Firewalls for Windows Approaching Fruition

If you’ve read at least some of my ongoing series on software firewalls for Windows, you should know two things by now:

1. There aren’t many good software firewalls out there right now.

2. My focus has been on outbound protection, since anyone sitting behind a firewall router has very good inbound protection.

Although I’ll be running tests on the final round of firewalls, I’ve been relying on the independent security software site, Firewall Ratings, to help winnow out the less impressive products. In recent testing, Matousec has named two new software firewalls “Excellent,” Agnitum’s Outpost Firewall Pro 2008 version 6.0 (a suite product that doesn’t quite fit the target profile of this ongoing review) and a little-known freeware product called Online Armor Personal Firewall v.2 by Tall Emu.

First Run of Online Armor v2.1.0.31

Online Armor Personal Firewall comes in a limited free version, a $39.95 paid version, and a $69.95 OA firewall plus Kaspersky antivirus engine version. (For more information on what each version of OA offers, see Tall Emu’s Online Armor comparison chart.) Tall Emu’s pricing offers both multiple licenses and multiple years of upgrades.

The free version of Online Armor aced the Matousec leak tests — blocking every leak Matousec threw it in its default configuration. So even though its a “limited” free firewall, it’s still a very useful product. Upgrading to the paid version adds 11 major features, including much better keylogger protection, DNS spoofing protection, phishing filter, and Web shield.

The free firewall focuses on two main areas: firewall and application control. It also minds startup programs and services, IE add-ons, and HOSTS file. The UI is simple and effective (Comodo could learn a thing or two). Online Armor is literally a joy to use. But the best part is that, for me, at any rate, it’s been extremely quiet. I’ve seen only about five pop-ups in about 10 hours of direct use. The product has been running on one of my test machines for about two weeks.

Online Armor has a very good chance of waltzing in and stealing top honors as the Scot’s Newsletter Best Software Firewall of 2008. But I need your help. If you’ve used this product, or if you use it after reading about it here, please take a few moments to send me a description of your experiences. Be sure to let me know whether you’re using the paid or free version. Please note, also: The current version is Tall Emu has continued to squeeze bugs out of its product as they’ve been identified. Each time it squashes one, it releases a new minor version. So if you’ve run into problems before, you should download the latest version, uninstall your previous version of OA, and install the new version.

It’s pretty difficult to find much to complain about with Online Armor. But there are two issues that Tall Emu should address in future versions of the product (based on my use of the free version):

1. Because the Online Armor program window is fixed in size, when you look at the log listings screens, you’re not able to widen the window to read the details but are, instead, forced to scroll side to side.

2. Online Armor lacks the ability to automatically detect, name, and save LANs by location the way ZoneAlarm and Comodo do. I’ve said in the past that all software firewalls need this feature. So far, though, Online Armor has not interfered at all with my networking functionality, unlike so many other firewalls.

Lastly, it should be noted that Online Armor supports Windows NT/2000/XP but not Vista yet.

In the near future, I’ll test and report on the paid version of Online Armor.

Comodo 3 Hits the Streets

Meanwhile, Comodo finally released its free Comodo Personal Firewall v3. This new version has been out less than a week.

Visible for the first time late in the beta cycle, the Comodo engineering team added a wrinkle to version 3.0 that makes it like two programs in one. There’s a much simpler “Basic Firewall” installation option that eliminates the host-intrusion-prevention system (HIPS). By choosing this option, you disable the malware protection that Comodo offers, but in my tests the result was a nearly silent, well-behaved software firewall.

With its “Advanced” installation option in vogue, Comodo 3 adds the kind of protection used by business-class security products, though it’s probably not for average users. To make it easier to manage, the Comodo engineers added a predefined list of safe applications, with the ability for both you and Comodo to add to that list to make the product easier to use over time.

Comodo 3 is a major new version of the Comodo firewall product line. In addition to the HIPS module, the new version adds:

1. A clean PC mode that profiles all applications on your PC and registers them as safe, blocking others from installing without your approval.

2. An advanced network firewall engine that stops exposure of confidential data by stopping malicious programs from connecting to the Internet

3. Application-behavior analysis that detects suspicious activity before allowing Internet access.

4. Smart pop-alerts with multiple preset actions and an advice area.

5. A whitelist with one million trusted applications maintained by Comodo that cuts back on the number of pop-ups you’ll see related to the HIPS.

6. Support for 32-bit Windows XP and Vista as well as 64-bit Windows XP and Vista.

For more details on the Comodo 3 feature set, see this Comodo page.

I’ve been testing Comodo 3 for only a few days — not long enough yet to make a final pronouncement. In fact, I welcome your input on Comodo 3. Send me an email and let me know about your experiences. Be sure to let me know whether you opted for the Basic Firewall or Advanced (default) installation option.

In my testing so far, though, I’ve been very pleased with Comodo 3. The harsher experiences of the Comodo 3 betas have been largely eliminated in the final version of the product. I’m not seeing the blizzard of pop-ups that its predecessor, version 2.4, sometimes issued. The product is mostly well designed and easy to use.

Note: I have not yet tested Comodo’s outbound protection (something I plan to do in the next month or so), and Matousec has not tested it either. So the Comodo 3.0’s protection must be verified.

A Few Comodo 3 Shortcomings

In the early going, I did run into two separate problems with Comodo 3. I downloaded and installed Apple’s QuickTime and iTunes software, which apparently weren’t on the predefined whitelist of safe programs. I set them to be considered safe in Comodo, and then opted to upload them to the Comodo servers for the company’s analysis. For unknown reasons, every time Comodo attempted to send the files home, my Internet connection died and I received a network error message from Comodo.

Comodo contains a very simple wizard that automatically detects existing LANs and lets you name and save them, as well as giving you the option to be visible to all local networks. I’ve repeatedly suggested that all software firewall apps should work this way. Comodo does an excellent job of it. That’s why I know the network error was probably not caused by Comodo blocking the network. Both Internet access and file sharing on my local-area network worked perfectly.

After several hours during which Comodo repeatedly tried and failed to send the install files back home, I finally just deleted the chore to spare myself the interruption.

The other problem had to do with my FTP program, CuteFTP. When I initiated an FTP connection, a Comodo pop-up opened. I chose the option to treat CuteFTP like an “FTP program.” Seemed logically enough. Only problem was, CuteFTP was not able to connect with an FTP server. I had to manually create a rule to unblock CuteFTP at that point. There was no way (that I could find) to go back and change the “FTP program” security setting to something like “trusted application,” which is a bit more open setting. This example occurred both on the Basic and Advanced installations of Comodo 3.

Comodo 3 includes solid wizards called Define a Trusted Application and Define a Blocked Application, but it doesn’t offer you a way to see a list of blocked or trusted apps you’ve created in the past. So you can’t modify them. and the Network Security Policy module, buried in the Firewall > Advanced area, lets you see and modify all the previous decisions you’ve made in Comodo pop-up dialogs. This is a very important piece of functionality in Comodo 3. I’d like to see it become much more prominent, easier to use (too many clicks), and it should offer built-in help that makes it easier for people to revise their settings smartly.

One of the things I find frustrating about many software firewalls is that they provide you with detailed logs of blocked connections or exceptions, but there’s no way to act on these logged lists. Software firewalls need a UI structure that makes it easier for people to create, edit, and delete their own firewall rules. Comodo has the basics, but it doesn’t go far enough. Online Armor does a better job on that score.

[Note: Thanks to redr for the comment on this story that points out an error I had made. The strikethroughs in the two paragraphs above and some added text aim to correct my mistake. — S.F.]

Where’s It All Headed?

The 11th-hour addition of Online Armor makes this comparo a two-horse race. My focus is now on making a decision between Online Armor and Comodo 3. My current instinct is that you’ll probably be in good stead with either option. Both products work fine with Nod32 v2.7, the product I’m currently recommending for antivirus/anti-malware protection. Interestingly, both of these firewalls also add anti-malware protection.

So I think we’re finally getting closer to a final decision. As soon as I verify that there are no widespread reliability or bugginess problems with either Online Armor and Comodo, and after I have run some security tests on them, I hope to announce a winner.

Footnote: I’ve looked at two new firewalls since I last wrote on this topic. In addition to Online Armor, I examined Webroot’s Webroot Desktop Firewall, which the company is currently offering for free. It’s a pretty nice product that Webroot apparently licensed from Privacyware, whose Privatefirewall 5.0 garnered “very good” scores in Matousec’s tests. Still, very good isn’t as good as excellent. Plus the UI in the Webroot product is good, but not great. So I’ve crossed the Webroot Desktop Firewall off the list.

38 Responses to “Firewalls for Windows Approaching Fruition”

  1. gerryg Says:

    Regardless of which firewalls you’re evaluating, which one do you currently use? More importantly, which one is on your wife’s Windows computer? (if she didn’t follow you into Macland)

    Once a quarter you should post a list of your recommended software choices, or ones that you use personally, for each OS. For example, Vista Ultimate + NOD32 v2.7 + Firefox + … If nothing else, that gives people a baseline they can compare against. Most hardware review sites usually preface their articles with “test setup” detailing which hardware, os, and drivers they’re using, so something similar just for software would be useful.

  2. Scot Says:

    I do have a page on the website that lists all my reviews. The most recent “Top Products” are the ones I’m using. My wife, who has two Windows machines, is not actually using a software firewall on them. We are behind a hardware firewall router and our wireless network is encrypted with WPA. We’re both using NOD32 av/anti-malware on the Windows machines. Our email ISP offers excellent protection against threats in email. We don’t use Internet Explorer.

    In our environment, the main reason to have a software firewall as I have written many times is for belt and suspenders outbound firewall protection, which gives you another layer of protection against email- or browser-delivered threats, esp. trojans and phishing malware that attempts to phone home. Once I pick a final software firewall, I will install it on my wife’s and also my son’s computers. So far we haven’t had a single incident of anything serious. My wife is very smart and knows what not to click or do. With my son, though, it’s only a matter of time. I have his computer separated from the rest of the network. Periodically I check his computer and it invariably needs to be wiped.

    I’m fixing to get him a Mac. It’s just easier to maintain for a 16-year-old. He’s also totally fixated on Garage Band, which only runs on the Mac.

  3. jskaare Says:

    I just installed Comodo 3.0. Everything seems to be working fine. I was surprised that firefox.exe wasn’t a recognized application, of which I was repeatedly reminded as I started firefox.

  4. Scot Says:

    Yeah, I think the Comodo folks have more work to do on the whitelist, which they only added to the product at the last minute. I think that should have been in beta all along. The whitelist should get better over time, though.

    I’m betting, though, that you installed the default “Advanced” protection with the HIPS. In the Basic Firewall installation option, the product is a lot less noisy.

    I agree, though, that at least basic settings for Firefox should be included.

  5. ama114 Says:

    I installed the free version of Online Armor midway into the setup of a new XP Pro system and have been using it for about 3 days now. It seems relatively non-intrusive during normal use of applications. However, it has been very intrusive during installation of applications, asking for approval for almost every aspect of an application’s install routine. I may have experienced as many as a dozen approval requests during an application installation.
    I thought there might be something in the Online Armor Options/Settings that might reduce these intrusions, but nothing jumped out at me. I will see how it runs once all my applications are installed.

  6. alk44 Says:

    Scot, could you please comment on whether the firewalls your testing have the ability to stop all internet traffic by easy user selection? i use that feature in ZA to disconnect when ever i’m not actively using the net.

  7. deepcut Says:

    alk44: Comodo 3 definitely has this feature, with a “Stop All Activities” button available on the summary tab. I haven’t tried Online Armor.

    I’ve been a long time user of Kerio Personal Firewall 4.2.2 (not the Sunbelt versions) so I’ve been keen to find a good free alternative to update to. Scot’s Newsletter and more especially Matousec’s test list have been very useful in this.
    I’ve tried Look ‘n’ Stop, Jetico Freeware, Outpost, and Comodo (2.x and 3.x beta). Comodo 3.x was easily my favourite of these, and I love what Comodo are attempting to do with their software suite. I hope their other software will rise to the same level as CFP3.
    Now that CFP3 is out of beta I have switched to using it. I have noticed none of the bugs I previously encountered, although some of the extra features seem to have disappeared too. I’m assuming this is because they were too problematic so were cut, at least for the time being.

    I have no complaints about the amount of pop-ups I get from CFP3, even with them set to appear for every little detail, but.. I am computer savy. I doubt that the average user that Comodo hope to reach will understand and be able to use them appropriately.
    The white-list system definitely needs some improvement. I was hoping that each white-listed application would come with a ready defined set of Firewall and Defense+ rules, as this would really help reach Comodo’s target market home user by reducing pop-ups and rule setting to an absolute minimum.

    My only complaints about CFP would relate to it’s interface. Some of which I made suggestions about during beta. Lists that cannot be sorted. Sub-windows that could easily be integrated into the parent. Sub-windows that don’t show what their parent application’s name is, so you forget what you’re editing. Features that don’t appear throughout the interface such as the Purge buttons.

    Regardless of it’s minor pecularities I think it very likely I will continue to be a Comodo Firewall user for the forseable future.

  8. alnjk Says:

    Online Armor has the “Block all network traffic” option on the taskbar icon menu.

  9. redr Says:

    Comodo 3 includes solid wizards called Define a Trusted Application and Define a Blocked Application, but it doesn’t offer you a way to see a list of blocked or trusted apps you’ve created in the past. So you can’t modify them.

    Actually it do: Go to Firewall > Advanced and click the “Network Security Policy” menu item. It lists all the applications you trusted or blocked. It also allows you fine-grain your settings to specific applications.

  10. alexgieg Says:

    I didn’t like Comodo 3. I’m the person responsible for the four XP computers we have at the small office I work, and I had Comodo 2 installed in all of them. As lucky as one can be, the only day in the week I wasn’t in office was the day the auto-update to v3 happened. Not knowing what to do, the users clicked “Next”, “Next”, “Next”… with the obvious result being a completely broken network. Upon arriving, I uninstalled Comodo 3 from their machines, enabling only XP’s firewall, and proceeded to allow the auto-update to happen on my own computer, which luckily was turned off the whole day, to see what was new.

    I chose then the basic firewall option when prompted, and after installation found that ALL my previously working configuration had vanished, so I had to do it all again, now in a most completely unintuitive way! Not only that, but other problems became apparent. For example, although the other computers in the office could in fact access files in mine, Comodo 3 for some reason began deciding which files they could and couldn’t open. Open a .PDF? Sure! Open a .DOC? Alright! Open an .EXE? No! For that .EXE to be copied, I had to first compress it into a ZIP. And here I thought I had explicitly chosen “Basic Firewall” mode…

    Then, I try running an OpenNAP P2P client. I start it, the firewall asks if I allow it to connect, I do in fact allow, and everything seems to connect. But only seems, because no one can download anything from me. I double check everything: the software configuration is correct; the ports it uses are properly forwarded in our external hardware firewall; Comodo 3 has it set as a trusted fully open application. I delete it from Comodo’s configuration, and try to set it manually, again with everything allowed. And still, no luck: no one can download from me, and I cannot download from anyone.

    End result: I uninstalled Comodo 3 from my machine, and enabled XP’s firewall in it too. I’m sad the incredible product that Comodo 2 was has gone the bloatware way. What’s to be added next? Anti-spyware, anti-spam, anti-virus? No, thanks! But then, as I paid nothing for it, I really have no right to complain.

    Anyway, I’m pleased to hear there’s a good alternative to Comodo 2 out there. I’ll try Online Armor as soon as possible. If it’s as good, and feature-creep-less as Comodo 2 was, I’m surely going to use it from now on.

  11. alexgieg Says:

    P.S.: Regarding the problem of executable files not being copyable over the network, I should clarify that this behavior continued after I uninstalled Comodo 3 from my machine and enabled XP’s firewall, so I went to the sharing security settings for the affected folder (not in simplified mode) and managed to make it work. It is of course possible that Comodo 3 wasn’t the actual cause of those settings changing, that this happened for some other reason before the update and I just hadn’t noticed it yet. Even so, though, the OpenNAP problem is enough a nuisance for me to try something else.

  12. Ed Bitzer Says:

    Switched to Comodo when Scott recommended on my two machines at home, both on a local hard wired LAN. Based on this report am evaluating Online Armor on one. Scott mentioned that Armor is not as friendly in setting up a local network and I have found no options at all. Problem is I run a lot of bat (cmd) files and some vbs scripts for maintenance such as mapping the necessary drives from the other computer and a slew of copy batch files for backup of data. Armor did not find any of these on installation and of course notifies and requests approval when any are first fun – I am still finding them. If I have not missed something Armor should provide someway of permitting local LAN permission. I am not too excite about converting my second machine at this point.

  13. bhauber Says:

    Online Armor doesn’t appear to properly support Vista. Their website indicates such and my experience on my laptop was that every boot it attempted to have me validate all the items in my start menu again, and never save them. This to me would be a huge strike against Online Armor. Proper Vista support is important because all the OEMs are ramming it down the throats of consumers.

    That being said, I’ve used Comodo and liked it well enough.

  14. Scot Says:

    I specifically mentioned in my write-up that Online Armor does not support Vista. Tall Emu is working on a Vista-supporting version.

  15. worst Says:

    Tried comodo before but didn’t like it: it kept on asking about programs I’ve allowed before. Just installed OnlineArmor, seems to be nice sofar, although I agree with your remarks. But I think I still like it a lot more than the phonehomeoneveryoccasion ZoneAlarm 😉

  16. Michael Says:

    Hi, I use NOD32 2.7 and Outpost Pro 4 on an XP Pro PC (P4 2.4 / 1gig RAM). Given both NOD and OP have seen recent upgrades I decided to try a few new configurations. The ESS Security Suite failed most of the leaktests I tried. Comodo 3 (without Defence+) asked too many questions, wasn’t all that user friendly, failed a few leaktests and seemed to slow down my PC. I really liked Online Armour Free, it was easy to use and passed all leaktests I could chuck at it, however it seemed to slow the PC down (~16mb in task manager). Anyway I decided to give the new version of Outpost Pro (2008) a whirl. I selected the Advanced Option = max protection and while I was expecting endless nagging questions and a serious system slowdown, to my utter surprise, I have found that my PC is running markedly faster. OP uses about 16mb in task manager while providing the same level of protection as Online Armour.

    Scot, maybe you need to have a look at Outpost Pro 2008 as a third lightweight firewall candidate. I was pretty impressed after having used OP v4 for the past few years.

  17. sbruce45 Says:

    I started using Online Armor on Dec 6. Since then the system time request has not been able to be submitted. There is no indication in the History log of it being blocked. I’ve tried to send it manually on the Date and Time Properties window, but the request does not go out. I’ve checked this with Ethereal. I had this problem with Comodo and ZA Free, but was able to set rules for IP addresses so that it usually went out. Does anyone know how I can get OA to allow the w32time request to be sent? (I now have to run a separate program to keep the time correct.) I am using XP SP2.

  18. skiwi Says:

    If you have bought a PC this year with an AMD chip you might well be running Vista 64bit. It is this support combination I am looking for.

  19. rustyjames Says:

    Hi all,
    Most of my time is spent with Ubuntu, so not much to worry about here.
    Sometimes i boot into xp where i use comodo 2.4 and am very happy with it. In fact, i install it on every xp system i set up.
    However, vista systems are becoming common and while comodo 2.4 was never compatible the new comodo 3.0 is throwing vista windows update into a total mess. Seems to happen to quite a few other users too.
    On one of my first vista pc installations (around march 2007) i have put pctools free firewall as it was then one (and only?) of the few compatible with vista. During the following months i have not heard complaints of over protection or obtrusiveness and on the other hand the system remained more or less in safe condition (checked it now and then).
    I do not recall it ever came up or mentioned here by scot but i really would like your take on the pctools firewall as my personal (as in my own computer) experience with it is nil.
    Also if anybody knows how to set up comodo 3.0 so it does play nice on vista i would appreciate it very much.

  20. Scot Says:

    There are problems being reported to me by users of Online Armor and Comodo 3, but those who are interested: Comodo 3 appears to me to be a mess. There are many separate problems that multiple people are reporting, and the Comodo team has released several post-3.0 tweaks and updates — some of which weren’t released to the general public.

    I’m losing faith in Comodo to issue a reliable product. There are many things I like about it — but I think its makers should pull 3.0 and spend some serious time beta testing it before they release final code to the public.

    I still haven’t tested the paid version of Online Armor 2.x. But that is my next step. The free version is still running well for me. The most common complaint I’ve heard from OA free users is that they’re inundated with pop-ups when they install a new program.

    — Scot

  21. Scot Says:

    redr, thanks for pointing out Comodo 3’s Network Security Policy area. I did look at it but for some reason thought that I couldn’t edit it — like so many other Comodo 3 screens. But you’re right. I’ve corrected the story because of this.

    — Scot

  22. Michael Says:

    Just a quick update from my previous post. Further testing of Comodo (with Defence+) has crashed my system three or four times, hence it has been ditched until they can put out a more stable product. Outpost Pro 2008 couldn’t complete a full spyware scan, after 1 hour of scanning it would suspend my firewall, block all traffic and the PC would require a reboot. It did this about four times in a row, it has also been ditched. No issues with Online Armour free yet, seems to be pretty stable.

  23. Jojo999 Says:

    Has Comando 3.x fixed the problem with supporting tabbed browsers (FF specifically)?

    This is the support incident text I sent to Comodo probably a year ago (and never got any follow-up othe rthan it was being forwarded on to the developers). Comodo support is really poor. They don’t quote what you send them in their response. And that is IF you get an email response. It’s a real toss-up if you will.

    > I received an alert (see attached screenshot) while in Firefox v2.0.1.
    > I had 72 tabs open and was in the Comodo forum working on a post when the alert occurred.
    > First, the alert is completely useless to me because it only lists the IP addr. A raw IP addr communicates no useful information.
    > When I ran a trace route, I discovered that this alert was from Google. The question is where did it come from and WHY did it display at this time while I was in the Comodo forum? I suspect that the alert came from one of the other tabs I have open.
    > Tabbed browsers are a serious security problem because firewalls like Comodo only go down to the application layer (and components that make up the application). But in a browser with multiple open tabs, each tab is like a separate browser session.
    > Comodo and other firewall products have to recognize this and provide alerts that reference back to the tab (session) that generated the alert.

    The problem is that if you deny an action that Comodo provides you in an alert, it affects the WHOLE browser, not just the tab/site that originated the alert. This can cause ALL your tabs to stop working, which happened to me a few times until I learned that you shouldn’t reply no to any alert that Comodo presents for FF (at least).

    Does any firewall do a better job and understand that alerts should only apply to the tab and site they originated from?

  24. bwaverman Says:

    l’m using vista with nod32 3.0. l tried downloading comodo 3.0 and my screen went blue….’nuf said. tried outpost pro 2008 but l ran into system slowdown, a freeze here and there…’nuf said.
    l would like to try the kapersky firewall since it is supposed to provide about the same level of protection as the other top ones ( albeit not with the default settings ) but it is only available as part of their security suite. so l guess l have to wait for online armor to come out with a vista-compatible version.

  25. danbest82 Says:

    i have been using comodo for a while now. started with comodo 2.4 and then went to beta comoda 3. now using the official release of comodo 3. i love it. performance is great. only thing that gets annoying is its forgetfulness in defense+. sometimes if forgets that i trusted a program and asked if i want to let it do things. i saw that online armor got high leak test scores and had hips detection so i gave it a try. not sure if it’s because i was running threatfire, which is said to be able to work with OA, or just because it doesn’t like my system that it caused any program i wanted to run to crash. back to comodo…. i am using nod32 2.7. i have used avira with system slow downs. kav 7 is not compatable w/ comodo and wont let me install it. outpost is not compatable with things on my pc also and wont let me install. final setup with things running good is nod32 2.7, comodo 3 firewall with defense+, threatfire free, boclean(which gets turned off when gets cpu happy) and peer guardian for downloads.

  26. rustyjames Says:

    hi all
    would still like someone’s take on pctools software. especially the firewall, but they also have antivirus and antimalware programs all for free with registration.

  27. bwaverman Says: gives the free firewall from pctools an anti-leak rating of poor. their free anti-malware program is a stripped-down version of spyware doctor.

  28. bwaverman Says:

    Scot, when you make your choice for best firewall can you give us two choices. 1) for xp/2000 and 2) for vista. there seems to be a big divide there.
    and maybe it would also be wise to wait until comes out with the results of their NEW leak-tests which they are now working on. who knows, there might be some big surprises in store.

  29. rustyjames Says:

    i will even believe if you tell me its crap, however it DOES REALLY work with vista, so within the small (tiny?) group of firewalls that are free AND vista compatible maybe it is still worth something?

  30. alnjk Says:

    Scott, in reference to Online Armor I would like to mention their unparalleled support provided by their company representative (vs. an appointed moderator) Mike. I have found that he will go to any lengths to resolve whatever issue arises. I have never received such superior support by any other software company.

  31. O Says:

    I have been beta-testing Comodo Firewall PRO v3 in its various version … all the way through v Please note that I am not employed by Comodo.
    I use SuSE 10.3, BSD, and Vista BUS on my laptop.

    Since the FINAL release of Comodo Firewall PRO v3, there have been 2 updates of –

    Now, there is v This is much improved in both XP and Vista.
    Historically, prior to v3, most folks experience has been one of constant application nagging. This has been significantly reduced.

    Also, during the installation while using the ” Comodo Firewall Pro Configuration Wizard”, I chose the “Advanced Firewall with Defense” option –> “No, Let me answer the firewall alerts” –> I allow RDesktop –> “Custom Settings” –> “Average Protection”.

    The above approach will verify ONCE every application you deem appropriate for the firewall categories. If the dll does change, Comodo will flag that … that is good.
    I did have Comodo treat Firefox as a WebBrowser and Trusted app.

    Overall, Comodo 3 will require a little more knowledge and setup, but greatly rewarding … and it still passes all the leak tests. Version 3 is a totally different application with a lot of forward thinking in implementation.

    I think Outpost Firewall PRO v2008 is another excellent app as well as Online-Armor.
    By the way, I use Eset AV 3.0 with Comodo on Vista … no problems and with minimal nagging.


  32. dale.gj Says:

    I have used Comodo 2.x products off and on for some time, but I don’t like 3.0. I doesn’t remember my requests to treat specific progams as “trusted”, unless I change to training mode. The program did not suggest it, but I found it to be true.

    Before Comodo, I used Outpost Firewall Pro. It seemed to work well enough in earlier versions, but there were too many nags. I recently downloaded and installed Outpost Pro 2008, and I really like it. I plan to stick with it. I have not had any issues with the spyware scan, as mentioned elsewhere.

    Other than the antispyware component, Outpost Firewall Pro 2008 is pure firewall. Scot, I strongly recommend that you consider it.

  33. dale.gj Says:

    I have to take back my recommendation of Outpost 2008 for now. After my posting, I proceeded to have system hangs with lockups — couldn’t do anything but hard reset or power off. In each case, my system would run fine for awhile, then suddenly lock up.

    I restored to an image made before installing Outpost 2008, when Comodo 3.0 was in use. I’ll probably retry Outpost after the next update.

  34. bwaverman Says:

    l had a similar experience with outpost pro 2008 as dale.gj.
    it worked fine at first but slowly showed an increase in system slowdown and finally a freeze ( solved with cont/alt/del ).
    maybe webroot’s free firewall is worth a look. and what are the chances that microsoft will provide good outbound protection on its vista firewall at default settings when sp1 is released early next year? but then again every vista user has his/her own wish-list for sp1. ( vista+nodav3.0 )

  35. Traxless Says:

    Online Armor ( Free version with Windows Media Center 2002, SP2 on a Dell XPS computer (Core 2 Duo 6400).

    Installation was smooth, fast, and straight forward. It was as easy as any installation I have ever had with a firewall. It has run quietly and without a single issue for 2 busy weeks. The online forum seems to offer timely and thoughtful responses as I have lurked about the forum at »

    Online Armor is playing very nicely with IE 7.0.5730.11 and Firefox The AV on this computer is Avira AntiVir Personal Edition Classic (free) and I have not experienced any problems with this combination either. Btw, this AV has a very responsive and especially helpful forum at »

    I am very pleased with this combination of FW and AV. Btw, I have used ZA (early versions), XP firewall, and Comodo before the recent release plus a few other FWs whose names elude in the moment.

    Hope this helps.

  36. LakeMichSr Says:

    I have been running the trial version of Online Armor AV+ ( for 3 days with XP Pro, SP2 on a home built with AMD Athlon X2 5600. I really like the GUI and learning mode for applications has been relatively painless. The biggest plus is boot time. My computer boots nearly 4 times faster than previously. My previous firewall/AV was ZoneAlarm Security Suite and this has to be the culprit causing long start up times. I had grown very unhappy with ZA for a number of reasons. I will continue with the trial, but right now OA looks like a winner.

  37. dale.gj Says:

    After my negative experience with Outpost 2008, I decided to try the free version of Online Armor. I had a strange experience during installation, that required two passes through the trusted programs list, but after that, the installation went well.

    So far, I’m pleased with the operation. I love the GUI that tells me what programs are accessing what with what data rate.

    I have always practiced safe hex, so I’ve had little need for a firewall, But like all insurance, it never hurts to have it.

  38. tmarket Says:

    I install Comodo 3, works OK except when trying to access office VPN. Blocks access even when Firewall is disabled. Had to un-install to get VPN access working. A quick search revealed others facing the same issue.

Leave a Reply

You must be logged in to post a comment.