Question:

I haven’t used Firefox in a while because of a problem I’ve been having. It won’t let me gather any apps. This is the error message:

Could not initialize the application’s security component. The most likely cause is problems with files in your application’s profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the application and fix the problem. If you continue to use this session, you might see incorrect application behaviour when accessing security features.

Is there any help you can offer me? Thanks.

Answer:

I’m not clear on what you mean when you say “it won’t let me gather apps,” but more than likely you have a corrupt Firefox user profile. To solve the problem, you’ll need to delete every file in your Mozilla installation and do a clean install of the latest version of the browser. Some of these files hide in places you might not think to look, so it’s important to follow directions on how to fully remove profile.

If you’re concerned about losing your bookmarks, etc., I recommend installing Foxmarks (if Firefox will let you install it). Foxmarks synchronizes bookmarks and Web-related logins and passwords among different browsers on one machine as well as on browsers installed on multiple machines. The product and its server-based service, is currently free. And it supports Firefox, Safari, and Internet Explorer. By using Firefox to back up your bookmarks and other user info, you should be able to reinstate that information on your cleanly installed Firefox installation.

Here’s a summary of steps you should take to solve your Firefox problem. This solution will work with Windows, Macintosh, and Linux installations of Firefox:

1. Install Foxmarks and synchronize your user data with the Foxmarks server. You might also want to explore synchronizing your bookmarks with other browsers on your machine or other machines you use. Foxmarks is about to undergo a major upgrade. The product and service is in the process of being renamed Xmarks, with new features and functionality.

2. Download the latest version of Firefox (3.0.7 at this writing) and then uninstall Firefox from your computer.

3. Follow these MozillaZine instructions for removing your Firefox user profile and fully uninstalling the browser.

4. Windows users should restart their machines.

5. Install the new version of Firefox.

6. Install Foxmarks in the new Firefox installation, and use it to resynchronize your bookmarks, ensuring that you use the server-based bookmarks to overwrite your local Firefox bookmarks.

This should solve your problem, and may also make Firefox run faster and/or begin performing other functions that may have also stopped working.

To avoid experiencing a corrupt user profile again, I recommend that you cleanly install every major version of Firefox. In other words, when Firefox 4.0 is released, follow these steps again. You can allow upgrade installations of incremental releases, such as the forthcoming Firefox 3.5 — unless, of course, Mozilla recommends otherwise.

What browser is Scot using?

For those of you keeping score, I reviewed Firefox 3.0 from a Macintosh perspective in this Computerworld story: Firefox 3 for Mac: Is it time to switch from Safari? Among other things, the article didn’t reach a hard conclusion about whether I’d be switching from Safari to Firefox on the Mac. (On Windows, I remain a confirmed Firefox user.) I also talked about why bookmark synchronization was important, and I didn’t select Foxmarks at that time, since it didn’t support Safari at that time.

So let me update those two points:

Safari vs. Firefox: These words from the earlier Computerworld story are the salient ones; they sum up the reason why I have remained a Safari user on the Mac:

There is one downside to Firefox 3, however. The first time you launch it after starting up OS X, Firefox 3 takes 5.5 seconds to open a blank page. By contrast, Safari 3.1.1 takes about half a second for the same task. It’s a noticeable difference.

Bookmark synchronization: Foxmarks offers some of the features of Apple’s MobileMe, and it works with IE, Firefox, and Safari on Windows, Mac, and Linux. MobileMe is a Mac-specific synchronization tool that works very well. It’s also able to synchronize a long list of data on Macs, such as the calendar and address book. I’m a MobileMe subscriber, and I will continue to be. But Foxmarks lets me extend bookmark synchronization to all my Windows machines. For that reason, it is installed on at least half a dozen of my computers. I recommend it highly to anyone who works with multiple computers. It may also be a valuable took to those who regularly use multiple browsers on the same computer.

One feature that might make Foxmarks more useful to some users would be the ability to specify specific parts of your bookmarks to synchronize. It is designed to synchronize all bookmarks. Whoops, I stand corrected. The Profiles feature, which works in conjunction with MyFoxmarks — the server-based version of your bookmarks — does allow you to assign specific bookmarks or bookmark folders to different profile names so as to exclude synchronization of personal bookmarks to your work computer for example, or vice versa. The MyFoxmarks instance of your bookmarks will have the superset of all your bookmarks from all profiles. Thanks to reader Evano for pointing this out.

Tall Emu CEO Mike Nash tells me that the public beta of the free version of Online Armor will be released shortly (probably today). In addition to Vista support, the free version will now be able to check for and install updates automatically as well as upgrade to newer versions (free or paid) of the OA software without having to uninstall the previous version. That takes care of my chief criticism of Online Armor’s 2.x free version. (The paid version of the product was able to perform both of these functions.) I’m glad to see Tall Emu make the products equal in this area. It’s the right thing to do. But in the same breath, I also urge my readers to pay for the commercial software products they adopt and use regularly. It is equally the right thing to do.

So here’s a quick top-level list of what’s new in Online Armor 3. For more detail about what’s new, see Mike Nash’s post in the Tall Emu forums.

Online Armor 3 Beta 1 Highlights and New Features

• 32-bit Vista compatible
• Updated user interface
• Additional threat protection
• Updated help file (http://www.tallemu.com/webhelp3/Welcome.html)
• New language support, including French and Italian.
• Multi-desktop support
• Manage your hosts file with Online Armor’s HOSTS editor.
• “Trust All” option in the Safety Check Wizard allows fast setup on new computers.
• MAC Filtering
• Online Armor can be set not to start at next boot.
• Filter by program added to firewall status screen.
• Default “Run Safer” for unknown programs added to OA options.
• Keylogger detection detects more types of keylogger.
• Advanced-mode options screens allow finer control.

I recently security tested Comodo 3.0.15.277 (“Advanced Install”) and a late beta of a new version of Online Armor that I believe will arrive shortly. Both products came through with flying colors — passing every test I threw at them. So I can confirm that newer versions of both products continue to test as well as the somewhat older versions tested by Matousec.com.

For those of you following last month’s dramatic public clash between Comodo’s ceo, Melih Abdulhayoglu, and myself — it’s my hope that’s a thing of the past. Melih and I have had several constructive email exchanges. I made some tweaks to my Jan. 20th post urging Scot’s Newsletter readers who might have opted for Comodo 3′s “Basic Firewall” installation option not to use it. And in version 3.0.16.295, Comodo has refined the language on the installation dialog box that I had concerns about; it now looks like this:

[Update on February 16: Since this message was posted six days ago, Comodo released yet another slipstream update, version 3.0.17.304. That version's installation option dialog is identical to that of v.3.0.16.295.]

The wording change does a better job of keeping people from making the less-protective choice. Melih also showed me a picture of the comparable screen for a future version of Comodo 3 that will offer three installation options. The company expects to add a third installation mode that turns off the full blown Defense+ HIPS module but continues to offer leak protection, apparently at a level similar to Comodo version 2.4. That’s an even better change. I haven’t been given access to that version of the Comodo firewall nor do I have any idea when it might arrive, but I’ll be interested to test it when it becomes available. (For more information about changes delivered in Comodo 3.0.16.295 and 3.0.17.304, see the company’s public release notes.)

I test computer products, not people. Some readers have suggested I drop my evaluation of Comodo because of things Comodo’s ceo posted in his company’s forums. Thanks, but that’s not my style. Comodo Firewall is an excellent product, so I will continue to test it until I’ve made a decision.

In the meantime, I’ve recently been testing the last two versions of Comodo under Vista. I’ve seen no anomalies on that OS. I don’t formally test products for Vista, an operating system I have recommended against using. What I can pass along is that, for the time being, I’ve adopted Comodo 3 (version 3.0.16.295 or later with Defense+ enabled) on all my Vista machines.

In other Vista-related news, Tall Emu’s Mike Nash, the ceo behind Online Armor, says his development team hopes to enter public beta testing by roughly the end of the month on Online Armor for Vista.

Having tested pre-release builds of the next Windows XP-version of Online Armor, I’m intrigued by several promising new features. I’ll go into more detail once the product ships and I’ve had time to test it thoroughly.

At one point over the last year I began to wonder whether I’d find a software firewall worthy of my recommendation. But both of these products offer full-fledged protection and are easy to use. Both run on Windows with small footprints. Both are fully compatible with other software security products, including NOD32, the antivirus/anti-malware product I continue to use and recommend. Choices are good.

However, my preliminary impression of Nod32 3.0, also contained in ESS, was quite positive. That product is available as a standalone upgrade to Nod32 2.7 for $40 (one user, one year).

I have not had a chance to fully test the 3.0 standalone product yet. I’ve been focused on the firewalls. But testing Nod32 3.0 is very high on my list. From my look at the ESS beta, I don’t anticipate any serious criticism of Nod32 3.0. I like the UI a little better. I didn’t see anything I didn’t like. I didn’t have any problems with it. But I still have to test it fully to be sure. I’ll be looking at it on both Vista and XP.

I don’t write final security reviews before I’m sure about a product. So depending on the complexities I encounter when I test Nod32 v.3, it could be four to eight weeks before I give you a definitive answer.

If you’re forced to make a decision before that, I would currently characterize Nod32 3.0 as a good bet. And, again, I would recommend separate firewall and antispam solutions instead of ESS.

If you’re using Nod32 3.0, I would be interested in your experiences with and impressions of it. Please send your thoughts to me. Thanks!

Alternatively, you can also post your experiences as a comment to this post if you prefer.

I spent a few hours earlier today reading through IDS’s Odysseus forums learning as much as I could about the company’s development plans. I came away very excited about IDS’s plans, design concepts, and goals. What I like best, in fact, is that while the plan is to start with a subset of Eudora features in the first release, the developers clearly know and love Eudora. Also, though, they’re not afraid to make changes. Eudora has been a hurting unit for several years — especially on the Mac platform, where some of the thinking has been quirky at best. The Windows version surpassed the Mac version quite a while ago and is more up to date. But Eudora in general is best thought of in 2001 terms. Some fresh thinking is definitely a good thing.

So, longtime Eudora owners (and I’m one) may be a little unnerved by IDS’s decision-in-process to make a break from Eudora’s Unix Mbox mailbox structure in favor of a SQL-based approach. But I wholeheartedly applaud this move. The process I went through to convert my Eudora for Windows mailboxes to Eudora for Mac mailboxes (you can’t get there from here) showed me just how painfully antiquated Eudora’s mail store is. I’ve also long had mailbox reliability issues (worse on the Mac) that I just don’t have with other email packages.

In this thread about the possible change to SQL, IDS’s Matt Milano assures forums denizens that the functionality of the mail store will be the same. Messages will be stored in separate mailboxes as they are now, mailboxes will be portable as they are now, and you’ll even be able to edit mailbox contents with an IDS-supplied tool for this purpose. And yes, attachments will still be stored in a separate folder. There are many advantages to the new database structure, but one of the best is the ability to access the mail store on one machine from another machine via the network — something I wrote about as a wish-list item for Eudora several years ago.

Another advantage of the SQL database approach is that IDS will be able to make Odysseus a true multiplatform product that works the same no matter what OS you’re using. Creating the product that way will make it much easier for IDS to upgrade the product and support three platforms simultaneously, the way Firefox and other products are produced.

IDS is planning a Mac UI variant that will look and act a bit more like Apple Mail (while retaining Eudora’s power). Hopefully it will also integrate with the Mac’s environment a little better. There’s a need for this in the Mac world, where Apple has spent a lot of time creating a gestalt among its products, such as iCal, iTunes, Apple Mail, iPhoto, .Mac, Address Book, iPhone, and other pieces. The level of integration creates a powerful advantage for Mac users. But it would be great to see third-party developers plugging into that environment.

From the start, I’ve had serious misgivings about the marriage of Thunderbird and Eudora, which have very, very different design goals. And the development process for Penelope is moving at a glacial pace. It hasn’t even reached version 0.1. The last Penelope update announcement dates back to August.

Contrasting that is IDS’s aggressive roadmap for Odysseus development. The Eudora successor was announced in September, and its makers expect to have their first working beta by the end of December and to ship the product by March 15.

I’m impressed by the orientation, decision-making, professionalism, honestly, and commitment that I sense from the IDS people posting in the forums. And the experience of spending time there has changed my future plans about trying to hold my nose and dip into Apple Mail, which is definitely lacking in the substance I’ve grown accustomed to. (I’m still thinking about making the switch from at least one main account to mail.app, though.)

I’m going to hold out now for Odysseus.

Thanks to Scot’s Newsletter reader George Palfi for alerting me to the existence of Odysseus.

A couple of days ago, Comodo released what some have dubbed Comodo 3.0 Beta 3 (version 3.0.9.229). With this new rendition of the code, for the first time you get the sense of what the company expects the user experience to be. The product relies heavily on user prompts to warn you of possible threatening actions, but you can tell it to remember your answers and make specific programs “trusted applications,” which effectively silences future prompts. The user experience is pretty good, overall, but it’s way too early to determine whether the product will perform without bugginess on some desktops.

I ran Comodo Beta 3 through the standard battery of outbound leaktests performed by sites like Firewall Leak Tester and Matousec, which I’ve referred you to many times in the past. Some of these tests really mean very little, but some are quite good. Like its predecessor, Comodo 2.4, the new 3.0 product offers excellent outbound protection — the factor that I’ve identified as the Holy Grail of this long-term review. (For more on the leaktests I’m using, see the ZoneAlarm review in More on Software Firewalls for Windows.) Comodo 3.0.9.229 passed every single test I threw at it.

It’s not time yet to do a full review on this product, which supports XP and Vista, but Comodo 3 is promising. Even so, there’s one aspect of the all-new Comodo I’m not in love with: the redesigned user controls, logs, and settings interface. It’s pretty, but not really well designed. It’s difficult to know whether items you’re clicking into give you a way to configure or just a window for viewing historical data. I’d like a single place to review the decisions I’ve made about specific programs. While your actions are recorded, there’s no place to review and change them. Seems like something this product definitely needs.

The addition of the HIPS technology (host intrusion prevention system) adds a layer of defense without overly complicating the operation of the software firewall. That’s a key advantage of Comodo 3. But the extra layer of protections and settings does make for a far more complex set of controls and settings dialogs. It’s easy to get lost in Comodo 3′s rabbit warren of options.

Although I don’t have the latest word from Comodo yet, judging from this version of the product, the company is six to eight weeks away from shipping Comodo 3. There are still a few missing features. With security software, I like to see it ship before I recommend it. So hang in there. It may be a few more months before I can tell you whether to adopt this firewall.

If you’re thinking about testing Comodo 3.0.9.229 too, be sure to uninstall any previous software on your system before installing this one — including Comodo 2.4 or any of the Comodo 3 betas. After you install it and reboot it, the best way to train it is to launch every program installed on your system that you use regularly, one after the other, making selections in Comod’s pop-up prompts. Definitely use the Remember check box, and setting programs you use frequently as trusted applications (from the drop-down menu) will eliminate future Comodo pop-ups.

Once you’ve had a chance to try it out, send me a note about your experiences. This is a beta product, so you may run into bugs and issues. Making a backup of your entire drive before you install beta software is always a shrewd thing to do.

Eset’s Firewall — and Updated Nod32 Antivirus Program
Meanwhile, the Best Antivirus Product of 2007, as named by yours truly, Eset’s Nod32 2.7, is being reworked by the company into a new 3.0 version. Eset has two flavors of its new product line: the antivirus/anti-malware-only product and the new Eset Smart Security, a suite product that adds a firewall and an antispam option.

I’ll be retesting Eset’s forthcoming Nod32 3.0 when it finally ships. My initial impressions are quite positive. For now, Scot’s Newsletter continues to recommend Nod32 2.7.

But I’ve made a decision in the opposite direction about Eset Smart Security suite. Take a pass on this one. The firewall seems very pedestrian; it’s able to handle only three of the leaktests on my list of 17. And what’s with the antispam module? That doesn’t belong in a package like this. The best thing about Eset Smart Security is Nod32 3.0 and the fact that you can turn the other two modules off.

What If?
So, where does that leave things? If Comodo 3 winds up having issues, we’ll be back at square one. And what that should mean for you is a solid hardware firewall/router just behind your connection to the Internet with WPA Personal encryption for any wireless networking you have on your network. For more information about the hardware side of the equation, please see Kicking Off a Software Firewall Comparo from June of 2006. Many experienced users are content with this level of protection.

Previous Installments in the Software Firewall Series:

• Windows Software Firewalls Evaluation Rolls On (September 2007)
• Twists and Turns on the Road to the Best Software Firewall (July 2007)
• Review Roundup: Slim Is in for Windows Desktop Firewalls (June 2007)
• More on Software Firewalls for Windows (June 2007)
• Update: Software Firewalls for Windows XP (April 2007)
• Kicking off a Software Firewall Comparo (Sept. 2006)

I stopped short of naming Comodo Free Firewall 2.4 the Best Software Firewall of 2007 in the last issue of the newsletter because several SFNL readers reported issues they’re having with Comodo. I asked readers last time to send me their experiences with Comodo, and thank you, many of you did just that.

The results of that little exercise were interesting. Many people are having no issues with Comodo’s 2.4 firewall. That included me at my last writing on this subject. Since then, I have had some of the problems others describe on one of the now five Comodo installations I’ve been testing. Not the worst of the problems, mind you. But at least I’m no longer totally in the dark. And I’ve also worked with two or three SFNL readers to the point that I’m satisfied that their reconfiguration of the product isn’t causing the symptoms they’re having.

There are three different problems with Comodo 2.4 reported by sufficient numbers of readers (also posted elsewhere on the Internet) to make me think they are actual bugs:

1. Comodo forgets user inputs in user permission pop-up boxes. Comodo offers a “remember this” check box, but checking the box doesn’t appear to work.

2. Comodo throws off a blizzard of user-permission pop-ups — so many pop-ups that most users don’t even last 24 hours before uninstalling Comodo.

3. User’s system slows down dramatically after install.

The only problem I’ve seen personally is the first one, and only very recently. I was able to make the second problem occur by making a settings change to Comodo away from the default setting. If you’re seeing a blizzard of Comodo pop-ups, try making this change:

Click the Security button along the top of the Comodo program. Then click Advanced on the left. Then click Miscellaneous on the bottom. A dialog box will open. Set the Alert Frequency Level to Low. That’s the default setting.

A large percentage of the people who’ve written to me to complain about Comodo 2.4 will see significant improvement of the user experience with this step. About the first problem, though, the only suggestion I can make is to uninstall and reinstall the product.

At the end of July, I interviewed Comodo’s president and CEO, Melih Abdulhayoglu, and senior research scientist Egemen Tas. This is a pretty rare thing, but they readily admitted that some Comodo 2.4 users are experiencing the first two problems described above. Instead of trying to fix version 2.4, they said that version 3 (under development now and currently projected to be released in October) has been entirely rearchitected so that these problems won’t reoccur.

The strategy Comodo is employing for version 3 to block malware is different from any other product I’m aware of. Comodo 3 adds a host-intrusion prevention system (HIPS). If you’ve ever tried a HIPS, you probably know that on the desktop, such a system would probably add pop-ups and warnings. To make it easier to work with, Comodo is adding two features — whitelist and program profiling — that when combined should eliminate many pop-ups and warnings. Comodo 3 will be able to online updated with new information to support these features, and presumably users will be able to add their own intelligence about accepted program behaviors.

I’m not 100% convinced about this strategy, but I’ve decided to look at version 3 before I come to a decision. An early look at the first beta of Comodo 3 shows that the program has been heavily upgraded. But since the whitelist and profiling features haven’t been added yet, the product is all but unusable.

Meanwhile, Eset recently released Eset Smart Security Beta 2, which combines Nod32 with a new lightweight software firewall and an anti-spam tool. Beta 2 adds direct support for Outlook Express, in addition to Outlook. I have not had a chance to test Beta 2, but this suite — which did not do well in my leak testing of an earlier beta — is still a possible contender for me.

Previous Installments in the Software Firewall Series:

• Twists and Turns on the Road to the Best Software Firewall (July 2007)
• Review Roundup: Slim Is in for Windows Desktop Firewalls (June 2007)
• More on Software Firewalls for Windows (June 2007)
• Update: Software Firewalls for Windows XP (April 2007)
• Kicking off a Software Firewall Comparo (Sept. 2006)

For those of you new to the saga, you’ll need to catch up with the rest of us by reading (or at least scanning) these previous articles:

• More on Software Firewalls for Windows(June 2007)
• Update: Software Firewalls for Windows XP (April 2007)
• Kicking off a Software Firewall Comparo (Sept. 2006)

Or, to get an up-to-date story that covers the bases of the three links above, including updated information, see this Computerworld story: Review Roundup: Slim Is in for Windows Desktop Firewalls (June 2007).

With that bit of housekeeping out of the way, on to the twists and turns.

Eset Smart Security Not So Stellar
Admittedly, I’m testing Beta 1b of Eset Smart Security, and rumor has it that Beta 2 is due out shortly. But I recently conducted a FirewallLeakTester.com-style leak test of Eset Smart Security, and the results weren’t good. For more information on the set of leak tests I used, please see my review of the free version of ZoneAlarm 7.0.337 in the last issue of the newsletter.

Eset Smart Security Beta 1b passed only two of the 17 off-the-shelf leak tests I ran on it — a very poor score. ZoneAlarm free, for example, scored five of 16 tests. Comodo 2.4, the best firewall according to the Matousec leak tests, passed 24 of 26 tests with its default settings; it passed them all after reconfiguration of the firewall.

I suspect that Eset is relying on its suite’s Nod32 anti-malware module to protect its customers from personal/financial information harvesting and Trojan malware. Indeed, in order to test the Eset firewall, I was forced to disable Nod32. There was no way to even copy the small leak test programs on the Windows desktop (or anywhere) on my test PC without Nod32 interrupting and automatically deleting those files. Eset is attacking the problem in another way. And it may, in fact, be the right way.

A couple of weeks back, I had a long talk with Symantec’s Tom Powledge, the product marketing manager in charge of Norton Internet Security, Norton 360, Norton AntiBot, Norton SystemWorks, and Norton AntiVirus. While he wasn’t directly referring to Eset’s product, he described functionality in the latest version of Norton Personal Firewall, Norton 360, and Norton Internet Security that also goes about protecting your computer from data-harvesting malware that requires very little input from users and is not dependent on the firewall. Both companies are heavily employing heuristics-based techniques for identifying and rapidly stopping the execution of malware products on your computer.

Powledge believes, in fact, that outbound leak testing is fairly useless. He believes that many firewall software makers game the system by adding code for the specific tests. The thinking goes — and I don’t disagree with it — that the firewall is not the right tool for blocking this type of threat. This is why Norton is now offering Norton AntiBot, and its suite products have several ID theft measures. I have pledged to myself to test both Norton Personal Firewall 2008 (when it comes out this fall) and Norton 360 (again). Norton 360 doesn’t meet the requirements I’ve set for either Best Antivirus or Best Firewall products. But it’s Symantec’s attempt to reduce the system footprint of its security suite. I looked at it in beta only, so now I’ll look at the shipping product.

There can be no doubt that antivirus and anti-malware technologies have merged. There’s becoming less and less need to run separate signature-based file-scanning engines for viruses and spyware. That’s especially the case if the security products are actively employing behavioral-based techniques for finding and eradicating all types of malware.

Bottom line: I’m testing firewalls at a time when it appears that the need for outbound protection has never been stronger, but also, when the thinking about how to add that layer of protection is changing, perhaps profoundly.

On the other hand, if you’re going to have a software firewall running on your system, wouldn’t you rather have one that stopped as many illicit outbound connections as possible? Matousec’s test methodology is hyperaware of firewalls that may be attempting to game the system. The security agency runs a test called FPR (Fake Protection Revealer) that attempts to ferret out custom coding to specific leak tests. They have publicly named names of companies whose products appear to be doing that based on their test data.

Check out this info Matousec provides about issues with specific firewall products.

In the end, security is about layers of protection. I’ll admit that my money has long been on heuristic (behavioral) based techniques employed in combination with signature-based identification of malware as the guts of the best security products of the future. But heuristics technology still has a way to go before it can cover all bases. And the threat keeps morphing. In the meantime, and possibly for the long run, I want the best firewall I can get.

The Plot Thickens Around Comodo
Apparently, not everyone is having as great an experience with Comodo 2.4 as I am. I’m running it on three test machines, including on the Parallels-based Windows XP that runs on my everyday Mac. I’m having no problems at all. It’s working like I want it to, and I see pop-ups very infrequently. And when they do appear, they make sense.

Since the 2.4 release, though, I have received a handful of messages from Scot’s Newsletter readers describing problems with Comodo that caused them to remove it from their computers. Bruce Marien was one of the readers who wrote in. Here’s how Bruce described the problem on his PC:

“My problems arose after only a few days of use. I noticed that Comodo didn’t seem to remember responses I clicked in the pop-up windows (something you mentioned having been problematic in an earlier version of Comodo). Then I started losing Internet connectivity. My cable modem company’s diagnostic tool flagged my system as having changed from dynamic to static access. Running the diagnostic tool’s repair function did correct the issue temporarily, but it always came back. Other times the diagnosis was corruption in my TCP stack and it was unable to effect a repair. At that point, the only fix was to reboot the cable modem and my computer. This got old fast and I uninstalled Comodo.”

Bruce is not alone in having difficulty with Comodo. Lockergnome’s Ron Schenone blogged about similar problems with Comodo last December.

Other people are reporting issues with pop-ups. I had the same problems with an earlier version of Comodo, but since the release of Comodo version 2.4, those woes have been purely a thing of the past for me. SFNL reader Ernie Marshburn is having this problem, and this is how he describes it:

“Comodo’s protection level is fine but I am constantly pinged with pop-up messages about authorizing applications, mostly Outlook. More annoyingly, many of the messages have multiple screens, which I guess must be checked individually. If this were only the first instance when I was being asked, it wouldn’t bother me. But the exact same messages reappear frequently and, it seems, at random — without any apparent relationship to what’s actually happening on the computer.”

In a later message, Ernie specifically mentions multiple repeat Comodo pop-ups related to Outlook, IE, Acrobat, ccApp (a Norton AntiVirus subroutine), and Microsoft Word.

I have to agree with Ernie that the way Comodo gangs up multiple pop-ups in a single window that you step through like a wizard is less convenient than it might be and also might be missed by some people. While it does cut down on the apparent number of pop-ups, you still have to step through each separate message and click the checkbox so that the program will “remember” your answer. Is it possible some people don’t realize that they have to do that? I suppose so; on the other hand, Ernie got that.

More likely, however, is another explanation. There’s a setting in Comodo’s Security > Advanced > Miscellaneous > Configure area that controls the level of pop-ups Comodo displays. By default, that setting is “low” in Comodo 2.4. It’s at least possible that some people are seeing a blizzard of pop-ups because they either changed this setting to “high” or upgraded a pre-existing installation of Comodo that had a higher setting.

Just as this issue was getting ready to mail, Ernie found that the pop-ups level setting in his Comodo installation was set to “high.” Setting it to low helped considerably, although he’s still seeing more pop-ups than I am.

While writing this article, I installed Comodo on a fourth machine. And, again, by default the pop-ups are minimal. Some people are having issues, but many others are not. I’m interested in your firsthand experiences with the 2.4 version of Comodo. Please send me your thoughts in an email message.

It would help greatly if you could list for me the applications that the pop-ups are related to, as Ernie did.

Comodo 3.0 Is Close
I got an email from a Comodo marketing VP letting me know that Comodo 3 is about six weeks away from release. I don’t have much detail on the product, but some of the product features are listed on this Comodo Forums post.

The most notable changes are Windows Vista support (both 32 bit and 64 bit) and a host-intrusion-prevention system (HIPS) module — both of which should be welcome additions.

Reminder: This evaluation focuses on software firewalls for Windows XP SP2. More and more software firewalls are being updated to support Vista, but at the time that I started this work, not enough of them supported Vista to make that a useful endeavor.

Status of this Test
I continue to favor Comodo 2.4 as the likely winner of this evaluation. I have ruled out all of the other contenders. No other product has a similar compromise of excellent protection and decent ease of use. But I’d like to give it another few weeks to hear from people who may be having problems. Given that a new version of the product is coming out, I may also wait to at least test a beta or the final version.

During this interim period, if you’re making a firewall selection, my recommendation would be to select Comodo 2.4. It’s free, so if you don’t like it, you can back out of it.