Firewalls for Windows Approaching Fruition
If you’ve read at least some of my ongoing series on software firewalls for Windows, you should know two things by now:
1. There aren’t many good software firewalls out there right now.
2. My focus has been on outbound protection, since anyone sitting behind a firewall router has very good inbound protection.
Although I’ll be running tests on the final round of firewalls, I’ve been relying on the independent security software site, Matousec.com Firewall Ratings, to help winnow out the less impressive products. In recent testing, Matousec has named two new software firewalls “Excellent,” Agnitum’s Outpost Firewall Pro 2008 version 6.0 (a suite product that doesn’t quite fit the target profile of this ongoing review) and a little-known freeware product called Online Armor Personal Firewall v.2 by Tall Emu.
First Run of Online Armor v18.104.22.168
Online Armor Personal Firewall comes in a limited free version, a $39.95 paid version, and a $69.95 OA firewall plus Kaspersky antivirus engine version. (For more information on what each version of OA offers, see Tall Emu’s Online Armor comparison chart.) Tall Emu’s pricing offers both multiple licenses and multiple years of upgrades.
The free version of Online Armor aced the Matousec leak tests — blocking every leak Matousec threw it in its default configuration. So even though its a “limited” free firewall, it’s still a very useful product. Upgrading to the paid version adds 11 major features, including much better keylogger protection, DNS spoofing protection, phishing filter, and Web shield.
The free firewall focuses on two main areas: firewall and application control. It also minds startup programs and services, IE add-ons, and HOSTS file. The UI is simple and effective (Comodo could learn a thing or two). Online Armor is literally a joy to use. But the best part is that, for me, at any rate, it’s been extremely quiet. I’ve seen only about five pop-ups in about 10 hours of direct use. The product has been running on one of my test machines for about two weeks.
Online Armor has a very good chance of waltzing in and stealing top honors as the Scot’s Newsletter Best Software Firewall of 2008. But I need your help. If you’ve used this product, or if you use it after reading about it here, please take a few moments to send me a description of your experiences. Be sure to let me know whether you’re using the paid or free version. Please note, also: The current version is 22.214.171.124. Tall Emu has continued to squeeze bugs out of its product as they’ve been identified. Each time it squashes one, it releases a new minor version. So if you’ve run into problems before, you should download the latest version, uninstall your previous version of OA, and install the new version.
It’s pretty difficult to find much to complain about with Online Armor. But there are two issues that Tall Emu should address in future versions of the product (based on my use of the free version):
1. Because the Online Armor program window is fixed in size, when you look at the log listings screens, you’re not able to widen the window to read the details but are, instead, forced to scroll side to side.
2. Online Armor lacks the ability to automatically detect, name, and save LANs by location the way ZoneAlarm and Comodo do. I’ve said in the past that all software firewalls need this feature. So far, though, Online Armor has not interfered at all with my networking functionality, unlike so many other firewalls.
Lastly, it should be noted that Online Armor supports Windows NT/2000/XP but not Vista yet.
In the near future, I’ll test and report on the paid version of Online Armor.
Comodo 3 Hits the Streets
Meanwhile, Comodo finally released its free Comodo Personal Firewall v3. This new version has been out less than a week.
Visible for the first time late in the beta cycle, the Comodo engineering team added a wrinkle to version 3.0 that makes it like two programs in one. There’s a much simpler “Basic Firewall” installation option that eliminates the host-intrusion-prevention system (HIPS). By choosing this option, you disable the malware protection that Comodo offers, but in my tests the result was a nearly silent, well-behaved software firewall.
With its “Advanced” installation option in vogue, Comodo 3 adds the kind of protection used by business-class security products, though it’s probably not for average users. To make it easier to manage, the Comodo engineers added a predefined list of safe applications, with the ability for both you and Comodo to add to that list to make the product easier to use over time.
Comodo 3 is a major new version of the Comodo firewall product line. In addition to the HIPS module, the new version adds:
1. A clean PC mode that profiles all applications on your PC and registers them as safe, blocking others from installing without your approval.
2. An advanced network firewall engine that stops exposure of confidential data by stopping malicious programs from connecting to the Internet
3. Application-behavior analysis that detects suspicious activity before allowing Internet access.
4. Smart pop-alerts with multiple preset actions and an advice area.
5. A whitelist with one million trusted applications maintained by Comodo that cuts back on the number of pop-ups you’ll see related to the HIPS.
6. Support for 32-bit Windows XP and Vista as well as 64-bit Windows XP and Vista.
For more details on the Comodo 3 feature set, see this Comodo page.
I’ve been testing Comodo 3 for only a few days — not long enough yet to make a final pronouncement. In fact, I welcome your input on Comodo 3. Send me an email and let me know about your experiences. Be sure to let me know whether you opted for the Basic Firewall or Advanced (default) installation option.
In my testing so far, though, I’ve been very pleased with Comodo 3. The harsher experiences of the Comodo 3 betas have been largely eliminated in the final version of the product. I’m not seeing the blizzard of pop-ups that its predecessor, version 2.4, sometimes issued. The product is mostly well designed and easy to use.
Note: I have not yet tested Comodo’s outbound protection (something I plan to do in the next month or so), and Matousec has not tested it either. So the Comodo 3.0’s protection must be verified.
A Few Comodo 3 Shortcomings
In the early going, I did run into two separate problems with Comodo 3. I downloaded and installed Apple’s QuickTime and iTunes software, which apparently weren’t on the predefined whitelist of safe programs. I set them to be considered safe in Comodo, and then opted to upload them to the Comodo servers for the company’s analysis. For unknown reasons, every time Comodo attempted to send the files home, my Internet connection died and I received a network error message from Comodo.
Comodo contains a very simple wizard that automatically detects existing LANs and lets you name and save them, as well as giving you the option to be visible to all local networks. I’ve repeatedly suggested that all software firewall apps should work this way. Comodo does an excellent job of it. That’s why I know the network error was probably not caused by Comodo blocking the network. Both Internet access and file sharing on my local-area network worked perfectly.
After several hours during which Comodo repeatedly tried and failed to send the install files back home, I finally just deleted the chore to spare myself the interruption.
The other problem had to do with my FTP program, CuteFTP. When I initiated an FTP connection, a Comodo pop-up opened. I chose the option to treat CuteFTP like an “FTP program.” Seemed logically enough. Only problem was, CuteFTP was not able to connect with an FTP server. I had to manually create a rule to unblock CuteFTP at that point. There was no way (that I could find) to go back and change the “FTP program” security setting to something like “trusted application,” which is a bit more open setting. This example occurred both on the Basic and Advanced installations of Comodo 3.
Comodo 3 includes solid wizards called Define a Trusted Application and Define a Blocked Application,
but it doesn’t offer you a way to see a list of blocked or trusted apps you’ve created in the past. So you can’t modify them. and the Network Security Policy module, buried in the Firewall > Advanced area, lets you see and modify all the previous decisions you’ve made in Comodo pop-up dialogs. This is a very important piece of functionality in Comodo 3. I’d like to see it become much more prominent, easier to use (too many clicks), and it should offer built-in help that makes it easier for people to revise their settings smartly.
One of the things I find frustrating about many software firewalls is that they provide you with detailed logs of blocked connections or exceptions, but there’s no way to act on these logged lists.
Software firewalls need a UI structure that makes it easier for people to create, edit, and delete their own firewall rules. Comodo has the basics, but it doesn’t go far enough. Online Armor does a better job on that score.
[Note: Thanks to redr for the comment on this story that points out an error I had made. The strikethroughs in the two paragraphs above and some added text aim to correct my mistake. — S.F.]
Where’s It All Headed?
The 11th-hour addition of Online Armor makes this comparo a two-horse race. My focus is now on making a decision between Online Armor and Comodo 3. My current instinct is that you’ll probably be in good stead with either option. Both products work fine with Nod32 v2.7, the product I’m currently recommending for antivirus/anti-malware protection. Interestingly, both of these firewalls also add anti-malware protection.
So I think we’re finally getting closer to a final decision. As soon as I verify that there are no widespread reliability or bugginess problems with either Online Armor and Comodo, and after I have run some security tests on them, I hope to announce a winner.
Footnote: I’ve looked at two new firewalls since I last wrote on this topic. In addition to Online Armor, I examined Webroot’s Webroot Desktop Firewall, which the company is currently offering for free. It’s a pretty nice product that Webroot apparently licensed from Privacyware, whose Privatefirewall 5.0 garnered “very good” scores in Matousec’s tests. Still, very good isn’t as good as excellent. Plus the UI in the Webroot product is good, but not great. So I’ve crossed the Webroot Desktop Firewall off the list.