Firewall Thoughts

[Rizar]

I've had firewalls on the mind and can't find room for all of this in my already lengthy article...

1. Clean PC Mode Confusion

Comodo Firewall has caused me a lot of confusion over its default mode. The online help says that the installer for the full security suite (CIS with antivirus and more) sets the Defense+ to Clean PC mode if the PC is new or scans clean of malware. So I assume that Clean PC is the recommended default mode.

However, if you click through the firewall installation (only deselecting the GeekBuddy perhaps), you get Safe Mode as the default. Sure you can easily change to Clean PC, but the help information conflicts with the way the product works for Comodo Firewall users (and the two modes operate quite differently).

In the negative for this confusing practice (over in the BF Firewall article) I suggested that this leaves the perception that other antivirus products aren't doing their jobs very well. Perhaps so (all antivirus programs have lower than 100% perfect detection, and you can always run other on-demand products for a second or third or fourth opinion), but CIS isn't known for high detection rates yet.

If Comodo Firewall uses "Safe" as the default mode despite the popularity of antivirus products, then Comodo should use Safe Mode by default for the full CIS too. Or the default mode for Comodo Firewall ought to be Clean PC. Have I missed anything here?

(By the way, "Safe" is the maximum security mode besides Paranoid Mode. Whereas, "Clean PC" is like a training mode that auto allows Internet access and program execution for all programs currently on the host system. However, it kicks into action -- as if in Safe Mode -- if you run a program from a flash drive or install a new program. For example, "Clean PC" fails the leak tests I tried until I ran them from a flash drive.)

2. Outpost WARNING: Upgrade Now or We'll Paint Your Interface in Red

I installed Outpost Security Suite today and was impressed with the way it automatically disabled its resident antimalware features when it detected Avast. It still allows you to scan on-demand with its own scanner. But it forces you to register by email to lengthen the 2-day trial to a year, and it doesn't have built in features to let you register easier.

The main status tab (named "My Security") grabbed my attention to let me know that the malware database was out-of-date. The screen scares the user with four red indicators: (1) a red cross icon; (2) a red border; (3) a red highlight over the out-of-date malware database; (4) and a second red cross icon at the bottom of the interface on every tab.

So I tried to fix the malware database problem by clicking "fix it now...", but then the link sent me to an upgrade offer. Why doesn't it open the downloader to simply update the malware database, which is possible right in the interface and without upgrading? I'm not sure if the red indicators go away once the database gets updated (I'll report back once the downloads finish). But this looks like another confusing vendor practice.

3. Where's the Least-Privileged User Account (LUA) Accommodation?

You would think that security products would be sensitive to standard or limited user accounts and would accommodate their products for them, but I've come across a few firewall products (two so far) that don't fully function under LUAs and require administrator rights just to make simple changes in their interfaces. So far I've counted this as disqualifying for the BF Firewall article since we tend to write for home users (where our products are free for personal use). It might be a positive for some users who want to limit access to key features, such as to web filters, but those features might be better discussed in a parental filtering article.

4. Windows Filtering Platform (WFP)

I'm undecided on the quality and usefulness of WFP controllers like Windows 7 Firewall Control. W7FC doesn't compare very well to the other products on user friendliness (especially the interface setup), but it has less chance of conflicting with other programs and it's lower on memory use. However, just as I was about to add it, I took a closer look and found it a bit too limited in the free version for my taste. So I took a pass on it for now until I test the other firewalls.

5. Best Categories to Rate Firewalls

In future reviews I am going to create subheadings like I saw in one of the Web Browser reviews to make reviewing easier.

Here are my initial thoughts on the categories.

• Overview: Impressions on the overall security benefits and user experience.
• Security: Inbound and leak testing, and extended security features.
• Performance: Impact on CPU use, I/O bytes, memory, and bandwidth.
• Features and Productivity: Logging, network info, rule customizing, password protection, updates, game or full screen modes, help & guides, forum support, etc. Notes of any excessive hindrance to normal user productivity, such as continuous nags, advertisements, excessive alerts, etc.

Doing it like this, I'll be lucky to write a review a month so I'm going through the products to see which will be first.

[MidnightCowboy]

You are not alone in being confused by Comodo and without being unkind to anyone I would suggest that the majority of those using it leave it at whatever it defaults to and feel very secure

Since leaving paying customers behind, I've done my level best to shake off those who thought they could carry on our relationship for free. I'm not insensitive enough though to just wipe out some folks with whom such relationships went past the business level. Apart from "which antivirus is best" the most common other queries are all firewall related in like "what do I do with this?". All of these I attempted to persuade towards Windows firewall as being the easiest solution, and apart from one ex customer with a cr@ck happy teenage son, none of them who have made this transition have become infected.

I don't envy your task, and I admire your commitment to making the understanding of third party firewalls clearer for everyone. I'm still using Privatefirewall to guard my Windows partition and Mandriva comes kitted out with Shorewall which looks after the other.

Oh how I wish the simplicity of Sygate, Kerio, Filseclab and Netveda were still available for Windows 7. Sure you can make these complicated too if the desire is there and the knowledge with it, but at least there is not this profusion of add-on parts.

I'm really looking forward to your review development and wish you well in this endeavour

[Rizar]

Thanks! I enjoy changing my security setup every so often, so this gives me more of a purpose to experiment. I just have to be careful with cleaning up after firewalls; even after ZSoft Uninstaller finishes I still have to manually clean some leftovers, and it helps to browse the ZSoft analysis file to ignore or edit out any unrelated files (usually Avast changes).

My Outpost red warnings went away after I updated its malware database. Now I wonder how long it will take for it to turn red again. I don't see any options to ignore whether the on-demand database is up-to-date.

[J_L]

Why don't you test in a virtual machine, another boot, or spare machine?

[Remah]

Great timing. Thanks for the thoughtful comments. I was about to start new threads for two of these issues:

Quote:

Originally Posted by Rizar

3. Where's the Least-Privileged User Account (LUA) Accommodation?

You would think that security products would be sensitive to standard or limited user accounts and would accommodate their products for them, but I've come across a few firewall products (two so far) that don't fully function under LUAs and require administrator rights just to make simple changes in their interfaces. So far I've counted this as disqualifying for the BF Firewall article since we tend to write for home users (where our products are free for personal use). It might be a positive for some users who want to limit access to key features, such as to web filters, but those features might be better discussed in a parental filtering article.

Do you think we should be testing all products under LUAs?

The LUA issue doesn't fall under BF Parental Filter because it isn't a filtering issue. It would fall under a category called Parental Control but that doesn't exist. If it did then some info/issues could be moved from Parental Filter to give that category greater purity. For example, it would provide a home for child-safe web-browsers which don't fit under Internet Safety Check and only half fits in Parental Filter. It would also allow a fuller discussion of the issues of parental control and how to counter the myriad of techniques that are used to avoid parental control.

Quote:

Originally Posted by Rizar

5. Best Categories to Rate Firewalls

In future reviews I am going to create subheadings like I saw in one of the Web Browser reviews to make reviewing easier.

Here are my initial thoughts on the categories.

• Overview: Impressions on the overall security benefits and user experience.
• Security: Inbound and leak testing, and extended security features.
• Performance: Impact on CPU use, I/O bytes, memory, and bandwidth.
• Features and Productivity: Logging, network info, rule customizing, password protection, updates, game or full screen modes, help & guides, forum support, etc. Notes of any excessive hindrance to normal user productivity, such as continuous nags, advertisements, excessive alerts, etc.

I notice that in BF Web Browser, the editor only uses the subheadings for the Editor's Choice. Do you think subheadings should be used each product review? I'd expect them to make the reviews and probably the web page longer.

Would you drop the subheadings for the more lowly rated products? I usually write more on the Editor's choice or the main recommended products to give people more idea about the range of features and those that are more important.

I like the idea of subheadings for several reasons:

• it ensures more rigorous reviewing because we have to compare each product under the subheadings we have chosen.
• the reviewer's criteria should be more visible as they are more likely to match the subheadings
• it is easier for users to compare products under the same subheading
• as you said, it is easier for editors to compare products under the same subheading.

Do you think that we should be using some standard categories across all of our reviews? If so what would you choose.

I've started writing a new category, BF DNS resolution services, where there are appear to be three drivers for using these services, two of which are accomodated by your subheadings.

• Overview
• Performance (basically response time) e.g. Google Public DNS
• Security (primarily threat filtering) e.g. Norton DNS
• Category Filtering (also covered under BF Parental Filters) e.g. OpenDNS
• Features and Productivity: ease of use including configuration (some have downloadable software), online help and support, how block screens work, etc. Before reading your post I was going to call it Ease of Use because these are simple services with relatively few features

Quote:

Doing it like this, I'll be lucky to write a review a month so I'm going through the products to see which will be first.

I'm trying to refine my technique to better manage the workload. So I'm interested in how you do your reviews.

How do you do your reviews? Do you create checklists or just use categories like the subheadings? Do you test the products one at a time and write the review before moving on to the next one?

Do you purposely not review products based on some criteria? I've tried to look at everything I could find and put those products into lists at the end of the article discussion. This is so that users can see that products have been tested. Otherwise they might erroneously think that the product they've found, that is not in listed my review, might be as wonderful as it is advertised to be.

[Rizar]

@ J_L
I test under an older Returnil to avoid damage from outbound tests, and I go back to a drive image when I'm done with all the firewalls. Otherwise I'd probably get distracted and start testing virtual machines rather than firewalls. I'm already holding myself back from a re-write of my science fiction page.

In the past my dialup connection and absence of portable laptop prevented me. I recently downloaded VirtualBox but haven't had time to mess around with it.

My spare machine is also distracting ... I was playing around with MS-DOS 7.1 and Windows 95 for history sake and older games, but some kind of conflict prevents Windows 95 from loading still (sadly). I'm not sure I want to give up on it yet to turn it into a test machine. And my laptop is now very old and makes annoying grinding sounds. I'll probably get another cheap Wal-Mart PC in the future and turn my current PC into a modern test PC.

[Rizar]

Quote:

Originally Posted by Remah

Great timing. Thanks for the thoughtful comments.

No problem, and thanks to you for such great work.

Quote:

Originally Posted by Remah

Do you think we should be testing all products under LUAs?

It would be important for programs that need administrator rights to see whether they are user friendly on LUAs. It wouldn't distinguish between products if all of them (such as disk defrags) need to elevate to operate, but I've had complaints in the comments on my old Music Player article about players that didn't handle user accounts very well. So it might be useful to check applications that are new or unknown or unpopular. The well known and popular applications would probably already have gone through plenty of public beta (or complaint) testing. But LUAs are a bit annoying to handle and might have a limited user base.

Quote:

Originally Posted by Remah

The LUA issue doesn't fall under BF Parental Filter because it isn't a filtering issue. It would fall under a category called Parental Control but that doesn't exist. If it did then some info/issues could be moved from Parental Filter to give that category greater purity. For example, it would provide a home for child-safe web-browsers which don't fit under Internet Safety Check and only half fits in Parental Filter. It would also allow a fuller discussion of the issues of parental control and how to counter the myriad of techniques that are used to avoid parental control.

I agree, the title "Parental Filter" is a bit limiting for a broader discussion. Perhaps a corresponding "How To" article would be a good way to create a second article, such as "How to Setup Effective Parental Control" (and preferably with a better and catchier title than that).

Quote:

Originally Posted by Remah

Do you think subheadings should be used each product review? I'd expect them to make the reviews and probably the web page longer.

My plan was to use them for the main products, such as all of those below my "Basic/Proactive Firewall Reviews" headings, and then mention other impressive firewalls that I didn't want to fully review under my "Discussion" headings (or leave them off the article).

In some articles I've followed Jojoyee's article format in creating a special "Others" section to list other (less impressive) products with a short description instead of a review. I won't need to do that again in the Firewall review because all of them are already listed on Ako's security list. I plan to direct readers to it for firewalls that I take a pass on.

Quote:

Originally Posted by Remah

Would you drop the subheadings for the more lowly rated products?

I think it makes sense to emphasize the top products, especially if they have richer features compared to similar products, as long as it's done without sounding biased (like your reviews avoid). Uniformity is sometimes stylish, but it seems fairer to spend the amount of space on a product that it deserves.

In the BF Firewall article I had fairly similar length reviews at one point, with just a few extra pointers on how to handle Comodo. But my future Comodo review won't need extra length because of all the article length guides.

I've been thinking about writing these lengthy reviews as single articles and then summarizing them in a paragraph or two in the comparative article. It would allow for a better conversational style of writing that I see in our Hot Find reviews and over in CNET Editor reviews. When I try to write shorter, informative reviews, the wording gets dense very quickly. And then visitors would know what product review was updated, they could read comments relating to it, and maybe rate the product rather than the article.

But I am going to write future reviews without worrying too much about length (just as long as the reviews seem fair and objective), and if the comparative article gets too long then we can always break it apart later with links to "see full review here".

To be continued (and maybe these should be moved to an editor thread?)...

[Rizar]

Quote:

Originally Posted by Remah

I'm trying to refine my technique to better manage the workload. How do you do your reviews? Do you create checklists or just use categories like the subheadings? Do you test the products one at a time and write the review before moving on to the next one?

Do you purposely not review products based on some criteria? I've tried to look at everything I could find and put those products into lists at the end of the article discussion. This is so that users can see that products have been tested. Otherwise they might erroneously think that the product they've found, that is not in listed my review, might be as wonderful as it is advertised to be.

I like to test all the products to see a wide diversity and find the ones that impress me to focus my reviews. My goal is always to limit the number of top products that get the "full treatment" (all of these get a quick select guide entry that has to kept up-to-date).

In large categories, like Music Players, I had to be quite selective and some products got shot down very quickly with a qualitative/subjective "what the heck were they thinking" or "that's not impressive enough". I've also posted polls to see if any products should get more emphasis. I think I still have my old test list in the comments that shows how ruthless a BF Music category has to be to keep the review list manageable (http://www.techsupportalert.com/cont...#comment-47314).

I classified the players by arbitrary phases just to keep track of them (still auditioning, rejected, not impressed enough yet, impressive/reviewable, NA, etc). I figure it's the job of the product to impress me enough to get a review. Some products were quickly tested and rejected for security concerns or lack of support or lack of wide OS compatibility. I decided to disqualify smaller music players and just list them with a paragraph description (and no quick select guide). I see that I rejected Windows Media Player for no reason other than that it is a default app (oops!).

Firewalls are totally different, and are somewhat less stressful to organize. They are much more difficult to test, so I still use some of the same methods to limit the 'full treatment' list. I disqualified unsupported firewalls and made a short section for them (the Windows 95-2000 section; this time without descriptions). I didn't download Rising to test because I noticed a thread about it not being free. And I again have my list of auditioning/undecided products that I go back to periodically to see if they improve (or whether I was wrong the first time). I'm just going to let these be listed in ako's list this time around. But I do this retesting usually when I notice a convincing user comment or forum thread on them.

I personally like to see all the 'full treatment' products (even if just short "auditions") before I write about any of them for the first time. Then I reinstall an individual product for longer testing when I prepare to write about it to check my facts, check things I missed that others mention online, or just to consult obscure names of features. For new versions, I look at the change log and decide whether the changes are worth another look (which would be done individually without going through all the other products again).

I made a spreadsheet this time to keep track of my 'full treatment' testing, but I used paper to take notes the last time. I can record performance samples, test results, nags, impressive features, etc. Basically I just write down my findings, whatever they are, and my user experience, and then try to organize my findings to write them clearly. I also consult forum posts, articles (other reviews if available), and light research online after I finish testing a product (that way I won't have the hype and bias in mind during testing).

It's probably best to use subheadings that help compare the particular product category in question, drawing the most important review criteria from the best or most unique products that stand out of the crowd. It's easy to get confused by top download lists or popularity or vendor hype. So I try to think comparatively and observe the main features of the products with my own clicking around and experiments. It's fun to try to "brake" the program by plausible general use. And if I forget to test something in any one round of testing, I can always get it next time around or when I finish writing about them and use them myself over time.

[Remah]

Rizar, thanks very much for both replies. All the detail has been helpful but I'm not yet sure what I'll change. So I'll be rereading your comments a few more times.

Now back to the your Firewall review.

[QUOTE]It might be a positive for some users who want to limit access to key features, such as to web filters, but those features might be better discussed in a parental filtering article.[/UNQUOTE]

Do you think that I should look at this?
I expect to be updating BF Parental Filter as soon as I've finished BF Internet Safety Check and BF DNS Resolution Service. I'm finding the security categories are getting more interrelated because any one vendor uses the same/similar core technology across several products.

[Bob]

Just listening in to your conversation - some really interesting stuff here.