Question:

I haven’t used Firefox in a while because of a problem I’ve been having. It won’t let me gather any apps. This is the error message:

Could not initialize the application’s security component. The most likely cause is problems with files in your application’s profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the application and fix the problem. If you continue to use this session, you might see incorrect application behaviour when accessing security features.

Is there any help you can offer me? Thanks.

Answer:

I’m not clear on what you mean when you say “it won’t let me gather apps,” but more than likely you have a corrupt Firefox user profile. To solve the problem, you’ll need to delete every file in your Mozilla installation and do a clean install of the latest version of the browser. Some of these files hide in places you might not think to look, so it’s important to follow directions on how to fully remove profile.

If you’re concerned about losing your bookmarks, etc., I recommend installing Foxmarks (if Firefox will let you install it). Foxmarks synchronizes bookmarks and Web-related logins and passwords among different browsers on one machine as well as on browsers installed on multiple machines. The product and its server-based service, is currently free. And it supports Firefox, Safari, and Internet Explorer. By using Firefox to back up your bookmarks and other user info, you should be able to reinstate that information on your cleanly installed Firefox installation.

Here’s a summary of steps you should take to solve your Firefox problem. This solution will work with Windows, Macintosh, and Linux installations of Firefox:

1. Install Foxmarks and synchronize your user data with the Foxmarks server. You might also want to explore synchronizing your bookmarks with other browsers on your machine or other machines you use. Foxmarks is about to undergo a major upgrade. The product and service is in the process of being renamed Xmarks, with new features and functionality.

2. Download the latest version of Firefox (3.0.7 at this writing) and then uninstall Firefox from your computer.

3. Follow these MozillaZine instructions for removing your Firefox user profile and fully uninstalling the browser.

4. Windows users should restart their machines.

5. Install the new version of Firefox.

6. Install Foxmarks in the new Firefox installation, and use it to resynchronize your bookmarks, ensuring that you use the server-based bookmarks to overwrite your local Firefox bookmarks.

This should solve your problem, and may also make Firefox run faster and/or begin performing other functions that may have also stopped working.

To avoid experiencing a corrupt user profile again, I recommend that you cleanly install every major version of Firefox. In other words, when Firefox 4.0 is released, follow these steps again. You can allow upgrade installations of incremental releases, such as the forthcoming Firefox 3.5 — unless, of course, Mozilla recommends otherwise.

What browser is Scot using?

For those of you keeping score, I reviewed Firefox 3.0 from a Macintosh perspective in this Computerworld story: Firefox 3 for Mac: Is it time to switch from Safari? Among other things, the article didn’t reach a hard conclusion about whether I’d be switching from Safari to Firefox on the Mac. (On Windows, I remain a confirmed Firefox user.) I also talked about why bookmark synchronization was important, and I didn’t select Foxmarks at that time, since it didn’t support Safari at that time.

So let me update those two points:

Safari vs. Firefox: These words from the earlier Computerworld story are the salient ones; they sum up the reason why I have remained a Safari user on the Mac:

There is one downside to Firefox 3, however. The first time you launch it after starting up OS X, Firefox 3 takes 5.5 seconds to open a blank page. By contrast, Safari 3.1.1 takes about half a second for the same task. It’s a noticeable difference.

Bookmark synchronization: Foxmarks offers some of the features of Apple’s MobileMe, and it works with IE, Firefox, and Safari on Windows, Mac, and Linux. MobileMe is a Mac-specific synchronization tool that works very well. It’s also able to synchronize a long list of data on Macs, such as the calendar and address book. I’m a MobileMe subscriber, and I will continue to be. But Foxmarks lets me extend bookmark synchronization to all my Windows machines. For that reason, it is installed on at least half a dozen of my computers. I recommend it highly to anyone who works with multiple computers. It may also be a valuable took to those who regularly use multiple browsers on the same computer.

One feature that might make Foxmarks more useful to some users would be the ability to specify specific parts of your bookmarks to synchronize. It is designed to synchronize all bookmarks. Whoops, I stand corrected. The Profiles feature, which works in conjunction with MyFoxmarks — the server-based version of your bookmarks — does allow you to assign specific bookmarks or bookmark folders to different profile names so as to exclude synchronization of personal bookmarks to your work computer for example, or vice versa. The MyFoxmarks instance of your bookmarks will have the superset of all your bookmarks from all profiles. Thanks to reader Evano for pointing this out.

• Very low system overhead with a strong preference for standalone software — no full-blown security suites
• Full compatibility with popular third-party standalone software from other security application categories
• Excellent outbound security protection, as pre-screened by Matousec.com
• Simple, informative, and highly usable user interface
• Reliability
• Works quietly, alerts you when there are real problems not for the heck of it
• Strong, responsive development team behind the product that is actively developing the product in a rational manner
• A feature that lets users rapidly shutdown all inbound and outbound activity
• Protects but doesn’t cause intermittent problems with Windows local-area network functionality.

Another specification is that the firewall support Windows XP (at least) and Windows Vista. (At the moment, Online Armor does not support Vista. Tall Emu plans to add that support in a forthcoming though possibly not imminent release.)

This post is a sneak peek into my current testing and research on software firewalls for Windows since I last wrote about this topic six weeks ago. In that article, I admitted Online Armor as a last-minute entry into the comparison to give Comodo 3 one last run for the money.

Over the last month and a half, I have received scores of helpful messages from Scot’s Newsletter readers detailing their experiences with Online Armor 2 and Comodo 3. I have also tested the paid version of Online Armor. My research has not concluded yet. I’m waiting for the next version of Online Armor because of a handful of issues with the product (installation mode doesn’t work that well and the documentation for the paid version is very spotty). Overall, however, people testing Online Armor who’ve written to me about it are very positive about it. Few people are reporting serious problems. The same cannot be said for Comodo 3, whose makers have released three or more iterations of Comodo 3 because of several bugs, crashes, and errors.

When you install Comodo 3 in its Basic Firewall installation mode — which doesn’t install the HIPS (host-intrusion-prevention system) — it’s a much more reliable and usable product. But it’s also potentially less protective than Online Armor’s built-in HIPS protection. I’m also beginning to become disillusioned with Comodo’s approach to software development. The company culture appears to favor hurry and time to market over testing and polish. I realize the product is entirely free. But when you experience a serious problem as some people have with Comodo 3, it becomes your time and frustration.

I have to stress the point that I have not had trouble with Comodo 3. It works pretty well for me (except for a bug related to its Help facility that caused a crash in the first release of Comodo 3). But I have had numerous emails from readers about their problems with Comodo 3. Many of those people have gone back to Comodo 2.4 or switched to some other firewall.

So, at this juncture, I’m leaning toward Online Armor, which has been 100% trouble free for me. I still have to perform security tests on Online Armor. Plus I need more time with it. And I’m waiting for an update to the product to see whether a few areas improve. Online Armor is a relatively young product. Its makers are still adding significant new functionality.

I’m still looking for your input on the latest versions of these two products. If you’re using Comodo 3 or Online Armor 3 (or both), please take a moment to send me your experiences, positive or negative, with the two software firewalls:

• My Online Armor 2 Experiences
• My Comodo 3 Experiences

Or you can post them right here as a comment to this blog entry.

Stay tuned for a final software firewall recommendation. For more information on Windows software firewalls, check out the entire software firewall evaluation series.

However, my preliminary impression of Nod32 3.0, also contained in ESS, was quite positive. That product is available as a standalone upgrade to Nod32 2.7 for $40 (one user, one year).

I have not had a chance to fully test the 3.0 standalone product yet. I’ve been focused on the firewalls. But testing Nod32 3.0 is very high on my list. From my look at the ESS beta, I don’t anticipate any serious criticism of Nod32 3.0. I like the UI a little better. I didn’t see anything I didn’t like. I didn’t have any problems with it. But I still have to test it fully to be sure. I’ll be looking at it on both Vista and XP.

I don’t write final security reviews before I’m sure about a product. So depending on the complexities I encounter when I test Nod32 v.3, it could be four to eight weeks before I give you a definitive answer.

If you’re forced to make a decision before that, I would currently characterize Nod32 3.0 as a good bet. And, again, I would recommend separate firewall and antispam solutions instead of ESS.

If you’re using Nod32 3.0, I would be interested in your experiences with and impressions of it. Please send your thoughts to me. Thanks!

Alternatively, you can also post your experiences as a comment to this post if you prefer.

I made a backup of my Tiger installation just prior to performing the upgrade and was able to boot to the backup without difficulty. I also used Disk Utility (the Mac’s onboard disk integrity check and repair tool) to check both of the partitions on the computer’s hard drive. Everything checked out, so I went ahead with the upgrade.

As detailed earlier, I ran into the hanging blue screen after installation on the first restart that many other Leopard upgraders experienced. Many people had reported that the problem cleared up for them when they followed one of two methods for removing a Mac OS X customization utility by Unsanity called Application Performance Enhancement (APE). I didn’t have APE installed on my system, but it had been there and uninstalled with leave-behinds. I used Target disk mode to access the hard drive and remove the offending files. That didn’t solve my problem, so I decided to resort to my backup. So I removed the same offending files there just to be safe, wiped my boot volume, and copied my backup to the boot volume. During the copy process I got the error message that I didn’t have rights to copy three or four unnamed files — a message that made no real sense. And it was at that point that I knew I was in for it.

All attempts to reboot into the backup were met with a nasty kernel panic, and none of the boot option key commands worked. So I was out of luck, and I’ll never know for sure what caused the blue screen on that computer. But I did find and fix the probable cause of my backup problem. But first I had to successfully install Leopard.

I decided to perform a clean install of Leopard and then use Apple’s Migration Assistant utility to copy all my data and programs over to Leopard. I’ve used this tool before, and it works exceedingly well. It’s probably the best way for people to upgrade to Leopard, in fact. You get the benefits of a clean install without losing your data. If you’re a .mac subscriber, it’s completely painless, since .mac lets you transfer bookmarks, logins, calendars, address book, mail, and other things from one Mac to another. This time my Leopard installation went off without a hitch. I was able to import all my user data and programs from the flawed Tiger backup without causing any problems whatsoever. I was a happy camper. My only concern was why I had run into trouble.

I decided to run various diagnostics again, and an intersesting thing happened. When I ran Leopard’s version of Disk Utility, it quickly found and fixed a pretty large problem with the primary boot partition. I can only surmise that the disk problem created some sort of corruption with my backup set.

Footnote: The disk partition on this computer was created with an older version of iPartition by Coriolis Software, which is on my A-List of Mac Software. Some readers have written to tell me that iPartition has created problems on their hard drives similar to the one I experienced — although I’m not blaming iPartition for this problem. There are too many other possibilities. (The partition was created about a year ago.) But I am testing a product called Drive Genius that offers partitioning functionality, and I will report on that in the future.

It takes a problem to be won over by a utility product. And that’s exactly what happened. The problem was a disk error that Apple’s Disk Utility was able to identify but unable to repair. There was no apparent problem with my hard drive. No symptoms. SMART checked out fine. It didn’t appear to be a physical problem with the hard drive, but rather a corruption of the data on the disk. I tote my primary machine back and forth from work everyday, and even though I’m extremely conscious of how important that piece of hardware is, and I back it up, well — there are few guarantees in life. And none of them is related to computers.

So, that was the problem. It took me a while to warm up to the $100 DiskWarrior because you have to boot it from the CD, and it takes forever to load. But it’s worth it. Because once up and running, DiskWarrior’s Directory tool made short work of it. Afterward, Disk Utility happily reported no problems.

The next disk problem will be a job for TechTool Pro by Micromat, which is also on the scheduled-for-evaluation list.

Some other notes: I guess I’m becoming more of a Mac guy. I removed Intego’s VirusBarrier X4 from my two most-used Macs. I think it’s a great product, and I’m leaving it on the A-List. But like most Mac users, I just don’t feel the need for this utility right now. I’m not making a formal recommendation with that announcement — just owning up to a reality. There are no viruses on the Mac. It’s possible there will be someday. But I’ll worry about that then.

I’m also adding a program to the evaluation list. It’s called Yank, and it’s another Mac uninstaller tool. I really love AppZapper, but it occasionally misses things that get tucked into out of the way places. When I uninstalled VirusBarrier, AppZapper left behind a context-menu item. Yank doesn’t rely on search to find files left behind when you delete the main program file. It creates a log when you install. What about programs installed before you installed Yank? Matterform offers a file-sharing service for sharing Yank uninstall scripts for specific programs that you can download and run. Not sure that’s going to be a big help, though. The first three programs I searched for weren’t there. Still, I like the idea of a more complete uninstall. Could be I’ll use both AppZapper and Yank. We’ll see.

I’m having some second thoughts about skEdit as a text editor. It’s still my preferred HTML editor on the Mac. But I may go back and check out TextMate again. It’s been very heavily recommended by readers who have written to me with A-List suggestions. Even more so than BBEdit, whose UI I’m not fond of.

Back in September of last year, I kicked off comparison research and the first of a series of articles focusing on inexpensive, lightweight software firewalls for use with Windows XP. Please check out that first piece, and check out what I’m looking for in a software firewall: An emphasis on outbound protection, nearly silent operation (after you’ve run most of your apps once), and a rational means of protecting, without breaking, your network. Anything with an endless number of pop-ups isn’t going to cut it with me. I’m not going to become a slave to a software firewall.

I’ve been working on this research off and on ever since. The products I mentioned then — Comodo, Jetico, Look ‘n’ Stop, Outpost Pro, Tiny Personal Firewall, and Kerio — are the products I’ve been keeping tabs on during this period. I’ve also looked at some others that have come along. But I’m only looking at lightweight standalone firewalls; that leaves out several notable names, including Kaspersky, Norton, McAfee, Trend Micro, CA, Check Point, F-Secure, and others. They’re out of my research on purpose: I don’t recommend any of them. Steer clear of security suites.

In November, I tried Outpost Pro 4, which comes riddled with other security features and an overly complex set of configuration options. I didn’t like it. Here’s what I wrote about Outpost 4 last fall.

Scratch one off my list.

After its acquisition of Tiny Personal Firewall, Computer Associates appears to have no intention of continuing the firewall in its current form, but instead will roll it into its CA line of integrated security products. Scratch another one off my list.

So, for the moment, I’m down to these four products:

• Comodo
• Jetico
• Kerio
• Look ‘n’ Stop

For this issue, I closely examined the latest versions of the first three products. I’ll be looking at Look ‘n’ Stop in the near future.

Comodo Firewall Pro 2.4
Comodo Firewall Pro should get an award for being the most improved. When I first looked at it a year ago, I was not impressed. As I wrote last September:

Comodo reminds me of Norton Personal Firewall. It’s very noisy, always popping up boxes, repeatedly — even when I tell it to remember settings. In one browsing session with Firefox, I had to say “Yes, let it work and remember this” eight or nine times. And I had trouble networking with Comodo; its settings for allowing networking were tough to configure.

Well, the Comodo Group must have been listening. The maddening pop-up boxes are a thing of the past in its 2.4 version. You’ll still encounter a few pop-ups on the first or second usage of many apps, but the program has a system of aggregating pop-up boxes and accepting answers a lot more adroitly. While I could quibble with the UI of the pop-up boxes, overall, the user experience is greatly improved. Bottom line: I can live with Comodo (and that’s exactly what I’m doing).

Comodo still doesn’t use the “trusted zone” metaphor for configuring networks. I miss that way of working, but the truth is, I had no trouble configuring it to work with my network.

Even so, the process of configuring a firewall to work with a local-area network should be handled by a purpose-built piece of UI designed to make the chore easier. Comodo lacks that functionality. In fact, there is still no software firewall product I’m aware of that equals Check Point’s ZoneAlarm for network-configuration user interface. Too bad the free ZoneAlarm firewall-only product is nowhere near as protective as the others on my list. (The firewall in ZoneAlarm Pro is vastly superior, but it comes with security-suite baggage.)

Jetico Personal Firewall 2.0.0.27 Beta
I was sorely disappointed in Jetico Personal Firewall. This firewall’s 1.0 release scored very well at FirewallLeakTester.com on outbound leak tests, but the Jetico user experience is very poor. You’ll be faced with a blizzard of apparently repeat pop-ups. In fact, you can basically take my September 2006 comments on Comodo and transfer them to Jetico. On my third and fourth runs of Internet Explorer, I was still getting pop-ups from Jetico related to IE. It appears there are no preconfigured application-control rules, and no way to simplify the OK, OK, OK tap dance. Who needs it?

I also had trouble with intermittent balkiness with networking when using Jetico, another no-no from my perspective. It’s bad enough when network configuration is difficult to find, but when there are intermittent blockages, I’m done. That’s the same kind of problem that drove me away from ZoneAlarm — even before it turned into Check Point’s more expensive suite product line.

As if that weren’t enough, see the next article in this issue of the newsletter for details about my problems attempting to use Jetico with Vista (which it is supposed to work with). Not a pretty picture.

Because Jetico is currently a beta product, I will look at it again when it’s further along. But it’s going to have to deliver considerable improvements to keep from getting crossed off the list.

Sunbelt Kerio Personal Firewall 4 (Free)
Kerio Personal Firewall was my leading contender back in September. I still prefer its user interface slightly over Comodo’s. But Comodo offers much better configuration controls. When you step back, it’s apparent that Kerio’s real problem is that it’s in need of a major update. I think Sunbelt should do away with the Simple operational mode, which is probably way too permissive, and focus on making the Advanced mode a little easier to use and configure.

I also had some networking trouble with Kerio. I’ve had lots of reports from people who use dynamic IP assignment with their printers that Kerio can’t print to them. I don’t use dynamic IP assignment with printers. I statically assign the IPs of all my printers, and I recommend working that way on your network. Some things are just better off being static.

My problem with Kerio had to do with connecting to a virtualized instance of Windows XP. Kerio would not allow the computer running virtualized XP to connect to the host Kerio was running on. Every other firewall I’ve tested recently has had no trouble allowing a virtualized instance of XP to connect to the firewall’s host PC. I haven’t tested Kerio in enough settings to learn whether this is a repeatable problem — so I can’t say for sure that you’ll run into it. But any firewall that causes these kinds of troubles on my network is unlikely to be picked as the Best Software Firewall of 2007.

Don’t mess with my network.

This Month’s Takeaways
In case you’re new to Scot’s Newsletter, I do ongoing series reviews. You’ll know I’m done with a series review when I announce a winner. We’re not at that point yet with software firewalls. This is a mid-term report.

Comodo Firewall Pro is currently my leading software firewall contender. Having shed its Jetico-like barrage of pop-ups and offering excellent options and settings, Comodo is a very good product. It’s also one heckuva bargain with its 100% free lifetime license. I don’t expect all future Comodo versions will be free. Comodo Group will probably start charging at some point. For now, the price is very, very good.

Another thing I admire about Comodo is that its developers have been very active in continuing to improve the product with numerous updates. By contrast, it appears to me that Kerio has had only one minor update since I kicked off my research. That’s not going to get the job done.

Look ‘n’ Stop Firewall by Frederic Gloannec and Jean-Francois Catte is next up for testing, but one thing that’s different about this one is that it’s not free or available (as Kerio is) in a lesser version free of charge. Its developers want $39 for it, which I think may be a little steep unless it’s a stellar product. There is, at least, a 30-day trial version.

I welcome your input on other software firewalls you think might be worth my time to test. Please keep in mind that I’m interested solely in products that are software firewalls only: no products that include antivirus, anti-malware/spyware, content filtering, pop-up blockers — in short, no suites. Send a message about the firewall you like, and please tell me why you like it. A link would be helpful. Thanks.

I’ve previously recommended Eset’s Nod32 version 2.7 for all current versions of Windows, including Vista. Nod32 is a done deal, a no-brainer, just get it.

But the firewall picture for Vista is nowhere near as obvious. As I’ve written many times before, every computer connected to the Internet should be sitting behind some sort of hardware firewall that adds NAT (network access translation) stealthing and SPI (stateful packet inspection), both of which help protect against inbound threats. Good security is about layers, though, and a good software firewall complements the hardware firewall by adding application controls for outbound transmissions and network protections. The combination of hardware and software is very powerful. The problem is, very few popular software firewalls currently support Vista.

Vista’s Strengths and Weaknesses
In case you think you don’t need a firewall, be advised that while Vista’s Windows Firewall is mildly improved, the added outbound protection isn’t turned on by default, and you may find it difficult to configure. Windows Firewall still does not offer full firewall support. It’s better than nothing if you don’t have a third-party software firewall, but that’s about it.

I’m a big fan of firewallleaktester.com, a Web site that has tested firewall walls for “leaks,” in particular, outbound leaks that can be initiated by application spoofing and other means. There are dozens of leak tests, and no firewall blocks them all. What’s more, there are probably scores of undiscovered or unexploited leaks that leak tests don’t test for.

Vista blocks some leaks that XP doesn’t, but not all of them. Check out this firewallleaktester.com document for an objective assessment of Vista. (Don’t be put off by the English errors on this Web page; the security knowledge is top notch. The authors are clearly not native-English speakers. In fact, I keep meaning to offer my English editing skills to Firewallleaktester.com.)

The description of UAC (User Account Control) is both useful and accurate, although some of the security functions it describes are just Vista security elements that Microsoft doesn’t classify as being part of UAC. But that matters little.

Another document you should review is Matousec’s list of software firewalls. This list is very useful for Vista owners because it shows a Vista logo (third from the right) when the product supports Vista. The first thing you’ll notice is that several well thought of firewalls do not currently support Vista.

My focus for security software for Windows is strictly on lightweight software that does one thing well, like Nod32. What that means is: No security software suites. It’s not just the big, well known commercial suites either, like those from Norton, McAfee, Panda, CA, Trend Micro, Kaspersky, and F-Secure. I would also add less-well-known products, such as BitDefender, BullGuard, and Outpost. When you sift through Matousec’s list of firewalls, focusing on Vista support — and you apply my “no suites” rule — there aren’t many left. As of early this month, these are the ones left:

• Windows Live OneCare
• Jetico Personal Firewall
• PC Tools Firewall Plus

Microsoft has already admitted that Windows Live OneCare is not a great product in its current version. Give that one a miss. I found sign-up for OneCare to be thoroughly annoying too — at least when it first became available. Frankly, Microsoft’s security software is not that impressive.

The Jetico product is *not* a good choice for Vista. I ran into severe problems with the Jetico 2.0 beta for XP and Vista. When I installed it on my Vista test machine, I rebooted as directed after installation. Vista booted into the GUI and then gave me a blue screen. I repeated the process and got the exact same result. So I booted into Windows’ Safe Mode and uninstalled Jetico. But on restart, the Vista test machine’s network stack was totally trashed. It was no longer able to get DHCP assignments from my firewall router. It wasn’t able to connect to anything on the network. Eventually, I had to revert to a previous System Restore point, which solved the problem right away.

Although the Jetico 2.0 beta installed fine on my XP test machine, I faced literally about 50 pop-ups over the next few hours. Even though each one said it was making a “permanent” change, that didn’t appear to be the case at all. It was a very frustrating user experience (which reminded me a lot of my first trial of Comodo, before that product was refined). I also had trouble with intermittently balky network connections with Jetico installed. I had no problems uninstalling Jetico from the XP test box. That process went fine.

I spent about 30 minutes with PC Tools Firewall Plus prior to writing this article. My sense about PC Tools is that it’s a very simple, lightweight firewall. I can’t speak for its protective qualities yet, but it works well without being annoying. The UI for controlling networking isn’t great. In order to make peer-based networking work, I had to set a rule that basically allowed all TCP/IP transmissions. I’m sure there’s a more restrictive way, but the UI didn’t make it obvious. I really liked PC Tools’ simple application-control settings.

Anyone who has used PC Tools Firewall Plus more than I have, please drop me a note about your experiences, positive or negative.

Of the three third-party firewalls, I’d have to recommend PC Tools Firewall Plus — at least, on a temporary basis until other products, such as Comodo, Sunbelt’s Kerio, or Look ‘n’ Stop Firewall begin supporting Vista. It doesn’t seem to me to be a great product. But it’s free and serviceable.

Speaking of Look ‘n’ Stop Firewall by Frederic Gloannec and Jean-Francois Catte, just as this issue of the newsletter was getting ready to mail I learned that the current Look ‘n’ Stop 2.06 Beta 2 will supports Vista and will also likely be the version of the code that goes gold in the near future.

Another temporary strategy for Vista users is to make sure your hardware firewall is up to snuff, turn on Windows Firewall (and make sure the outbound protection is operational), and sit back and wait for the better firewalls to emerge. They’re coming.

Eset’s Nod32 2.5 came in second last year, despite the fact that I had several criticisms of it. My assessment last year was based on a series of factors. But the most important criterion was that the utility run without bogging down the system and, basically, do no harm to your computer. Of course, catching the bad stuff was very important too.

Even though F-Secure’s 2006 product skirted the primary requirement pretty finely, the user interface and the included anti-spyware module combined, in my mind, to make it a great value. What’s more, F-Secure took me through a real-world test — one that I didn’t plan — with flying colors. (Nod32 got other people through the exact same real-world test, by the way.)

But F-Secure has an Achilles’ heel. It doesn’t play nicely with other security apps. It has a tendency to create a mess if other security products are present — even if they’re not running. It has a tendency to pop up dialogs informing you that it can’t install unless you uninstall this or that specific program. This was something I came across with F-Secure Anti-Virus 2006 only when I purposely installed it while AVG was running. And the process of uninstalling AVG worked so well in my test, that I felt comfortable recommending F-Secure.

I stand by last year’s assessment, even though a couple dozen Scot’s Newsletter readers had problems with F-Secure Anti-Virus 2006 or F-Secure Internet Security 2006 (which I did not recommend). That’s more than I would have liked to see with my top product pick. Still, far more people wrote me that they’d had no trouble with F-Secure and were delighted with it as compared with the Norton, ZoneAlarm, or McAfee antivirus products.

A couple months after my recommendation, and after F-Secure officials promised me that they were working to make the product more tolerant of other security apps, the company released F-Secure Anti-Virus 2007. Overall, the product is marginally better in most regards. But in one very significant way, it’s markedly worse. The first time I installed it, it forced me to remove the LiveUpdate online-updating module for Symantec’s PartitionMagic before it would install. This is sheer stupidity. PartitionMagic isn’t even a security utility. F-Secure’s programmers must have unilaterally decided that because Symantec’s security products use the same program-updating module, F-Secure won’t co-exist with any instance of LiveUpdate. That was the moment that I finally gave up on F-Secure.

But the fun didn’t stop there. Even though F-Secure Anti-Virus 2007 doesn’t contain a real firewall, I began to get reports about conflicts with software firewalls with which F-Secure Anti-Virus 2006 had co-existed just fine. One of those programs is Kerio from Sunbelt Software, which is still one of my personal favorites among firewalls, even though some other products, such as Comodo Group’s Comodo, have better test ratings. (For those of you wondering, I’m still working on a low-cost, outbound-oriented software firewall recommendation, but it’s still a ways out. Comodo is a top contender in my evaluations, and I love Kerio’s interface.)

Bottom line: I can accept an antivirus product gracefully preventing co-existence with another antivirus product. It’s just good common sense. But when a product stupidly enforces the removal of products that it has no business conflicting with — I’m done.

I am now reversing my recommendation on F-Secure. The 2007 product is not a good one. If you have F-Secure 2006 and it’s working well for you, you’re safe to ride out its license. But you should plan on making the switch then.

Nod32. 2.7
So why didn’t I pick Nod32 last year? There were three main reasons:

1. It has a terrible interface. Part of the reason that’s the case is that it’s a lot more configurable and powerful than other AV products. Still, I knew that some of my readers were going to have a hard time setting it up properly. It’s even easy to miss settings. Eset is planning to heavily revise the user interface in an upcoming release. My initial inclination was to wait for that revision, which will probably be called Version 3.0. (The 2.7 release’s interface is nearly identical to the 2.5 version I reviewed last year.) But with F-Secure falling out of the running, Nod32 2.7 is the best choice, despite the user interface issues.

2. A lot of smart people disagree with me on this point, but I prefer an AV product that has outbound mail scanning. It’s true, the most important scan is the inbound scan — and Nod32 does that just fine. So why then does Nod32 offer an outbound scan for Microsoft Outlook clients but no others? I didn’t (and still don’t) like the double standard. Eset intends to eventually add outbound scans for other email programs, but Eset officials have told me that the company doesn’t plan to do so until some time after the forthcoming 3.0 release.

3. As a Eudora user, I wasn’t thrilled that Nod32 doesn’t scan Eudora’s text-based mailbox files on disk scans. (Other AV products have no trouble scanning Eudora mailboxes.) Nod32 just skips them, and if you force it to scan them, it will give you error messages. Eset has no intention of fixing this problem. While that doesn’t mean Eudora users are unprotected (Nod32 scans everything that comes into your computer — before it even gets to your mailbox files), it’s not a good thing. Why does the product even offer a scheduled disk scan then? The best approach to security is not to rely too much on any one method of protection. Again, there’s a double standard, and I dislike double standards.

Nod32′s Shining Flip Side
What’s good about Nod32 grows on you the more you use it, though. I have it running on four computers, and I’ve come to greatly admire it and trust it implicitly (though none of those PCs currently has Eudora on them.)

What makes Nod32 a great security utility? First, it’s a tight application with a very small footprint. You will not notice any performance hit with Nod32. Second, once you figure out how to install and configure it properly, it operates silently. Third, it’s extremely effective at its job. You will be protected. For more about Nod32 2.7, check out the Eset Nod32 Web site. (Plus, check out this story that explains how to configure harder-to-find settings in Nod32.)

Another aspect of Nod32 that I like is that it’s inexpensive, and the company offers small multiple-license deals that are aimed at techies like us who may have multiple computers in their homes. As I did last year, you can buy four two-year Nod32 licenses for $148. That works out to $18.50 per year per PC (renewals are less expensive, so that’s part of the savings). As an existing 2.5 license holder, the upgrade to Version 2.7 was free to me.

If the company’s claims for the 2.7 are to be believed, it’s even more effective against malware than 2.5 was. Eset’s Nod32 2.7 marketing language claims it protects against viruses, spyware, malware, and rootkits. I know this to be true of the product, although in the past its makers stopped short of claiming it. I’m running 2.7 as my only virus/spyware/malware protection, opting to remove Spy Sweeper. Version 2.7 also supports Vista. I’ve had it running on a Vista machine for a couple of months.

Finally, one of the best things about Nod32 is its advanced architecture. Along with a handful of other AV products, Nod32 is out in front on a new, more advanced way of protecting against computer threats: the use of heuristics or behavioral modeling. This technology, though not new, is finally becoming significant. It watches for potential threats based on actions and tendencies. Nod32 doesn’t rely solely on heuristics, but that type of protection makes it more likely to catch new variations or types of threats before anti-malware signatures are created for them.

There’s no doubt in my mind that in 2007, Nod32 is the very best lightweight antivirus/anti-malware product you can buy for Windows XP, Vista, or Linux/BSD. My decision to crown it the Best Antivirus Product of 2007 came without hesitation — even for Eudora users. No, it’s not perfect. But it’s clearly your best choice.

Fact Box The Best Antivirus Product of 2007 | Nod32 2.7, Eset, 866-343-3738, $39

I installed Outpost Pro 4 on a machine running F-Secure Anti-Virus 2006. In other words, I tempted fate, since both products contain anti-spyware and F-Secure is noted for its strong tendency toward incompatibility. I disabled Outpost’s anti-spyware scan during installation, but the anti-spyware module came up running by default post installation. It is possible to fully disable it at that point.

With F-Secure running alongside Outpost 4, I quickly ran into difficulties. It worked fine for a while, but on subsequent reboots I found that Outpost froze or that my Internet connection died. I was also unable to make my VPN connection work, even though I directed Outpost to give it full rein.

Eventually I was forced to remove Outpost in order to get any work done. I’m currently setting up a test machine that will provide a cleaner environment for Outpost to give it a proper test. This first two-hour experiment was a little unfair.

I can draw some conclusions from installing and using Outpost even for that short period of time. Outpost 4 may well be the most powerful and comprehensive personal firewall I’ve examined. This product is loaded with good features. The graphical log file, which also allows you to make settings changes, is absolutely superb. The level of fine control is perfection.

On the other hand, the networking control features are less clear-cut than I’d like. And for my simple tastes, Agnitum has packs way too many extra modules into this package. I don’t want anti-spyware in my firewall. I also don’t want content filtering, ad blocking, Internet-based sharing of my settings, attachment quarantine, or DNS caching. I would be quite interested in “Outpost 4 Lite,” if such a thing existed, consisting of the firewall, application controls, intrusion detection, leak protection, and network monitoring.

So, bottom line, I will continue to test Outpost 4 to give it a fair shake. And if you’re looking for a top-notch firewall with a lot of bells and whistles, this is almost certainly it.

But I’m crossing it off the list of lightweight firewalls that are under consideration for my ongoing series: “Looking for the Right Software Firewall” because it it’s so much more than the simple firewall I’m looking for.

My considered advice on this subject is to start by choosing a hardware firewall of some sort, and then layer in a software firewall on every machine. This combination maximizes your protection and also provides you the most flexibility and convenience.

Firewall routers for home use are not expensive. Most are available in 1, 4, or 8-port switch combinations, with the 4-port models selling for as little as $25 with rebates. The average price is in the $50 range.

Generally speaking, the weakness of these low-cost products has to do with issues with firmware and tech support. If you’re a heavy broadband user, you may also find that you’ll burn these things out quickly. A good tip to remember is that you power off your router for a few minutes every once in a while to reset them. Update firmware when you have a problem, but review the firmware notes on the company’s website every once in a while to make sure you’re not experiencing something that might be fixed by a firmware update.

Opting for a gigabit router brings you a bit more reliability as well as gigabit networking functionality for gigabit-equipped computers connected to the router. It offers zero improvement for your broadband throughput.

The popular products sold in this category — from makers like D-Link, Linksys, and Netgear — all offer Network Address Translation (NAT) and Stateful Packet Inspection (SPI), which, when combined, provide Internet stealthing and inbound firewall protection.

Firewall routers generally provide no outbound protection, or they may offer outbound protection that’s far less convenient to configure than that of a well-designed software firewall.

I’m currently using the first product on the list below, a wired D-Link home-user-level firewall router. It’s been working for me for three years or so without a single problem. There are wireless versions of several of these products, although I prefer a wired router with wireless access points.

Recommended Firewall Routers

For Home Use, in the $25-$60 Range:

• D-Link DI-604 4-Port Firewall Router
• Netgear RP614 4-Port Web Safe Router
• Linksys BEFSX41 EtherFast Cable/DSL 4-Port Firewall Router

Gigabit Firewall Routers in the $110-$125 Range:

• DGL-4100 Broadband Gigabit Gaming Router
• Linksys RVS4000 4-Port Gigabit Security Router with VPN

Software Firewalls and Outbound Protection
This test grid shows the results of a long list of firewalls tested on a wide variety of outbound leak tests. It provides an interesting set of data that’s worth a look. (Note: Scroll to bottom and click “View Tests.”)

While it’s only one aspect of firewall protection, outbound blocking is especially important because hardware firewall routers aren’t the best tools for outbound protection. You want a software firewall that evaluates inbound and outbound transmissions, catches potential security threats, and makes it easy to make temporary or permanent decisions about outbound transmissions from applications and services.

I’m also big on the ability to configure networks so they work, without having to constantly tend them. Windows networking is bad enough as it is; any software firewall that gets in the way of basic networking functionality will not last long in my environment — and shouldn’t in yours. No one should become a slave to their firewall.

With that introduction, here are some of the firewalls I’m currently planning to evaluate in this long-term test:

• Comodo Group’s Comodo Firewall
• Jetico’s Jetico Personal Firewall
• LooknStop Personal Firewall
• Agnitum’s Outpost Pro Firewall
• CA’s Tiny Personal Firewall 2005
• Sunbelt Software’s Kerio Personal Firewall

People who’ve been around the block may wonder why I’m leaving out the best old-guard products, including ZoneAlarm, Norton Personal Firewall, and Sygate Personal Firewall. Well, here’s why.

Like my antivirus test, this one aims at getting a lowest-common-denominator product, not one that’s bloatware. So I’m looking for a product that focuses on being a software firewall, not a whole bunch of other stuff. I’m fed up with jack-of-all-trades security software that masters none.

So that lets out all the Internet security suites, including all four of the paid versions of ZoneAlarm. ZoneAlarm’s free basic firewall hasn’t been significantly updated in a long time. All those glowing reviews of ZoneAlarm’s firewall have been focused on one of the four paid versions of ZoneAlarm. The few tests I’ve examined that have tested the free ZoneAlarm have found it wanting. Zone Labs’ product page makes it clear that two out of the three firewalls components are missing from the free version of its firewall.

I recently looked at Norton Personal Firewall again, both on a corporate network and on my home network. The product hasn’t kept pace with the rest of the field. Its most annoying aspect is that it prompts over and over again for the same DHCP network because you’re dynamically assigned a new IP address. It’s also difficult to find the settings, which are buried in several different locations. It’s not worthy. So what’s wrong with Sygate? Nothing, really. It’s always been a great basic firewall aimed at more experienced users who understand how to configure a firewall. The only problem is that Symantec bought Sygate, so the product is no longer supported.

That said, there are many other lesser-known software firewalls out there. If you’ve got one you think I should consider, let me know. But be advised, I’m also looking for *why* you think a specific software firewall is great. Can you offer a link to a test or review that says so? Can you describe why you like it? Tell me what firewall you like and why

I will share with you that I’ve looked at Comodo and Kerio so far. Over the past four weeks, I must have received 50 recommendations for Comodo. But so far, I don’t see why. It reminds me of Norton Personal Firewall. It’s very noisy, always popping up boxes, repeatedly — even when I tell it to remember settings. In one browsing session with Firefox, I had to say “Yes, let it work and remember this” eight or nine times. And I had trouble networking with Comodo; its settings for allowing networking were tough to configure.

Feel free to write me about why Comodo is so good. I know that Neil Reubenking over at PC Magazine loved it. What I want to know is what *you* think though.

I like Kerio a lot better, but it may have some opposite problems. It may not be fully set up to protect you by default, which is something of a firewall no-no. Also, people who use DHCP to assign IP addresses to printers on their networks have reported printing troubles with Kerio. The user interface is terrific though. It’s more like ZoneAlarm, the software I used to prefer. And I had no difficulty configuring it.

I’ll be looking at LooknStop and Jetico next. Outpost may be too multifunction for my tastes, since it includes anti-spyware functionality. But Agnitum is working on a new version, so I’ll wait for it and give it a shot. Tiny Personal Firewall was purchased by Computer Associates last year and hasn’t been updated since. I’ve been running it on my 64-bit Windows x64 machine for about a year, since Tiny offered one of the earliest x64 firewalls. I like it, but don’t use that machine frequently.