The Best Firewall Software of 2008: Online Armor

The decision is in. After a year and a half of testing, and with the help of more than a thousand Scot’s Newsletter readers who’ve written detailed descriptions of their software firewall experiences, I’m happy to announce that Tall Emu’s Online Armor 2.1 is The Scot’s Newsletter Blog Best Firewall Software of 2008.

There are many reasons why I’ve selected Online Armor (OA) as the best software firewall for Windows users; the rest of this story delivers the details. But boiled down to a single thought, the most important reason is this: Online Armor offers the best blend of a high degree of protection with a high level of usability.

That may sound simplistic, but in this software category such a balance is the toughest thing for a software development company to achieve. It’s very easy to throw up a blizzard of pop-up user-prompts. You can make your system so secure that you’ll never want to use it again. It’s also easy to dumb down the security so much that you’ll rarely, if ever, see a pop up — and in the process, render the firewall ineffective. The trick is to offer solid protection with minimal user interruptions. OA 2.1 is the only firewall software I’ve tested that delivers a near-perfect balance.

Online Armor firewall comes in two editions: free and paid. Version number 2.1.0.112 was the latest one tested for both editions. [Editor's Note: As of 4/19/2008, Online Armor's latest version is 2.1.0.131.] Tall Emu updates the product frequently; to check on the latest versions of OA and read the release notes, see this Tall Emu support-forum post. In addition to the two different editions of Online Armor, Tall Emu also packages it with an antivirus module. For information about the differences among Online Armor Free, Online Armor (paid), and Online Armor AV+, see Tall Emu’s Online Armor Comparison page.

This review is specific to the paid version of Online Armor, which costs about $40. I’ve extensively tested both the free and the paid versions, and both work well. But it’s the paid version that I prefer and recommend (for reasons I’ll detail further along). Online Armor AV+ has not been tested for this evaluation. It contains the Kaspersky antivirus engine, which, while a good product, is not as good as Eset’s NOD32 2.7. Because I named NOD32 2.7 the Best Antivirus Product of 2007, I have tested Online Armor extensively with NOD32 running. I’ve experienced zero incompatibility issues between OA and NOD32 2.7. (Note: I’m still using and recommending NOD32 version 2.7, not the newer 3.0 version. Version 2.7 is still available from Eset.)

The second place Comodo Firewall Pro 3.0 software from the Comodo Group is also a very good product. The latest version tested for this review was 3.0.020.320. If your overriding concern is security, security, security, and you don’t mind a less-than-ideal user experience, Comodo is worthy of consideration. Its superb security ratings and great configurability make it well suited to more experienced users who prefer a belt-and-suspenders approach. This is not, though, the firewall to install on your mother’s PC. Comodo also comes in both 32-bit and 64-bit Vista versions. Comodo Firewall Pro is free. The Comodo Group is working on several features and functionalities that it believes will markedly improve Comodo usability, so this is also a product to keep an eye on.

Security Testing and Gating Criteria

This evaluation kicked off in September 2006 as a series review (long-term testing with progress reports). I have written many firewall articles during this period about my gating criteria, interim findings, products I tested, and reasons why specific products were eliminated from the running. To review that information, please visit SNB’s Firewall category archive page. By scrolling, you’ll find every installment I’ve written for the Best Firewall series over the past 19 months. Among other things, you’ll discover the reasons why I eliminated Outpost, ZoneAlarm, Sunbelt Personal Firewall (a.k.a. Kerio), and Kaspersky’s firewall (part of a suite). Each of these firewalls was a strong contender, but each had a fatal flaw that eliminated it from contention. The companies that make them could rectify those issues, but have not done so to date.

When it was first established, this evaluation used the results of FirewallLeakTester.com’s tests as a method of screening out lesser-performing firewalls. Later in the process, I switched to Matousec’s more in-depth and more regularly updated results. Matousec has recently updated its test results; Comodo gets the highest score, with Online Armor placing second. Corroborating my test results of past year, Matousec scores Eset Smart Security’s leak-protection level as “none.”

I have also performed a set of my own security tests on Online Armor 2.1, Comodo 3, and some of the other firewalls I considered along the way. The latest versions of Online Armor 2.1 and Comodo 3 offer superb protection when used properly. (Most importantly: In both products, the HIPS module must be enabled.) Both firewalls have received significant security improvements over the past six months, too. Earlier versions were not as secure.

Most of my research, however, has focused on usability, company support, stability, compatibility, and bug resolution. These are the areas that make the difference between a security product that you rely on and one you use until you find something better. Too many people are in limbo with products like this, just tolerating them at best. The goal of this research has from the start been selecting security products that you can live with, perhaps even love.

Why Programs Were or Weren’t Tested

The impetus for this review came after more than a decade of using and reviewing multifaceted, everything-but-the-kitchen-sink security suites such as Norton Internet Security. When I kicked that habit, I looked around for something better and realized that most mainstream computer publications were for the most part reviewing only the big-name, large-footprint products. It was clear to me that there was a better way that involved selecting a small set of best-of-breed security products that work well together. So my first determination was that fat security-suite products need not apply. Many of the other gating criteria spring from that decision.

This evaluation assumes that the software firewall is running behind a hardware router or broadband “modem” that offers network address translation (NAT) and stateful packet inspection (SPI), or in other words, a hardware firewall. For home use, consumer-class wired or wireless hardware firewall routers are available from D-Link, Linksys, and Netgear that are for security purposes comparable. Even if you do not have a network, I recommend that you purchase this low-cost hardware. If you have a wireless network, you should also be running password-enabled WPA encryption with a password that isn’t easy to guess.

Finally, over the long term of this evaluation, many new firewall products emerged. It was not possible to test all of them, and in some cases I relied on the input of Scot’s Newsletter readers to help me vet products. The review was also closed to new entrants late last year while I focused on the two finalists: Online Armor 2.1 and Comodo 3.0.

With those points in mind, these are the gating criteria used to determine the Best Firewall Software of 2008:

  • Very low system overhead with a strong preference for stand-alone software — no full-blown security suites
  • Full compatibility with effective third-party stand-alone security products from other software categories
  • Excellent inbound and outbound security protection with an emphasis on solid leak protection, as prescreened by Matousec.com
  • A simple, informative, configurable, and highly usable user interface
  • Software that is reliable and as bug-free as possible
  • Backed by a software development company that is stable, communicative, responsive to customer issues, and actively developing the product. As with any security product, the company behind it should have something to lose — its reputation — if it doesn’t properly stand behind and update the product. It also needs a strong, responsive development team whose development process emphasizes bug fixing and customer experience, not hurrying the product out the door to meet arbitrary deadlines.
  • Quiet operation; alerts you when there are real problems. Excessive or repetitive warnings or pop-ups aren’t acceptable.
  • Protects but doesn’t cause intermittent problems with Windows local-area network functionality
  • A feature that lets users rapidly shut down all inbound and outbound activity
  • Vista support, while not mandatory, is preferred. (Note: Online Armor does not yet have a Vista version, but it’s under development.)

Comodo 3: The Next-Best Thing

Comodo Firewall, from the Comodo Group, is a full-fledged software firewall that is free to download and use. Comodo has strong pluses and minuses. The 3.0 upgrade was highly ambitious and was not adequately beta tested. The result was a long series of incremental updates following the release of Comodo 3 — at least six updates over the past six months or so. For details about the releases, including what’s in them, check out Comodo’s Release Notes page. The good news is that Comodo is being actively updated.

The Comodo 3 software has a lot to offer. It comes with a server-based whitelist for its HIPS (host-intrusion-prevention system) module, called Defense+, whose purpose is to cut back on pop-ups. The product also offers an operational mode called Clean PC that, at your option, scans all your current applications and then registers them as safe. That means fewer pop-ups for you, especially in the early going. I also prefer the functionality of Comodo’s “install mode” to those of most other firewalls. It is capable of disabling several types of pop-ups for about 15 minutes in an attempt to let you complete a new program installation in peace. When the 15 minutes expire, it prompts you to turn off the install mode to reinstate full protection. The only problem with Comodo’s install mode is that figuring out how turn it on may not be immediately obvious to the average Comodo user.

At its core, Comodo 3 is a highly protective software firewall that takes itself seriously. Its primary design criterion appears to be that great security requires the program to ask the user to approve or deny any and all actions that might possibly be caused by something malicious. I can’t disagree with that thinking in principle — assuming the people running computers know enough to make the right decisions. Because many of them don’t, Comodo is trying very hard to minimize pop-ups with its whitelist, install mode, and initial hard drive scan. The company also has other features in the works (not evident in this build of its software) that aim to improve usability by reducing pop-ups and improving the software’s ability to detect threats.

Even so, Comodo 3′s Defense+ experience is not ideal. In the kind of usage scenario where several programs are downloaded each week, Comodo users are likely to experience a lot of pop-ups. If you don’t install new applications very often, my personal experience has been that Comodo settles in and the operation of the HIPS becomes less intrusive. It is, though, noticeably noisier than Online Armor’s HIPS protection. It also doesn’t appear to remember user inputs quite as well as the OA HIPS does.

The Main Difference

The primary reason why Comodo Firewall didn’t take top honors in this review is that it errs on the side of protection at the expense of usability. Comodo’s protection takes it a bit beyond the bounds of acceptable usability — a subjective determination on my part. In a nutshell, it has too many pop-ups in this release. And even though it is able to “learn” to have fewer pop-ups and can also be controlled by settings, both the initial and the long-term user experiences are diminished by this behavior.

For example, I was recently confronted with over a dozen pop-ups when I left Comodo running in memory while choosing to uninstall it from the Add or Remove Programs control panel. At least one user prompt is requisite in this scenario because otherwise, a malware routine could be written to uninstall or disable the firewall. You must approve anything that disables your firewall, even when you initiate that action yourself. From a security perspective, there’s a sound argument to be made for more than one pop-up, since most software products are made up of multiple modules that might be selectively turned off to create specific vulnerabilities. But a dozen pop-ups is well beyond the tolerable level in my book.

In another instance, when I directed Windows to install a single Windows Update patch, I was immediately faced with a pop-up — an acceptable experience. I did everything I could in that first prompt window to make Comodo trust the process that was running. But the software firewall nevertheless prompted me with 11 additional pop-ups before that one patch was installed. Windows Update (update.exe) should be a trusted app. I realize that the executable might be spoofed, but if a user validates it, Comodo should learn to be quiet after that trust is confirmed — without having to figure out Install Mode.

It may sound counterintuitive that I’m preferring a balance of usability and security over pedal-to-the-metal security. There’s an important reason for that: When pop-ups are too repetitive or too frequent, it’s only human nature for a large segment of the user base to start ignoring them. That behavior leads to a severe loss of security.

Software Quality

The build of Comodo I tested to wrap up this review, 3.0.20.320, has benefitted from the the long series of bug-fix updates since 3.0 was introduced. According to the company, most of the initial incremental updates were aimed at solving unexpected problems when running Comodo 3 on Vista, support for which was added for the first time in Comodo 3. But many Scot’s Newsletter Blog readers who use Windows XP also emailed me descriptions of problems with the first three incremental updates to Comodo 3.

Meanwhile, even though Comodo 2.4 was something of a cult favorite, it’s absolutely true that a wide range of people experienced significant trouble with that firewall too. So for a period of time, Comodo users were stuck between a rock and a hard place. Many of them tried version 3 and returned to version 2.4. Others wrote me that they left for other firewalls. But the period of disturbance settled down, and I’m no longer receiving email after email with tales of woe.

What that tells me is that Comodo 3 is a good firewall product, potentially a great one, that quite possibly was shipped to end users without adequate QA testing. As is always the case with free, publicly available software, some early adopters were ill-equipped to handle the problems they encountered. Most of those issues appear to have been fixed now. Comodo 3 was also an ambitious release, and bugs happen. But this kind of management of a development process does not inspire confidence — especially when it’s the type of product that can wreak havoc on your computer.

If the Comodo team can focus on software quality, and if it can add additional functionality that pares back on pop-ups, future updates of Comodo 3 could improve the overall usability of the firewall markedly. Solid protection plus good usability is a winning combination. For now, Comodo 3 misses on the usability front — the main reason it has come in second in this review. But because Vista compatibility is a Comodo 3 strength, for the time being at least, it’s the firewall I recommend to Vista users.

The Top Dog: Online Armor 2.1

Online Armor was the late entrant in this evaluation. A bevy of readers suggested it last fall after Matousec gave it a 100% security rating in an earlier version of its test suite. (Comodo received the same top score.) Since I began testing it and calling for input on it, the most common sentiment I’ve heard from people who try it is: “I like it.” Even people who’ve had issues with it have said that. And that’s been my reaction too.

Online Armor’s user experience is on par with ZoneAlarm Free and Sunbelt Personal Firewall — the two firewalls I’ve pointed to in the past as having the best user interfaces in this field. It’s also a relatively young product that is being intensively developed by its makers. OA’s basic UI is very solid, very easy to figure out without help. But the simple interface sometimes lures you away from finding some of the power that lies beneath. OA relies a little too heavily on context menus for access to power features. As you use this product, try right-clicking things. Somewhere down the road Tall Emu should add a column to many of its config screens with a link reading something like “options” or “configure” that opens the context menu. That would be more discoverable. Still, this is a minor issue. All in all, I’m very happy with OA 2.1′s usability.

Several new features debuted in the significant Online Armor 2.1.0.85 update released February 19, 2008, including a resizable main program window, improved on-demand system scan, install mode, and multiple network detection and management.

Version 2.1.0.85 also added a useful convenience feature to the Run Safer capability of OA’s Program Guard. Run Safer let’s you force Internet-connected programs — such as your Web browser, email, and IM package — to run with reduced Windows user-account rights, giving you added protection from malware. The new feature is a context-menu item that lets you temporarily run a Run-Safer-restricted program in a normal (or admin-level) mode.

The OA facility called Autoruns (Startup Items), which gives you a user interface for managing and controlling applications and services that launch automatically on Windows boot, has also been extended to watch additional aspects of the operating system.

The firewall’s Computers tab offers a network-access monitor that shows all the computers connected to your machine via your network. Available details include IP address, MAC address, computer name, and gateway IP address. You can right-click any of the other computers you see and direct the firewall not to trust it.

Probably the most improved aspect of Online Armor beginning with its 2.1.0.85 version is the online-accessible database of program information, which Tall Emu calls OASIS (Online Armor Software Information Service). The company has committed additional resources to keeping this database updated. As it has grown and become more fleshed out over the past several weeks, OASIS has become more useful. The main benefit of the online app database is evident on OA pop-up windows that display the “More…” link. By clicking this link, you’ll get useful information that identifies the program or process that initiated the pop-up — which can be a big help in deciding whether to block or allow the action. You can also get this information by working the context menus in the Programs area, which displays all the programs on your system. And Tall Emu expects to surface this data in other ways too.

The single most important point of failure with most firewalls is user error — usually involving the wrong decision on a pop-up dialog. It’s absolutely essential for firewalls to help educate users about programs running on their PCs. The time has long since past when firewall makers could reasonably expect users to already possess the knowledge to make these decisions. So it was an excellent decision by Tall Emu to make this change.

Tall Emu offers this list of product features on its website that will help you get up to speed on the program. This list doesn’t cover some of the recent improvements.

Inspiring Trust

One of Online Armor’s very best attributes isn’t a feature or functionality; it’s the people behind the product. Tall Emu’s CEO, Mike Nash, is the most visible person behind OA. He posts frequently in the OA support forums. What’s especially impressive about the talk and actions emanating from Australia-based Tall Emu is a strong corporate culture that values communication, honesty, a willingness to talk openly about problems, a responsive attitude, open-mindedness, and respect. I’m not sure how to say this, but I trust Tall Emu to do the right thing. I can’t remember the last time I felt that way about a software company in the post-Microsoft-antitrust era.

Getting back to the tangible, for the last month or two I’ve been directly aware — from emails written to me by SNB readers, OA forum posts, and emails from Mike Nash — of two or three serious issues with the most recent major Online Armor release (initially 2.1.0.85). Most bugs happen to only a small percentage of the overall users of a software product. I didn’t experience any of these more notable issues — in fact, probably most people didn’t. The point I’m trying to get at is this: I’ve been impressed with the transparency and alacrity with which Tall Emu attacks and resolves such problems. This nastier class of bugs, the worst of which is an occasional but recurring crash of Windows Explorer, have all been identified and fixed. (The fix for the Windows Explorer bug is being tested and should be released shortly.)

No product is perfect, and that’s probably more true of software firewalls than many other types of software. Online Armor has bugs just like all of its competitors. It’s what happens when problems are identified that distinguishes development teams. What I’ve seen from Tall Emu is that they do it the right way.

Parting Thoughts

What about the free version of Online Armor? It’s very good. The most important aspects of firewall and HIPS protection are in there. But the paid version offers several additional security layers that are easily worth the $39.95 price of admission.

There’s also a somewhat controversial limitation of the free version: It doesn’t automatically update with new versions of Online Armor. In other words, to install a new version of Online Armor Free you must uninstall the old version and then install the new version. No big deal you say? Not quite. That also means you should go through the initial setup wizard and then, to get through all the pain, launch and trust your most-often-used applications.

Online Armor (paid) can automatically download and install version updates. So, yes, this is something Tall Emu has done purposely to incent you to pay for the full version.

This decade has seen a dramatic rise of free software, but people don’t dedicate themselves full-time to a project like Online Armor without having to eat and do other expensive things. I urge all those of you who can afford the $40 to pay it — in fact, I urge you pay for all the “free” programs you use regularly.

Finally, for Vista users, a new version of Online Armor developed for Vista is very close to being released in an initial public beta test. It could take a couple of months, or longer, for Tall Emu to work through the bugs and deliver a final Vista version. As I wrote earlier in this story, use Comodo until then. When Online Armor for Vista ships, I will give it a look and post something about it.

Online Armor 2.1 .0.112 (the paid version) is the best firewall I’ve ever tested, offering a blend of usability and hard-wired security that’s near-ideal for maximizing protection and ensuring a good user experience. A great firewall doesn’t have to be, and shouldn’t be, a chore to use. Online Armor isn’t.

A year and a half after launching this quest, naming OA the Best Firewall Software of 2008 came naturally. The very best products have a way of standing out.

44 Responses to “The Best Firewall Software of 2008: Online Armor”

  1. Terry Says:

    OA is top dog! It doesn’t work with Vista so it should be disqualified for top place.

    It is hard to be impressed by something that doesn’t work for you.

    Terry

  2. Relayerman Says:

    I flip-flopped between OA and Comodo based upon the recommendations (twice for each, actually) and I had to go back to Comodo. On my XP 2ghz machine there was a long wait time when actually logging on to the machine that I did not experience with Comodo, but only with OA running. I may be wrong, but it felt like OA was loading its whitelist and getting itself setup, and all this prior to the deskltop being displayed.

    As for the pop-ups, I found both pgms to be excessive, but finally got both configured the best I knew how and yet OA still was worse. I think that with a machine that has a lot a of applications installed on it, which mine does, and with many being used daily, OA bogs down more than Comodo. And that looonnnngggg initial install is not acceptable (45 minutes for my machine). Comodo doesn’t do this.

    I also had more throughput problems with bittorrents (slower than normal thruput which supposedly was being addressed, but which I did not see any improvement). Comodo gave me no performance issues here.

    While I understand your statement about forking over $$ for the paid version, I used the free version to give it a test drive and since my test run was not satisfactory I am a little leary of forking over money to get the same type of performance hits for very luittle ‘extra’ benefit over Comodo.

    I did want to be convinced that OA is best, but it just isn’t for me.

  3. John259 Says:

    I just tried the free version of OA and I wasn’t impressed. There was a very, very long scan of Windows and program files on the first run – why should a firewall be doing that? OA’s been questioning numerous non-Internet-related program activities – a firewall shouldn’t be doing that, it’s none of its business. OA has two system tray icons with identical right-click menus – a minor issue but it seems amateurish. More importantly, OA doesn’t know about Word 2000 or the latest AVG Anti-Virus – again this seems very amateurish. Doing a bit of Googling reveals quite a few scare stories about OA. Sorry Scot, normally your information is of the very highest quality and I’m very grateful for all the hard work you do – but I’m going back to my ancient copy of Sygate that I know I can trust to behave itself.

  4. joe53 Says:

    I can’t comment on OA, never having tried it, but I must say that your evaluation of CFP 3 is spot-on in just about every aspect. I have used CFP 3 since its first full release, and have to agree that it was released prematurely. It seems to have ironed out most of the major bugs subsequently, and consequently I’m not now tempted to switch to OA.

    But CFP 3 is a demanding firewall, and for this average user learning the ropes was no small task, compared to the previous version 2.4. Which begs the question: why was 2.4 dropped from contention? I realise several bugs were reported with this version last September, as you outlined at that time, but have they not been corrected? (I did not experience these problems with 2.4, and still feel it is the more user-friendly version from Comodo).

    At any rate, I have followed your on-going evaluation of firewalls with interest, and have learned a lot in the process. Thank you for your efforts.

  5. Scot Says:

    Terry,

    >> It is hard to be impressed by something that doesn’t work for you.

    The point of this review was, from the start, focused on Windows XP. I’ve been pretty plain about that. And I gave you a Vista recommendation if you read through the story: Comodo. Not everyone uses Vista. And I have specifically recommended against it. Most people on Windows are still using XP. That’s the way it is. Someday it may change, and then the shoe will be on the other foot. But we are not there yet.

    – Scot

  6. Scot Says:

    Relayerman:

    Everything you’re describing just doesn’t happen with OA. The scan is optional, so I don’t think you can count that as part of the install, and OA just doesn’t have anywhere near as many pop-ups.

    Two questions:

    1. Did you have another firewall product installed when you installed OA?

    2. Did you fiddle around with settings in these firewalls before you actually used them? My tests were done with default settings.

    – Scot

  7. romath Says:

    I don’t know anything about Online Armor, but wonder about the multiple boxes you get with Comodo. I think it’s a matter of settings, since I never get more than 3 or 4, and one is typical. However, I do find myself sometimes wondering which category to ok the request under, or even if it makes a difference, or occasionally even if I should ok it at all.

    Overall, there is something anomalous about a project that takes a year and a half to pick a winner, then names one year’s version of a program that only a few weeks earlier made essential changes that made it worthy of the top.

  8. Scot Says:

    Romath:

    As a rule, I test firewall products with default settings (or sometimes I tighten them slightly). If you loosen up the controls, of course you can make Comodo or any other product be less annoying, but then what would be the point? Why not just turn the HIPS off then? Why not just run Windows Firewall or ZoneAlarm Free?

    For the record, I tested OA and Comodo with default settings. They both offer what I consider to be reasonable default settings.

    To your second, vague insinuation that there must be something wrong with my reviews process: The two firewall makers that it came down to in my research have updated their products several times in 2008 already. If you actually read the final review, you’ll see that innate protection is only part of what I’m looking at. And, to be honest, neither of the two finalists has seen major security upgrades this year.

    With security products, about half the battle comes down to social engineering. It’s how users control a HIPS-based firewall that determines the realistic security they derive. After all, if you gave a pop-up to 1000 people that said: “Make your computer susceptible right now to this nasty piece of malware,” some small percentage of them would opt for “OK.” That’s why usability is a big factor in my assessment. Helping the operators of this software operate it more safely is extremely important.

    Maybe you should try Online Armor, too, before you wonder out loud whether I know what I’m talking about?

    – Scot

  9. Mamado Says:

    Is this a firewall
    I went through Tall Emu’s forum preparing myself to install Online Armor. There, I discovered mainly 3 serious problems, reported by users and confirmed by the forum administrators:
    A- Online-Armor allows any soft to connect to Internet as far as a KAV protection is on, regardless of your setting. MaB69 (Administrator) confirmed and explained that by the fact that KAV takes in charges the connections to some ports (80 http, 110 pop, 25 smtp) whatever is the program launching them and this to scan some type of traffic (mail, web for example) and so hiding them to OA. (please refer to: http://support.tallemu.com/vbforum/showthread.php?t=2751.)
    This should be valid for any AV with mail/web shields.
    B- In the Free version of OA we cannot change the initial setting allowing some programs to connect to Internet, out of user’s control. So is this a free version or a sponsored version?
    C- OA will connect to the Internet whenever it wants, regardless of your settings. Mike Nash (Administrator) confirmed “The reasons why OA would connect to the Internet:
    1) Check for updates (not relevant in free version)
    2) DNS Checking (not relevant in free version)
    3) OASIS checks (not relevant in free version, unless user initiated)
    4) Revocation checks as digital signatures are checked (all versions, cannot be turned off)
    5) Use of DNS checks in Banking mode (not relevant to free version)”, and he added: “Of course, there could always be a bug in OA Free (it’s based on OA Full) which still implements some of the paid functionality – but I think it’s slim chance.” (refer http://support.tallemu.com/vbforum/showthread.php?t=2896).

    If this is the case for the best firewall software of 2008, what about the others? Do they really help? Could we call a software allowing any program to connect to the Internet a firewall? Is OA free, sponsored or really free in which case why preventing user from blocking some programs?

    Would you please help to clarify all this, as I am a lambda user completely lost with that.
    Mamado

  10. Scot Says:

    Mamado:

    To answer your question: Yes, it’s a firewall.

    I specifically recommended the paid version, by the way, although I don’t have the issues you do with the free version.

    To each his own. Have you tried Comodo? You may prefer it.

    – Scot

  11. Mamado Says:

    Scot:
    Thanks for your quick answer.
    I did not try Comodo and I am not ready to do.
    For firewall, I don’t have my one, but I am looking for a good one, so I ended up here. I appreciate your evaluations and analysis and I believe that you can help me (and a lot of other users who seem completely lost or misled in other forums), to understand fairly what is going on regarding this issue.
    I would like to understand how a firewall which will allow any program to connect to the Internet regardless of your setting will help? and in what? For details please refer to my previous message.

    Mamado

  12. Dan Says:

    I really enjoyed reading your review, Scot, and am glad you’re out there testing these products!

    I think Mamado raises some good questions, and exposes just how confusing firewall protection has become these days. I myself am still using an old version of ZoneAlarm Free even though I know it no longer passes the advanced leak tests (I do use a hardware firewall through my router). Having read through the support forums for both products reviewed here, I’m actually more afraid of the prevention than I am of the risks of getting infected!

    The un-installation nightmares for Comodo’s product are particularly distressing; see this Comodo uninstall thread for details.

    It also concerns me that it’s been over two weeks since anyone has replied to the legitimate questions raised in the last discussion at OA that Mamado’s comment references.

    I have no doubt these are fine products that are capable of advanced protection, but it seems we’ve still not arrived at a product that’s both mature and simple enough to make it truly effective for the average user.

    Dan

  13. Scot Says:

    Online Armor’s CEO Mike Nash wrote this to me about 5 hours after Mamado’s last post. Dan, he didn’t see your post because for reasons I’m not clear on, my installation of WordPress required manual moderation of your post. I just noticed that and made it live.

    Here’s what Mike had to say, and I believe it applies to Mamado’s first question (part A.):

    Just saw the latest blog comments – the issue they are referring to is the local proxy facility of some AV software. If they allow that program to proxy their internet connection – then that is what it will do.

    We’re probably going to add loopback protection into the free version soon as more and more AV are now doing this.

    NOD32 3.0 and many other AV products use a proxy. As noted in the review, I tested OA with NOD32 2.7 (which does not employ its own proxy). I still use and prefer NOD32 2.7 myself.

    I’ve asked Mike to come back or to reply to me in email about the second part of Mamado’s question, the fixed nature of some connections in OA Free and to comment on whether there might be any sort of unexpected use of those connections.

    It seems to me, though, that Mike has already answered this question. The specific pending question is a request to detail one of the 5 reasons Mike said OA would connect to the Internet on its own:

    4) Revocation checks as digital signatures are checked (all versions, cannot be turned off)

    About Comodo’s uninstallation issues, I have written a little about this already. One of the problems with forums is that they tend to accentuate the negative and ignore the positive. It’s not that anyone is intentionally doing this, it’s the nature of both the medium and humans. People don’t post about something that works great. They have no need to. Yes, apparently some people have run into trouble with uninstalling Comodo. Believe me, the problems are much, much worse with ZoneAlarm Pro, F-Secure, and Norton Internet Security — to name three products that have notorious uninstall problems. I’ve spent the last year and a half installing and uninstalling numerous versions of Comodo, and I’ve never had a stitch of trouble with that operation. Most people are not having trouble doing this. But the small percentage of people who are having trouble are all that anyone hears from on this subject. So, please, take it with a grain of salt.

    Finally, Dan, about your very insightful statement “it seems we’ve still not arrived at a product that’s both mature and simple enough to make it truly effective for the average user.”

    I think we have, and that product is the paid version of Online Armor. I wouldn’t argue as strongly that the free version is the right product for everyone. The need to uninstall and reinstall to upgrade the firewall software is not ideal. And there are some limitations and control decisions that aren’t what I’d prefer.

    Before I tested Online Armor, though, I was actually considering naming “No Product” the best firewall software of 2008. I agree with you that it’s a category filled with a lot of products that either offer a terrible user experience or that don’t really do much (or both).

    It’s true that OA is still a maturing product. I wrote that in the review too. It still has some growing to do. I don’t think it has fully arrived. But it’s close. Close enough, in my judgment.

    If I learn something more on the questions these last two commenters have raised, I will relay that information.

    – Scot

  14. Mamado Says:

    Dan wrote:
    “I have no doubt these are fine products that are capable of advanced protection”

    Me too, but I have a serious problem as I cannot see how a firewall which allows any program to connect to the Internet regardless of your setting, will protect your system.

    So far, I did not find any answer, and I believe that I am in the right forum to get the correct answer based on the quality of the reviews and the high expertise that Scot is showing.

    Mamado

  15. Mamado Says:

    Scot,
    Sorry that I didn’t see your last message before posting my previous one (you posted your’s while I was writing mine).
    I am grateful for the detailed answer and the effort to find out the truth about this issue.
    I also bow the very dynamic Mike Nash who is present almost everywhere in the OA forum, answering friendly any question or concern. Beside that he issued 7 new versions of Online Armor Free during the last 60 days (4 of them after his product being officially selected here the best firewall software of 2008). He widely deserves this award also for the continuous effort of improvement (almost a new version a week), and still a lot to do as he is always promising.

    Based on your good contact with Mike Nash, can you get from him answers to the known questions:
    a) What is the scope and purpose of OA’s “revocation checks as digital signatures are checked”? What OA is doing and why?
    b) What IP address (or url) would OA connect to when carrying out the above revocation and OASIS checks?
    c) If the Free version is not sponsored by the Editors of some allowed programs, why preventing the user from selecting by himself what blocking and what allowing?

    At the end, would you please tell me how technically a firewall software (whatever it is) will protect my system, if it is allowing any program to connect to the Internet regardless of the setting.

    Regards

    Mamado

  16. Mamado Says:

    Mike Nash already answered in his forum on questions a and b. Those interested by the answers will find them here:
    http://support.tallemu.com/vbforum/showthread.php?t=2896&page=2
    So it remains only question c, and how a firewall software will protect a system, if it is allowing any program to connect to the Internet regardless of the setting.
    Mamado

  17. Scot Says:

    In an email to me this AM, Mike Nash wrote this, which seems to address your question, Mamado:

    As for programs running without a prompt — it is an essential design feature of OA to minimize pop-ups. It is not designed (in standard mode) for people who want to “tweak” and “lock down” their systems. It is designed to “not prompt on the safe stuff.” While these options can be adjusted, we will always let a program that is on the whitelist run without a prompt, unless the user blocks it first. I’d like the whitelist to cover every program in the world so that OA offered a popup-free experience — if I could make that happen.

    ProcessGuard-era HIPS programs are designed to let you tweak and fiddle, and lock down and create rules. OA is designed to try and do all that for you.

    Mamado, I understand your orientation toward the HIPS. And I personally prefer that added control too. But I agree with Mike Nash that where he’s trying to take OA is the direction we have to head in to protect a much wider swath of users. Comodo is also moving in that direction, by the way. Based on your comments here in this thread, I think you’d be much happier with the paid version of Online Armor.

    – Scot

  18. Scot Says:

    In a later message, just received from Mike Nash, he added these comments:

    In answer to this question on your blog:

    “Could we call a software allowing any program to connect to the Internet a firewall? Is OA free, sponsored or really free in which case why preventing user from blocking some programs?”

    My response:  Online Armor is designed to automatically allow safe programs to work, and by default it will automatically allow these safe programs to access the internet. Unknown programs do not receive this privilege. The idea is that by reducing popups we reduce the questions that the user has to answer –- and provide the security without the hassle. Users may override the “auto allowing of trusted apps to access the internet” if they choose to do so. The user may, if they choose, block safe programs as well –- but they will by default be allowed unless the user selects and blocks them because they are on our safe list. — Mike Nash

  19. Mamado Says:

    I summarize below what I understand from Mike Nash about my concerns, to confirm that I did not misunderstood him and to help other users to be on the full and right pictures about the raised problems.
    1. Due to local proxy facility of some AV software (KAV, Avast, NOD32,..) Online Armor will not prevent any program from connecting to the Internet as the AV allow the programs to proxy their Internet connection.
    Mike Nash promised: “We’re probably going to add loopback protection into the free version soon as more and more AV are now doing this.”
    Therefore in presence of most AV softwares, the firewall function of Online Armor (free and paid versions) is disabled unless OA add loopback protection, what they are propably going to do soon.
    2. OA will allow all what they consider safe programs to connect to Internet. This to reduce popups and the number of questions the user has to answer. To override the “auto allowing of trusted apps to access the Internet” user has to purchase the paid version.

    Please correct me if I am wrong.
    On the other hand I fully agree with Scot that the paid version is the best choice.

    Regards
    Mamado

  20. Scot Says:

    Mamado,

    I understand that people are coming to me as a trusted source of information. I am unbiased, and I will do my best to interpret this complex area, but when it comes to figuring out issues among multiple products in two different product categories — I cannot speak definitively without doing lots of research testing and cross-testing products against each other.

    My bet is that you might be able to get more information about this issue in the Wilders Forums, which has numerous product-specific forums. I consider it to be one of the best sources of security information on the Internet — although, like any forums, you have to keep in mind that it often represents opinions, not necessarily facts. Still, the level of expertise of many of the posters at Wilder’s is very high.

    That said, my understanding is that the use of a local proxy in more and more antivirus products affects HIPS-based products more or less across the board — although some may have implemented workarounds or fixes already. My advice about this has been crystal clear: Use NOD32 2.7. It doesn’t use its own proxy, and it works great. Eset continues to sell 2.7 — and there’s a link to the page where this is shown in the article this comment thread is linked to.

    About your second question, and this is perhaps the most important point: Both OA full and OA Free offer the same exact setting that Mike Nash referred to that disables the pre-trusted or whitelist applications in Online Armor. You’ll find it under Options > Firewall, and the setting is a check box at the very top of that dialog labeled “Automatically allow Trusted programs to access the Internet.”

    So, no, you don’t have to buy the full version to control this feature. I think I may have inadvertently given you that impression. My point was that, in general, there’s a notable increase of control in the paid version — and that, based on your questions, you would prefer that version. Not that you needed to buy the paid version in order to turn off the pre-trusted whitelist.

    Note that, if you turn off this whitelist, you will be faced with a far more intense blizzard of pop-ups in the early going after you first install Online Armor. Although it is implemented a bit differently, Comodo also uses a whitelist. And many other, newer HIPS products do the same. This is not a new thing, though. Norton Personal Firewall and other products of its ilk did the same thing with their more rudimentary application control modules six or seven years ago. This is not unusual, and not considered poor security — so long as the HIPS is properly identifying the applications it pre-approves.

    – Scot

  21. Mamado Says:

    I highly appreciate all what you did which comfort me further in my opinion about your professionalism and the high quality of this forum.

    What you said is very clear for me and I cannot ask you for more than that. I believe I have seen also in Tall Emu site, that tweaking the white list for the originally allowed programs is a part of the advanced mode available only in their paid version, I’ll double check on that.

    So, Online Armor will not do for me any better in the time being, mainly as I cannot buy on line (NOD, OA, or any other software because of the hard currency transfer regulation in my country, but this is another issue which has nothing to do with computing and I don’t want to bother you with that too). I will continue to follow up the evolution of firewall softwares to make the change as soon as I have the confirmation of the availability of better and more suitable version.

    So thanks a lot and I remain grateful for your valuable help.

    Regards
    Mamado

  22. Allen Moore Says:

    My trial period for Online Armor just ran out and I’ve decided to evaluate other firewalls. I use my machine to develop embedded software and I make heavy use of compilers. With OA active, the build time for my main project jumped from about 15 seconds to over two minutes. It also wanted to alert every time I ran the same ‘grep’ from a different directory. Turning off these alerts was like playing Whack-a-Mole. All I need is a program that monitors what comes in and out of my box.

  23. Scot Says:

    Makes sense, Allen. In earlier versions of OA there were also issues with performance of downloads with P2P products. I believe that’s been fixed, but your application is not that common. I’d do the same thing if I were you.

    If you find a better firewall for your application, I’d be interested to know about that. Have you tried Comodo? I’m also wondering whether you use or have tried Eset NOD32 (not the firewall, just the antimalware/virus product)?

    – Scot

  24. rmiller1959 Says:

    Scot, I’ve had a horrifying experience with firewalls lately and I’m hopeful that your choice as “Best Firewall Software of 2008″ comes out with a Vista version soon. I’ll try to make this brief:

    - Decided to go “best of breed” for my security software and uninstalled Norton Internet Security 2007. Installed PC Tools Spyware Doctor w/ AntiVirus based on exceptional PC Magazine review. Already had ThreatFire Free from the same company. No problems.

    - Figured I’d install the PC Tools Firewall Plus (Free) to try it out. Went to Matousec and saw how poorly it rated. Uninstalled it without a problem.

    - Came to your site and since I’m a Vista user, installed the latest version of Comodo Pro. A LOT of pop-ups but I decided to live with them. Couldn’t live with the inability to connect to my company’s proposal server (worked prior to installing Comodo, didn’t work afterwards). Went to Matousec again and saw Outpost rated at the top and also Vista compatible. Tried to uninstall Comodo.

    - Comodo doesn’t like it when you try to get rid of it. It took a lot of effort and I’m still not sure I got rid of all of it. Still couldn’t connect to my company’s proposal server. Outpost worked well and seemed pretty unintrusive but I couldn’t solve my app problem. Decided to rebuild my system completely (not a bad thing to do occasionally).

    - After rebuild, client app that allows me to connect to my company’s proposal server worked again, even after re-installing Outpost. Began having problems with intermittent dropouts of my network. The connectivity indicator showed me as connected but I couldn’t get on the Web, nor could I access my network resources. Rebooted and everything returned to normal but the problem creeped up again. Disabled Outpost and my network connectivity was instantly restored. Ended up uninstalling Outpost. Now running Windows Firewall, fearful to try anything else right now.

    When does OA for Vista come out?

  25. Scot Says:

    I’ll check in with Tall Emu and see how they’re progressing. They’re probably offering a beta in their forums if you’re interested in trying it out.

    Fwiw, a lot of people do have that Comodo uninstall problem, but not everyone. I haven’t had that problem. I tend to uninstall it a lot. I get fed up with the number of pop-ups when I’m working on something urgently. It’s too distracting. And I have yet to ever have a Comodo uninstall issue. I’m not arguing with you, though. Just making the point that it’s not a universal experience.

    – Scot

  26. rmiller1959 Says:

    I’m sure I’ll try the public beta when it comes out. I understand that the uninstall experience with Comodo isn’t universal but it only takes one time for me to be skittish about installing it again. Thanks for the quick reply.

  27. hhe Says:

    rmiller1959:

    Are you 100% sure that your FW caused the problems? Did you:
    1) Not have the problems
    2) Install the FW (and nothing else, not even a Windows Update, since 1)
    3) Experience the problems
    4) Deinstall the FW (and nothing else since 1)
    5) Get rid of the problems

    If you google on Vista and IE connection problems there is no end to the calamities you can catch depending on KB patching, driver, software install, and network gear combinations. I personally “lost” IE after installing mainstream Canon scanner software where an OCR program included a stampeding non-showing browser addon for online registration…

    I did a lot of de- and reinstallation of every possible application with no success, but finally nailed the addon after attaching IE with a process debugger.

    My ZA Security Suite subscription runs out in a couple of days. Since I’m a Vista user (not by choice) it seems I’ve no other choice than Comodo, so I’ll try that. If I manage to deinstall ZoneAlarm, that is (shrug).

  28. rmiller1959 Says:

    The only reference I have that might address your question is my last firewall installation. I waited until all my apps and patches were installed before I installed Outpost. I experienced problems with my network connection after that and when I disabled the firewall, those problems disappeared instantly. That led me to uninstall it and I haven’t had the problems since. I hope this is helpful.

  29. hhe Says:

    I’m not a FW support person, I’m sorry if I gave you that impression.

    I’m just an IT professional that experienced that the cause of my problems were not even near where I thought them to be, and that it is essential to isolate the test case.

    But you seem to have done that when trying Outpost (unsure wether you did the same with Comodo).

  30. hhe Says:

    As my ZoneAlarm subscription is running out these days, I have installed Comodo on my Vista systems after reading this blog.

    As I’m the kind of guy that reads manuals, I had no problems deinstalling ZoneAlarm – the docs clearly state that you should deinstall from the start menu and not from the control panel or several files WILL be left behind (to me this indicates that it is hard or impossible to make Windows Installer packages that completely deinstalls FW software from within wininst.exe – every security vendor seems to have this problem).

    I can only say that I’m pleased with the ease of installation of Comodo and that it seems to be much less noisier than ZoneAlarm, and gives much better clues in the popups it presents.

    When Online Armor is a success on Vista I might try it, I’ll watch this space to make a decision when or if it’s worthwhile :-)

  31. Scot Says:

    I’d like to underscore hhe’s point about uninstalling from the Start > Programs > Comodo > Uninstall Comodo shortcut as opposed to using the Control Panel uninstall applet. I just routinely do that without thinking. If a software maker includes and uninstall link, I always use it. It’s just a habit I got into years ago.

    Why is it that some people have fewer problems with Windows? It’s they’ve learned (and oftentimes don’t even realize it) to do things a certain way that minimizes problems. With Windows, you cannot assume that two things that purportedly do the same thing are equal. You have to ask yourself: Why did the app maker bother to put that Uninstall link in the Start menu folder? Most times it’s not about user convenience — it’s because Microsoft as OS provider doesn’t provide for every contingency. There’s no way that it can. Windows’ biggest strength — zillions of independent hardware makers and software makers — is also its biggest weakness. Microsoft can’t control everything, and it doesn’t try to. Once you learn to think about using Windows from the point of view of the motivations of the companies involved, it will inform many new ways of working.

    Ask yourself the question, for example, about Microsoft drivers for hardware offered on Windows Update. Sometimes they are the best drivers, but chances are they also ignore certain features. If it’s a soundcard or video card — or any kind of specialized hardware — think twice. Microsoft issues WHQL drivers in response to a problem, in most cases. Are you having a problem? If not, skip it. The time to take Microsoft’s drivers is when a device has perennial problems and the maker has not updated its driver. So, if it ain’t broke, don’t fix it.

    I could probably write an entire book about similar school-of-hard-knocks tips. I used to do a regular section of the newsletter about them. The hard part for experienced Windows users in coming up with these isn’t that they’re not evident, it’s that you’ve been doing things for so long that work that you think everyone already knows this stuff and you just don’t notice these things anymore.

    hhe could well be right that the people who are having trouble uninstalling Comodo are using the Windows facility for uninstalling as opposed to Comodo’s custom way of doing so. I don’t know that to be true, but it makes more sense than anything else I’ve heard on this subject.

    – Scot

  32. rmiller1959 Says:

    Thanks to everyone for the informative posts. After reading them, I’m considering installing the latest version of Comodo since I’m not comfortable relying on Windows Firewall. I’ll give it another chance and report back on my experience.

  33. Scot Says:

    Quick update on Online Armor for Vista. Mike Nash sent me email saying that they have just posted their Vista public beta:

    http://tallemu.com/downloads.html (click the green tab for Beta software)

    I don’t know much more, but I believe this is pretty close to being feature complete, and they’re just working on some bugs.

  34. rmiller1959 Says:

    I uninstalled Comodo (using their provided uninstall app; it worked without a hitch) and installed the Online Armor for Vista beta. So far, so good – it’s a very solid app. The only bug of which I’m aware is that the Windows Security Center doesn’t recognize the firewall and that’s a Microsoft issue because they haven’t provided Tall Emu the info they need to integrate the two. Scot, are you going to test it once it’s released so you can determine which one is best for Vista?

  35. Scot Says:

    I will install OA on Vista and use it there. I’m not sure yet how I will cover OA for Vista. It will depend on what I find. But one thing you should not expect from me is a rapid final decision. It took me 18 months to pick OA. I don’t do security tests and final recommendations quickly. But I do tend to stick with the products I select — or I’ll tell you why if I don’t. I’m still using NOD32 2.7, which I picked quite a while ago. I’m still using Online Armor, of course.

    Mike Nash promised to update me about the Microsoft API issue in Vista, so when he does, I’ll pass it along.

    Glad to hear that your Comodo uninstall went well. Maybe we have discovered the problem. Thanks again to hhe for suggesting it.

  36. mjnelson99 Says:

    I have been using Comodo 3.** for close to a year now in Vista Home Premium. I do find the popups a bit annoying and the frequent updates for Windows Defender almost always bring a popup. I live with it.

    There are times when designating a particular program as Safe in Comodo is not available by right clicking and to save popups, Install mode must be enabled.

    Yes, Comodo is not perfect. I guess perfection lays in no firewall and not going online at all!!! A pretty drastic option, huh!

    If it ain’t broke, don’t fix it. And my use of Comodo will continue as long as things go as well as they are. While OA does seem interesting, it is not worth the time and effort of installing a beta.

    The info on uninstalling programs from the uninstall menu of the program is useful and I will do that in the future if it is possible.

    Scot, thanks for all your efforts in this very deep firewall maze.

  37. Helina Says:

    a question

    I’ve been on a search for the best free firewall and antivirus since I decided to give them a chance instead of paid ones I used before (though I know you don’t recommend it). Would you say that if one is looking for the best free firewall, that in that case you’d recommend Comodo more than Online Armor’s Free version? At least it sounded to me like it doesn’t have as many security layers as the paid version, so I’m guessing Comodo should have it covered more firmly when it comes to Freeware? Thanks in advance. (Any tips on best free antivirus acepted aswell.)

  38. RoninV Says:

    I agree with Helina’s analysis of the freeware versions of CFP vs OA. Could someone elaborate?

  39. Scot Says:

    Hate to be snippy, but Helina’s question was addressed in the review. I can’t help you with the latest versions of both products. This isn’t a living review. I spent 18 months doing it, and I’m on to other things. But I think I was pretty plain about saying that for most people OA is my product of choice. Yes, that includes the free version. But if you can’t pay the $40 for the paid version, to be honest, I think you should rethink your priorities. Your Windows PC costs — at minimum — about $500. Adding $40 for a firewall and something similar for an anti-malware product like NOD32 is common sense. Expecting something for free all the time: That’s what I don’t understand.

    My only recommendation about Comodo was for Vista users.

    – Scot

  40. mark@benavides.org Says:

    New notebook with XP – I installed Online Armor ($$). I gave it a try for 2 months and dumped it. Reminded me too much of Vista with constant reminders to “ALLOW” or “BLOCK” no matter how many times I told it to ‘REMEMBER MY DECISION.”

    Installed PCTOOLS ANTI-SPYWARE and ANTIVIRUS and immediately found 36 risks (admittedly, all low risk).

    FWIW,
    Mark B (not a schill for any product, just a computer-literate end user dentist)

  41. Firewalls Reviewed - Page 2 - Windows Vista Help Forum Says:

    [...] Finnie did a review of firewalls last year and selected Online Armor as the best product. (See Scot?s Newsletter Blog Blog Archive The Best Firewall Software of 2008: Online Armor) __________________ Microsoft MVP | Secretary, Admin Counsel, ASAP Take a walk through the [...]

  42. thor Says:

    After testing Outpost, Online Armour and Comodo (in this sequence), I’ll stay with Comodo. It works out of the box (in XP), does not ask too much (like OA) and has no difficulties to recognize different vpn networks and WLAN connection (like Outpost).

    Nevertheless, for most people which are sitting behind a hardware firewall (i.e. NAT router) I would recommend not to use a Personal Firewall at all. Don’t waste your time with testing when you have no special interests or needs to analyze the communication of some programs.

    Thorsten

  43. Scot Says:

    Thor,

    You’re missing the point: It’s not about the firewall, it’s about the application controls. I agree that a decent hardware firewall/router product, properly configured, offers decent baseline protection against garden variety hacker intrusion. But the far more prevalent and likely threat is malware, application spoofing, bots, etc. Those things might arrive with your permission via email, downloads, websites, etc. That’s where people are getting nailed these days. A solid HIPS product (offering advanced application monitoring and controls) can be an important layer, along with a solid anti-malware product.

    I think people who are less experienced with Windows and security threats very definitely need multiple layers of protection. Even experienced people may want it. I don’t have a HIPS-based firewall running on every computer on my network. About half of my computers are Macs. Linux is far less vulnerable, as well. Each person has to make these decisions. People who don’t use the latest versions of Windows and Internet Explorer and who don’t keep *all* the applications and OS files on their systems 100% up to date at all times are running the kind of risk that require extra layers.

    As to your specific experiences with three of the top firewall products, they are just that — YOUR experiences. I can’t vouch for the latest versions of OA or Comodo. The versions I tested are noted in the stories I wrote, I enlisted the experiences of hundreds, no thousands, of readers over an 18-month period. I used those testimonials to explore problems and features. I tested extensively myself. I compared with the same applications running with both products. My testing was exacting and thorough.

    I hope you’re right that Comodo has improved its product and become more sensitive to the pop-ups issue. I know the company was hoping to add technology that would do that. It’s good news if true.

    But I would suggest that one person’s opinion and Windows installation may not be enough to gauge the truth for everyone.

  44. mjnelson99 Says:

    I have been using Comodo on my Vista machines ever since they came out with Comodo 3 since 2 won’t run on Vista. Over all, I have been pretty satisfied until now.

    Recently. they are really pushing CIS over CFP (the actual firewall). The last update I find references to configuring AV plus 3-4 other things that probably aren’t part of CFP itself.

    May install OA tomorrow and dump Comodo.
    Mary

Leave a Reply

You must be logged in to post a comment.