Tall Emu CEO Mike Nash tells me that the public beta of the free version of Online Armor will be released shortly (probably today). In addition to Vista support, the free version will now be able to check for and install updates automatically as well as upgrade to newer versions (free or paid) of the OA software without having to uninstall the previous version. That takes care of my chief criticism of Online Armor’s 2.x free version. (The paid version of the product was able to perform both of these functions.) I’m glad to see Tall Emu make the products equal in this area. It’s the right thing to do. But in the same breath, I also urge my readers to pay for the commercial software products they adopt and use regularly. It is equally the right thing to do.

So here’s a quick top-level list of what’s new in Online Armor 3. For more detail about what’s new, see Mike Nash’s post in the Tall Emu forums.

Online Armor 3 Beta 1 Highlights and New Features

• 32-bit Vista compatible
• Updated user interface
• Additional threat protection
• Updated help file (http://www.tallemu.com/webhelp3/Welcome.html)
• New language support, including French and Italian.
• Multi-desktop support
• Manage your hosts file with Online Armor’s HOSTS editor.
• “Trust All” option in the Safety Check Wizard allows fast setup on new computers.
• MAC Filtering
• Online Armor can be set not to start at next boot.
• Filter by program added to firewall status screen.
• Default “Run Safer” for unknown programs added to OA options.
• Keylogger detection detects more types of keylogger.
• Advanced-mode options screens allow finer control.

If you’re a frequenter of the forums, drop by and help us beta test the new forum software, configuration, and customizations.

Now that the forums are back open, the migration to the new host is complete. I’ve learned a lot from this less than happy experience. I’ll pass along some of my lessons learned in future blog entries.

There are many reasons why I’ve selected Online Armor (OA) as the best software firewall for Windows users; the rest of this story delivers the details. But boiled down to a single thought, the most important reason is this: Online Armor offers the best blend of a high degree of protection with a high level of usability.

That may sound simplistic, but in this software category such a balance is the toughest thing for a software development company to achieve. It’s very easy to throw up a blizzard of pop-up user-prompts. You can make your system so secure that you’ll never want to use it again. It’s also easy to dumb down the security so much that you’ll rarely, if ever, see a pop up — and in the process, render the firewall ineffective. The trick is to offer solid protection with minimal user interruptions. OA 2.1 is the only firewall software I’ve tested that delivers a near-perfect balance.

Online Armor firewall comes in two editions: free and paid. Version number 2.1.0.112 was the latest one tested for both editions. [Editor's Note: As of 4/19/2008, Online Armor's latest version is 2.1.0.131.] Tall Emu updates the product frequently; to check on the latest versions of OA and read the release notes, see this Tall Emu support-forum post. In addition to the two different editions of Online Armor, Tall Emu also packages it with an antivirus module. For information about the differences among Online Armor Free, Online Armor (paid), and Online Armor AV+, see Tall Emu’s Online Armor Comparison page.

This review is specific to the paid version of Online Armor, which costs about $40. I’ve extensively tested both the free and the paid versions, and both work well. But it’s the paid version that I prefer and recommend (for reasons I’ll detail further along). Online Armor AV+ has not been tested for this evaluation. It contains the Kaspersky antivirus engine, which, while a good product, is not as good as Eset’s NOD32 2.7. Because I named NOD32 2.7 the Best Antivirus Product of 2007, I have tested Online Armor extensively with NOD32 running. I’ve experienced zero incompatibility issues between OA and NOD32 2.7. (Note: I’m still using and recommending NOD32 version 2.7, not the newer 3.0 version. Version 2.7 is still available from Eset.)

The second place Comodo Firewall Pro 3.0 software from the Comodo Group is also a very good product. The latest version tested for this review was 3.0.020.320. If your overriding concern is security, security, security, and you don’t mind a less-than-ideal user experience, Comodo is worthy of consideration. Its superb security ratings and great configurability make it well suited to more experienced users who prefer a belt-and-suspenders approach. This is not, though, the firewall to install on your mother’s PC. Comodo also comes in both 32-bit and 64-bit Vista versions. Comodo Firewall Pro is free. The Comodo Group is working on several features and functionalities that it believes will markedly improve Comodo usability, so this is also a product to keep an eye on.

Security Testing and Gating Criteria

This evaluation kicked off in September 2006 as a series review (long-term testing with progress reports). I have written many firewall articles during this period about my gating criteria, interim findings, products I tested, and reasons why specific products were eliminated from the running. To review that information, please visit SNB’s Firewall category archive page. By scrolling, you’ll find every installment I’ve written for the Best Firewall series over the past 19 months. Among other things, you’ll discover the reasons why I eliminated Outpost, ZoneAlarm, Sunbelt Personal Firewall (a.k.a. Kerio), and Kaspersky’s firewall (part of a suite). Each of these firewalls was a strong contender, but each had a fatal flaw that eliminated it from contention. The companies that make them could rectify those issues, but have not done so to date.

When it was first established, this evaluation used the results of FirewallLeakTester.com’s tests as a method of screening out lesser-performing firewalls. Later in the process, I switched to Matousec’s more in-depth and more regularly updated results. Matousec has recently updated its test results; Comodo gets the highest score, with Online Armor placing second. Corroborating my test results of past year, Matousec scores Eset Smart Security’s leak-protection level as “none.”

I have also performed a set of my own security tests on Online Armor 2.1, Comodo 3, and some of the other firewalls I considered along the way. The latest versions of Online Armor 2.1 and Comodo 3 offer superb protection when used properly. (Most importantly: In both products, the HIPS module must be enabled.) Both firewalls have received significant security improvements over the past six months, too. Earlier versions were not as secure.

Most of my research, however, has focused on usability, company support, stability, compatibility, and bug resolution. These are the areas that make the difference between a security product that you rely on and one you use until you find something better. Too many people are in limbo with products like this, just tolerating them at best. The goal of this research has from the start been selecting security products that you can live with, perhaps even love.

Why Programs Were or Weren’t Tested

The impetus for this review came after more than a decade of using and reviewing multifaceted, everything-but-the-kitchen-sink security suites such as Norton Internet Security. When I kicked that habit, I looked around for something better and realized that most mainstream computer publications were for the most part reviewing only the big-name, large-footprint products. It was clear to me that there was a better way that involved selecting a small set of best-of-breed security products that work well together. So my first determination was that fat security-suite products need not apply. Many of the other gating criteria spring from that decision.

This evaluation assumes that the software firewall is running behind a hardware router or broadband “modem” that offers network address translation (NAT) and stateful packet inspection (SPI), or in other words, a hardware firewall. For home use, consumer-class wired or wireless hardware firewall routers are available from D-Link, Linksys, and Netgear that are for security purposes comparable. Even if you do not have a network, I recommend that you purchase this low-cost hardware. If you have a wireless network, you should also be running password-enabled WPA encryption with a password that isn’t easy to guess.

Finally, over the long term of this evaluation, many new firewall products emerged. It was not possible to test all of them, and in some cases I relied on the input of Scot’s Newsletter readers to help me vet products. The review was also closed to new entrants late last year while I focused on the two finalists: Online Armor 2.1 and Comodo 3.0.

With those points in mind, these are the gating criteria used to determine the Best Firewall Software of 2008:

• Very low system overhead with a strong preference for stand-alone software — no full-blown security suites
• Full compatibility with effective third-party stand-alone security products from other software categories
• Excellent inbound and outbound security protection with an emphasis on solid leak protection, as prescreened by Matousec.com
• A simple, informative, configurable, and highly usable user interface
• Software that is reliable and as bug-free as possible
• Backed by a software development company that is stable, communicative, responsive to customer issues, and actively developing the product. As with any security product, the company behind it should have something to lose — its reputation — if it doesn’t properly stand behind and update the product. It also needs a strong, responsive development team whose development process emphasizes bug fixing and customer experience, not hurrying the product out the door to meet arbitrary deadlines.
• Quiet operation; alerts you when there are real problems. Excessive or repetitive warnings or pop-ups aren’t acceptable.
• Protects but doesn’t cause intermittent problems with Windows local-area network functionality
• A feature that lets users rapidly shut down all inbound and outbound activity
• Vista support, while not mandatory, is preferred. (Note: Online Armor does not yet have a Vista version, but it’s under development.)

Comodo 3: The Next-Best Thing

Comodo Firewall, from the Comodo Group, is a full-fledged software firewall that is free to download and use. Comodo has strong pluses and minuses. The 3.0 upgrade was highly ambitious and was not adequately beta tested. The result was a long series of incremental updates following the release of Comodo 3 — at least six updates over the past six months or so. For details about the releases, including what’s in them, check out Comodo’s Release Notes page. The good news is that Comodo is being actively updated.

The Comodo 3 software has a lot to offer. It comes with a server-based whitelist for its HIPS (host-intrusion-prevention system) module, called Defense+, whose purpose is to cut back on pop-ups. The product also offers an operational mode called Clean PC that, at your option, scans all your current applications and then registers them as safe. That means fewer pop-ups for you, especially in the early going. I also prefer the functionality of Comodo’s “install mode” to those of most other firewalls. It is capable of disabling several types of pop-ups for about 15 minutes in an attempt to let you complete a new program installation in peace. When the 15 minutes expire, it prompts you to turn off the install mode to reinstate full protection. The only problem with Comodo’s install mode is that figuring out how turn it on may not be immediately obvious to the average Comodo user.

At its core, Comodo 3 is a highly protective software firewall that takes itself seriously. Its primary design criterion appears to be that great security requires the program to ask the user to approve or deny any and all actions that might possibly be caused by something malicious. I can’t disagree with that thinking in principle — assuming the people running computers know enough to make the right decisions. Because many of them don’t, Comodo is trying very hard to minimize pop-ups with its whitelist, install mode, and initial hard drive scan. The company also has other features in the works (not evident in this build of its software) that aim to improve usability by reducing pop-ups and improving the software’s ability to detect threats.

Even so, Comodo 3′s Defense+ experience is not ideal. In the kind of usage scenario where several programs are downloaded each week, Comodo users are likely to experience a lot of pop-ups. If you don’t install new applications very often, my personal experience has been that Comodo settles in and the operation of the HIPS becomes less intrusive. It is, though, noticeably noisier than Online Armor’s HIPS protection. It also doesn’t appear to remember user inputs quite as well as the OA HIPS does.

The Main Difference

The primary reason why Comodo Firewall didn’t take top honors in this review is that it errs on the side of protection at the expense of usability. Comodo’s protection takes it a bit beyond the bounds of acceptable usability — a subjective determination on my part. In a nutshell, it has too many pop-ups in this release. And even though it is able to “learn” to have fewer pop-ups and can also be controlled by settings, both the initial and the long-term user experiences are diminished by this behavior.

For example, I was recently confronted with over a dozen pop-ups when I left Comodo running in memory while choosing to uninstall it from the Add or Remove Programs control panel. At least one user prompt is requisite in this scenario because otherwise, a malware routine could be written to uninstall or disable the firewall. You must approve anything that disables your firewall, even when you initiate that action yourself. From a security perspective, there’s a sound argument to be made for more than one pop-up, since most software products are made up of multiple modules that might be selectively turned off to create specific vulnerabilities. But a dozen pop-ups is well beyond the tolerable level in my book.

In another instance, when I directed Windows to install a single Windows Update patch, I was immediately faced with a pop-up — an acceptable experience. I did everything I could in that first prompt window to make Comodo trust the process that was running. But the software firewall nevertheless prompted me with 11 additional pop-ups before that one patch was installed. Windows Update (update.exe) should be a trusted app. I realize that the executable might be spoofed, but if a user validates it, Comodo should learn to be quiet after that trust is confirmed — without having to figure out Install Mode.

It may sound counterintuitive that I’m preferring a balance of usability and security over pedal-to-the-metal security. There’s an important reason for that: When pop-ups are too repetitive or too frequent, it’s only human nature for a large segment of the user base to start ignoring them. That behavior leads to a severe loss of security.

Software Quality

The build of Comodo I tested to wrap up this review, 3.0.20.320, has benefitted from the the long series of bug-fix updates since 3.0 was introduced. According to the company, most of the initial incremental updates were aimed at solving unexpected problems when running Comodo 3 on Vista, support for which was added for the first time in Comodo 3. But many Scot’s Newsletter Blog readers who use Windows XP also emailed me descriptions of problems with the first three incremental updates to Comodo 3.

Meanwhile, even though Comodo 2.4 was something of a cult favorite, it’s absolutely true that a wide range of people experienced significant trouble with that firewall too. So for a period of time, Comodo users were stuck between a rock and a hard place. Many of them tried version 3 and returned to version 2.4. Others wrote me that they left for other firewalls. But the period of disturbance settled down, and I’m no longer receiving email after email with tales of woe.

What that tells me is that Comodo 3 is a good firewall product, potentially a great one, that quite possibly was shipped to end users without adequate QA testing. As is always the case with free, publicly available software, some early adopters were ill-equipped to handle the problems they encountered. Most of those issues appear to have been fixed now. Comodo 3 was also an ambitious release, and bugs happen. But this kind of management of a development process does not inspire confidence — especially when it’s the type of product that can wreak havoc on your computer.

If the Comodo team can focus on software quality, and if it can add additional functionality that pares back on pop-ups, future updates of Comodo 3 could improve the overall usability of the firewall markedly. Solid protection plus good usability is a winning combination. For now, Comodo 3 misses on the usability front — the main reason it has come in second in this review. But because Vista compatibility is a Comodo 3 strength, for the time being at least, it’s the firewall I recommend to Vista users.

The Top Dog: Online Armor 2.1

Online Armor was the late entrant in this evaluation. A bevy of readers suggested it last fall after Matousec gave it a 100% security rating in an earlier version of its test suite. (Comodo received the same top score.) Since I began testing it and calling for input on it, the most common sentiment I’ve heard from people who try it is: “I like it.” Even people who’ve had issues with it have said that. And that’s been my reaction too.

Online Armor’s user experience is on par with ZoneAlarm Free and Sunbelt Personal Firewall — the two firewalls I’ve pointed to in the past as having the best user interfaces in this field. It’s also a relatively young product that is being intensively developed by its makers. OA’s basic UI is very solid, very easy to figure out without help. But the simple interface sometimes lures you away from finding some of the power that lies beneath. OA relies a little too heavily on context menus for access to power features. As you use this product, try right-clicking things. Somewhere down the road Tall Emu should add a column to many of its config screens with a link reading something like “options” or “configure” that opens the context menu. That would be more discoverable. Still, this is a minor issue. All in all, I’m very happy with OA 2.1′s usability.

Several new features debuted in the significant Online Armor 2.1.0.85 update released February 19, 2008, including a resizable main program window, improved on-demand system scan, install mode, and multiple network detection and management.

Version 2.1.0.85 also added a useful convenience feature to the Run Safer capability of OA’s Program Guard. Run Safer let’s you force Internet-connected programs — such as your Web browser, email, and IM package — to run with reduced Windows user-account rights, giving you added protection from malware. The new feature is a context-menu item that lets you temporarily run a Run-Safer-restricted program in a normal (or admin-level) mode.

The OA facility called Autoruns (Startup Items), which gives you a user interface for managing and controlling applications and services that launch automatically on Windows boot, has also been extended to watch additional aspects of the operating system.

The firewall’s Computers tab offers a network-access monitor that shows all the computers connected to your machine via your network. Available details include IP address, MAC address, computer name, and gateway IP address. You can right-click any of the other computers you see and direct the firewall not to trust it.

Probably the most improved aspect of Online Armor beginning with its 2.1.0.85 version is the online-accessible database of program information, which Tall Emu calls OASIS (Online Armor Software Information Service). The company has committed additional resources to keeping this database updated. As it has grown and become more fleshed out over the past several weeks, OASIS has become more useful. The main benefit of the online app database is evident on OA pop-up windows that display the “More…” link. By clicking this link, you’ll get useful information that identifies the program or process that initiated the pop-up — which can be a big help in deciding whether to block or allow the action. You can also get this information by working the context menus in the Programs area, which displays all the programs on your system. And Tall Emu expects to surface this data in other ways too.

The single most important point of failure with most firewalls is user error — usually involving the wrong decision on a pop-up dialog. It’s absolutely essential for firewalls to help educate users about programs running on their PCs. The time has long since past when firewall makers could reasonably expect users to already possess the knowledge to make these decisions. So it was an excellent decision by Tall Emu to make this change.

Tall Emu offers this list of product features on its website that will help you get up to speed on the program. This list doesn’t cover some of the recent improvements.

Inspiring Trust

One of Online Armor’s very best attributes isn’t a feature or functionality; it’s the people behind the product. Tall Emu’s CEO, Mike Nash, is the most visible person behind OA. He posts frequently in the OA support forums. What’s especially impressive about the talk and actions emanating from Australia-based Tall Emu is a strong corporate culture that values communication, honesty, a willingness to talk openly about problems, a responsive attitude, open-mindedness, and respect. I’m not sure how to say this, but I trust Tall Emu to do the right thing. I can’t remember the last time I felt that way about a software company in the post-Microsoft-antitrust era.

Getting back to the tangible, for the last month or two I’ve been directly aware — from emails written to me by SNB readers, OA forum posts, and emails from Mike Nash — of two or three serious issues with the most recent major Online Armor release (initially 2.1.0.85). Most bugs happen to only a small percentage of the overall users of a software product. I didn’t experience any of these more notable issues — in fact, probably most people didn’t. The point I’m trying to get at is this: I’ve been impressed with the transparency and alacrity with which Tall Emu attacks and resolves such problems. This nastier class of bugs, the worst of which is an occasional but recurring crash of Windows Explorer, have all been identified and fixed. (The fix for the Windows Explorer bug is being tested and should be released shortly.)

No product is perfect, and that’s probably more true of software firewalls than many other types of software. Online Armor has bugs just like all of its competitors. It’s what happens when problems are identified that distinguishes development teams. What I’ve seen from Tall Emu is that they do it the right way.

Parting Thoughts

What about the free version of Online Armor? It’s very good. The most important aspects of firewall and HIPS protection are in there. But the paid version offers several additional security layers that are easily worth the $39.95 price of admission.

There’s also a somewhat controversial limitation of the free version: It doesn’t automatically update with new versions of Online Armor. In other words, to install a new version of Online Armor Free you must uninstall the old version and then install the new version. No big deal you say? Not quite. That also means you should go through the initial setup wizard and then, to get through all the pain, launch and trust your most-often-used applications.

Online Armor (paid) can automatically download and install version updates. So, yes, this is something Tall Emu has done purposely to incent you to pay for the full version.

This decade has seen a dramatic rise of free software, but people don’t dedicate themselves full-time to a project like Online Armor without having to eat and do other expensive things. I urge all those of you who can afford the $40 to pay it — in fact, I urge you pay for all the “free” programs you use regularly.

Finally, for Vista users, a new version of Online Armor developed for Vista is very close to being released in an initial public beta test. It could take a couple of months, or longer, for Tall Emu to work through the bugs and deliver a final Vista version. As I wrote earlier in this story, use Comodo until then. When Online Armor for Vista ships, I will give it a look and post something about it.

Online Armor 2.1 .0.112 (the paid version) is the best firewall I’ve ever tested, offering a blend of usability and hard-wired security that’s near-ideal for maximizing protection and ensuring a good user experience. A great firewall doesn’t have to be, and shouldn’t be, a chore to use. Online Armor isn’t.

A year and a half after launching this quest, naming OA the Best Firewall Software of 2008 came naturally. The very best products have a way of standing out.

Here’s the list of new features in OA 2.1.0.85 as published in the Online Armor forums:

General
- Resizeable GUI
- Remove Spamshield
- Multiple Desktop Support
- Fixed bug with uninstall protection
- Added hotkeys disable option
- Autoruns Enhancement – The scope of protection has been significantly enhanced in Online Armor – (Thanks to Tony Klein)
- Additional scan during SCW added (folders where start menu items reside).

Safety Check Wizard
- Realtime update during Safety Check Wizard
- Faster Saving
- Deeper, more thorough scan

OASIS
OASIS (Online Armor Software Information Service) has been significantly updated. OASIS is our files database and in previous versions of Online Armor it was woefully out of date because it relied almost completely on manual effort – including updating the servers. OASIS2 provides the users with this data whether or not the file has been assessed, information about what the program does, how many users have seen it and some information about what it does. This is accessible as a search on the website (all users).

When a program runs that is unknown – you can click the “more” button to get the OASIS results for it. This might help the user decide what to do as it provides aggregate information about what the other users did.
You can also right click inside programs —> File Information —> More to get information out of OASIS.

Firewall
Optimized Performance for Torrents – users complained that when using bittorrent, firewall processing created slowdowns. This issue has been comprehensively corrected. You should not see slowdowns caused by Online Armor Firewall.

Automatic Network Identification(Interfaces) – previously all interfaces were lumped in as one. Now, OA will allow interfaces to be selectively trusted/not trusted. This caters for the case of the road warrior that may plug into trusted/public networks. This now also includes VPN interfaces.

Computers Tab – Computers on the network are automatically detected and listed. It is possible to override on a computer by computer basis the trust status. For example, you could have an untrusted network – with two computers plugged into it that you trust. (or vice versa)

Manage Windows Firewall during OA Install – If the windows firewall is active, it will be disabled. If Online Armor firewall is removed, Windows Firewall will be reactivated.

- Added firewall log viewer
- Block network connection on boot (optional)
- Firewall Logs are defaulted to “Off”
- Bug fix: ICMP traffic is now blockable per application

Program Guard
- Install Mode added
- Allow blocking of trusted programs

Run Safer: Added the ability for the user “Safer” program normally, or a normal program “Safer” from inside program guard (rather than have them force the setting change, if for example, they want to use a program temporarily with admin rights)

CPU limiter added to control runaway processes; CPU Affinity control to show which processor a program may use.

For the time being you have to manually download the new version instead of using the automatic-update facility in the program. It’s not connected to Tall Emu’s auto-update server because of an issue they’re working on that, according to ceo Mike Nash, should be corrected in a day or two.

But not this one. While I need more time with the SP1 code, my first few days with the final version of Vista’s first service pack were, well, underwhelming. The one thing that I can definitively say at this point is that if you secretly installed Vista SP1 on a friend’s PC while he or she was out to lunch, 9 out of 10 friends wouldn’t have a clue when they came back.

Perhaps the biggest change to Vista that comes out of SP1 is the elimination of the anti-piracy mechanism the press has dubbed the “Kill switch” and that Microsoft termed “Reduced Functionality Mode.” Whatever you call it, it was designed to automatically render a Vista installation all but unusable if Vista’s Software Protection Platform (anti-piracy protection) software deems that copy of Vista to be pirated. For more information on the Vista Kill Switch and how it worked in the original version of Vista, please see this Computerworld story, The Skinny on Windows SPP and Reduced Functionality in Vista.

I started testing Vista SP1 with the initial beta, released early last fall. And I’ll continue to work with it to see what I can see. The software is supposedly not going to be generally available for another five weeks or so.

One of the ironies for Microsoft and Vista users is that SP1 of any version of Windows usually makes the driver pack usable for most people. But in testing SP1, Microsoft discovered that some drivers installed in a specific way (I’m guessing on drives built by OEM PC makers), there are conflicts with SP1. So, according to Microsoft, the drivers are in most cases OK, but they may need to be reinstalled after you install SP1. (For more information from Microsoft’s Mike Nash, see this Windows Vista Team Blog post.

In my tests with two pre-existing Vista installations (I haven’t clean installed SP1 yet), there were zero installation problems. My driver problems were no better or worse than prior to installing Vista SP1. Some of my Vista machines still don’t have proper Vista drivers from their manufacturers. But’s that’s not Microsoft’s fault — at least, not directly.

As I said up top, installing Vista SP1 has been like a non-event for me. Perhaps I’ll notice actual differences in real-world use as more time goes by.

If you want to get up to speed on Vista SP1, Computerworld’s coverage from Windows Editor and blogger Preston Gralla and reporters Eric Lai and Gregg Keizer have been excellent. Preston has been testing SP1 for performance and other aspects. Here are some links I recommend you check out:

• Slowing Down Vista with SP1
• All of Preston Gralla’s Vista SP1 Coverage
• Analysis: Driver Problems Still Haunting Vista
• Vista’s Driver Ills Aren’t Just Microsoft’s Fault
• FAQ: Vista SP1 Is Ready — Or Is It?
• FAQ: Vista’s SP1 Semi-secrets

In the Jan. 20th post, I explained that because Comodo 3′s “Basic Firewall” installation option does not offer full-fledged leak protection, and because my first impressions of Basic Firewall’s user-interface were favorable, I needed to make a statement to my readers that:

a) Comodo 3 Basic Firewall installation mode is no longer under consideration in my review (see my firewall review criteria).

b) My recommendation would be to use Comodo 3 Advanced or some other software firewall (such as Online Armor, the only other software firewall I’ve had a favorable reaction to).

At the urgent request of Comodo’s marketing department, I even made some tweaks early today to the Jan. 20th post to make doubly sure that people would understand I was talking about one mode of Comodo 3, not the entire product.

Abdulhayoglu took me to task for everything from my terminology to my advice to SNB readers to my understanding of what his company has communicated to me over the last week. Nothing he writes in his diatribe changes my mind one iota about my recommendation to my readers. Do not use Comodo 3 Basic Firewall. It does not provide leak protection. The Advanced installation mode does offer leak protection, which helps protect you from threats that might, for example, cause your personal data to be accessed.

Now, as to the facts. Abdulhayoglu claims that I misunderstood information that Comodo imparted to me. Well here is that information, which was written by Comodo senior research scientist Egemen Tas and relayed to me in a lead-up email prior to our meeting last Thursday by Comodo vice president of marketing Judy Shapiro:

CFP 3 BASIC vs CFP 2.4

CFP 3 BASIC New Features
—————————————–
1 – CFP 3 consumes 2/3 of the memory of 2.4(7 MB vs 22 MB), consumes less CPU time
2 – CFP 3 has many user interface enhancements over 2.4
3 – CFP 3 introduces Predefined Rule Sets(e.g. Email Clients/Web Browsers etc)
4 – CFP 3 does not require the users to create manual firewall rules. For example, to make CFP 2.4 work with P2P applications (to get a high ID), the users had to create network security rules. CFP 3 shows popup alerts for incoming connections (CFP 2.4 did not have this functionality)
5 – CFP 3 has the defense against Layer 2 attacks (ARP spoofing)
6 – CFP 3 rules interface is much more flexible and powerful
7 – CFP 3 has a unique feature called “application grouping” i.e. File Groups. For example in CFP 3, more than one applications can be grouped together and treated as 1 application. For example: “Windows System Applications” etc. And CFP 3 supports wildcard characters and environment variables (e.g. %windir%, *, ?)
8 – CFP 3 automatically detects the new networks and can create a trusted zones on the fly
9 – CFP 3 has a Training mode for GAMERS and GAMING friendly
10 – CFP 3 BASIC can detect 70%(According to our local analysis) of unknown viruses with a unique static heuristic analysis algorithm. This is not related to Defense+ or any behavior analysis. When an application tries to connect the internet, CFP FIREWALL alert can show a clear virus warning.
11 – CFP 3 supports Vista and x64 processors
12 – CFP 3 current does not have an Anti-Leak mode similar to CFP 2.4. If Defense+ is disabled, unless it is detected as a virus, leaking is possible.(3.1 or 3.2 will have an anti leak mode)
13 – CFP 3 has a blocked IP addresses/hosts list e.g. spyware sites etc(My Blocked Network Zones)
14 – CFP 3 has 1-Click stop all activities feature.
CFP 2.4 does not have a hips i.e. does not prevent the harm however it can detect known leak techniques and show an alert if there is an internet connection attempt.

There are some user transparent features in CFP 3:

1 – A new enterprise strength stateful inspection engine,
2 – It can be managed remotely
3 – It performs stateful layer 2 inspection
4 – It detects routers, switches and optimizes MTU in slow networks

I asked Shapiro for a clarification on point #12 above. Here is her response from Monday of last week:

As far your question around whether 3.0 “Basic” is less “protective” . Not sure how to answer that. 3.0 is meant o run with Defense + running but it would be accurate to say that Defense + module is needed to protect against “leaks”

Abdulhayoglu, in his forum post, never directly comes out and admits that Comodo 3 Basic Firewall doesn’t have anti-leak protection. That’s part of the problem! My readers weren’t aware that this was the case because I wasn’t aware until SNB commenters drew my attention to it. I then asked Comodo for verification of that fact — and got it.

At this writing, I am unable to find a document on the Comodo Web site that provides a features/functionality comparison of Comodo 2.4, Comodo 3.0 Basic Firewall, and Comodo 3.0 Advanced. Without that information, Comodo’s users are left to guess.

My concern was that my readers might guess that they had protection with Comodo 3 Basic Firewall that they do not, in fact, have. So I moved to make that point clear. I just wish I had made the point sooner.

My only responsibilities are to the interests of my readers and to being as accurate as I can be. I believe I’ve met both goals.

– Scot

Added on January 23, a picture of the Comodo 3 installation screen that offers the choice between the Advanced Firewall and the Basic Firewall:

Note: This story has been updated for clarity on 1/22/2008 and 2/2/2008. Nothing has changed about my recommendation.

Because I have written in the recent past with an initially positive reaction to Comodo 3′s “Basic Firewall” installation option, I am honor-bound to post this quick message.

I have learned directly from Comodo executives that the Basic Firewall installation option of Comodo 3 offers only marginal outbound leak protection, not up to the levels of Comodo 2.4 or 3.0. The company may add that protection in a future version of Comodo 3.x. The Basic Firewall option turns off Comodo 3′s Defense+ HIPS module (which constitutes the “Advanced” default installation mode). Defense+ provides the leak protection for Comodo 3.

The previous generation of Comodo, version 2.4, provided anti-leak protection without the new HIPS module.

Not only does this mean that Comodo 3′s optional Basic Firewall mode is no longer a contender in this blog’s firewall evaluation, but if you’re relying on the Basic Firewall mode of Comodo 3 for your firewall protection, you should stop doing so. Windows XP users should switch to Online Armor Free version 2.1.0.31 (or newer) and Vista users should uninstall Comodo 3 and reinstall it, choosing the “Advanced” installation option.

[Note: Since I wrote that last sentence, Comodo has pointed out that you don’t have to uninstall and reinstall Comodo to switch to the Advanced mode but can instead do so by turning on the Defense+ HIPS module. The steps for making the change aren't immediately obvious, however, so here's how to do it: Open the Comodo 3 program window. Click the Defense+ icon near its upper right corner. On the left side of the window, click the Advanced button. Click the the last icon, Defense+ Settings. At the bottom of the next configuration screen, remove the check in the box beside "Deactivate the Defense+ permanently." Comodo will prompt you to restart your computer. You must do so to enable full protection.]

Comodo 3′s “Advanced” default installation mode remains under consideration in my ongoing software firewall evaluation process.

More details will follow in the near future.

– Scot

• Very low system overhead with a strong preference for standalone software — no full-blown security suites
• Full compatibility with popular third-party standalone software from other security application categories
• Excellent outbound security protection, as pre-screened by Matousec.com
• Simple, informative, and highly usable user interface
• Reliability
• Works quietly, alerts you when there are real problems not for the heck of it
• Strong, responsive development team behind the product that is actively developing the product in a rational manner
• A feature that lets users rapidly shutdown all inbound and outbound activity
• Protects but doesn’t cause intermittent problems with Windows local-area network functionality.

Another specification is that the firewall support Windows XP (at least) and Windows Vista. (At the moment, Online Armor does not support Vista. Tall Emu plans to add that support in a forthcoming though possibly not imminent release.)

This post is a sneak peek into my current testing and research on software firewalls for Windows since I last wrote about this topic six weeks ago. In that article, I admitted Online Armor as a last-minute entry into the comparison to give Comodo 3 one last run for the money.

Over the last month and a half, I have received scores of helpful messages from Scot’s Newsletter readers detailing their experiences with Online Armor 2 and Comodo 3. I have also tested the paid version of Online Armor. My research has not concluded yet. I’m waiting for the next version of Online Armor because of a handful of issues with the product (installation mode doesn’t work that well and the documentation for the paid version is very spotty). Overall, however, people testing Online Armor who’ve written to me about it are very positive about it. Few people are reporting serious problems. The same cannot be said for Comodo 3, whose makers have released three or more iterations of Comodo 3 because of several bugs, crashes, and errors.

When you install Comodo 3 in its Basic Firewall installation mode — which doesn’t install the HIPS (host-intrusion-prevention system) — it’s a much more reliable and usable product. But it’s also potentially less protective than Online Armor’s built-in HIPS protection. I’m also beginning to become disillusioned with Comodo’s approach to software development. The company culture appears to favor hurry and time to market over testing and polish. I realize the product is entirely free. But when you experience a serious problem as some people have with Comodo 3, it becomes your time and frustration.

I have to stress the point that I have not had trouble with Comodo 3. It works pretty well for me (except for a bug related to its Help facility that caused a crash in the first release of Comodo 3). But I have had numerous emails from readers about their problems with Comodo 3. Many of those people have gone back to Comodo 2.4 or switched to some other firewall.

So, at this juncture, I’m leaning toward Online Armor, which has been 100% trouble free for me. I still have to perform security tests on Online Armor. Plus I need more time with it. And I’m waiting for an update to the product to see whether a few areas improve. Online Armor is a relatively young product. Its makers are still adding significant new functionality.

I’m still looking for your input on the latest versions of these two products. If you’re using Comodo 3 or Online Armor 3 (or both), please take a moment to send me your experiences, positive or negative, with the two software firewalls:

• My Online Armor 2 Experiences
• My Comodo 3 Experiences

Or you can post them right here as a comment to this blog entry.

Stay tuned for a final software firewall recommendation. For more information on Windows software firewalls, check out the entire software firewall evaluation series.

However, my preliminary impression of Nod32 3.0, also contained in ESS, was quite positive. That product is available as a standalone upgrade to Nod32 2.7 for $40 (one user, one year).

I have not had a chance to fully test the 3.0 standalone product yet. I’ve been focused on the firewalls. But testing Nod32 3.0 is very high on my list. From my look at the ESS beta, I don’t anticipate any serious criticism of Nod32 3.0. I like the UI a little better. I didn’t see anything I didn’t like. I didn’t have any problems with it. But I still have to test it fully to be sure. I’ll be looking at it on both Vista and XP.

I don’t write final security reviews before I’m sure about a product. So depending on the complexities I encounter when I test Nod32 v.3, it could be four to eight weeks before I give you a definitive answer.

If you’re forced to make a decision before that, I would currently characterize Nod32 3.0 as a good bet. And, again, I would recommend separate firewall and antispam solutions instead of ESS.

If you’re using Nod32 3.0, I would be interested in your experiences with and impressions of it. Please send your thoughts to me. Thanks!

Alternatively, you can also post your experiences as a comment to this post if you prefer.

1. There aren’t many good software firewalls out there right now.

2. My focus has been on outbound protection, since anyone sitting behind a firewall router has very good inbound protection.

Although I’ll be running tests on the final round of firewalls, I’ve been relying on the independent security software site, Matousec.com Firewall Ratings, to help winnow out the less impressive products. In recent testing, Matousec has named two new software firewalls “Excellent,” Agnitum’s Outpost Firewall Pro 2008 version 6.0 (a suite product that doesn’t quite fit the target profile of this ongoing review) and a little-known freeware product called Online Armor Personal Firewall v.2 by Tall Emu.

First Run of Online Armor v2.1.0.31

Online Armor Personal Firewall comes in a limited free version, a $39.95 paid version, and a $69.95 OA firewall plus Kaspersky antivirus engine version. (For more information on what each version of OA offers, see Tall Emu’s Online Armor comparison chart.) Tall Emu’s pricing offers both multiple licenses and multiple years of upgrades.

The free version of Online Armor aced the Matousec leak tests — blocking every leak Matousec threw it in its default configuration. So even though its a “limited” free firewall, it’s still a very useful product. Upgrading to the paid version adds 11 major features, including much better keylogger protection, DNS spoofing protection, phishing filter, and Web shield.

The free firewall focuses on two main areas: firewall and application control. It also minds startup programs and services, IE add-ons, and HOSTS file. The UI is simple and effective (Comodo could learn a thing or two). Online Armor is literally a joy to use. But the best part is that, for me, at any rate, it’s been extremely quiet. I’ve seen only about five pop-ups in about 10 hours of direct use. The product has been running on one of my test machines for about two weeks.

Online Armor has a very good chance of waltzing in and stealing top honors as the Scot’s Newsletter Best Software Firewall of 2008. But I need your help. If you’ve used this product, or if you use it after reading about it here, please take a few moments to send me a description of your experiences. Be sure to let me know whether you’re using the paid or free version. Please note, also: The current version is 2.1.0.31. Tall Emu has continued to squeeze bugs out of its product as they’ve been identified. Each time it squashes one, it releases a new minor version. So if you’ve run into problems before, you should download the latest version, uninstall your previous version of OA, and install the new version.

It’s pretty difficult to find much to complain about with Online Armor. But there are two issues that Tall Emu should address in future versions of the product (based on my use of the free version):

1. Because the Online Armor program window is fixed in size, when you look at the log listings screens, you’re not able to widen the window to read the details but are, instead, forced to scroll side to side.

2. Online Armor lacks the ability to automatically detect, name, and save LANs by location the way ZoneAlarm and Comodo do. I’ve said in the past that all software firewalls need this feature. So far, though, Online Armor has not interfered at all with my networking functionality, unlike so many other firewalls.

Lastly, it should be noted that Online Armor supports Windows NT/2000/XP but not Vista yet.

In the near future, I’ll test and report on the paid version of Online Armor.

Comodo 3 Hits the Streets

Meanwhile, Comodo finally released its free Comodo Personal Firewall v3. This new version has been out less than a week.

Visible for the first time late in the beta cycle, the Comodo engineering team added a wrinkle to version 3.0 that makes it like two programs in one. There’s a much simpler “Basic Firewall” installation option that eliminates the host-intrusion-prevention system (HIPS). By choosing this option, you disable the malware protection that Comodo offers, but in my tests the result was a nearly silent, well-behaved software firewall.

With its “Advanced” installation option in vogue, Comodo 3 adds the kind of protection used by business-class security products, though it’s probably not for average users. To make it easier to manage, the Comodo engineers added a predefined list of safe applications, with the ability for both you and Comodo to add to that list to make the product easier to use over time.

Comodo 3 is a major new version of the Comodo firewall product line. In addition to the HIPS module, the new version adds:

1. A clean PC mode that profiles all applications on your PC and registers them as safe, blocking others from installing without your approval.

2. An advanced network firewall engine that stops exposure of confidential data by stopping malicious programs from connecting to the Internet

3. Application-behavior analysis that detects suspicious activity before allowing Internet access.

4. Smart pop-alerts with multiple preset actions and an advice area.

5. A whitelist with one million trusted applications maintained by Comodo that cuts back on the number of pop-ups you’ll see related to the HIPS.

6. Support for 32-bit Windows XP and Vista as well as 64-bit Windows XP and Vista.

For more details on the Comodo 3 feature set, see this Comodo page.

I’ve been testing Comodo 3 for only a few days — not long enough yet to make a final pronouncement. In fact, I welcome your input on Comodo 3. Send me an email and let me know about your experiences. Be sure to let me know whether you opted for the Basic Firewall or Advanced (default) installation option.

In my testing so far, though, I’ve been very pleased with Comodo 3. The harsher experiences of the Comodo 3 betas have been largely eliminated in the final version of the product. I’m not seeing the blizzard of pop-ups that its predecessor, version 2.4, sometimes issued. The product is mostly well designed and easy to use.

Note: I have not yet tested Comodo’s outbound protection (something I plan to do in the next month or so), and Matousec has not tested it either. So the Comodo 3.0′s protection must be verified.

A Few Comodo 3 Shortcomings

In the early going, I did run into two separate problems with Comodo 3. I downloaded and installed Apple’s QuickTime and iTunes software, which apparently weren’t on the predefined whitelist of safe programs. I set them to be considered safe in Comodo, and then opted to upload them to the Comodo servers for the company’s analysis. For unknown reasons, every time Comodo attempted to send the files home, my Internet connection died and I received a network error message from Comodo.

Comodo contains a very simple wizard that automatically detects existing LANs and lets you name and save them, as well as giving you the option to be visible to all local networks. I’ve repeatedly suggested that all software firewall apps should work this way. Comodo does an excellent job of it. That’s why I know the network error was probably not caused by Comodo blocking the network. Both Internet access and file sharing on my local-area network worked perfectly.

After several hours during which Comodo repeatedly tried and failed to send the install files back home, I finally just deleted the chore to spare myself the interruption.

The other problem had to do with my FTP program, CuteFTP. When I initiated an FTP connection, a Comodo pop-up opened. I chose the option to treat CuteFTP like an “FTP program.” Seemed logically enough. Only problem was, CuteFTP was not able to connect with an FTP server. I had to manually create a rule to unblock CuteFTP at that point. There was no way (that I could find) to go back and change the “FTP program” security setting to something like “trusted application,” which is a bit more open setting. This example occurred both on the Basic and Advanced installations of Comodo 3.

Comodo 3 includes solid wizards called Define a Trusted Application and Define a Blocked Application, but it doesn’t offer you a way to see a list of blocked or trusted apps you’ve created in the past. So you can’t modify them. and the Network Security Policy module, buried in the Firewall > Advanced area, lets you see and modify all the previous decisions you’ve made in Comodo pop-up dialogs. This is a very important piece of functionality in Comodo 3. I’d like to see it become much more prominent, easier to use (too many clicks), and it should offer built-in help that makes it easier for people to revise their settings smartly.

One of the things I find frustrating about many software firewalls is that they provide you with detailed logs of blocked connections or exceptions, but there’s no way to act on these logged lists. Software firewalls need a UI structure that makes it easier for people to create, edit, and delete their own firewall rules. Comodo has the basics, but it doesn’t go far enough. Online Armor does a better job on that score.

[Note: Thanks to redr for the comment on this story that points out an error I had made. The strikethroughs in the two paragraphs above and some added text aim to correct my mistake. -- S.F.]

Where’s It All Headed?

The 11th-hour addition of Online Armor makes this comparo a two-horse race. My focus is now on making a decision between Online Armor and Comodo 3. My current instinct is that you’ll probably be in good stead with either option. Both products work fine with Nod32 v2.7, the product I’m currently recommending for antivirus/anti-malware protection. Interestingly, both of these firewalls also add anti-malware protection.

So I think we’re finally getting closer to a final decision. As soon as I verify that there are no widespread reliability or bugginess problems with either Online Armor and Comodo, and after I have run some security tests on them, I hope to announce a winner.

Footnote: I’ve looked at two new firewalls since I last wrote on this topic. In addition to Online Armor, I examined Webroot’s Webroot Desktop Firewall, which the company is currently offering for free. It’s a pretty nice product that Webroot apparently licensed from Privacyware, whose Privatefirewall 5.0 garnered “very good” scores in Matousec’s tests. Still, very good isn’t as good as excellent. Plus the UI in the Webroot product is good, but not great. So I’ve crossed the Webroot Desktop Firewall off the list.

A couple of days ago, Comodo released what some have dubbed Comodo 3.0 Beta 3 (version 3.0.9.229). With this new rendition of the code, for the first time you get the sense of what the company expects the user experience to be. The product relies heavily on user prompts to warn you of possible threatening actions, but you can tell it to remember your answers and make specific programs “trusted applications,” which effectively silences future prompts. The user experience is pretty good, overall, but it’s way too early to determine whether the product will perform without bugginess on some desktops.

I ran Comodo Beta 3 through the standard battery of outbound leaktests performed by sites like Firewall Leak Tester and Matousec, which I’ve referred you to many times in the past. Some of these tests really mean very little, but some are quite good. Like its predecessor, Comodo 2.4, the new 3.0 product offers excellent outbound protection — the factor that I’ve identified as the Holy Grail of this long-term review. (For more on the leaktests I’m using, see the ZoneAlarm review in More on Software Firewalls for Windows.) Comodo 3.0.9.229 passed every single test I threw at it.

It’s not time yet to do a full review on this product, which supports XP and Vista, but Comodo 3 is promising. Even so, there’s one aspect of the all-new Comodo I’m not in love with: the redesigned user controls, logs, and settings interface. It’s pretty, but not really well designed. It’s difficult to know whether items you’re clicking into give you a way to configure or just a window for viewing historical data. I’d like a single place to review the decisions I’ve made about specific programs. While your actions are recorded, there’s no place to review and change them. Seems like something this product definitely needs.

The addition of the HIPS technology (host intrusion prevention system) adds a layer of defense without overly complicating the operation of the software firewall. That’s a key advantage of Comodo 3. But the extra layer of protections and settings does make for a far more complex set of controls and settings dialogs. It’s easy to get lost in Comodo 3′s rabbit warren of options.

Although I don’t have the latest word from Comodo yet, judging from this version of the product, the company is six to eight weeks away from shipping Comodo 3. There are still a few missing features. With security software, I like to see it ship before I recommend it. So hang in there. It may be a few more months before I can tell you whether to adopt this firewall.

If you’re thinking about testing Comodo 3.0.9.229 too, be sure to uninstall any previous software on your system before installing this one — including Comodo 2.4 or any of the Comodo 3 betas. After you install it and reboot it, the best way to train it is to launch every program installed on your system that you use regularly, one after the other, making selections in Comod’s pop-up prompts. Definitely use the Remember check box, and setting programs you use frequently as trusted applications (from the drop-down menu) will eliminate future Comodo pop-ups.

Once you’ve had a chance to try it out, send me a note about your experiences. This is a beta product, so you may run into bugs and issues. Making a backup of your entire drive before you install beta software is always a shrewd thing to do.

Eset’s Firewall — and Updated Nod32 Antivirus Program
Meanwhile, the Best Antivirus Product of 2007, as named by yours truly, Eset’s Nod32 2.7, is being reworked by the company into a new 3.0 version. Eset has two flavors of its new product line: the antivirus/anti-malware-only product and the new Eset Smart Security, a suite product that adds a firewall and an antispam option.

I’ll be retesting Eset’s forthcoming Nod32 3.0 when it finally ships. My initial impressions are quite positive. For now, Scot’s Newsletter continues to recommend Nod32 2.7.

But I’ve made a decision in the opposite direction about Eset Smart Security suite. Take a pass on this one. The firewall seems very pedestrian; it’s able to handle only three of the leaktests on my list of 17. And what’s with the antispam module? That doesn’t belong in a package like this. The best thing about Eset Smart Security is Nod32 3.0 and the fact that you can turn the other two modules off.

What If?
So, where does that leave things? If Comodo 3 winds up having issues, we’ll be back at square one. And what that should mean for you is a solid hardware firewall/router just behind your connection to the Internet with WPA Personal encryption for any wireless networking you have on your network. For more information about the hardware side of the equation, please see Kicking Off a Software Firewall Comparo from June of 2006. Many experienced users are content with this level of protection.

Previous Installments in the Software Firewall Series:

• Windows Software Firewalls Evaluation Rolls On (September 2007)
• Twists and Turns on the Road to the Best Software Firewall (July 2007)
• Review Roundup: Slim Is in for Windows Desktop Firewalls (June 2007)
• More on Software Firewalls for Windows (June 2007)
• Update: Software Firewalls for Windows XP (April 2007)
• Kicking off a Software Firewall Comparo (Sept. 2006)

I stopped short of naming Comodo Free Firewall 2.4 the Best Software Firewall of 2007 in the last issue of the newsletter because several SFNL readers reported issues they’re having with Comodo. I asked readers last time to send me their experiences with Comodo, and thank you, many of you did just that.

The results of that little exercise were interesting. Many people are having no issues with Comodo’s 2.4 firewall. That included me at my last writing on this subject. Since then, I have had some of the problems others describe on one of the now five Comodo installations I’ve been testing. Not the worst of the problems, mind you. But at least I’m no longer totally in the dark. And I’ve also worked with two or three SFNL readers to the point that I’m satisfied that their reconfiguration of the product isn’t causing the symptoms they’re having.

There are three different problems with Comodo 2.4 reported by sufficient numbers of readers (also posted elsewhere on the Internet) to make me think they are actual bugs:

1. Comodo forgets user inputs in user permission pop-up boxes. Comodo offers a “remember this” check box, but checking the box doesn’t appear to work.

2. Comodo throws off a blizzard of user-permission pop-ups — so many pop-ups that most users don’t even last 24 hours before uninstalling Comodo.

3. User’s system slows down dramatically after install.

The only problem I’ve seen personally is the first one, and only very recently. I was able to make the second problem occur by making a settings change to Comodo away from the default setting. If you’re seeing a blizzard of Comodo pop-ups, try making this change:

Click the Security button along the top of the Comodo program. Then click Advanced on the left. Then click Miscellaneous on the bottom. A dialog box will open. Set the Alert Frequency Level to Low. That’s the default setting.

A large percentage of the people who’ve written to me to complain about Comodo 2.4 will see significant improvement of the user experience with this step. About the first problem, though, the only suggestion I can make is to uninstall and reinstall the product.

At the end of July, I interviewed Comodo’s president and CEO, Melih Abdulhayoglu, and senior research scientist Egemen Tas. This is a pretty rare thing, but they readily admitted that some Comodo 2.4 users are experiencing the first two problems described above. Instead of trying to fix version 2.4, they said that version 3 (under development now and currently projected to be released in October) has been entirely rearchitected so that these problems won’t reoccur.

The strategy Comodo is employing for version 3 to block malware is different from any other product I’m aware of. Comodo 3 adds a host-intrusion prevention system (HIPS). If you’ve ever tried a HIPS, you probably know that on the desktop, such a system would probably add pop-ups and warnings. To make it easier to work with, Comodo is adding two features — whitelist and program profiling — that when combined should eliminate many pop-ups and warnings. Comodo 3 will be able to online updated with new information to support these features, and presumably users will be able to add their own intelligence about accepted program behaviors.

I’m not 100% convinced about this strategy, but I’ve decided to look at version 3 before I come to a decision. An early look at the first beta of Comodo 3 shows that the program has been heavily upgraded. But since the whitelist and profiling features haven’t been added yet, the product is all but unusable.

Meanwhile, Eset recently released Eset Smart Security Beta 2, which combines Nod32 with a new lightweight software firewall and an anti-spam tool. Beta 2 adds direct support for Outlook Express, in addition to Outlook. I have not had a chance to test Beta 2, but this suite — which did not do well in my leak testing of an earlier beta — is still a possible contender for me.

Previous Installments in the Software Firewall Series:

• Twists and Turns on the Road to the Best Software Firewall (July 2007)
• Review Roundup: Slim Is in for Windows Desktop Firewalls (June 2007)
• More on Software Firewalls for Windows (June 2007)
• Update: Software Firewalls for Windows XP (April 2007)
• Kicking off a Software Firewall Comparo (Sept. 2006)

For those of you new to the saga, you’ll need to catch up with the rest of us by reading (or at least scanning) these previous articles:

• More on Software Firewalls for Windows(June 2007)
• Update: Software Firewalls for Windows XP (April 2007)
• Kicking off a Software Firewall Comparo (Sept. 2006)

Or, to get an up-to-date story that covers the bases of the three links above, including updated information, see this Computerworld story: Review Roundup: Slim Is in for Windows Desktop Firewalls (June 2007).

With that bit of housekeeping out of the way, on to the twists and turns.

Eset Smart Security Not So Stellar
Admittedly, I’m testing Beta 1b of Eset Smart Security, and rumor has it that Beta 2 is due out shortly. But I recently conducted a FirewallLeakTester.com-style leak test of Eset Smart Security, and the results weren’t good. For more information on the set of leak tests I used, please see my review of the free version of ZoneAlarm 7.0.337 in the last issue of the newsletter.

Eset Smart Security Beta 1b passed only two of the 17 off-the-shelf leak tests I ran on it — a very poor score. ZoneAlarm free, for example, scored five of 16 tests. Comodo 2.4, the best firewall according to the Matousec leak tests, passed 24 of 26 tests with its default settings; it passed them all after reconfiguration of the firewall.

I suspect that Eset is relying on its suite’s Nod32 anti-malware module to protect its customers from personal/financial information harvesting and Trojan malware. Indeed, in order to test the Eset firewall, I was forced to disable Nod32. There was no way to even copy the small leak test programs on the Windows desktop (or anywhere) on my test PC without Nod32 interrupting and automatically deleting those files. Eset is attacking the problem in another way. And it may, in fact, be the right way.

A couple of weeks back, I had a long talk with Symantec’s Tom Powledge, the product marketing manager in charge of Norton Internet Security, Norton 360, Norton AntiBot, Norton SystemWorks, and Norton AntiVirus. While he wasn’t directly referring to Eset’s product, he described functionality in the latest version of Norton Personal Firewall, Norton 360, and Norton Internet Security that also goes about protecting your computer from data-harvesting malware that requires very little input from users and is not dependent on the firewall. Both companies are heavily employing heuristics-based techniques for identifying and rapidly stopping the execution of malware products on your computer.

Powledge believes, in fact, that outbound leak testing is fairly useless. He believes that many firewall software makers game the system by adding code for the specific tests. The thinking goes — and I don’t disagree with it — that the firewall is not the right tool for blocking this type of threat. This is why Norton is now offering Norton AntiBot, and its suite products have several ID theft measures. I have pledged to myself to test both Norton Personal Firewall 2008 (when it comes out this fall) and Norton 360 (again). Norton 360 doesn’t meet the requirements I’ve set for either Best Antivirus or Best Firewall products. But it’s Symantec’s attempt to reduce the system footprint of its security suite. I looked at it in beta only, so now I’ll look at the shipping product.

There can be no doubt that antivirus and anti-malware technologies have merged. There’s becoming less and less need to run separate signature-based file-scanning engines for viruses and spyware. That’s especially the case if the security products are actively employing behavioral-based techniques for finding and eradicating all types of malware.

Bottom line: I’m testing firewalls at a time when it appears that the need for outbound protection has never been stronger, but also, when the thinking about how to add that layer of protection is changing, perhaps profoundly.

On the other hand, if you’re going to have a software firewall running on your system, wouldn’t you rather have one that stopped as many illicit outbound connections as possible? Matousec’s test methodology is hyperaware of firewalls that may be attempting to game the system. The security agency runs a test called FPR (Fake Protection Revealer) that attempts to ferret out custom coding to specific leak tests. They have publicly named names of companies whose products appear to be doing that based on their test data.

Check out this info Matousec provides about issues with specific firewall products.

In the end, security is about layers of protection. I’ll admit that my money has long been on heuristic (behavioral) based techniques employed in combination with signature-based identification of malware as the guts of the best security products of the future. But heuristics technology still has a way to go before it can cover all bases. And the threat keeps morphing. In the meantime, and possibly for the long run, I want the best firewall I can get.

The Plot Thickens Around Comodo
Apparently, not everyone is having as great an experience with Comodo 2.4 as I am. I’m running it on three test machines, including on the Parallels-based Windows XP that runs on my everyday Mac. I’m having no problems at all. It’s working like I want it to, and I see pop-ups very infrequently. And when they do appear, they make sense.

Since the 2.4 release, though, I have received a handful of messages from Scot’s Newsletter readers describing problems with Comodo that caused them to remove it from their computers. Bruce Marien was one of the readers who wrote in. Here’s how Bruce described the problem on his PC:

“My problems arose after only a few days of use. I noticed that Comodo didn’t seem to remember responses I clicked in the pop-up windows (something you mentioned having been problematic in an earlier version of Comodo). Then I started losing Internet connectivity. My cable modem company’s diagnostic tool flagged my system as having changed from dynamic to static access. Running the diagnostic tool’s repair function did correct the issue temporarily, but it always came back. Other times the diagnosis was corruption in my TCP stack and it was unable to effect a repair. At that point, the only fix was to reboot the cable modem and my computer. This got old fast and I uninstalled Comodo.”

Bruce is not alone in having difficulty with Comodo. Lockergnome’s Ron Schenone blogged about similar problems with Comodo last December.

Other people are reporting issues with pop-ups. I had the same problems with an earlier version of Comodo, but since the release of Comodo version 2.4, those woes have been purely a thing of the past for me. SFNL reader Ernie Marshburn is having this problem, and this is how he describes it:

“Comodo’s protection level is fine but I am constantly pinged with pop-up messages about authorizing applications, mostly Outlook. More annoyingly, many of the messages have multiple screens, which I guess must be checked individually. If this were only the first instance when I was being asked, it wouldn’t bother me. But the exact same messages reappear frequently and, it seems, at random — without any apparent relationship to what’s actually happening on the computer.”

In a later message, Ernie specifically mentions multiple repeat Comodo pop-ups related to Outlook, IE, Acrobat, ccApp (a Norton AntiVirus subroutine), and Microsoft Word.

I have to agree with Ernie that the way Comodo gangs up multiple pop-ups in a single window that you step through like a wizard is less convenient than it might be and also might be missed by some people. While it does cut down on the apparent number of pop-ups, you still have to step through each separate message and click the checkbox so that the program will “remember” your answer. Is it possible some people don’t realize that they have to do that? I suppose so; on the other hand, Ernie got that.

More likely, however, is another explanation. There’s a setting in Comodo’s Security > Advanced > Miscellaneous > Configure area that controls the level of pop-ups Comodo displays. By default, that setting is “low” in Comodo 2.4. It’s at least possible that some people are seeing a blizzard of pop-ups because they either changed this setting to “high” or upgraded a pre-existing installation of Comodo that had a higher setting.

Just as this issue was getting ready to mail, Ernie found that the pop-ups level setting in his Comodo installation was set to “high.” Setting it to low helped considerably, although he’s still seeing more pop-ups than I am.

While writing this article, I installed Comodo on a fourth machine. And, again, by default the pop-ups are minimal. Some people are having issues, but many others are not. I’m interested in your firsthand experiences with the 2.4 version of Comodo. Please send me your thoughts in an email message.

It would help greatly if you could list for me the applications that the pop-ups are related to, as Ernie did.

Comodo 3.0 Is Close
I got an email from a Comodo marketing VP letting me know that Comodo 3 is about six weeks away from release. I don’t have much detail on the product, but some of the product features are listed on this Comodo Forums post.

The most notable changes are Windows Vista support (both 32 bit and 64 bit) and a host-intrusion-prevention system (HIPS) module — both of which should be welcome additions.

Reminder: This evaluation focuses on software firewalls for Windows XP SP2. More and more software firewalls are being updated to support Vista, but at the time that I started this work, not enough of them supported Vista to make that a useful endeavor.

Status of this Test
I continue to favor Comodo 2.4 as the likely winner of this evaluation. I have ruled out all of the other contenders. No other product has a similar compromise of excellent protection and decent ease of use. But I’d like to give it another few weeks to hear from people who may be having problems. Given that a new version of the product is coming out, I may also wait to at least test a beta or the final version.

During this interim period, if you’re making a firewall selection, my recommendation would be to select Comodo 2.4. It’s free, so if you don’t like it, you can back out of it.

The research for my ongoing series on software firewalls for Windows has entered an interesting phase since the last newsletter, in which I focused on Comodo, Jetico, and Kerio.

For one thing, a large number of readers responded with requests and suggestions. The suggestion I heard most frequently was: Please consider ZoneAlarm. (I also received some flames from misinformed ZoneAlarm fanatics, but that’s another story.) So, I’m starting this issue with a full test of ZoneAlarm.

Review: ZoneAlarm 7.0.337 Free Version
Last September, when I launched my search for a great lightweight, quiet, low-overhead software firewall, I left Check Point’s free ZoneAlarm software off the list. My primary security focus was outbound firewall protection. Testing from earlier last year by FirewallLeakTester.com showed that ZoneAlarm Pro offers excellent outbound software firewall protection, and the free version of ZoneAlarm — surprisingly — does not.

As it happens, Check Point has upgraded its free ZoneAlarm firewall from 6.1 to 7.0.337 since FirewallLeakTester conducted its March 2006 tests.

For the detailed results of the FirewallLeakTester tests, visit this page. (Scroll to the bottom of this page and click the “View Results” button.)

Because so many SFNL readers use the free ZoneAlarm, I decided to retest it fully using as much of FirewallLeakTester’s methodology as I could find on the site. At the time of the March 2006 test, FirewallLeakTester had 18 leak tests. There are 19 tests on the site now. One of the tests, Immunity, appears to have gone commercial and apparently did not allow FirewallLeakTester to continue to offer a download link to a free version. Newly added tests include the Comodo Parenting Injection Leak (CPIL) test and the PC Flank leak test. So 17 of the original tests are the same, and there are two new ones. In my tests, I was unable to make three of the tests work: Outbound, MBtest, and BreakOut. So that brings the number of available tests down to 16.

With that as a preamble, let me give you the results of my testing of ZoneAlarm 7.0.337. Check Point’s free firewall passed only 5 of 16 tests. ZoneAlarm Free 6.1 passed only 3 of 18 tests when FirewallLeakTester tried in in March 2006. You could say that it has improved marginally, but you’d be kidding yourself.

It’s important to note that ZoneAlarm Pro tests much better than free ZoneAlarm. In FirewallLeakTester’s tests, ZA Pro passed 14 out of 18 tests. I didn’t retest ZA Pro because it doesn’t meet my criteria of being small and lightweight. Also, many SFNL readers have complained that it has serious interoperability problems with other security products. ZA Pro includes an anti-spyware module, and there’s also anti-spam, identity theft, and a bunch of other protections that raise my hackles. I’m looking solely for lightweight firewall security. I rely on Eset’s Nod32 for anti-malware protection.

So, why does ZoneAlarm Pro test better than free ZoneAlarm? Well, I’ll tell you. Check Point wants you to spend some money on its products. If you look in the “Program Control” configuration area, you’ll find that the slider bar is limited to Medium protection. The High setting, which is specifically designed to protect your computer from “the abuse of trusted programs” (the precise thing that leak tests check for), is disabled. A note tells you that you have to upgrade to ZoneAlarm Pro to get that protection.

The moral of the story: If you’re concerned about your level of outbound protection from a software firewall, free ZoneAlarm is a bad way to go. If you don’t believe my tests, then please check out Matousec’s fully up-to-date set of leak tests. Matousec lists ZoneAlarm Free as “very poor.”

Keep in mind, even if your firewall passed all of the leak tests out there, that wouldn’t mean squat. There are many other spoofs and exploits that leak tests don’t check for. You want the best protection you can get — and 5 out of 16 tests doesn’t even come close.

I hope I’ve put to rest the question of why I omitted ZoneAlarm from my software firewall tests. Check Point could change my mind by making changes. And if it did that, I might very well opt for ZoneAlarm. But in the meantime, you should not be relying on the free ZoneAlarm firewall product.

What’s Good About ZA
I still love the ZoneAlarm user interface. (You never forget your first firewall, I guess.) It’s easy to configure and the controls make sense. You don’t get a blizzard of pop-ups, and the ones you get offer links to detailed information and recommendations about programs it detects. ZoneAlarm is the most evolved desktop software firewall product.

In putting the product through its paces, I set up a trusted zone for my network. ZoneAlarm still does this better than any software firewall competitor. Interestingly, I found that my Windows XP/Vista peer network ran much better with ZoneAlarm running and a trusted zone in place than it had before. As soon as I turned on the trusted zone, several nodes on my network popped up, one after another, in the Network Places folder. I generally experience intermittent balkiness with XP computers appearing in the network browse folder.

In using ZoneAlarm, the only annoyance was its incompatibility with Cisco’s VPN client software. ZoneAlarm “disables” the VPN client on installation, and while the Cisco client still runs, it just won’t connect. Since most desktop users aren’t able to choose the VPN they use, this seems like a bad decision to me. Check Point should get to the bottom of the problem and fix it, and not just assume that the user can get along without his or her VPN client.

All in all, I like ZoneAlarm. I always have. But the free version is defanged, and the Pro version comes with a lot of stuff that mucks up the works. ZoneAlarm doesn’t have the right stuff anymore.

Look ‘n’ Stop 2.06 Gets a Miss
Unfortunately, I’m crossing another one off the list. Look ‘n’ Stop offers good, basic, do-it-yourself security, and its new 2.06 version purportedly runs on Vista (I haven’t tested that claim). But this is one strange product that’s neither silent nor particularly confidence-inspiring.

I can boil down my big problem with Look ‘n’ Stop to this: After I installed it and ran a small handful of Internet clients, it caused my Windows XP computer to beep on the order of once per second for most of an hour. With each beep, the program was apparently announcing the appearance of yet another uploaded or downloaded filtered packet of data.

Look ‘n’ Stop appears to have been designed to give you this level of granular notification and control. And if you don’t have a life, and like to manage your software firewall this intimately, it may be the product for you. But I have better things to do. Much better. I finally had to turn off the sound on my computer. It was maddening after a while. Even after it got through its initial list, with the sound back on, I found that Look ‘n’ Stop would still issue a beep now and then, and, of course, any time I ran a new Internet client. Nothing is worth this kind of hassle.

I also had trouble creating a trusted zone for networking that would work properly. Though the UI exists for doing this, I got only partial network operation once I was done messing around with it. No software firewall should mess with my local-area networking without making it relatively easy to restore.

In a nutshell, I want protection and convenience. And other products already do a better job of this. Comodo, for example, while not being the ideal solution for convenience, is less noisy than either Jetico or Look ‘n’ Stop. The question is, does Comodo have the security? It appears to, but as I narrow down the list of contenders, I’ll shine more light on that question.

Eset’s Smart Security Suite Beta Is Intriguing
The late entrant in the race is Eset Smart Security beta, a small suite product. You know how I feel about security suites, but Eset is also the maker of Nod32, Scot’s Newsletter’s Best Antivirus Product of 2007. The company’s new suite adds a firewall and anti-spam functionality to the Nod32 anti-malware engine.

If the firewall performs well, this product could be a contender. The anti-spam module, which supports only Microsoft Outlook in Beta 1a, can be disabled. The Nod32 engine has been updated to version 3.0 (the current version is 2.7). And the controls and settings have received a bit of a facelift. The settings are still there in the Advanced mode with the full configuration tree exposed. But a lighter, less intense screen is what you see first.

I’ve been testing Eset Smart Security only for a short while, but so far so good. I’m impressed. I’ll continue to work with it and let you know in future what I learn.

So why would I smile on a suite product? Eset’s Smart Security is really only two security utilities: anti-malware and software firewall. You can turn off anything you don’t like. I need to spend time with the firewall and test its protective qualities. One thing of note: It’s got a silent mode that’s switched on by default. Naturally, I’ve changed that to interactive for test purposes.

Something else I was impressed by: As part of installation, Eset Smart Security’s firewall sets up a trusted zone for your network. Smart indeed.

For more information and to download Eset Smart Security yourself, see the company’s beta page.

Myths About Other Firewalls
A number of you have sent suggestions about other firewalls that I should evaluate. Since my focus is primarily on outbound protection, again, I’ll be relying on third-party testing as well as performing my own tests.

The Matousec site labeled Windows Personal Firewall Analysis has a regularly updated multiple leak test product comparison chart that is hugely useful.

But to get right down to the nub of the matter, here are Matousec’s ratings for firewalls based on its extensive list of leak tests and firewall ratings.

What you’ll find on this page is that Comodo tops the list, followed closely by Jetico Personal Firewall 2.0.0.28 beta. These are the only two firewalls that Matousec deems to be excellent. ZoneAlarm Pro (not free) 7.0.337 comes in third. Eset’s Smart Security has not been tested yet.

Those of you who want to send me input should look at these Matousec ratings and see where your recommended firewall stands on the list. You may be surprised by where products like Outpost Firewall Pro 4.0, Avira, BitDefender, SyGate, McAfee, Norman, and Ashampoo Firewall Pro place — all products that have been recommended to me recently.

I don’t mean to discourage suggestions. Your input matters a lot. But you should be aware of some of my yardsticks. To offer your software firewall experiences and recommendations, please drop me a line.

If you’re suggesting a little-known firewall, a link would be helpful.

Back in September of last year, I kicked off comparison research and the first of a series of articles focusing on inexpensive, lightweight software firewalls for use with Windows XP. Please check out that first piece, and check out what I’m looking for in a software firewall: An emphasis on outbound protection, nearly silent operation (after you’ve run most of your apps once), and a rational means of protecting, without breaking, your network. Anything with an endless number of pop-ups isn’t going to cut it with me. I’m not going to become a slave to a software firewall.

I’ve been working on this research off and on ever since. The products I mentioned then — Comodo, Jetico, Look ‘n’ Stop, Outpost Pro, Tiny Personal Firewall, and Kerio — are the products I’ve been keeping tabs on during this period. I’ve also looked at some others that have come along. But I’m only looking at lightweight standalone firewalls; that leaves out several notable names, including Kaspersky, Norton, McAfee, Trend Micro, CA, Check Point, F-Secure, and others. They’re out of my research on purpose: I don’t recommend any of them. Steer clear of security suites.

In November, I tried Outpost Pro 4, which comes riddled with other security features and an overly complex set of configuration options. I didn’t like it. Here’s what I wrote about Outpost 4 last fall.

Scratch one off my list.

After its acquisition of Tiny Personal Firewall, Computer Associates appears to have no intention of continuing the firewall in its current form, but instead will roll it into its CA line of integrated security products. Scratch another one off my list.

So, for the moment, I’m down to these four products:

• Comodo
• Jetico
• Kerio
• Look ‘n’ Stop

For this issue, I closely examined the latest versions of the first three products. I’ll be looking at Look ‘n’ Stop in the near future.

Comodo Firewall Pro 2.4
Comodo Firewall Pro should get an award for being the most improved. When I first looked at it a year ago, I was not impressed. As I wrote last September:

Comodo reminds me of Norton Personal Firewall. It’s very noisy, always popping up boxes, repeatedly — even when I tell it to remember settings. In one browsing session with Firefox, I had to say “Yes, let it work and remember this” eight or nine times. And I had trouble networking with Comodo; its settings for allowing networking were tough to configure.

Well, the Comodo Group must have been listening. The maddening pop-up boxes are a thing of the past in its 2.4 version. You’ll still encounter a few pop-ups on the first or second usage of many apps, but the program has a system of aggregating pop-up boxes and accepting answers a lot more adroitly. While I could quibble with the UI of the pop-up boxes, overall, the user experience is greatly improved. Bottom line: I can live with Comodo (and that’s exactly what I’m doing).

Comodo still doesn’t use the “trusted zone” metaphor for configuring networks. I miss that way of working, but the truth is, I had no trouble configuring it to work with my network.

Even so, the process of configuring a firewall to work with a local-area network should be handled by a purpose-built piece of UI designed to make the chore easier. Comodo lacks that functionality. In fact, there is still no software firewall product I’m aware of that equals Check Point’s ZoneAlarm for network-configuration user interface. Too bad the free ZoneAlarm firewall-only product is nowhere near as protective as the others on my list. (The firewall in ZoneAlarm Pro is vastly superior, but it comes with security-suite baggage.)

Jetico Personal Firewall 2.0.0.27 Beta
I was sorely disappointed in Jetico Personal Firewall. This firewall’s 1.0 release scored very well at FirewallLeakTester.com on outbound leak tests, but the Jetico user experience is very poor. You’ll be faced with a blizzard of apparently repeat pop-ups. In fact, you can basically take my September 2006 comments on Comodo and transfer them to Jetico. On my third and fourth runs of Internet Explorer, I was still getting pop-ups from Jetico related to IE. It appears there are no preconfigured application-control rules, and no way to simplify the OK, OK, OK tap dance. Who needs it?

I also had trouble with intermittent balkiness with networking when using Jetico, another no-no from my perspective. It’s bad enough when network configuration is difficult to find, but when there are intermittent blockages, I’m done. That’s the same kind of problem that drove me away from ZoneAlarm — even before it turned into Check Point’s more expensive suite product line.

As if that weren’t enough, see the next article in this issue of the newsletter for details about my problems attempting to use Jetico with Vista (which it is supposed to work with). Not a pretty picture.

Because Jetico is currently a beta product, I will look at it again when it’s further along. But it’s going to have to deliver considerable improvements to keep from getting crossed off the list.

Sunbelt Kerio Personal Firewall 4 (Free)
Kerio Personal Firewall was my leading contender back in September. I still prefer its user interface slightly over Comodo’s. But Comodo offers much better configuration controls. When you step back, it’s apparent that Kerio’s real problem is that it’s in need of a major update. I think Sunbelt should do away with the Simple operational mode, which is probably way too permissive, and focus on making the Advanced mode a little easier to use and configure.

I also had some networking trouble with Kerio. I’ve had lots of reports from people who use dynamic IP assignment with their printers that Kerio can’t print to them. I don’t use dynamic IP assignment with printers. I statically assign the IPs of all my printers, and I recommend working that way on your network. Some things are just better off being static.

My problem with Kerio had to do with connecting to a virtualized instance of Windows XP. Kerio would not allow the computer running virtualized XP to connect to the host Kerio was running on. Every other firewall I’ve tested recently has had no trouble allowing a virtualized instance of XP to connect to the firewall’s host PC. I haven’t tested Kerio in enough settings to learn whether this is a repeatable problem — so I can’t say for sure that you’ll run into it. But any firewall that causes these kinds of troubles on my network is unlikely to be picked as the Best Software Firewall of 2007.

Don’t mess with my network.

This Month’s Takeaways
In case you’re new to Scot’s Newsletter, I do ongoing series reviews. You’ll know I’m done with a series review when I announce a winner. We’re not at that point yet with software firewalls. This is a mid-term report.

Comodo Firewall Pro is currently my leading software firewall contender. Having shed its Jetico-like barrage of pop-ups and offering excellent options and settings, Comodo is a very good product. It’s also one heckuva bargain with its 100% free lifetime license. I don’t expect all future Comodo versions will be free. Comodo Group will probably start charging at some point. For now, the price is very, very good.

Another thing I admire about Comodo is that its developers have been very active in continuing to improve the product with numerous updates. By contrast, it appears to me that Kerio has had only one minor update since I kicked off my research. That’s not going to get the job done.

Look ‘n’ Stop Firewall by Frederic Gloannec and Jean-Francois Catte is next up for testing, but one thing that’s different about this one is that it’s not free or available (as Kerio is) in a lesser version free of charge. Its developers want $39 for it, which I think may be a little steep unless it’s a stellar product. There is, at least, a 30-day trial version.

I welcome your input on other software firewalls you think might be worth my time to test. Please keep in mind that I’m interested solely in products that are software firewalls only: no products that include antivirus, anti-malware/spyware, content filtering, pop-up blockers — in short, no suites. Send a message about the firewall you like, and please tell me why you like it. A link would be helpful. Thanks.