If you’ve been reading Scot’s Newsletter of late, you’re probably aware that I’ve been giving Windows 7 a close look. Several of my stories have been about Windows 7 performance. Since I’ve been more critical than most on that point — using what I consider to be typical hardware for Windows XP users (the vast majority of Windows users) — I decided that I needed to approach the question of Windows 7 performance from a different perspective.

To gain that perspective, I bought a new Windows 7 testbed. I selected the Sony Vaio VGN-SR290, a notebook that is very similar in many ways to Apple’s new MacBook in size and features. It came with the P8400 Core 2 Duo running at 2.26GHz, 3GB of RAM, a 250GB hard drive, ATI Mobility Radeon HD 3470 with 256MB of adapter RAM and an HDMI port, 13.3″ LED display, Firewire 400, DVD/RW drive, two USB 2 ports, and so on.

Perhaps the most significant difference between the late-XP era hardware I’ve tested with in the past and the notebook PC I just bought is that the new one is an x64 machine with 64-bit Windows Vista Home Premium. I upgraded the Vaio’s RAM to 4GB shortly after I received the computer.

The first thing I noticed about the Vaio is how fast and stable Vista was on it. This is the only good Vista performance experience I’ve ever had. Even before I upgraded from 3GB to 4GB, 64-bit Vista felt as fast to me as 32-bit Windows XP does on lesser hardware. I don’t consider that to be Vista vindication, to be honest. Other OS makers manage to deliver new versions of their operating systems without requiring significantly better hardware. By the time Windows Vista shipped, most of the best advances that Microsoft had touted during the Vista development process had been stripped out. The value proposition wasn’t good for me and many others. There wasn’t a sufficiently compelling reason to invest in new hardware to support Vista properly. But it’s good to finally run Vista the way Microsoft hoped it would operate.

To test 64-bit Windows 7 Beta 1, I split the disk into two partitions using Partition Manager 9 from Paragon Software, backed up my Vista partition using Acronis TrueImage Home 2009, and installed Windows 7 cleanly on the second partition.

[Note: I was forced to use the "recovery disk" versions of both Partition Manager 9 and Acronis TrueImage Home 2009 to carry out these tasks. TrueImage Home worked fine with Vista but doesn't support Windows 7. I believe both products use a Linux-based UI offering their program functionality when booting from a disc. The Acronis boot-disc software is especially well done. I wasn't able to discover why Partition Manager required me to boot from disc to work with Vista. I presume there's an issue with 64-bit Vista, although incomplete contact with Paragon Software implied that might not be the case.]

The installation of Windows 7 was uneventful and complete. It’s the best Windows installation experience Microsoft has produced to date. Several of the Vaio-specific hardware functions (such as trackpad scrolling) weren’t properly configured, which was to be expected. Even so, Windows 7 is running well, and the forthcoming OS did a good job of configuring the Vaio’s specific Intel mobile chipset and some of the Sony stuff on its own. Although few hardware makers, such as Sony, offer any Windows 7-specific drivers yet, Windows 7 does a better job of managing driver issues than any previous version of Windows.

I’m going to endeavor to test this more objectively, but my initial impressions of Windows 7 performance on the Vaio are both very much the same and very different. Windows 7 startup and shutdown times — a trouble spot for Vista — are subjectively faster than Vista’s. But in all other aspects, performance of Windows Vista and Windows 7 on this machine seems to me to be about the same. Remember, I raved above about how well Vista runs on this hardware, so I’m not damning Windows 7 with faint praise. But I’m also still not noticing a significant performance difference between Vista and Windows 7 on up to date hardware.

The way my initial impressions are very different is that, compared to how well Windows 7 runs on XP-level hardware, 64-bit Windows 7 runs lickety-split fast on brand new 64-bit hardware with 4GB of RAM. It is easily as fast as XP is on the hardware of its era. Overall, taking in the entire user experience, I’d choose Windows 7 running on this hardware over XP. In case you hadn’t noticed, that’s high praise from me.

The caveat is that I had to pay $1,200 to get this hardware, not including the cost for commercial software that I need. In my case, that means Microsoft Office. That also doesn’t include the RAM upgrade. The specific Vaio I purchased was also discontinued a couple of weeks after I bought, so it was on sale at a lower price than its replacement, the VGN-390.

For a couple of years now, we’ve seen thousands of debates on forums and in blog and article comments about Vista vs. XP. Vista is a pig! It runs great for me! In the end, it appears to me that both sides are correct. Vista is a pig on XP-class hardware — even on high-end XP hardware. But that’s not apparent on 64-bit hardware properly designed and equipped to run Windows Vista Home Premium or Ultimate.

Based on what we know now, Windows 7 is likely to be a more compelling upgrade than Vista was. Time has marched on, and two-plus years later, Windows XP, approaching eight years in age, is getting long in the tooth. There are fewer negatives, such as UAC, with Windows 7. I think we’re all ready (whether we know it or not) for a new Windows operating system. Security issues alone drive that consideration. So even though Windows 7 is not a significant features upgrade over Vista, new features aren’t what we’ve needed anyway. What many Windows users have craved is a leaner, less annoying, more usable Vista. Based on 64-bit Windows 7 Beta 1, that’s what Win 7 is. Let’s hope the final version of the new Windows stays on track.

I still think Windows 7′s performance and reliability improvements over Vista are modest at best. A lot of this is about the 64-bit versions of Windows, which can address more RAM. It means new hardware for most people, which may cost a bit more than 32-bit hardware (it certainly makes sense to grab at least 4GB of RAM). But for those who jump through those hoops, it looks like a solid, enjoyable Windows experience awaits. And the overall experience is better with Windows 7 than with Vista.

Finally, if you’ve been following the problems that I and others have experienced with Windows 7′s HomeGroup, there’s some good news there, too. When I ran the HomeGroup initialization on the Vaio, I started by turning on my Dell Inspiron Windows 7 test machine and placing it next to the Vaio. The Dell already had HomeGroup running on it (which had earlier been unable to connect to a virtualized installation of Windows 7 on yet another computer). The Vaio found the Dell’s HomeGroup right away and I was able to connect with it exactly as Microsoft intended. The result was pretty dramatic too, all Mac and Windows computers on my network (a lot of machines) were immediately visible in the network browser on both Windows 7 machines. I haven’t tested this extensively yet. I need to spend a couple hours checking every connection against every other connection to draw hard conclusions. But I am finally able to see HomeGroup in operation. And it does hold some promise.

More to come as soon as I find more time to test various aspects of Windows 7. I’m also looking forward to testing Windows 7 RC1 when it’s released.

There are many reasons why I’ve selected Online Armor (OA) as the best software firewall for Windows users; the rest of this story delivers the details. But boiled down to a single thought, the most important reason is this: Online Armor offers the best blend of a high degree of protection with a high level of usability.

That may sound simplistic, but in this software category such a balance is the toughest thing for a software development company to achieve. It’s very easy to throw up a blizzard of pop-up user-prompts. You can make your system so secure that you’ll never want to use it again. It’s also easy to dumb down the security so much that you’ll rarely, if ever, see a pop up — and in the process, render the firewall ineffective. The trick is to offer solid protection with minimal user interruptions. OA 2.1 is the only firewall software I’ve tested that delivers a near-perfect balance.

Online Armor firewall comes in two editions: free and paid. Version number 2.1.0.112 was the latest one tested for both editions. [Editor's Note: As of 4/19/2008, Online Armor's latest version is 2.1.0.131.] Tall Emu updates the product frequently; to check on the latest versions of OA and read the release notes, see this Tall Emu support-forum post. In addition to the two different editions of Online Armor, Tall Emu also packages it with an antivirus module. For information about the differences among Online Armor Free, Online Armor (paid), and Online Armor AV+, see Tall Emu’s Online Armor Comparison page.

This review is specific to the paid version of Online Armor, which costs about $40. I’ve extensively tested both the free and the paid versions, and both work well. But it’s the paid version that I prefer and recommend (for reasons I’ll detail further along). Online Armor AV+ has not been tested for this evaluation. It contains the Kaspersky antivirus engine, which, while a good product, is not as good as Eset’s NOD32 2.7. Because I named NOD32 2.7 the Best Antivirus Product of 2007, I have tested Online Armor extensively with NOD32 running. I’ve experienced zero incompatibility issues between OA and NOD32 2.7. (Note: I’m still using and recommending NOD32 version 2.7, not the newer 3.0 version. Version 2.7 is still available from Eset.)

The second place Comodo Firewall Pro 3.0 software from the Comodo Group is also a very good product. The latest version tested for this review was 3.0.020.320. If your overriding concern is security, security, security, and you don’t mind a less-than-ideal user experience, Comodo is worthy of consideration. Its superb security ratings and great configurability make it well suited to more experienced users who prefer a belt-and-suspenders approach. This is not, though, the firewall to install on your mother’s PC. Comodo also comes in both 32-bit and 64-bit Vista versions. Comodo Firewall Pro is free. The Comodo Group is working on several features and functionalities that it believes will markedly improve Comodo usability, so this is also a product to keep an eye on.

Security Testing and Gating Criteria

This evaluation kicked off in September 2006 as a series review (long-term testing with progress reports). I have written many firewall articles during this period about my gating criteria, interim findings, products I tested, and reasons why specific products were eliminated from the running. To review that information, please visit SNB’s Firewall category archive page. By scrolling, you’ll find every installment I’ve written for the Best Firewall series over the past 19 months. Among other things, you’ll discover the reasons why I eliminated Outpost, ZoneAlarm, Sunbelt Personal Firewall (a.k.a. Kerio), and Kaspersky’s firewall (part of a suite). Each of these firewalls was a strong contender, but each had a fatal flaw that eliminated it from contention. The companies that make them could rectify those issues, but have not done so to date.

When it was first established, this evaluation used the results of FirewallLeakTester.com’s tests as a method of screening out lesser-performing firewalls. Later in the process, I switched to Matousec’s more in-depth and more regularly updated results. Matousec has recently updated its test results; Comodo gets the highest score, with Online Armor placing second. Corroborating my test results of past year, Matousec scores Eset Smart Security’s leak-protection level as “none.”

I have also performed a set of my own security tests on Online Armor 2.1, Comodo 3, and some of the other firewalls I considered along the way. The latest versions of Online Armor 2.1 and Comodo 3 offer superb protection when used properly. (Most importantly: In both products, the HIPS module must be enabled.) Both firewalls have received significant security improvements over the past six months, too. Earlier versions were not as secure.

Most of my research, however, has focused on usability, company support, stability, compatibility, and bug resolution. These are the areas that make the difference between a security product that you rely on and one you use until you find something better. Too many people are in limbo with products like this, just tolerating them at best. The goal of this research has from the start been selecting security products that you can live with, perhaps even love.

Why Programs Were or Weren’t Tested

The impetus for this review came after more than a decade of using and reviewing multifaceted, everything-but-the-kitchen-sink security suites such as Norton Internet Security. When I kicked that habit, I looked around for something better and realized that most mainstream computer publications were for the most part reviewing only the big-name, large-footprint products. It was clear to me that there was a better way that involved selecting a small set of best-of-breed security products that work well together. So my first determination was that fat security-suite products need not apply. Many of the other gating criteria spring from that decision.

This evaluation assumes that the software firewall is running behind a hardware router or broadband “modem” that offers network address translation (NAT) and stateful packet inspection (SPI), or in other words, a hardware firewall. For home use, consumer-class wired or wireless hardware firewall routers are available from D-Link, Linksys, and Netgear that are for security purposes comparable. Even if you do not have a network, I recommend that you purchase this low-cost hardware. If you have a wireless network, you should also be running password-enabled WPA encryption with a password that isn’t easy to guess.

Finally, over the long term of this evaluation, many new firewall products emerged. It was not possible to test all of them, and in some cases I relied on the input of Scot’s Newsletter readers to help me vet products. The review was also closed to new entrants late last year while I focused on the two finalists: Online Armor 2.1 and Comodo 3.0.

With those points in mind, these are the gating criteria used to determine the Best Firewall Software of 2008:

• Very low system overhead with a strong preference for stand-alone software — no full-blown security suites
• Full compatibility with effective third-party stand-alone security products from other software categories
• Excellent inbound and outbound security protection with an emphasis on solid leak protection, as prescreened by Matousec.com
• A simple, informative, configurable, and highly usable user interface
• Software that is reliable and as bug-free as possible
• Backed by a software development company that is stable, communicative, responsive to customer issues, and actively developing the product. As with any security product, the company behind it should have something to lose — its reputation — if it doesn’t properly stand behind and update the product. It also needs a strong, responsive development team whose development process emphasizes bug fixing and customer experience, not hurrying the product out the door to meet arbitrary deadlines.
• Quiet operation; alerts you when there are real problems. Excessive or repetitive warnings or pop-ups aren’t acceptable.
• Protects but doesn’t cause intermittent problems with Windows local-area network functionality
• A feature that lets users rapidly shut down all inbound and outbound activity
• Vista support, while not mandatory, is preferred. (Note: Online Armor does not yet have a Vista version, but it’s under development.)

Comodo 3: The Next-Best Thing

Comodo Firewall, from the Comodo Group, is a full-fledged software firewall that is free to download and use. Comodo has strong pluses and minuses. The 3.0 upgrade was highly ambitious and was not adequately beta tested. The result was a long series of incremental updates following the release of Comodo 3 — at least six updates over the past six months or so. For details about the releases, including what’s in them, check out Comodo’s Release Notes page. The good news is that Comodo is being actively updated.

The Comodo 3 software has a lot to offer. It comes with a server-based whitelist for its HIPS (host-intrusion-prevention system) module, called Defense+, whose purpose is to cut back on pop-ups. The product also offers an operational mode called Clean PC that, at your option, scans all your current applications and then registers them as safe. That means fewer pop-ups for you, especially in the early going. I also prefer the functionality of Comodo’s “install mode” to those of most other firewalls. It is capable of disabling several types of pop-ups for about 15 minutes in an attempt to let you complete a new program installation in peace. When the 15 minutes expire, it prompts you to turn off the install mode to reinstate full protection. The only problem with Comodo’s install mode is that figuring out how turn it on may not be immediately obvious to the average Comodo user.

At its core, Comodo 3 is a highly protective software firewall that takes itself seriously. Its primary design criterion appears to be that great security requires the program to ask the user to approve or deny any and all actions that might possibly be caused by something malicious. I can’t disagree with that thinking in principle — assuming the people running computers know enough to make the right decisions. Because many of them don’t, Comodo is trying very hard to minimize pop-ups with its whitelist, install mode, and initial hard drive scan. The company also has other features in the works (not evident in this build of its software) that aim to improve usability by reducing pop-ups and improving the software’s ability to detect threats.

Even so, Comodo 3′s Defense+ experience is not ideal. In the kind of usage scenario where several programs are downloaded each week, Comodo users are likely to experience a lot of pop-ups. If you don’t install new applications very often, my personal experience has been that Comodo settles in and the operation of the HIPS becomes less intrusive. It is, though, noticeably noisier than Online Armor’s HIPS protection. It also doesn’t appear to remember user inputs quite as well as the OA HIPS does.

The Main Difference

The primary reason why Comodo Firewall didn’t take top honors in this review is that it errs on the side of protection at the expense of usability. Comodo’s protection takes it a bit beyond the bounds of acceptable usability — a subjective determination on my part. In a nutshell, it has too many pop-ups in this release. And even though it is able to “learn” to have fewer pop-ups and can also be controlled by settings, both the initial and the long-term user experiences are diminished by this behavior.

For example, I was recently confronted with over a dozen pop-ups when I left Comodo running in memory while choosing to uninstall it from the Add or Remove Programs control panel. At least one user prompt is requisite in this scenario because otherwise, a malware routine could be written to uninstall or disable the firewall. You must approve anything that disables your firewall, even when you initiate that action yourself. From a security perspective, there’s a sound argument to be made for more than one pop-up, since most software products are made up of multiple modules that might be selectively turned off to create specific vulnerabilities. But a dozen pop-ups is well beyond the tolerable level in my book.

In another instance, when I directed Windows to install a single Windows Update patch, I was immediately faced with a pop-up — an acceptable experience. I did everything I could in that first prompt window to make Comodo trust the process that was running. But the software firewall nevertheless prompted me with 11 additional pop-ups before that one patch was installed. Windows Update (update.exe) should be a trusted app. I realize that the executable might be spoofed, but if a user validates it, Comodo should learn to be quiet after that trust is confirmed — without having to figure out Install Mode.

It may sound counterintuitive that I’m preferring a balance of usability and security over pedal-to-the-metal security. There’s an important reason for that: When pop-ups are too repetitive or too frequent, it’s only human nature for a large segment of the user base to start ignoring them. That behavior leads to a severe loss of security.

Software Quality

The build of Comodo I tested to wrap up this review, 3.0.20.320, has benefitted from the the long series of bug-fix updates since 3.0 was introduced. According to the company, most of the initial incremental updates were aimed at solving unexpected problems when running Comodo 3 on Vista, support for which was added for the first time in Comodo 3. But many Scot’s Newsletter Blog readers who use Windows XP also emailed me descriptions of problems with the first three incremental updates to Comodo 3.

Meanwhile, even though Comodo 2.4 was something of a cult favorite, it’s absolutely true that a wide range of people experienced significant trouble with that firewall too. So for a period of time, Comodo users were stuck between a rock and a hard place. Many of them tried version 3 and returned to version 2.4. Others wrote me that they left for other firewalls. But the period of disturbance settled down, and I’m no longer receiving email after email with tales of woe.

What that tells me is that Comodo 3 is a good firewall product, potentially a great one, that quite possibly was shipped to end users without adequate QA testing. As is always the case with free, publicly available software, some early adopters were ill-equipped to handle the problems they encountered. Most of those issues appear to have been fixed now. Comodo 3 was also an ambitious release, and bugs happen. But this kind of management of a development process does not inspire confidence — especially when it’s the type of product that can wreak havoc on your computer.

If the Comodo team can focus on software quality, and if it can add additional functionality that pares back on pop-ups, future updates of Comodo 3 could improve the overall usability of the firewall markedly. Solid protection plus good usability is a winning combination. For now, Comodo 3 misses on the usability front — the main reason it has come in second in this review. But because Vista compatibility is a Comodo 3 strength, for the time being at least, it’s the firewall I recommend to Vista users.

The Top Dog: Online Armor 2.1

Online Armor was the late entrant in this evaluation. A bevy of readers suggested it last fall after Matousec gave it a 100% security rating in an earlier version of its test suite. (Comodo received the same top score.) Since I began testing it and calling for input on it, the most common sentiment I’ve heard from people who try it is: “I like it.” Even people who’ve had issues with it have said that. And that’s been my reaction too.

Online Armor’s user experience is on par with ZoneAlarm Free and Sunbelt Personal Firewall — the two firewalls I’ve pointed to in the past as having the best user interfaces in this field. It’s also a relatively young product that is being intensively developed by its makers. OA’s basic UI is very solid, very easy to figure out without help. But the simple interface sometimes lures you away from finding some of the power that lies beneath. OA relies a little too heavily on context menus for access to power features. As you use this product, try right-clicking things. Somewhere down the road Tall Emu should add a column to many of its config screens with a link reading something like “options” or “configure” that opens the context menu. That would be more discoverable. Still, this is a minor issue. All in all, I’m very happy with OA 2.1′s usability.

Several new features debuted in the significant Online Armor 2.1.0.85 update released February 19, 2008, including a resizable main program window, improved on-demand system scan, install mode, and multiple network detection and management.

Version 2.1.0.85 also added a useful convenience feature to the Run Safer capability of OA’s Program Guard. Run Safer let’s you force Internet-connected programs — such as your Web browser, email, and IM package — to run with reduced Windows user-account rights, giving you added protection from malware. The new feature is a context-menu item that lets you temporarily run a Run-Safer-restricted program in a normal (or admin-level) mode.

The OA facility called Autoruns (Startup Items), which gives you a user interface for managing and controlling applications and services that launch automatically on Windows boot, has also been extended to watch additional aspects of the operating system.

The firewall’s Computers tab offers a network-access monitor that shows all the computers connected to your machine via your network. Available details include IP address, MAC address, computer name, and gateway IP address. You can right-click any of the other computers you see and direct the firewall not to trust it.

Probably the most improved aspect of Online Armor beginning with its 2.1.0.85 version is the online-accessible database of program information, which Tall Emu calls OASIS (Online Armor Software Information Service). The company has committed additional resources to keeping this database updated. As it has grown and become more fleshed out over the past several weeks, OASIS has become more useful. The main benefit of the online app database is evident on OA pop-up windows that display the “More…” link. By clicking this link, you’ll get useful information that identifies the program or process that initiated the pop-up — which can be a big help in deciding whether to block or allow the action. You can also get this information by working the context menus in the Programs area, which displays all the programs on your system. And Tall Emu expects to surface this data in other ways too.

The single most important point of failure with most firewalls is user error — usually involving the wrong decision on a pop-up dialog. It’s absolutely essential for firewalls to help educate users about programs running on their PCs. The time has long since past when firewall makers could reasonably expect users to already possess the knowledge to make these decisions. So it was an excellent decision by Tall Emu to make this change.

Tall Emu offers this list of product features on its website that will help you get up to speed on the program. This list doesn’t cover some of the recent improvements.

Inspiring Trust

One of Online Armor’s very best attributes isn’t a feature or functionality; it’s the people behind the product. Tall Emu’s CEO, Mike Nash, is the most visible person behind OA. He posts frequently in the OA support forums. What’s especially impressive about the talk and actions emanating from Australia-based Tall Emu is a strong corporate culture that values communication, honesty, a willingness to talk openly about problems, a responsive attitude, open-mindedness, and respect. I’m not sure how to say this, but I trust Tall Emu to do the right thing. I can’t remember the last time I felt that way about a software company in the post-Microsoft-antitrust era.

Getting back to the tangible, for the last month or two I’ve been directly aware — from emails written to me by SNB readers, OA forum posts, and emails from Mike Nash — of two or three serious issues with the most recent major Online Armor release (initially 2.1.0.85). Most bugs happen to only a small percentage of the overall users of a software product. I didn’t experience any of these more notable issues — in fact, probably most people didn’t. The point I’m trying to get at is this: I’ve been impressed with the transparency and alacrity with which Tall Emu attacks and resolves such problems. This nastier class of bugs, the worst of which is an occasional but recurring crash of Windows Explorer, have all been identified and fixed. (The fix for the Windows Explorer bug is being tested and should be released shortly.)

No product is perfect, and that’s probably more true of software firewalls than many other types of software. Online Armor has bugs just like all of its competitors. It’s what happens when problems are identified that distinguishes development teams. What I’ve seen from Tall Emu is that they do it the right way.

Parting Thoughts

What about the free version of Online Armor? It’s very good. The most important aspects of firewall and HIPS protection are in there. But the paid version offers several additional security layers that are easily worth the $39.95 price of admission.

There’s also a somewhat controversial limitation of the free version: It doesn’t automatically update with new versions of Online Armor. In other words, to install a new version of Online Armor Free you must uninstall the old version and then install the new version. No big deal you say? Not quite. That also means you should go through the initial setup wizard and then, to get through all the pain, launch and trust your most-often-used applications.

Online Armor (paid) can automatically download and install version updates. So, yes, this is something Tall Emu has done purposely to incent you to pay for the full version.

This decade has seen a dramatic rise of free software, but people don’t dedicate themselves full-time to a project like Online Armor without having to eat and do other expensive things. I urge all those of you who can afford the $40 to pay it — in fact, I urge you pay for all the “free” programs you use regularly.

Finally, for Vista users, a new version of Online Armor developed for Vista is very close to being released in an initial public beta test. It could take a couple of months, or longer, for Tall Emu to work through the bugs and deliver a final Vista version. As I wrote earlier in this story, use Comodo until then. When Online Armor for Vista ships, I will give it a look and post something about it.

Online Armor 2.1 .0.112 (the paid version) is the best firewall I’ve ever tested, offering a blend of usability and hard-wired security that’s near-ideal for maximizing protection and ensuring a good user experience. A great firewall doesn’t have to be, and shouldn’t be, a chore to use. Online Armor isn’t.

A year and a half after launching this quest, naming OA the Best Firewall Software of 2008 came naturally. The very best products have a way of standing out.

Now that Vista SP1 is on its way to you, and some people may have been offered it via Windows Update, here are my recommendations:

1. You don’t need this thing right away. If you’ve kept up with Vista security patches, then you’re fine. There’s no need to rush into it.

2. On the other hand, the biggest pain you’re likely to encounter with SP1 is driver issues during or after installation. The driver problem is so acute, though, that Microsoft has taken the unusual step of preventing machines whose hardware profiles include components for which Vista SP1 doesn’t have an adequate driver from offering SP1 via Windows Update or via Automatic Updates. For more detail on this, and a specific example of the kind of driver problem you might encounter, check this Preston Gralla blog entry: My Nightmare Trying to Upgrade to Vista SP1.

Unless you’re strongly SP1-curious, and actually enjoy futzing with drivers (with the knowledge that you might have to back out of the install because the drivers you need just don’t exist), why put yourself through it? You might want to wait until your PC’s maker delivers full support for Vista SP1. Of course, there’s no guarantee your PC maker will do that. I have mainstream PCs from Lenovo and Dell that still don’t have full Vista support, never mind Vista SP1 support.

Still planning to do it? Check this Microsoft knowledgebase article first: Why Service Pack 1 is not offered for installation from Windows Update.

This is my last attempt: Unless you have to install Vista SP1, I’d at least wait for the dust to settle. Vista SP1 has only one true reason for being — to help Microsoft sell Vista to enterprise customers, among whom the conventional wisdom has been “wait for the first service pack.” What’s actually new and not available separately is, to my perception, more marketing hype than reality. There’s nothing wrong with SP1, but there’s absolutely nothing compelling about it either.

Scot’s Newsletter readers who use Windows should be aware that their best source of timely, detailed, experienced insight and hands-on advice about Windows can be found at Computerworld. Gregg Keizer and Eric Lai are the industry’s foremost Microsoft reporters, and our new Windows Editor, Preston Gralla, offers a first-rate blog called “Seeing Through Windows.” For the details you need to know about Vista SP1, start here:

• Angry Vista Users Vent over SP1 Driver Issues – Gregg Keizer, Computerworld
• My Nightmare Trying to Upgrade to Vista SP1 – Preston Gralla, Computerworld
• What to Expect from Vista SP1 – Preston Gralla, Computerworld
• Hands-On Vista SP1: Better but Slower? – Preston Gralla, Computerworld
• FAQ: How to Get Vista SP1 – Gregg Keizer, Computerworld
• Windows Vista SP1 Released to Windows Update – Microsoft’s Vista Blog

But not this one. While I need more time with the SP1 code, my first few days with the final version of Vista’s first service pack were, well, underwhelming. The one thing that I can definitively say at this point is that if you secretly installed Vista SP1 on a friend’s PC while he or she was out to lunch, 9 out of 10 friends wouldn’t have a clue when they came back.

Perhaps the biggest change to Vista that comes out of SP1 is the elimination of the anti-piracy mechanism the press has dubbed the “Kill switch” and that Microsoft termed “Reduced Functionality Mode.” Whatever you call it, it was designed to automatically render a Vista installation all but unusable if Vista’s Software Protection Platform (anti-piracy protection) software deems that copy of Vista to be pirated. For more information on the Vista Kill Switch and how it worked in the original version of Vista, please see this Computerworld story, The Skinny on Windows SPP and Reduced Functionality in Vista.

I started testing Vista SP1 with the initial beta, released early last fall. And I’ll continue to work with it to see what I can see. The software is supposedly not going to be generally available for another five weeks or so.

One of the ironies for Microsoft and Vista users is that SP1 of any version of Windows usually makes the driver pack usable for most people. But in testing SP1, Microsoft discovered that some drivers installed in a specific way (I’m guessing on drives built by OEM PC makers), there are conflicts with SP1. So, according to Microsoft, the drivers are in most cases OK, but they may need to be reinstalled after you install SP1. (For more information from Microsoft’s Mike Nash, see this Windows Vista Team Blog post.

In my tests with two pre-existing Vista installations (I haven’t clean installed SP1 yet), there were zero installation problems. My driver problems were no better or worse than prior to installing Vista SP1. Some of my Vista machines still don’t have proper Vista drivers from their manufacturers. But’s that’s not Microsoft’s fault — at least, not directly.

As I said up top, installing Vista SP1 has been like a non-event for me. Perhaps I’ll notice actual differences in real-world use as more time goes by.

If you want to get up to speed on Vista SP1, Computerworld’s coverage from Windows Editor and blogger Preston Gralla and reporters Eric Lai and Gregg Keizer have been excellent. Preston has been testing SP1 for performance and other aspects. Here are some links I recommend you check out:

• Slowing Down Vista with SP1
• All of Preston Gralla’s Vista SP1 Coverage
• Analysis: Driver Problems Still Haunting Vista
• Vista’s Driver Ills Aren’t Just Microsoft’s Fault
• FAQ: Vista SP1 Is Ready — Or Is It?
• FAQ: Vista’s SP1 Semi-secrets

I recently security tested Comodo 3.0.15.277 (“Advanced Install”) and a late beta of a new version of Online Armor that I believe will arrive shortly. Both products came through with flying colors — passing every test I threw at them. So I can confirm that newer versions of both products continue to test as well as the somewhat older versions tested by Matousec.com.

For those of you following last month’s dramatic public clash between Comodo’s ceo, Melih Abdulhayoglu, and myself — it’s my hope that’s a thing of the past. Melih and I have had several constructive email exchanges. I made some tweaks to my Jan. 20th post urging Scot’s Newsletter readers who might have opted for Comodo 3′s “Basic Firewall” installation option not to use it. And in version 3.0.16.295, Comodo has refined the language on the installation dialog box that I had concerns about; it now looks like this:

[Update on February 16: Since this message was posted six days ago, Comodo released yet another slipstream update, version 3.0.17.304. That version's installation option dialog is identical to that of v.3.0.16.295.]

The wording change does a better job of keeping people from making the less-protective choice. Melih also showed me a picture of the comparable screen for a future version of Comodo 3 that will offer three installation options. The company expects to add a third installation mode that turns off the full blown Defense+ HIPS module but continues to offer leak protection, apparently at a level similar to Comodo version 2.4. That’s an even better change. I haven’t been given access to that version of the Comodo firewall nor do I have any idea when it might arrive, but I’ll be interested to test it when it becomes available. (For more information about changes delivered in Comodo 3.0.16.295 and 3.0.17.304, see the company’s public release notes.)

I test computer products, not people. Some readers have suggested I drop my evaluation of Comodo because of things Comodo’s ceo posted in his company’s forums. Thanks, but that’s not my style. Comodo Firewall is an excellent product, so I will continue to test it until I’ve made a decision.

In the meantime, I’ve recently been testing the last two versions of Comodo under Vista. I’ve seen no anomalies on that OS. I don’t formally test products for Vista, an operating system I have recommended against using. What I can pass along is that, for the time being, I’ve adopted Comodo 3 (version 3.0.16.295 or later with Defense+ enabled) on all my Vista machines.

In other Vista-related news, Tall Emu’s Mike Nash, the ceo behind Online Armor, says his development team hopes to enter public beta testing by roughly the end of the month on Online Armor for Vista.

Having tested pre-release builds of the next Windows XP-version of Online Armor, I’m intrigued by several promising new features. I’ll go into more detail once the product ships and I’ve had time to test it thoroughly.

At one point over the last year I began to wonder whether I’d find a software firewall worthy of my recommendation. But both of these products offer full-fledged protection and are easy to use. Both run on Windows with small footprints. Both are fully compatible with other software security products, including NOD32, the antivirus/anti-malware product I continue to use and recommend. Choices are good.

Windows XP or Windows Vista?

The recent news that testers at Devil Mountain Software found Microsoft’s beta of Windows XP Service Pack 3 to be 10% faster than XP SP2 has pushed me over the edge.

I honestly find no advantage to Windows Vista, and there are some downsides. For example, no matter what Vista advocates say, Vista requires Vista-level hardware. Pentium M/Centrino single-core notebook hardware just doesn’t run it well. Pentium 4 desktop hardware runs it better, but usually that class of hardware needs a video upgrade. I’ve personally seen instabilities with the shipping version of the Vista code: applications freezing, Windows services slowing to a crawl, even OS crashes. I’m not saying everyone is having these problems, but I see no real improvement over Windows XP. While the architecture of Vista is a little better, Vista adds a lot of overhead to support quite a bit of new and sometimes questionable functionality. Vista is a lot more complex than Windows XP. It’s probably more secure, but it still needs a raft of third-party security software and hardware. I don’t trust its anti-malware protection or its firewall. And it doesn’t have an onboard antivirus product.

I have five Windows Vista installations. I’m reducing that number to two, one of which will be in a dual-boot with XP. The Windows Vista installation I have on my main Windows machine was a Vista upgrade install, and it’s the least stable. That’s why it’s getting fresh dual-boot clean installs. The other Vista machine I’m keeping stays in the office, where I don’t use it frequently. If I need other Vista boxes for testing, I’ll set them up as I need them.

The rest of my Windows hardware will shortly revert to pristine Windows XP installations. Windows XP is a mature operating system that’s not trying to be something that it’s not. The user experience is better than Vista’s. There’s no “reduced functionality mode” that will inadvertently trip when Microsoft’s WGA/SPP servers have an outage again.

I hope to test a later release of Windows Vista Service Pack 1, but based on my hands-on use of the first widely distributed beta code and performance testing also conducted by Devil Mountain Software, Vista SP1 is no faster than the original shipping version of the OS. Devil Mountain’s report of XP SP3 being faster than SP2 is very intriguing, though. I’ve been using XP for more than six years, and I’d be perfectly happy to continue using it for another six if Microsoft continued to support it properly.

Until they build something better than Windows XP, I see no reason to switch. As it is packaged today, Windows Vista is not that OS.

Microsoft needs to release a new version of Vista that doesn’t stratify the features (why does CD and DVD burning happen only on the Home versions of the OS, for example?). It needs to unload some of the crap it padded Vista with. And it needs to rethink the user experience with respect to functionalities like UAC and SPP. Enterprises aren’t buying Vista because it offers very little advantage for them, and end users aren’t clamoring for it. Of all companies, Microsoft should know that end-user desire for an OS has a huge effect on how rapidly it’s adopted. The company seems to have forgotten its roots.

I have no doubt that Microsoft could turn Vista around if it wanted to. But it would have to own up to the idea that, with its Vista product and business strategy, it’s been wrong-headed in a number of ways. I’m not so sure that the current management, as Bill Gates continues to edge toward the door, has the technical vision to make the right choices.

Update: Vista SP1 Dumping the ‘Kill Switch’

Microsoft is showing one or two small signs of coming around. First it admitted that the WGA breakdown last August that caused thousands of Vista users to wind up being pegged as software pirates when they couldn’t activate their copies of Vista was, in fact, an “outage.” The company had denied that terminology earlier. Now, Microsoft is eliminating reduced functionality mode — more commonly referred to as Vista’s “Kill Switch.” This change will be implemented by Vista Service Pack 1, which is expected to ship in the first quarter of next year.

Bottom line, though, this is a welcome change, but it doesn’t materially change the user experience at all. Most of us will hopefully never come face to face with reduced functionality mode. And until we actually test what Vista does instead of the kill switch, I’m not prepared to embrace. The Windows Vista RC1 that I’m looking at now still has the kill switch in it.

On Friday I interviewed Microsoft Vista SP1 production manager David Zipkin. And while Zipkin insisted that SP1 isn’t just a roll-up of patches, updates, and security fixes that you’re already getting on Windows Update, he was hard pressed to tell just what exactly is new in the forthcoming service pack. The truth is there are new things, but very few that you or I really care about.

In the end, maybe it’s all a moot point anyway, since most people will get SP1 when they buy a new PC or download it as part of Windows Update, where it will be about a 55MB download. Microsoft will be distributing it on DVD, both to enterprises with license agreements and to consumers who are willing to sign up for it on a Web form, pay a modest fee for shipping, and wait several weeks. But my guess is that waiting won’t be a huge hardship.

For deeper detail about what’s in Vista SP1, check out Microsoft’s Windows Vista Service Pack 1 Beta White Paper. Also, some of these improvements are already available. Take a look at this Nick White entry in the Windows Vista Blog.

What’s New?
The promise includes improvements to performance, reliability, application compatibility, device driver support, and emerging hardware and standards. But the details I’m privy to so far either barely support the claim or are too vague to be more than marketing.

Everyday Vista users may be happy to learn that Microsoft is working on the performance of Windows Explorer file copies. Zipkin says the all-too-familiar delay while Vista figures out how long the operation will take will all but disappear, and the copy operation should be faster overall. Microsoft is also claiming some improvement to Vista shutdown times, and it expects to trim hibernate and resume from hibernation times in SP1.

Some of the better improvements relate to hardware support and reliability. More than 700,000 Vista device drivers have been created since Vista shipped, but many of these have been offered via Windows Update. Microsoft’s engineers have worked on problem areas, including support for some newer graphics card, external displays served from laptops, and networking configuration. There’s also claimed improvement to Vista installations upgraded from Windows XP, to printer compatibility, and to the reliability and performance of Vista entering and resuming from sleep mode.

Other performance benefits include some added speed and reduced CPU utilization for Internet Explorer 7, improvements for notebook battery life by cutting back on screen redrawing on certain computers, and faster and less bandwidth-intensive network browse operations.

Microsoft is adding several minor improvements to BitLocker drive encryption. For example, it will be able to encrypt all volumes on a machine, not just the C: drive. Enterprise customers may be pleased to find that GPEdit.msc will edit Group Policies by default, although SP1 will automatically uninstall the Group Policy Management Console.

Some of the new standards and technologies SP1 adds Vista support for include Direct3D 10.1, support for network boot by using x64 EFI, Secure Digital (SD) Advanced Direct Memory Access, and support for the exFAT file system, designed for us with flash memory storage. Vista SP1 also adds support for the Secure Socket Tunneling Protocol (SSTP), which will help provide VPN remote access connections that are better able to navigate network address translation, Web proxies, and firewalls.

Setup and Initial Impressions
The Beta I received on DVD from Microsoft contains a 687MB installation file that is a superset of the Windows Update download that Vista users will eventually see. It comes with code that can update any version of Vista and as well as all language packs.

The installation process starts by unpacking the code, and then you’re presented with a start screen that gives you the option to put a check in the box to automatically restart Vista when the upgrade is finished. It permits unattended installation.

When my Vista Ultimate test machine (my main Vista production machine, with a fresh backup of the hard drive) came up after the SP1 installation, the first thing I was confronted with was a cryptic command-line log listing, which appeared to imply that something might have gone wrong. I attempted to copy the contents, but it ripped by before I had to chance to read it. As Vista entered its GUI, though, it flashed up an OK dialog telling me that SP1 had been installed successfully.

In my first half hour with SP1, it became clear to me that Vista was operating a bit faster in several regards. Vista’s network browse window is much better than before. It’s still slow to load the first time, but for the first time ever, it brought up my entire network without any balkiness. Other windows snapped open with more authority too. One oddity I noticed is that my wireless networking connection was taking priority over the 1GB wired LAN connection. Why does Windows do that? I tried resetting the LAN connection; Vista would see it but then eventually drop it off again, preferring its Wi-Fi latch on the Internet.

The biggest user-interface change in SP1 appears to be something that’s missing, not something that’s been added. To comply with a legal settlement in a complaint brought by Google, Microsoft has removed the Search menu item on the right side of the Start Menu. It has also made it possible to configure third-party desktop search tools, such as Google Desktop (not my first choice, by the way) as Vista’s whole-computer indexing tool. For more information about this, including before and after pictures, see Computerworld’s first-look review, Vista SP1 beta’s biggest mod is to the search function, by Preston Gralla.

My initial impressions of SP1 are mostly positive. Some time needs to go by, and later code tried, before I’ll draw conclusions.

The bottom line is this: There’s nothing about SP1 that should make enterprise customers suddenly feel safe in buying Vista. In a world where software updates via its Internet tether, all of that is a little ridiculous. SP1 is primarily a patch/security update roll-up. On the other hand, I’ve seen nothing so far that would keep me from grabbing it when it’s ready, either. It’s pretty much a nonevent.

I’ve previously recommended Eset’s Nod32 version 2.7 for all current versions of Windows, including Vista. Nod32 is a done deal, a no-brainer, just get it.

But the firewall picture for Vista is nowhere near as obvious. As I’ve written many times before, every computer connected to the Internet should be sitting behind some sort of hardware firewall that adds NAT (network access translation) stealthing and SPI (stateful packet inspection), both of which help protect against inbound threats. Good security is about layers, though, and a good software firewall complements the hardware firewall by adding application controls for outbound transmissions and network protections. The combination of hardware and software is very powerful. The problem is, very few popular software firewalls currently support Vista.

Vista’s Strengths and Weaknesses
In case you think you don’t need a firewall, be advised that while Vista’s Windows Firewall is mildly improved, the added outbound protection isn’t turned on by default, and you may find it difficult to configure. Windows Firewall still does not offer full firewall support. It’s better than nothing if you don’t have a third-party software firewall, but that’s about it.

I’m a big fan of firewallleaktester.com, a Web site that has tested firewall walls for “leaks,” in particular, outbound leaks that can be initiated by application spoofing and other means. There are dozens of leak tests, and no firewall blocks them all. What’s more, there are probably scores of undiscovered or unexploited leaks that leak tests don’t test for.

Vista blocks some leaks that XP doesn’t, but not all of them. Check out this firewallleaktester.com document for an objective assessment of Vista. (Don’t be put off by the English errors on this Web page; the security knowledge is top notch. The authors are clearly not native-English speakers. In fact, I keep meaning to offer my English editing skills to Firewallleaktester.com.)

The description of UAC (User Account Control) is both useful and accurate, although some of the security functions it describes are just Vista security elements that Microsoft doesn’t classify as being part of UAC. But that matters little.

Another document you should review is Matousec’s list of software firewalls. This list is very useful for Vista owners because it shows a Vista logo (third from the right) when the product supports Vista. The first thing you’ll notice is that several well thought of firewalls do not currently support Vista.

My focus for security software for Windows is strictly on lightweight software that does one thing well, like Nod32. What that means is: No security software suites. It’s not just the big, well known commercial suites either, like those from Norton, McAfee, Panda, CA, Trend Micro, Kaspersky, and F-Secure. I would also add less-well-known products, such as BitDefender, BullGuard, and Outpost. When you sift through Matousec’s list of firewalls, focusing on Vista support — and you apply my “no suites” rule — there aren’t many left. As of early this month, these are the ones left:

• Windows Live OneCare
• Jetico Personal Firewall
• PC Tools Firewall Plus

Microsoft has already admitted that Windows Live OneCare is not a great product in its current version. Give that one a miss. I found sign-up for OneCare to be thoroughly annoying too — at least when it first became available. Frankly, Microsoft’s security software is not that impressive.

The Jetico product is *not* a good choice for Vista. I ran into severe problems with the Jetico 2.0 beta for XP and Vista. When I installed it on my Vista test machine, I rebooted as directed after installation. Vista booted into the GUI and then gave me a blue screen. I repeated the process and got the exact same result. So I booted into Windows’ Safe Mode and uninstalled Jetico. But on restart, the Vista test machine’s network stack was totally trashed. It was no longer able to get DHCP assignments from my firewall router. It wasn’t able to connect to anything on the network. Eventually, I had to revert to a previous System Restore point, which solved the problem right away.

Although the Jetico 2.0 beta installed fine on my XP test machine, I faced literally about 50 pop-ups over the next few hours. Even though each one said it was making a “permanent” change, that didn’t appear to be the case at all. It was a very frustrating user experience (which reminded me a lot of my first trial of Comodo, before that product was refined). I also had trouble with intermittently balky network connections with Jetico installed. I had no problems uninstalling Jetico from the XP test box. That process went fine.

I spent about 30 minutes with PC Tools Firewall Plus prior to writing this article. My sense about PC Tools is that it’s a very simple, lightweight firewall. I can’t speak for its protective qualities yet, but it works well without being annoying. The UI for controlling networking isn’t great. In order to make peer-based networking work, I had to set a rule that basically allowed all TCP/IP transmissions. I’m sure there’s a more restrictive way, but the UI didn’t make it obvious. I really liked PC Tools’ simple application-control settings.

Anyone who has used PC Tools Firewall Plus more than I have, please drop me a note about your experiences, positive or negative.

Of the three third-party firewalls, I’d have to recommend PC Tools Firewall Plus — at least, on a temporary basis until other products, such as Comodo, Sunbelt’s Kerio, or Look ‘n’ Stop Firewall begin supporting Vista. It doesn’t seem to me to be a great product. But it’s free and serviceable.

Speaking of Look ‘n’ Stop Firewall by Frederic Gloannec and Jean-Francois Catte, just as this issue of the newsletter was getting ready to mail I learned that the current Look ‘n’ Stop 2.06 Beta 2 will supports Vista and will also likely be the version of the code that goes gold in the near future.

Another temporary strategy for Vista users is to make sure your hardware firewall is up to snuff, turn on Windows Firewall (and make sure the outbound protection is operational), and sit back and wait for the better firewalls to emerge. They’re coming.

Eset’s Nod32 2.5 came in second last year, despite the fact that I had several criticisms of it. My assessment last year was based on a series of factors. But the most important criterion was that the utility run without bogging down the system and, basically, do no harm to your computer. Of course, catching the bad stuff was very important too.

Even though F-Secure’s 2006 product skirted the primary requirement pretty finely, the user interface and the included anti-spyware module combined, in my mind, to make it a great value. What’s more, F-Secure took me through a real-world test — one that I didn’t plan — with flying colors. (Nod32 got other people through the exact same real-world test, by the way.)

But F-Secure has an Achilles’ heel. It doesn’t play nicely with other security apps. It has a tendency to create a mess if other security products are present — even if they’re not running. It has a tendency to pop up dialogs informing you that it can’t install unless you uninstall this or that specific program. This was something I came across with F-Secure Anti-Virus 2006 only when I purposely installed it while AVG was running. And the process of uninstalling AVG worked so well in my test, that I felt comfortable recommending F-Secure.

I stand by last year’s assessment, even though a couple dozen Scot’s Newsletter readers had problems with F-Secure Anti-Virus 2006 or F-Secure Internet Security 2006 (which I did not recommend). That’s more than I would have liked to see with my top product pick. Still, far more people wrote me that they’d had no trouble with F-Secure and were delighted with it as compared with the Norton, ZoneAlarm, or McAfee antivirus products.

A couple months after my recommendation, and after F-Secure officials promised me that they were working to make the product more tolerant of other security apps, the company released F-Secure Anti-Virus 2007. Overall, the product is marginally better in most regards. But in one very significant way, it’s markedly worse. The first time I installed it, it forced me to remove the LiveUpdate online-updating module for Symantec’s PartitionMagic before it would install. This is sheer stupidity. PartitionMagic isn’t even a security utility. F-Secure’s programmers must have unilaterally decided that because Symantec’s security products use the same program-updating module, F-Secure won’t co-exist with any instance of LiveUpdate. That was the moment that I finally gave up on F-Secure.

But the fun didn’t stop there. Even though F-Secure Anti-Virus 2007 doesn’t contain a real firewall, I began to get reports about conflicts with software firewalls with which F-Secure Anti-Virus 2006 had co-existed just fine. One of those programs is Kerio from Sunbelt Software, which is still one of my personal favorites among firewalls, even though some other products, such as Comodo Group’s Comodo, have better test ratings. (For those of you wondering, I’m still working on a low-cost, outbound-oriented software firewall recommendation, but it’s still a ways out. Comodo is a top contender in my evaluations, and I love Kerio’s interface.)

Bottom line: I can accept an antivirus product gracefully preventing co-existence with another antivirus product. It’s just good common sense. But when a product stupidly enforces the removal of products that it has no business conflicting with — I’m done.

I am now reversing my recommendation on F-Secure. The 2007 product is not a good one. If you have F-Secure 2006 and it’s working well for you, you’re safe to ride out its license. But you should plan on making the switch then.

Nod32. 2.7
So why didn’t I pick Nod32 last year? There were three main reasons:

1. It has a terrible interface. Part of the reason that’s the case is that it’s a lot more configurable and powerful than other AV products. Still, I knew that some of my readers were going to have a hard time setting it up properly. It’s even easy to miss settings. Eset is planning to heavily revise the user interface in an upcoming release. My initial inclination was to wait for that revision, which will probably be called Version 3.0. (The 2.7 release’s interface is nearly identical to the 2.5 version I reviewed last year.) But with F-Secure falling out of the running, Nod32 2.7 is the best choice, despite the user interface issues.

2. A lot of smart people disagree with me on this point, but I prefer an AV product that has outbound mail scanning. It’s true, the most important scan is the inbound scan — and Nod32 does that just fine. So why then does Nod32 offer an outbound scan for Microsoft Outlook clients but no others? I didn’t (and still don’t) like the double standard. Eset intends to eventually add outbound scans for other email programs, but Eset officials have told me that the company doesn’t plan to do so until some time after the forthcoming 3.0 release.

3. As a Eudora user, I wasn’t thrilled that Nod32 doesn’t scan Eudora’s text-based mailbox files on disk scans. (Other AV products have no trouble scanning Eudora mailboxes.) Nod32 just skips them, and if you force it to scan them, it will give you error messages. Eset has no intention of fixing this problem. While that doesn’t mean Eudora users are unprotected (Nod32 scans everything that comes into your computer — before it even gets to your mailbox files), it’s not a good thing. Why does the product even offer a scheduled disk scan then? The best approach to security is not to rely too much on any one method of protection. Again, there’s a double standard, and I dislike double standards.

Nod32′s Shining Flip Side
What’s good about Nod32 grows on you the more you use it, though. I have it running on four computers, and I’ve come to greatly admire it and trust it implicitly (though none of those PCs currently has Eudora on them.)

What makes Nod32 a great security utility? First, it’s a tight application with a very small footprint. You will not notice any performance hit with Nod32. Second, once you figure out how to install and configure it properly, it operates silently. Third, it’s extremely effective at its job. You will be protected. For more about Nod32 2.7, check out the Eset Nod32 Web site. (Plus, check out this story that explains how to configure harder-to-find settings in Nod32.)

Another aspect of Nod32 that I like is that it’s inexpensive, and the company offers small multiple-license deals that are aimed at techies like us who may have multiple computers in their homes. As I did last year, you can buy four two-year Nod32 licenses for $148. That works out to $18.50 per year per PC (renewals are less expensive, so that’s part of the savings). As an existing 2.5 license holder, the upgrade to Version 2.7 was free to me.

If the company’s claims for the 2.7 are to be believed, it’s even more effective against malware than 2.5 was. Eset’s Nod32 2.7 marketing language claims it protects against viruses, spyware, malware, and rootkits. I know this to be true of the product, although in the past its makers stopped short of claiming it. I’m running 2.7 as my only virus/spyware/malware protection, opting to remove Spy Sweeper. Version 2.7 also supports Vista. I’ve had it running on a Vista machine for a couple of months.

Finally, one of the best things about Nod32 is its advanced architecture. Along with a handful of other AV products, Nod32 is out in front on a new, more advanced way of protecting against computer threats: the use of heuristics or behavioral modeling. This technology, though not new, is finally becoming significant. It watches for potential threats based on actions and tendencies. Nod32 doesn’t rely solely on heuristics, but that type of protection makes it more likely to catch new variations or types of threats before anti-malware signatures are created for them.

There’s no doubt in my mind that in 2007, Nod32 is the very best lightweight antivirus/anti-malware product you can buy for Windows XP, Vista, or Linux/BSD. My decision to crown it the Best Antivirus Product of 2007 came without hesitation — even for Eudora users. No, it’s not perfect. But it’s clearly your best choice.

Fact Box The Best Antivirus Product of 2007 | Nod32 2.7, Eset, 866-343-3738, $39