As I mentioned previously, based on a recommendation from Scot Finnie, I installed the Online Armor firewall on a couple Windows XP machines.* Scot recommended the paid version, I opted to get my feet wet with the free edition (v2.1.0.131). These are my first impressions, not a review. I don't think anyone can base a firewall review on merely a couple days experience, it's the sort of software you have to live with for a while.
My previous firewall was ZoneAlarm, whose best feature was its ease of use. Unfortunately, for a number of reasons, I no longer think that's sufficient. For example, ZoneAlarm seems bloated. The download for Online Armor is 9.9MB, ZoneAlarm is over four times larger.
The install process for Online Armor was uneventful, but then things went downhill. After installing, you have to reboot, no surprise there, I would expect this with any firewall. But, on the first computer I installed it on, the reboot looked like it wouldn't happen. For what seemed like an eternity, I was staring at the Windows desktop image with no icons. Perhaps a watched pot never boils, but I was sure glad that I had made a disk image backup beforehand.
This was bad documentation. Online Armor doesn't tell new users that special processing takes place during the first boot after the product is installed. There is a warning on their website, but there is no warning where it needs to be, alongside the message that says the installation worked and you have to restart Windows. After Windows finally restarted, Online Armour said something about completing an initial "learning process".
One of the first things I noticed was that Online Armor has two icons in the system tray (the leftmost two in the screen shot above). To me, one is enough. Other software makes do with a single icon (Avast antivirus defaults to two but there is an option to combine them). Someone else pointed out that both icons have the same right click menus. One icon (leftmost one above) looks like a shield and doesn't seem to change. The other icon looks very much like the Task manager icon which, at first, I thought it was (judge for yourself - the two are next to each other in the picture above). This icon does change, it's a vertical bar graph showing inbound and outbound traffic.
I poked around and found an option to suppress the bar graph traffic icon and another option to suppress both icons. What I wanted to do, see just the bar graph icon, doesn't seem possible.
The second thing of note is the cool looking status display shown below. I haven't yet found the graphs at the top to be very useful, but the Active Connections section at the bottom offers very interesting information, data that ZoneAlarm did not provide.
Main Menu
Judging by the General tab, shown below, there are four main sections/features to Online Armor, two of which are included in the free edition - Program Guard and the Firewall.
After installing Online Armor I was getting, what I felt were excessive warnings. Granted, "excessive" is subjective, but I was getting warnings that had nothing to do with networking.
For example, below is a warning from Online Armor that IrfanView wants to run. IrfanView is a picture viewer and editor. It has nothing to do with networking and therefore it's not something a firewall needs to worry about. Disabling Program Guard (you can see the checkbox is off in the screen shot above) was one of the first things I did. Program Guard may be a good thing, but all firewalls are chatty at first, that's the nature of the beast. Adding warnings about safe, non-networked programs such as IrfanView just makes things worse.
The first hint that Online Armor is not just a firewall comes from this introduction to the product on the Tall Emu website which refers to Online Armor as an antivirus program. The page also refers to trusted programs and programs allowed to access the internet as two different things. As a former ZoneAlarm user these are, to me, the same thing.
The fact that Online Armor is not just a firewall may be what leads to my biggest gripe with the product - it's confusing. Compared to the simplistic, free edition of ZoneAlarm, the Online Armor configuration options seem strangely spread out. For example, some Firewall options are in the Firewall section, others are in the Options section and the main on/off switch for the Firewall is in the "General" section.
Controlling Programs
The heart of a firewall are the rules governing the networking that programs are allowed to engage in. Online Armor controls this in three different places.
First, there is a Programs tab where you can allow or block programs. Allow them to do what? It doesn't say. I turned off Program Guard, yet this window seems fully functional. Only by clicking the Block button, does it become obvious this is blocking programs from running so it must be part of Program Guard rather than the firewall. There should be some indication here that Program Guard is disabled because a user can easily make changes here and expect them to take effect, when they are, in fact, being ignored.
There is a "Hide Trusted" checkbox as part of this display. Yet, even with it checked, you still see programs that are "allowed". So, there is a difference between "allowed" and "trusted" that I'm not getting. You also see this in the Firewall section of the Options tab, which has a checkbox for "Automatically allow trusted programs to access the Internet". What about a program is trusted, if not Internet access? This is, after all, a firewall.
Programs are also controlled in the "Program Access" section in the Firewall tab, which seems to do the same thing. That is, it too has a list of programs that you can Allow or Block. Allow to do what what was not immediately clear here either. Finally, there is a rules section in the Firewall tab (shown below) which also controls programs.
To try and understand things, I looked into how each of these three configuration areas dealt with Firefox.
On one computer running Online Armor there is a normally installed copy of Firefox 2, a portable copy of Firefox 3 and two portable copies of Firefox 2. The Program Access section of the Firewall tab shows all four, but calls each one "Firefox". By accident, I discovered that if you hover the mouse over the program name, a tooltip displays the path to the program. The rules section shows only two copies of Firefox and, likewise, the Programs tab shows only two of them.
The other computer with Online Armor had a normally installed copy of Firefox 2, a portable copy of Firefox 3 and a portable copy of Firefox 2. I ran them all at least once. The Programs tab only knows about the normally installed copy of Firefox 2. The Program Access section of the Firewall tab shows all three but the Rules section of the Firewall tab has one entry for the portable copy of Firefox 2, no entries for the portable copy of Firefox 3 and two entries for the normally installed copy of Firefox.
Go figure.
Rules
In all this configuration, I miss what ZoneAlarm calls "server rights', the ability to accept incoming connections. The Online Armor equivalent is a rule with a "Dir" of "in" ("Dir" means "direction"). Online Armor commits a cardinal sin here, it uses abbreviations without explanations. This same window has an "Adv" column whose meaning I couldn't even guess at initially.
The product help is not part of the installed software, rather, it's on the web, so if you're off-line it doesn't exist. And, the Help button is not context sensitive. That is, it always goes to the same introductory web page rather than going directly to the page with help for the feature you are looking at. In this case, I want to read about the Rules tab, within the Firewall tab. Because there is more than one Firewall tab, finding the right section in the help takes time. The page for the Rules tab doesn't explain these columns but the page for editing rules does. This is harder than it needs to be.
Kicking The Tires
One problem ZoneAlarm had was that it created an always-growing log file. I had to put a reminder in my PIM to delete this file every couple months. With this in mind, I looked to see how Online Armor dealt with logging. It seems to have both a log file and a history, the difference between them isn't clear. Even with logging disabled (there is a checkbox in the Firewall section of the Options tab), the history is still created. Neither one seems to have an option to limit the total size of the output.
I was disappointed by the history, which doesn't show the outbound endpoint. For example, it showed that Thunderbird, my email program, made an outbound connection on port 443, but to where? Of the millions of computers on the Internet, which one did my email program connect to? Online Armor doesn't log this, ZoneAlarm does.
Online Armor is a step up from ZoneAlarm in that it includes a database of known trusted programs. So, for example, the first time I run the Ping command it allows it and pops up an alert. The free ZoneAlarm knows nothing, so it objected to Pings. In the Online Armor history, there are two entries for that first ping. Neither shows the website that I pinged and one says it was a user decision, which is was not.
I maintain a number of websites using an FTP program. One type of FTP chooses port numbers randomly which meant that every time I used the program, it generated a pop-up notice that the new port was auto-approved. The pop-up doesn't say that explicitly (see below) but that's what it means. When an already approved program uses a new port for the first time, you get this pop-up and it wasn't obvious how to turn this off.
When a program was approved with ZoneAlarm, you never heard another thing about it. That said, ZoneAlarm doesn't offer the level of control that Online Armor does. Specifically, ZoneAlarm can't restrict the ports a program uses. And, if you really care about network security, you would want to be notified if a program used an unexpected port. Still, I would have liked some way to not be notified every time my FTP program used a new port.
Speaking of notifications, below is the standard alert from Online Armor, one that was generated by installing Java. It leads with "A program wants to use the Internet". It doesn't say if it wants to make an outbound connection or if wants to accept an incoming connection, something ZoneAlarm makes very clear. The last option has to do with sessions, what a session is to Online Armor, I don't know.
The most important thing a firewall does is keep the bad guys out. That is, it prevents unrequested connection attempts from the outside world. Even the basic firewall in Windows XP does this (that's all it does). ZoneAlarm excelled at two things in this regard, it logged these blocked intrusion attempts and it had an option to issue an alert when it blocked something. After reviewing all the options in Online Armor, it doesn't seem able to do either. This, to me, this is a big omission. Not only did I like to audit my firewall by occasionally reviewing the log of unsolicited incoming connections, I also found it educational. There is no better way to drive home the danger that is the Internet, than to see how often bad guys come knocking at your door.
Like ZoneAlarm, Online Armor can protect the hosts file, something I think any firewall should do. I found that it let me modify the comments in the hosts file without objecting, but as soon as I changed something that really mattered, it caught me and issued the alert below. In other words, it works great. If you want to test this yourself, the hosts file in Windows XP is in C:\WINDOWS\system32\drivers\etc.
A nice feature of Online Armor is that it shows you other computers on your LAN, something that ZoneAlarm does not. But, every time I've looked at it, the status of the other computers is "unknown", it continued to show computers that had been turned off hours ago and there is a yellow light bulb icon whose meaning is a mystery.
Online Armor also deals with Internet Explorer extensions, which ZoneAlarm does not. On both machines, it trusted the few extensions it found, which isn't a surprise, as I hardly use IE.
In Internet Explorer 7, you can see the installed Add-ons with: Tools -> Manage Add-ons -> Enable or Disable Add-ons. On both machines, when I selected "Add-ons that have been used by Internet Explorer" the list was much longer than the list in Online Armor. On one machine, IE7 displayed 20 Add-ons and Online Armor listed 7. I'm not sure what to make of this.
Windows Messenger is an IE7 browser extension that I always disable, since I don't use the product. Online Armor trusted it, so for good luck I tried to block it. This produced the warning below saying it will be uninstalled rather than blocked. The warning is wrong - if you say yes, the Windows Messenger extension is blocked rather than removed. After unblocking the Windows Messenger extension, I deleted it and that seemed to work, it no longer appeared in IE7.
Final Thoughts
In the interest of brevity (this is already my longest posting), I won't go into some other quirks in the user interface but suffice it to say, there is room for improvement.
Before Scot Finnie recommends a firewall, he runs it through a battery of tests. Online Armor got an excellent score, so I don't doubt it's protecting my computer. Still, it will be a while before I feel comfortable with it.
And, I don't know that it's a good fit for non-techies. Not only is it more ambitious than just being a firewall, the paid version is a very ambitious firewall. The list of features is huge. The free version of ZoneAlarm is skimpy on features, but sometimes less is more.
That said, two features of Online Armor sound very interesting. The "Run safer" feature is much like DropMyRights, which I wrote about last year. The "banking mode" (only available in the paid version) is also intriguing. I may research these a bit more.
Update July 17 2008: Revised the topic on incoming connections and added mention of the status display.
*Online Armor supports Windows XP and 2000, a Vista version is in the works.
See a summary of all my Defensive Computing postings.
Finding a new firewall program has been on my to-do list for a long time. I was a long time fan of the free version of ZoneAlarm, but the upgrade from version 6 to 7 was a put-off. The file size increased tremendously (it's now 44.6MB) and the functionality hardly changed at all. That made me suspicious of what all that extra code was there for. Still, old habits die hard and I was used to it like an old pair gloves. But a few days ago, when a bug fix for Windows broke ZoneAlarm, and no other firewalls, it lost my confidence.
I can't yet recommended a firewall based on personal use, but someone I trust, Scot Finnie, recommends two. Scot, who now works for Computerworld, has been writing a free newsletter for years. I was lucky enough to discover it long ago and I've come to trust his recommendations. Recently, it morphed into a blog.
Back in March, Scot wrote The Best Firewall Software of 2008: Online Armor, the final chapter in his 19 month investigation of firewalls. That's not a typo, he spent a year and a half researching firewalls.
Cutting to the chase, he recommended two firewalls: Online Armor 2.1 and Comodo Firewall Pro 3.0.
In his own words, "Tall Emu's Online Armor 2.1 is The Scot's Newsletter Blog Best Firewall Software of 2008 ... [with] the best blend of a high degree of protection with a high level of usability."
There is a free and a paid version of Online Armor, Scot reviewed and recommended the paid version. Vista users are out of luck, Online Armor only works with Windows XP (32 bit only) and Windows 2000.
Scot felt that Comodo Firewall Pro 3.0 offered excellent security, but that it was high maintenance and thus more appropriate for techies. He doesn't like being frequently interrupted by firewall alerts, a sentiment I agree with. Comodo Firewall Pro is free and works with Windows XP (both 32 and 64 bit) and Vista.
A big reason I liked ZoneAlarm was ease of use. When it popped up an alert, the explanation of why was simple and clear. Likewise granting permissions to programs couldn't have been easier. I tried a handful of firewalls and none came close in terms of ease of use.
Once, when I was teaching a class, and a student brought in a screen shot of an alert from the Norton firewall asking what it meant. It wasn't clear if the firewall was asking the user something or telling them, let alone whether the alert was about something coming in to the computer or going out. If you watch, the TV show Boston Legal, think word salad. And, I know the lingo.
Ease of use was a big reason that Scot recommended Online Armor, saying "Online Armor's user experience is on par with ZoneAlarm Free and Sunbelt Personal Firewall -- the two firewalls I've pointed to in the past as having the best user interfaces in this field."
Part of this entails running silently, after the initial getting-to-know-you period that any firewall requires. As Scot put it "When pop-ups are too repetitive or too frequent, it's only human nature for a large segment of the user base to start ignoring them. That behavior leads to a severe loss of security." I agree completely, as, I'm sure, many Vista UAC users do too.
The criteria Scot used in his evaluation were "usability, company support, stability, compatibility, and bug resolution". Sounds perfect to me.
Another thing I agree with Mr. Finnie on, is a dislike of all-encompassing software suites. Both his recommended firewall programs are just that, firewalls. Nothing more. As he puts it:
"The impetus for this review came after more than a decade of using and reviewing multifaceted, everything-but-the-kitchen-sink security suites such as Norton Internet Security. When I kicked that habit, I looked around for something better and realized that most mainstream computer publications were for the most part reviewing only the big-name, large-footprint products. It was clear to me that there was a better way that involved selecting a small set of best-of-breed security products that work well together."
I never heard of Tall Emu, the company behind Online Armor. But, Scot was impressed with them:
"What's especially impressive about the talk and actions emanating from Australia-based Tall Emu is a strong corporate culture that values communication, honesty, a willingness to talk openly about problems, a responsive attitude, open-mindedness, and respect. I'm not sure how to say this, but I trust Tall Emu to do the right thing. I can't remember the last time I felt that way about a software company in the post-Microsoft-antitrust era."
A small point in the article bears repeating. Someone with a single computer connected to a broadband modem, doesn't need a router. Technically. Yet installing a router is nonetheless a good thing - for the firewall. Rather than depend on a single software firewall (Windows security and all that that entails) the hardware firewall in a standard, relatively cheap, consumer router provides an extra layer of defense.
It's a very long article but well worth reading.
On July 16, 2008, I wrote up my first impressions of Online Armor
See a summary of all my Defensive Computing postings.
As a computer nerd, I hold this truth to be self-evident:
All new software contains bugs and design flaws
Thus, from a defensive computing standpoint, the latest is never the greatest. Someone who depends on his or her computer, in a serious way, is always best served by avoiding software that has just been released. With that as a backdrop, here are some thoughts as to what this means to you, in terms of current software choices.
Mac OS X Leopard 10.5
For one thing, it means don't buy a Macintosh computer--at least not now. I have nothing against Apple or Macintosh computers. People whose opinion I trust who use both Macs and Windows all say Macs are better. Fine. But the newly released Leopard is too new to trust. If you can get a Mac with Tiger installed, fine.
With Leopard, Apple has shown it is a typical software company, meaning it can't be trusted to release reliable software. The initial version of Leopard seemed like a beta. Problems with two features in particular generated a lot of bad publicity--the firewall and the Time Machine backup program. Both are brand new and featured more than their share of bugs and design flaws. This is not to pick on Apple in particular, it is just the latest example of the self-evident truth about new software.
ZoneAlarm
I like the ZoneAlarm firewall and have been using it constantly for many years, despite griping about it. My gripes have decreased as the product has matured because the basic firewall has not been drastically overhauled.
ZoneAlarm (just the firewall, not the whole software suite) is now at version 7, specifically, the fourth release (7.0.408.000) of version 7. I mention the release number because ZoneLabs (the original company behind ZoneAlarm, which is now part of Check Point) also showed itself challenged at quality assurance. Every new version of ZoneAlarm was plagued with bugs to the point that my personal policy was not to upgrade from the prior to the new version until the third release of the new version. In the worst instance, a bug fix release came out a mere six days after a new version; in another case it was 10 days. I'm happy to miss out on some new features for a little while, so that other ZoneAlarm users can help the vendor debug the software.
Maturity
Apple was responsive with Leopard, issuing a slew of bug fixes only three weeks after its initial release. Microsoft never moves that fast.
And speaking of Microsoft, its latest operating system, Vista, is also too new. If you are buying a new Windows computer, you are better served with XP as opposed to Vista.
When is software sufficiently mature or debugged to be considered reasonably reliable (again from a Defensive Computing perspective)? Reasonable people can disagree; it's a matter of opinion.
Java version 1.5 may have looked mature and debugged after eight releases (version 1.5.0.8), but then came versions 1.5.0.9, 1.5.0.10, 1.5.0.11, 1.5.0.12, 1.5.0.13, and 1.5.0.14.
I don't have the experience with Macs to make an educated guess when Leopard might be ready for prime time. With Vista, I would wait either 2.5 years from its release date or until service pack 2, whichever comes last. And keep in mind that nothing is lost by waiting even longer, as many businesses will do.
My Vista opinion is more conservative than most. In part, it stems from the fact that Vista was a long time coming. Thus more is new about it, more new code and more design changes; both reasons to wait. Apple has unquestionably done a better job of managing its operating system development--shipping new versions of OS X often enough that the changes in each release are far less drastic than the changes between XP and Vista.
Office Software
When it comes to choosing Office software, I would again avoid the latest rendition from Microsoft, Office 2007.
The prior version, Office 2003, has four years of bug fixes applied to it, making it more stable. The prior version has a user interface that is an unofficial, grooved-in standard and uses a file format that is as mainstream as mainstream gets.
In contrast, the new Office 2007 has a new user interface that is very different from the one in Office 2003, 2002/XP, and previous versions. As with any interface change, some people will like the new interface and others won't. The design mistake that I see, is that Microsoft forces the new interface on you; there is no option to fall back to the tried and true and familiar. They tried this with Internet Explorer 7 and eventually backtracked a bit and restored the menu bar.
Office 2007 also introduced a new file format, meaning that users have to tell it to use the old file formats if they want to exchange files with 98 percent of the computing world. If files are saved in the new formats, then people using older versions of Office can't read the files without installing additional software from Microsoft. Users of very old versions of Office are totally out of luck when it comes to the new file formats. Mac users running the Mac version of Office were also unable to handle the new file formats for the longest time. A purposeful zing at Apple perhaps?
Unquestionably, Office 2003 is the better choice when compared with Office 2007. Of course, Microsoft has stopped selling Office 2003. Thanks for nothing.
This leads to OpenOffice.org, which is a reasonable choice for Office software. For one thing, it's a mature product, now at version 2.3. Plus, it can read/write the old format of Office documents and uses the classic user interface. Plus, it's free. It has its quirks though, and is not as fully functional as Office, but it makes sense to try it first and, if it doesn't meet your needs, move on to something else.
If you get a new computer this holiday season, it's possible that your old one(s) may be more dependable.
P.S. If you know of a retailer still offering Office 2003 (for less than $450), please leave a comment below. Thanks.
Update: November 27, 2007. Fellow CNETer Rafe Needleman wrote a very similar story today - 6 upgrades that are downgrades. Regarding Vista, Rafe writes "The obvious number one product for this list. Vista is the new shiny operating system Microsoft released to replace Windows XP. Except it hasn't, because it's a poor upgrade. It's slower, bigger, and buggier. "
- prev
- 1
- next
