Scot's Newsletter Blog

Yesterday, Tall Emu, makers of Scot’s Newsletter’s Best Software Firewall of 2008, Online Armor, released public beta 1 of a significant new version of its firewall. Online Armor version 3 supports Vista, but that’s really just the tip of the iceberg. The list of features is quite long and very intriguing.

Tall Emu CEO Mike Nash tells me that the public beta of the free version of Online Armor will be released shortly (probably today). In addition to Vista support, the free version will now be able to check for and install updates automatically as well as upgrade to newer versions (free or paid) of the OA software without having to uninstall the previous version. That takes care of my chief criticism of Online Armor’s 2.x free version. (The paid version of the product was able to perform both of these functions.) I’m glad to see Tall Emu make the products equal in this area. It’s the right thing to do. But in the same breath, I also urge my readers to pay for the commercial software products they adopt and use regularly. It is equally the right thing to do.

So here’s a quick top-level list of what’s new in Online Armor 3. For more detail about what’s new, see Mike Nash’s post in the Tall Emu forums.

Online Armor 3 Beta 1 Highlights and New Features

• 32-bit Vista compatible
• Updated user interface
• Additional threat protection
• Updated help file (http://www.tallemu.com/webhelp3/Welcome.html)
• New language support, including French and Italian.
• Multi-desktop support
• Manage your hosts file with Online Armor’s HOSTS editor.
• “Trust All” option in the Safety Check Wizard allows fast setup on new computers.
• MAC Filtering
• Online Armor can be set not to start at next boot.
• Filter by program added to firewall status screen.
• Default “Run Safer” for unknown programs added to OA options.
• Keylogger detection detects more types of keylogger.
• Advanced-mode options screens allow finer control.

It’s taken a lot of work to get there, but the curtain has raised once again on Scot’s Newsletter Forums after a hiatus of more than three weeks. The closure, like the locking of this blog to comments and new registrations, was caused by hackers who were able to repeatedly access these sites via FTP. Both blog and forums have been moved to a new webhost and their underlying applications have been fully upgraded.

If you’re a frequenter of the forums, drop by and help us beta test the new forum software, configuration, and customizations.

Now that the forums are back open, the migration to the new host is complete. I’ve learned a lot from this less than happy experience. I’ll pass along some of my lessons learned in future blog entries.

The decision is in. After a year and a half of testing, and with the help of more than a thousand Scot’s Newsletter readers who’ve written detailed descriptions of their software firewall experiences, I’m happy to announce that Tall Emu’s Online Armor 2.1 is The Scot’s Newsletter Blog Best Firewall Software of 2008.

There are many reasons why I’ve selected Online Armor (OA) as the best software firewall for Windows users; the rest of this story delivers the details. But boiled down to a single thought, the most important reason is this: Online Armor offers the best blend of a high degree of protection with a high level of usability.

That may sound simplistic, but in this software category such a balance is the toughest thing for a software development company to achieve. It’s very easy to throw up a blizzard of pop-up user-prompts. You can make your system so secure that you’ll never want to use it again. It’s also easy to dumb down the security so much that you’ll rarely, if ever, see a pop up — and in the process, render the firewall ineffective. The trick is to offer solid protection with minimal user interruptions. OA 2.1 is the only firewall software I’ve tested that delivers a near-perfect balance.

(more…)

Online Armor 2.1.0.85 was quietly released on the Tall Emu website earlier today. The company posted information about the software firewall’s new features on its forums. I’ve tested several betas of this release, but many of the what’s-new items are server-dependent, and so I’m just exploring those nuances right now.

(more…)

Although I don’t currently recommend Vista, I will continue to cover new versions of Microsoft’s operating system. I can’t very well recommend against a version of Windows without testing its latest service pack. You never know, perhaps some future version of Vista might win me over.

But not this one. While I need more time with the SP1 code, my first few days with the final version of Vista’s first service pack were, well, underwhelming. The one thing that I can definitively say at this point is that if you secretly installed Vista SP1 on a friend’s PC while he or she was out to lunch, 9 out of 10 friends wouldn’t have a clue when they came back.

(more…)

Comodo’s president and CEO, Melih Abdulhayoglu, used his forum today as a podium to blast this Scot’s Newsletter Jan. 20th blog post. In that post, I notified readers here of my decision to stop considering one of the two modes that his company’s software firewall product, Comodo 3, offers during installation.

In the Jan. 20th post, I explained that because Comodo 3’s “Basic Firewall” installation option does not offer full-fledged leak protection, and because my first impressions of Basic Firewall’s user-interface were favorable, I needed to make a statement to my readers that:

(more…)

For an important update to this blog post, please see this more recent post.

Note: This story has been updated for clarity on 1/22/2008 and 2/2/2008. Nothing has changed about my recommendation.

Because I have written in the recent past with an initially positive reaction to Comodo 3’s “Basic Firewall” installation option, I am honor-bound to post this quick message.

I have learned directly from Comodo executives that the Basic Firewall installation option of Comodo 3 offers only marginal outbound leak protection, not up to the levels of Comodo 2.4 or 3.0. The company may add that protection in a future version of Comodo 3.x. The Basic Firewall option turns off Comodo 3’s Defense+ HIPS module (which constitutes the “Advanced” default installation mode). Defense+ provides the leak protection for Comodo 3.

The previous generation of Comodo, version 2.4, provided anti-leak protection without the new HIPS module.

Not only does this mean that Comodo 3’s optional Basic Firewall mode is no longer a contender in this blog’s firewall evaluation, but if you’re relying on the Basic Firewall mode of Comodo 3 for your firewall protection, you should stop doing so. Windows XP users should switch to Online Armor Free version 2.1.0.31 (or newer) and Vista users should uninstall Comodo 3 and reinstall it, choosing the “Advanced” installation option.

[Note: Since I wrote that last sentence, Comodo has pointed out that you don’t have to uninstall and reinstall Comodo to switch to the Advanced mode but can instead do so by turning on the Defense+ HIPS module. The steps for making the change aren’t immediately obvious, however, so here’s how to do it: Open the Comodo 3 program window. Click the Defense+ icon near its upper right corner. On the left side of the window, click the Advanced button. Click the the last icon, Defense+ Settings. At the bottom of the next configuration screen, remove the check in the box beside “Deactivate the Defense+ permanently.” Comodo will prompt you to restart your computer. You must do so to enable full protection.]

Comodo 3’s “Advanced” default installation mode remains under consideration in my ongoing software firewall evaluation process.

More details will follow in the near future.

— Scot

Tall Emu, a small but dedicated software company based in Australia, has been quietly developing and refining Online Armor almost as if it were reading Scot’s Newsletter’s specifications for the ideal software firewall for Windows XP and earlier. Some of those specs include (updated 1/22/2008):

• Very low system overhead with a strong preference for standalone software — no full-blown security suites
• Full compatibility with popular third-party standalone software from other security application categories
• Excellent outbound security protection, as pre-screened by Matousec.com
• Simple, informative, and highly usable user interface
• Reliability
• Works quietly, alerts you when there are real problems not for the heck of it
• Strong, responsive development team behind the product that is actively developing the product in a rational manner
• A feature that lets users rapidly shutdown all inbound and outbound activity
• Protects but doesn’t cause intermittent problems with Windows local-area network functionality.

Another specification is that the firewall support Windows XP (at least) and Windows Vista. (At the moment, Online Armor does not support Vista. Tall Emu plans to add that support in a forthcoming though possibly not imminent release.)

This post is a sneak peek into my current testing and research on software firewalls for Windows since I last wrote about this topic six weeks ago. In that article, I admitted Online Armor as a last-minute entry into the comparison to give Comodo 3 one last run for the money.

Over the last month and a half, I have received scores of helpful messages from Scot’s Newsletter readers detailing their experiences with Online Armor 2 and Comodo 3. I have also tested the paid version of Online Armor. My research has not concluded yet. I’m waiting for the next version of Online Armor because of a handful of issues with the product (installation mode doesn’t work that well and the documentation for the paid version is very spotty). Overall, however, people testing Online Armor who’ve written to me about it are very positive about it. Few people are reporting serious problems. The same cannot be said for Comodo 3, whose makers have released three or more iterations of Comodo 3 because of several bugs, crashes, and errors.

When you install Comodo 3 in its Basic Firewall installation mode — which doesn’t install the HIPS (host-intrusion-prevention system) — it’s a much more reliable and usable product. But it’s also potentially less protective than Online Armor’s built-in HIPS protection. I’m also beginning to become disillusioned with Comodo’s approach to software development. The company culture appears to favor hurry and time to market over testing and polish. I realize the product is entirely free. But when you experience a serious problem as some people have with Comodo 3, it becomes your time and frustration.

I have to stress the point that I have not had trouble with Comodo 3. It works pretty well for me (except for a bug related to its Help facility that caused a crash in the first release of Comodo 3). But I have had numerous emails from readers about their problems with Comodo 3. Many of those people have gone back to Comodo 2.4 or switched to some other firewall.

So, at this juncture, I’m leaning toward Online Armor, which has been 100% trouble free for me. I still have to perform security tests on Online Armor. Plus I need more time with it. And I’m waiting for an update to the product to see whether a few areas improve. Online Armor is a relatively young product. Its makers are still adding significant new functionality.

I’m still looking for your input on the latest versions of these two products. If you’re using Comodo 3 or Online Armor 3 (or both), please take a moment to send me your experiences, positive or negative, with the two software firewalls:

• My Online Armor 2 Experiences
• My Comodo 3 Experiences

Or you can post them right here as a comment to this blog entry.

Stay tuned for a final software firewall recommendation. For more information on Windows software firewalls, check out the entire software firewall evaluation series.

I have not fully tested the new 3.0 version of Nod32. I looked pretty extensively at Eset Smart Security (ESS) in late beta, and I didn’t think much of the firewall at all. Plus I have no use for Eset’s antispam solution. So I am definitely recommending *against* the new $60 ESS.

However, my preliminary impression of Nod32 3.0, also contained in ESS, was quite positive. That product is available as a standalone upgrade to Nod32 2.7 for $40 (one user, one year).

I have not had a chance to fully test the 3.0 standalone product yet. I’ve been focused on the firewalls. But testing Nod32 3.0 is very high on my list. From my look at the ESS beta, I don’t anticipate any serious criticism of Nod32 3.0. I like the UI a little better. I didn’t see anything I didn’t like. I didn’t have any problems with it. But I still have to test it fully to be sure. I’ll be looking at it on both Vista and XP.

I don’t write final security reviews before I’m sure about a product. So depending on the complexities I encounter when I test Nod32 v.3, it could be four to eight weeks before I give you a definitive answer.

If you’re forced to make a decision before that, I would currently characterize Nod32 3.0 as a good bet. And, again, I would recommend separate firewall and antispam solutions instead of ESS.

If you’re using Nod32 3.0, I would be interested in your experiences with and impressions of it. Please send your thoughts to me. Thanks!

Alternatively, you can also post your experiences as a comment to this post if you prefer.

If you’ve read at least some of my ongoing series on software firewalls for Windows, you should know two things by now:

1. There aren’t many good software firewalls out there right now.

2. My focus has been on outbound protection, since anyone sitting behind a firewall router has very good inbound protection.

Although I’ll be running tests on the final round of firewalls, I’ve been relying on the independent security software site, Matousec.com Firewall Ratings, to help winnow out the less impressive products. In recent testing, Matousec has named two new software firewalls “Excellent,” Agnitum’s Outpost Firewall Pro 2008 version 6.0 (a suite product that doesn’t quite fit the target profile of this ongoing review) and a little-known freeware product called Online Armor Personal Firewall v.2 by Tall Emu.

(more…)