, switches and optimizes MTU in slow networks

  10. wraithdu Says:

    I’ll start off by saying I was an avid supporter of Comodo’s firewall v2.4. So I was excited to try out v3 when it was released. I disliked Defence+ from the start. It had way too many useless popups and generally annoyed me. So I gave Online Armor FREE a try, at this point it was at the 2.1.0.31 release. Now admittedly, that version has some pretty glaring bugs, such that I had to give it up and decided to give Comodo another go.

    This time I used Comodo without Defence+. And as a general firewall I had no complaints about it. However I came to find out, Comodo v3 is simply hamstrung without Defence+. It has no parent process checking, and no hash checking. In fact it fails its own CPIL Test Suite (search on the forum for CPIL for the download). This was really disappointing, as you have no choice really but to use the firewall with Defence+ if you want any sense of security.

    So I gave Defence+ another go. I was more prepared this time to nurture and coddle this little piece of software. Despite my good intentions though, D+ refused to remember my “Trusted” programs. I spent the time of creating my own program group with all my security software so I could make it all trusted and avoid the inevitable deluge of popups. But D+ refused to honor it, and would reset everything to “Custom” and insist on learning its behavior. It even created duplicate entries in its software policy!

    That was literally the straw. Back to OA FREE. At this point they had released Beta 56 (now I’m up to Beta 60), and I’m must say it’s a really different piece of software. I have no more issues with it, despite one BSOD with VirtualBox, which they’re researching now. I’m totally happy with it on all my systems. No it doesn’t have the level of configurability as CFP3, unless you pay for it, but it passes Comodo’s CPIL Suite at least, as well as everything else Matousec threw at it.

    Plus their support is very good. Forum posts are always answered and bugs are usually fixed promptly.

    I’m not sure what else to say. I’m glad there’s another alternative to Comodo that’s free and secure. I wish Comodo all the best, and I hope they can turn their latest releases around and regain the public’s trust, as they’ve surely lost mine for the time being.

  11. Scot Says:

    wraithdu, I appreciate that you took the time to explain your issues with both products. Thanks. I haven’t had the issues with Comodo 3 w/Defense+ that you describe, but others have. And, to be honest, any sense at all that Comodo would ignore user input and display repeated pop-ups is enough for me to just say no to Comodo. That was one of the biggest problems (for some people, not everyone) with Comodo 2.4.

    I also didn’t have the issues you had with OA 2.1.0.31, but I know that other people have had some issues — usually with very specific other programs or activities from what I can tell. I like the paid version of OA even better than the free version. I’ve been testing both. But the free version is a great product.

    I have access to the newer betas too, but I prefer to test final versions with security software.

    Anyway, thanks for the details. Your report that Comodo Basic Firewall appears to be unable to trap leaks will disqualify it once I test and verify that.

    — Scot

  12. gmbandco Says:

    Here’s an interesting spin on OA. I installed the free version, and set it to allow all the programs it found. The next time I started Windows, the Office 2000 Toolbar, which is set to load on startup, wouldn’t run. I shut down the background OA that was running, and the toolbar started up fine. Anyone else have a problem like that? Did I miss some setting I was supposed to do? Was it a result of using the free version?

    -George

  13. milleron Says:

    I have no personal experience with Comodo, but I have been interested in your ongoing review. I’ve therefore followed the development of version 3. At this point, I’ve decided not to install it purely because of this post, http://tinyurl.com/2tbxnz, on the Comodo Forums. Apparently, Comodo has utterly failed to develop an UNinstall process for this product, and in many cases it’s impossible to install an upgrade without a manual uninstallation of the extant version — an incredibly complicated SEVENTEEN-STEP process. It’s frankly ludicrous, and it’s so significant to me that I, personally, am opting NOT to experiment with Comodo until their development team rectifies it.

  14. squibbon Says:

    I’ve used both of them for extended periods of time (even participated in the beta test of OA for awhile), and in the end, abandoned them both in favor of the free Webroot Desktop Firewall (which I think you gave up on a bit too prematurely, Scot). The failure of OA to develop a Vista version is quite troubling to me. As for Comodo, the implementation of the Defense+ HIPS leaves much to be desired, especially the ‘Pending Files’ feature.

  15. Scot Says:

    Hey, to each his own. Webroot Desktop Firewall (a.k.a Privatefirewall from Privacyware) is a good but not great product. I would have considered it more seriously if I were recommending Vista, since Online Armor doesn’t support Vista yet. But my clear recommendation has been to give Vista a miss, at least for now. Even with the issues that some people have had with the early releases of Comodo 3 (Note: I’m having no problems with it), I prefer Comodo 3 to the Privacyware firewall.

    I tested Webroot Desktop Firewall, which I believe is a repackaging of Privatefirewall 5. Privatefirewall 6 is offered on the Privacyware site for about $30. The currently free Webroot firewall is OK, but its outmoded interface makes for a less-than-ideal user experience. We’re each entitled to our opinions, but don’t presume that I somehow didn’t research this product just because you disagree with my opinion.

    If you need a refresher on the factors that go into my consideration of software firewalls, you might read this.

    — Scot

  16. Scot Says:

    A note to readers and commenters to this thread: Last Friday I interviewed three of Comodo’s top executives, including its ceo and chief engineer. They freely admitted that Comodo 3 has had issues, mostly due to the fact that it has fully implemented Vista 32-bit and 64-bit support, and there were post-launch issues they didn’t anticipate. They believe those have been resolved with the current release of Comodo 3. Note: Their belief is that Windows XP users didn’t experience many issues, that most of the issues were for Vista users.

    They also clarified a point for me — discussed earlier in this thread — about the viability of Comodo 3’s “Basic Firewall” option that verifies what some people have posted in this thread. Now that I have hard evidence from Comodo, I can readily agree with those — such as wraithdu above — who have posted that Comodo 3 Basic Firewall is lacking. Specifically, it does not have Comodo 2.4’s outbound leak protection. Because of my stated factors for this evaluation, Comodo 3 Basic Firewall option is eliminated from contention and it should not be used by anyone. This determination also greatly weakens Comodo 3’s viability in the comparison with Online Armor unless you’re a Vista user. (And so far as I know, 64-bit Vista users have only one choice: Comodo 3.)

    The interview, my second with the Comodo team, gave me insights into the direction that the company plans to go with the Comodo product. And, while it’s been a rough ride in recent months for users of the various Comodo products, I wouldn’t write this company off just yet.

    — Scot

  17. Scot Says:

    milleron:

    About your concern that Comodo 3 cannot be fully uninstalled and that it fails during uninstall, apparently some people may have encountered that latter issue. Vista makes the first issue more complex. Most complex applications leave stuff behind in Windows.

    I can report personally uninstalling various incremental versions of Comodo from several Windows XP machines and then installing newer versions of Comodo or other firewalls without any issue whatsoever. So it’s not a universal experience that problems occur. And when you’re looking at forums posts, it becomes the easiest thing to assume that if there are several posts of a problem, it’s a big problem. But the truth is that people who don’t have a problem aren’t even reading the forums, never mind posting there. Problems always, always appear to be larger in forums than they really are.

    Some people are having issues. Yes. Some people are having issues with every software product ever offered. Is it worse than that with uninstalling Comodo 3? Hard to say for sure. Might be. But it’s important not to jump to conclusions.

    Should Comodo do a better job with its uninstall routine? Oh, probably. I’m not really defending Comodo 3. I just think it’s important to keep things in perspective.

    At least one man is having no problems whatsoever using both Comodo 2 and Online Armor 2. I probably represent the majority. But people like me usually have little reason to post comments or forum messages.

  18. Online Armor Firewall - What’s Your Opinion? ~ The Blade by Ron Schenone, MVP Says:

    […] Scot’s review here. […]

Leave a Reply

You must be logged in to post a comment.