If you find a better firewall for your application, I’d be interested to know about that. Have you tried Comodo? I’m also wondering whether you use or have tried Eset NOD32 (not the firewall, just the antimalware/virus product)?

– Scot

What you said is very clear for me and I cannot ask you for more than that. I believe I have seen also in Tall Emu site, that tweaking the white list for the originally allowed programs is a part of the advanced mode available only in their paid version, I’ll double check on that.

So, Online Armor will not do for me any better in the time being, mainly as I cannot buy on line (NOD, OA, or any other software because of the hard currency transfer regulation in my country, but this is another issue which has nothing to do with computing and I don’t want to bother you with that too). I will continue to follow up the evolution of firewall softwares to make the change as soon as I have the confirmation of the availability of better and more suitable version.

So thanks a lot and I remain grateful for your valuable help.

Regards
Mamado

I understand that people are coming to me as a trusted source of information. I am unbiased, and I will do my best to interpret this complex area, but when it comes to figuring out issues among multiple products in two different product categories — I cannot speak definitively without doing lots of research testing and cross-testing products against each other.

My bet is that you might be able to get more information about this issue in the Wilders Forums, which has numerous product-specific forums. I consider it to be one of the best sources of security information on the Internet — although, like any forums, you have to keep in mind that it often represents opinions, not necessarily facts. Still, the level of expertise of many of the posters at Wilder’s is very high.

That said, my understanding is that the use of a local proxy in more and more antivirus products affects HIPS-based products more or less across the board — although some may have implemented workarounds or fixes already. My advice about this has been crystal clear: Use NOD32 2.7. It doesn’t use its own proxy, and it works great. Eset continues to sell 2.7 — and there’s a link to the page where this is shown in the article this comment thread is linked to.

About your second question, and this is perhaps the most important point: Both OA full and OA Free offer the same exact setting that Mike Nash referred to that disables the pre-trusted or whitelist applications in Online Armor. You’ll find it under Options > Firewall, and the setting is a check box at the very top of that dialog labeled “Automatically allow Trusted programs to access the Internet.”

So, no, you don’t have to buy the full version to control this feature. I think I may have inadvertently given you that impression. My point was that, in general, there’s a notable increase of control in the paid version — and that, based on your questions, you would prefer that version. Not that you needed to buy the paid version in order to turn off the pre-trusted whitelist.

Note that, if you turn off this whitelist, you will be faced with a far more intense blizzard of pop-ups in the early going after you first install Online Armor. Although it is implemented a bit differently, Comodo also uses a whitelist. And many other, newer HIPS products do the same. This is not a new thing, though. Norton Personal Firewall and other products of its ilk did the same thing with their more rudimentary application control modules six or seven years ago. This is not unusual, and not considered poor security — so long as the HIPS is properly identifying the applications it pre-approves.

– Scot

Please correct me if I am wrong.
On the other hand I fully agree with Scot that the paid version is the best choice.

Regards
Mamado

In answer to this question on your blog:

“Could we call a software allowing any program to connect to the Internet a firewall? Is OA free, sponsored or really free in which case why preventing user from blocking some programs?”

My response:  Online Armor is designed to automatically allow safe programs to work, and by default it will automatically allow these safe programs to access the internet. Unknown programs do not receive this privilege. The idea is that by reducing popups we reduce the questions that the user has to answer –- and provide the security without the hassle. Users may override the “auto allowing of trusted apps to access the internet” if they choose to do so. The user may, if they choose, block safe programs as well –- but they will by default be allowed unless the user selects and blocks them because they are on our safe list. — Mike Nash

As for programs running without a prompt — it is an essential design feature of OA to minimize pop-ups. It is not designed (in standard mode) for people who want to “tweak” and “lock down” their systems. It is designed to “not prompt on the safe stuff.” While these options can be adjusted, we will always let a program that is on the whitelist run without a prompt, unless the user blocks it first. I’d like the whitelist to cover every program in the world so that OA offered a popup-free experience — if I could make that happen.

ProcessGuard-era HIPS programs are designed to let you tweak and fiddle, and lock down and create rules. OA is designed to try and do all that for you.

Mamado, I understand your orientation toward the HIPS. And I personally prefer that added control too. But I agree with Mike Nash that where he’s trying to take OA is the direction we have to head in to protect a much wider swath of users. Comodo is also moving in that direction, by the way. Based on your comments here in this thread, I think you’d be much happier with the paid version of Online Armor.

– Scot

Based on your good contact with Mike Nash, can you get from him answers to the known questions:
a) What is the scope and purpose of OA’s “revocation checks as digital signatures are checked”? What OA is doing and why?
b) What IP address (or url) would OA connect to when carrying out the above revocation and OASIS checks?
c) If the Free version is not sponsored by the Editors of some allowed programs, why preventing the user from selecting by himself what blocking and what allowing?

At the end, would you please tell me how technically a firewall software (whatever it is) will protect my system, if it is allowing any program to connect to the Internet regardless of the setting.

Regards

Mamado

Me too, but I have a serious problem as I cannot see how a firewall which allows any program to connect to the Internet regardless of your setting, will protect your system.

So far, I did not find any answer, and I believe that I am in the right forum to get the correct answer based on the quality of the reviews and the high expertise that Scot is showing.

Mamado

Here’s what Mike had to say, and I believe it applies to Mamado’s first question (part A.):

Just saw the latest blog comments – the issue they are referring to is the local proxy facility of some AV software. If they allow that program to proxy their internet connection – then that is what it will do.

We’re probably going to add loopback protection into the free version soon as more and more AV are now doing this.

NOD32 3.0 and many other AV products use a proxy. As noted in the review, I tested OA with NOD32 2.7 (which does not employ its own proxy). I still use and prefer NOD32 2.7 myself.

I’ve asked Mike to come back or to reply to me in email about the second part of Mamado’s question, the fixed nature of some connections in OA Free and to comment on whether there might be any sort of unexpected use of those connections.

It seems to me, though, that Mike has already answered this question. The specific pending question is a request to detail one of the 5 reasons Mike said OA would connect to the Internet on its own:

4) Revocation checks as digital signatures are checked (all versions, cannot be turned off)

About Comodo’s uninstallation issues, I have written a little about this already. One of the problems with forums is that they tend to accentuate the negative and ignore the positive. It’s not that anyone is intentionally doing this, it’s the nature of both the medium and humans. People don’t post about something that works great. They have no need to. Yes, apparently some people have run into trouble with uninstalling Comodo. Believe me, the problems are much, much worse with ZoneAlarm Pro, F-Secure, and Norton Internet Security — to name three products that have notorious uninstall problems. I’ve spent the last year and a half installing and uninstalling numerous versions of Comodo, and I’ve never had a stitch of trouble with that operation. Most people are not having trouble doing this. But the small percentage of people who are having trouble are all that anyone hears from on this subject. So, please, take it with a grain of salt.

Finally, Dan, about your very insightful statement “it seems we’ve still not arrived at a product that’s both mature and simple enough to make it truly effective for the average user.”

I think we have, and that product is the paid version of Online Armor. I wouldn’t argue as strongly that the free version is the right product for everyone. The need to uninstall and reinstall to upgrade the firewall software is not ideal. And there are some limitations and control decisions that aren’t what I’d prefer.

Before I tested Online Armor, though, I was actually considering naming “No Product” the best firewall software of 2008. I agree with you that it’s a category filled with a lot of products that either offer a terrible user experience or that don’t really do much (or both).

It’s true that OA is still a maturing product. I wrote that in the review too. It still has some growing to do. I don’t think it has fully arrived. But it’s close. Close enough, in my judgment.

If I learn something more on the questions these last two commenters have raised, I will relay that information.

– Scot

I think Mamado raises some good questions, and exposes just how confusing firewall protection has become these days. I myself am still using an old version of ZoneAlarm Free even though I know it no longer passes the advanced leak tests (I do use a hardware firewall through my router). Having read through the support forums for both products reviewed here, I’m actually more afraid of the prevention than I am of the risks of getting infected!

The un-installation nightmares for Comodo’s product are particularly distressing; see the thread here for details:

https://forums.comodo.com/help_for_v3/comprehensive_instructions_for_completely_removing_comodo_firewall_pro_3_info-t17220.0.html

It also concerns me that it’s been over two weeks since anyone has replied to the legitimate questions raised in the last discussion at OA that Mamado’s comment references:

http://support.tallemu.com/vbforum/showthread.php?s=39b70a326de1bdb1fff3a7ca23e658cc&t=2896&page=2

I have no doubt these are fine products that are capable of advanced protection, but it seems we’ve still not arrived at a product that’s both mature and simple enough to make it truly effective for the average user.

Dan

Mamado

To answer your question: Yes, it’s a firewall.

I specifically recommended the paid version, by the way, although I don’t have the issues you do with the free version.

To each his own. Have you tried Comodo? You may prefer it.

– Scot

If this is the case for the best firewall software of 2008, what about the others? Do they really help? Could we call a software allowing any program to connect to the Internet a firewall? Is OA free, sponsored or really free in which case why preventing user from blocking some programs?

Would you please help to clarify all this, as I am a lambda user completely lost with that.
Mamado