Personal Software Firewalls

Finding a good firewall.

As mentioned elsewhere on this site, the information about security tools that is really worth having is results of actual testing, preferably by experts.

There are a LOT of firewalls available. There are also a lot of free firewalls. Many of them are NOT WORTH USING.

There are a lot of reviews of firewall products in magazines and on websites. Many of these reviews do not tell you which firewall is a quality security tool.

Consumer reviews often compare products in terms such as ease-of-use, price, telephone support, whether they have a nice interface, and so on.

But these are not the central security issues. What actually matters with a firewall is that it works properly. I.e. that security measures are properly implemented.

What matters is real testing.

The reviews that have useful security information are ones like this, at PC World, where popular firewalls were subjected to real tests against worms and malware.

Note that the article talks about mixed bag of results: the firewalls that were tested performed well under some attacks and poorly under others.

(It's hard to find one tool that is perfect at everything.)

For example, from the article: "...malware may try... disabling security software. Panda, Sygate, and ZoneAlarm Pro resisted such attacks. But invading code shut down the [other brands]... and deleted the program files"

This shows up a critical point about security software: if it claims to protect your computer it should be able to protect itself.

Here is an example. In this paper ten popular firewalls were tested. Testing of the 10 most popular firewalls for robustness.
(Link goes to a pdf document. The server is sometimes slow.)

As usual with reports of this kind, the results are a mixed bag: i.e. not all the well-known firewalls performed as well as we might hope.

Another place where you can read results of firewall testing is at pcflank.com.

PC Flank have results from testing 24 firewalls for leaks.

The headline says: "Leak Tests Win Again!"

In other words, NONE of the firewalls tested passed ALL the tests.

This might seem a very poor performance. However, these are specially devised tests: it doesn't mean that any actual spyware or other online pests are actually using the same techniques to get data past your firewall. (But they might be.)

Also, remember that the firewall is not the only defence you have.

If you also look after your anti-virus and anti-spyware needs you make it much harder for these pests to survive.
Hopefully, the kind of malware that can fool a firewall will never get a chance to operate on your PC.

Other firewall testing.

There are more issues than simply whether a firewall passes or fails a leak test.

For example, a firewall might work very well and pass most or all of the tests when it is running. But what use is that if it can be turned off without your knowledge?

At Matousec.com you can read results of testing of five popular firewalls. They were:

• ZoneAlarm Pro 6.1.744.001
• Sunbelt Kerio Personal Firewall 4.3.246
• Norton Personal Firewall 2006 version 9.1.0.33
• BlackICE PC Protection 3.6.cpj
• Outpost Firewall PRO 4.0 (964.582.059)

Matousec are not very forgiving in their testing. Their reports seem to range from negative to very negative, or scathing.

Matousec hold back from recommending any firewall unless it meets their standards on every important capability they test. Also they feel free to describe products as worthless if that's what they think.

Matousec also report on responses they have from firewall vendors. That is, whether vendors have expressed interest in improving their firewall product once matousec has alerted them about the problems detected.

By the way: Matousec found ZoneAlarm Pro to be the best of the five firewalls above, but not free of problems. (They reported that the makers of ZoneAlarm were talking to Matousec and interested in addressing the problems that were identified.)
(Note: The currently available version of ZoneAlarm Pro is newer than the one tested by Matousec.)