Scot’s Newsletter Blog

For an important update to this blog post, please see this more recent post.

Note: This story has been updated for clarity on 1/22/2008 and 2/2/2008. Nothing has changed about my recommendation.

Because I have written in the recent past with an initially positive reaction to Comodo 3′s “Basic Firewall” installation option, I am honor-bound to post this quick message.

I have learned directly from Comodo executives that the Basic Firewall installation option of Comodo 3 offers only marginal outbound leak protection, not up to the levels of Comodo 2.4 or 3.0. The company may add that protection in a future version of Comodo 3.x. The Basic Firewall option turns off Comodo 3′s Defense+ HIPS module (which constitutes the “Advanced” default installation mode). Defense+ provides the leak protection for Comodo 3.

The previous generation of Comodo, version 2.4, provided anti-leak protection without the new HIPS module.

Not only does this mean that Comodo 3′s optional Basic Firewall mode is no longer a contender in this blog’s firewall evaluation, but if you’re relying on the Basic Firewall mode of Comodo 3 for your firewall protection, you should stop doing so. Windows XP users should switch to Online Armor Free version 2.1.0.31 (or newer) and Vista users should uninstall Comodo 3 and reinstall it, choosing the “Advanced” installation option.

[Note: Since I wrote that last sentence, Comodo has pointed out that you don’t have to uninstall and reinstall Comodo to switch to the Advanced mode but can instead do so by turning on the Defense+ HIPS module. The steps for making the change aren't immediately obvious, however, so here's how to do it: Open the Comodo 3 program window. Click the Defense+ icon near its upper right corner. On the left side of the window, click the Advanced button. Click the the last icon, Defense+ Settings. At the bottom of the next configuration screen, remove the check in the box beside "Deactivate the Defense+ permanently." Comodo will prompt you to restart your computer. You must do so to enable full protection.]

Comodo 3′s “Advanced” default installation mode remains under consideration in my ongoing software firewall evaluation process.

More details will follow in the near future.

– Scot

Tall Emu, a small but dedicated software company based in Australia, has been quietly developing and refining Online Armor almost as if it were reading Scot’s Newsletter’s specifications for the ideal software firewall for Windows XP and earlier. Some of those specs include (updated 1/22/2008):

• Very low system overhead with a strong preference for standalone software — no full-blown security suites
• Full compatibility with popular third-party standalone software from other security application categories
• Excellent outbound security protection, as pre-screened by Matousec.com
• Simple, informative, and highly usable user interface
• Reliability
• Works quietly, alerts you when there are real problems not for the heck of it
• Strong, responsive development team behind the product that is actively developing the product in a rational manner
• A feature that lets users rapidly shutdown all inbound and outbound activity
• Protects but doesn’t cause intermittent problems with Windows local-area network functionality.

Another specification is that the firewall support Windows XP (at least) and Windows Vista. (At the moment, Online Armor does not support Vista. Tall Emu plans to add that support in a forthcoming though possibly not imminent release.)

This post is a sneak peek into my current testing and research on software firewalls for Windows since I last wrote about this topic six weeks ago. In that article, I admitted Online Armor as a last-minute entry into the comparison to give Comodo 3 one last run for the money.

Over the last month and a half, I have received scores of helpful messages from Scot’s Newsletter readers detailing their experiences with Online Armor 2 and Comodo 3. I have also tested the paid version of Online Armor. My research has not concluded yet. I’m waiting for the next version of Online Armor because of a handful of issues with the product (installation mode doesn’t work that well and the documentation for the paid version is very spotty). Overall, however, people testing Online Armor who’ve written to me about it are very positive about it. Few people are reporting serious problems. The same cannot be said for Comodo 3, whose makers have released three or more iterations of Comodo 3 because of several bugs, crashes, and errors.

When you install Comodo 3 in its Basic Firewall installation mode — which doesn’t install the HIPS (host-intrusion-prevention system) — it’s a much more reliable and usable product. But it’s also potentially less protective than Online Armor’s built-in HIPS protection. I’m also beginning to become disillusioned with Comodo’s approach to software development. The company culture appears to favor hurry and time to market over testing and polish. I realize the product is entirely free. But when you experience a serious problem as some people have with Comodo 3, it becomes your time and frustration.

I have to stress the point that I have not had trouble with Comodo 3. It works pretty well for me (except for a bug related to its Help facility that caused a crash in the first release of Comodo 3). But I have had numerous emails from readers about their problems with Comodo 3. Many of those people have gone back to Comodo 2.4 or switched to some other firewall.

So, at this juncture, I’m leaning toward Online Armor, which has been 100% trouble free for me. I still have to perform security tests on Online Armor. Plus I need more time with it. And I’m waiting for an update to the product to see whether a few areas improve. Online Armor is a relatively young product. Its makers are still adding significant new functionality.

I’m still looking for your input on the latest versions of these two products. If you’re using Comodo 3 or Online Armor 3 (or both), please take a moment to send me your experiences, positive or negative, with the two software firewalls:

• My Online Armor 2 Experiences
• My Comodo 3 Experiences

Or you can post them right here as a comment to this blog entry.

Stay tuned for a final software firewall recommendation. For more information on Windows software firewalls, check out the entire software firewall evaluation series.

There are two main types of Windows users in the world. Which kind are you:

Windows XP or Windows Vista?

The recent news that testers at Devil Mountain Software found Microsoft’s beta of Windows XP Service Pack 3 to be 10% faster than XP SP2 has pushed me over the edge.

I honestly find no advantage to Windows Vista, and there are some downsides. For example, no matter what Vista advocates say, Vista requires Vista-level hardware. Pentium M/Centrino single-core notebook hardware just doesn’t run it well. Pentium 4 desktop hardware runs it better, but usually that class of hardware needs a video upgrade. I’ve personally seen instabilities with the shipping version of the Vista code: applications freezing, Windows services slowing to a crawl, even OS crashes. I’m not saying everyone is having these problems, but I see no real improvement over Windows XP. While the architecture of Vista is a little better, Vista adds a lot of overhead to support quite a bit of new and sometimes questionable functionality. Vista is a lot more complex than Windows XP. It’s probably more secure, but it still needs a raft of third-party security software and hardware. I don’t trust its anti-malware protection or its firewall. And it doesn’t have an onboard antivirus product.

(more…)

I have not fully tested the new 3.0 version of Nod32. I looked pretty extensively at Eset Smart Security (ESS) in late beta, and I didn’t think much of the firewall at all. Plus I have no use for Eset’s antispam solution. So I am definitely recommending *against* the new $60 ESS.

However, my preliminary impression of Nod32 3.0, also contained in ESS, was quite positive. That product is available as a standalone upgrade to Nod32 2.7 for $40 (one user, one year).

I have not had a chance to fully test the 3.0 standalone product yet. I’ve been focused on the firewalls. But testing Nod32 3.0 is very high on my list. From my look at the ESS beta, I don’t anticipate any serious criticism of Nod32 3.0. I like the UI a little better. I didn’t see anything I didn’t like. I didn’t have any problems with it. But I still have to test it fully to be sure. I’ll be looking at it on both Vista and XP.

I don’t write final security reviews before I’m sure about a product. So depending on the complexities I encounter when I test Nod32 v.3, it could be four to eight weeks before I give you a definitive answer.

If you’re forced to make a decision before that, I would currently characterize Nod32 3.0 as a good bet. And, again, I would recommend separate firewall and antispam solutions instead of ESS.

If you’re using Nod32 3.0, I would be interested in your experiences with and impressions of it. Please send your thoughts to me. Thanks!

Alternatively, you can also post your experiences as a comment to this post if you prefer.

If you’ve read at least some of my ongoing series on software firewalls for Windows, you should know two things by now:

1. There aren’t many good software firewalls out there right now.

2. My focus has been on outbound protection, since anyone sitting behind a firewall router has very good inbound protection.

Although I’ll be running tests on the final round of firewalls, I’ve been relying on the independent security software site, Matousec.com Firewall Ratings, to help winnow out the less impressive products. In recent testing, Matousec has named two new software firewalls “Excellent,” Agnitum’s Outpost Firewall Pro 2008 version 6.0 (a suite product that doesn’t quite fit the target profile of this ongoing review) and a little-known freeware product called Online Armor Personal Firewall v.2 by Tall Emu.

(more…)

There’s no question about it. Last month’s Mac vs. PC Cost Analysis article struck a chord. I was praised and lambasted around the Internet for it. It was also republished by Computerworld, where it pulled in a lot of traffic. If you didn’t catch it, I recommend the Computerworld version of the story, which was lightly updated because of Apple’s release of its new MacBook Pro model line on June 5.

• Mac vs. PC cost analysis: How does it all add up? (Computerworld)

It seemed to me that people who criticized this story missed the key points I was trying to get across:

1. This was a pure, hardware-based, speeds-and-feeds kind of comparison. I was comparing the hardware goods only, including CPU, chipset, RAM, video, display, hard-drive capacity and specs, ports and upgradeability, dimensions and weight, and so on. In other words, I was attempting to make an objective comparison that did not inject any evaluation about the hardware, anything at all about the software, or my personal experience with the operating systems and hardware involved. It was an on-paper comparison.

(more…)

- Reviewed: ZoneAlarm 7.0.337 (freeware)
- Look ‘n’ Stop 2.06
- Eset’s Smart Security Suite Beta
- Myths About Other Firewalls

The research for my ongoing series on software firewalls for Windows has entered an interesting phase since the last newsletter, in which I focused on Comodo, Jetico, and Kerio.

For one thing, a large number of readers responded with requests and suggestions. The suggestion I heard most frequently was: Please consider ZoneAlarm. (I also received some flames from misinformed ZoneAlarm fanatics, but that’s another story.) So, I’m starting this issue with a full test of ZoneAlarm.

Review: ZoneAlarm 7.0.337 Free Version
Last September, when I launched my search for a great lightweight, quiet, low-overhead software firewall, I left Check Point’s free ZoneAlarm software off the list. My primary security focus was outbound firewall protection. Testing from earlier last year by FirewallLeakTester.com showed that ZoneAlarm Pro offers excellent outbound software firewall protection, and the free version of ZoneAlarm — surprisingly — does not.

(more…)

Microsoft’s sad attempt to fight software piracy at the expense of its ordinary end users continues to leave me cold. For the second time since last year, Microsoft released a new update of the WGA (Windows Genuine Advantage) Notifications code that attempts to install on your system as part of the Windows Update process. This is the case even if you have previously told Windows Update that you do not want to receive the WGA Notifications update.

Microsoft’s only excuse is: But hey, this is a new and improved version of WGA Notifications. We know this helps no one but Microsoft, but since we’ve spiffed it up, that means we no longer have to pay attention to the fact that you said you didn’t want to get this code in the past — twice! There was a time when Microsoft was a much better company than this. It truly is a shame that Microsoft is treating Windows users this way.

For more information on how WGA Notifications appears in Windows Update, and how you can prevent this version from installing, read this article from a previous Scot’s Newsletter.

I’ve been getting a lot of requests for an update on my research into software firewalls for XP. The research is ongoing, but I do have plenty to update and pass along.

Back in September of last year, I kicked off comparison research and the first of a series of articles focusing on inexpensive, lightweight software firewalls for use with Windows XP. Please check out that first piece, and check out what I’m looking for in a software firewall: An emphasis on outbound protection, nearly silent operation (after you’ve run most of your apps once), and a rational means of protecting, without breaking, your network. Anything with an endless number of pop-ups isn’t going to cut it with me. I’m not going to become a slave to a software firewall.

I’ve been working on this research off and on ever since. The products I mentioned then — Comodo, Jetico, Look ‘n’ Stop, Outpost Pro, Tiny Personal Firewall, and Kerio — are the products I’ve been keeping tabs on during this period. I’ve also looked at some others that have come along. But I’m only looking at lightweight standalone firewalls; that leaves out several notable names, including Kaspersky, Norton, McAfee, Trend Micro, CA, Check Point, F-Secure, and others. They’re out of my research on purpose: I don’t recommend any of them. Steer clear of security suites.

(more…)

Windows Vista is far more secure than Windows XP, but is it completely buttoned up? The answer is no. You still need both anti-malware and firewall protection for Vista. Microsoft’s failure to solve this problem may, in fact, be a mistake that comes back to haunt the company. On the other hand, at least it didn’t put a whole bunch of additional software companies out of business.

I’ve previously recommended Eset’s Nod32 version 2.7 for all current versions of Windows, including Vista. Nod32 is a done deal, a no-brainer, just get it.

But the firewall picture for Vista is nowhere near as obvious. As I’ve written many times before, every computer connected to the Internet should be sitting behind some sort of hardware firewall that adds NAT (network access translation) stealthing and SPI (stateful packet inspection), both of which help protect against inbound threats. Good security is about layers, though, and a good software firewall complements the hardware firewall by adding application controls for outbound transmissions and network protections. The combination of hardware and software is very powerful. The problem is, very few popular software firewalls currently support Vista.

(more…)