Computer security is a multifaceted endeavor. Every computer needs a good antivirus program, a firewall, at some point a password manager and update monitor, and at least a couple of anti-spyware, adware and other specialty programs. These hide in the background and, with the exception of the password managers, chances are you'll never know they are there until you go looking for them or they alert you of a threat. Erecting a firewall is fairly straightforward, but the way in which a program manages the job, interacts with you and allows or disallows you some say in the matter is what sets the various programs apart. And, some programs toss in a few extra features to make them stand out. If these features matter to you, then they clearly are a better choice for you. If not, then any will do (since they all work essentially the same).
After downloading but before installing any personal firewall software on a Windows computer, be sure that the firewall built into Windows is turned off. If you are replacing another firewall program (other than Windows'), uninstall it using the vendor's uninstall utility; if none, use the Windows add/remove tool in Control Panel. Then and only then should you install the new firewall. You should never use two software firewalls at the same time. Also, this would be a good time to create a new drive image or restore point.
After you install a new firewall, you need to run an audit with a service like the Security Space Basic Security Audit to ensure it is configured correctly. With over 1500 known ports leading into and out of your computer, testing your firewall is the only way to know for sure that your computer is really being protected.
Comodo Internet Security
Comodo's free firewall is now packaged with their anti-virus program and renamed Comodo Internet Security. A commercial version is called Internet Security Pro, but the basic package is still free. Download it and then choose to install the firewall as a stand-alone, the anti-virus as a stand-alone or both together.
The latest version (4.0) contains a proactive defensive sandbox which combines file system/registry virtualization and least-privileged user account principle in order to combat with unknown malware. The program automatically sandboxes all unknown applications and executables until they are analyzed.
The firewall blocks both incoming and outgoing traffic not directed by you. But Comodo also watches for suspicious activity and blocks programs that behave suspiciously.
Comodo Internet Security allows three settings -- Firewall Only, Firewall Security (the default setting) and Proactive Security. The latter is the most secure. In any of the settings, the program will run in "Clean PC Mode" or "Safe Mode." Clean PC Mode assumes everything already on your computer (even malware, if there) as safe. While convenient for those who don't want to be bothered with the initiation period, it is not the wisest choice. Safe Mode is the best choice, although it will initially require you to "allow" and "remember" each program you trust to connect to the outside world. After that, it only asks you to allow incoming packets.
This is, by far, the best of the free firewalls if run correctly. It does insist that you approve each program at first, but after a while it will have learned what to trust.
Systems: 32-bit Windows XP and both 32- and 64-bit Vista and 7
PC Tools Firewall Plus protects your Windows-based computer by preventing unauthorized users from gaining access through the Internet or a network. By monitoring applications that connect to the network, Firewall Plus can stop trojans, backdoors, key-loggers and other malware from damaging your computer and stealing your private information.
Firewall Plus is designed for use by both average people (normal user mode) and more experienced users (expert user mode). Excellent security against attacks and known exploits is active by default, but experienced users can optionally create their own advanced packet filtering rules, including IPv6 support, to customize network defenses.
Firewall Plus, like all true firewalls, hides your PC from Internet hackers and hack-bots. It gives you detailed control over inbound and outbound traffic. It's easy to use, designed for both novice and expert users. It causes no interruptions or slowdowns when playing full-screen games or running/downloading broadband media content. Finally, it offers optional password protection for rules and settings.
PC Tools Firewall Plus provides solid internet protection, backed by regular Smart Updates, plus real-time protection and comprehensive network shielding to ensure your PC remains safe and hacker free. Like Comodo and Online-Armor, it might frustrate you with the initial number of pop-up alerts, but if it did not present these it would not be worth calling a firewall.
Systems: 32-bit Windows XP and 32-/64-bit Vista and 7
GhostWall FireWall is a fast, tight replacement for the Windows Firewall (WF) on older computers. It has more features and better performance than WF, is easy to use and doesn't slow PC or network operations. It has low resource and CPU usage and an attractive interface.
GhostWall, unlike WF, does alert you to outbound packets it has not yet recognized. For inbound blocks, it also displays the country of origin.
Systems: Windows 2000, 2003, XP, and XP 64-bit
Online-Armor's free version provides good security for those on a tight budget. The premium edition expands this protection significantly but we will concentrate on the free version.
This program offers standard mode firewall protection, kernel mode security, limited autostart protection, keylogger detection, tamper protection, program guard, script/worm protection, and manual updates. These are considered basic services for the industry, stopping hackers and malicious programs and protecting your identity. It is not a gold-plated program, but is still better than most of the free firewalls.
Online-Armor has a safety check wizard that allows you to trust all installed programs or scan for safe applications. If you are going to simply trust everything installed, you should first run a malware security program scan and then run Online-Armor's wizard to have it search your PC for programs to allow, block or ask.
Online-Armor is a basic but solid firewall. Once adapted to your PC, it will serve you well.
Systems: Windows XP, Vista and 7 32-bit (64-bit is in beta)
Hackers use automated tools to find computers they can break into. A basic firewall will usually keep them out. Outpost Firewall fills this bill, offering incoming and outgoing firewall protection (nothing passes unless you permit it to) that cannot be turned off by hackers. It is highly flexible without being difficult. Indeed, it is very user-friendly, although in its most secure mode it will do what any good firewall will do -- pester you with alerts. But it remembers your responses automatically, something Comodo and Online-Armor do not yet do.
It also performs behavior monitoring and alerts you to unexpected changes in file length, program performance, undirected program activation, and similar behavior that could signal the presence of a trojan, worm, virus, or malware.
Outpost Firewall is intuitive and resource friendly, meaning it runs in the background using little memory and imposing almost no computational demands. It is, however, devoid of many feature the commercial version offers, such as anti-spyware protection, s personal data storage vault (for ID protection), a URL black list, banner and ad blocker, pop-up and referrer blocker, automatic network rules manager, multi-language capability, and technical support. However, a basic firewall is better than none.
Systems: Windows 2000, XP, Vista, and 7
While the web is still free despite the efforts of certain lawmakers to regulate, control and tax it, we all know that safe web use comes with a price -- vigilance, security software and anxiety if either of the other two are lax, outdated or missing. To combat online threats, firewall, anti-virus and anti-spyware software have become essential investments for any home or business computer. These programs monitor and control system access and scan for and remove from your system any malicious or spying software.
The range and sophistication of malicious software and hacking techniques expands every month of every year. Traditional software solutions may not provide a proactive, multi-layered defense. PrivateFirewall does, giving you anti-virus and firewall protection.
PrivateFirewall provides adware and malware (spyware, key-loggers and rootkits) protection, protects you from drive-by downloads, secures your operating system's registry, and provides and website/IP filtering. It also monitors computer and program behavior and performs application/system behavior modeling to detect anomalies that often signal buried malware already resident on your computer.
A simple user interface makes Privatefirewall easy to manage.
Systems: Windows XP, Vista and 7
Windows 7 Firewall Control
We do not pretend to know why Microsoft does what it does but we assume it has reasons. So, when we read and hear about how klunky the resident Windows Firewall is we can wonder but not really know. Actually, it's a pretty good firewall. It just doesn't always tell you when one of your programs is trying to connect to its parent site to check for updates. It may know the program and let it through, but then again it may not. In the latter case, it says nothing and your various programs with built-in live update routines never fetch an update and you know nothing of it.
Microsoft could have fixed this long ago but chose not to. We can only assume they opted to make their firewall as unobtrusive as possible by deliberately not messaging outbound blockages. For many (most?) users this is okay (they don't want to have to close a message box anyway), but for some of us this is a flaw. When the right programmer perceives a flaw it just might result in a utility program to fix the flaw. Case in point, the disaster of removing the menus and toolbars from Office 2007 programs; Microsoft ignored the uproar but Ubit Schweiz AG, a small German company, put out a fix with UbitMenu. The silent firewall is another case in point. Enter the folks at Sphinx Software.
Windows 7 Firewall Control (it works on Vista, too) fixes what Microsoft will not and turns the Windows firewall into what it should have been all along. The firewall now notifies you of every attempt to connect externally, allows you to accept or reject the connection, and further allows you to set the permissions on each application to allow or deny (the default) outgoing or incoming connectivity. For example, some antivirus programs periodically seek virus definition updates (which the firewall might automatically block) while others receive notification when there is an update (which the firewall also might block). We say "might" because the large antivirus outfits are not blocked while some smaller ones are. By giving you control over which programs can and can't connect automatically, Windows 7 Firewall Control puts you in control, the way it should be. They also have an edition for portable devices (USB flash/HDD drives, iPod, etc.).
Systems: Windows Vista and 7
The firewall that comes installed with any version of Windows is a solid piece of protection. It is a very reliable inbound blocker and doesn't pester you with popup alerts. What it lacks is proactive security against outbound malware packets, but this is easily fixed by installing Windows 7 Firewall Control.
Some people, however, are simply not ready for the responsibilities associated with a solid, proactive firewall. The multitude of alerts would confuse or frustrate them to the point they would just click "allow" to every alert, defeating the whole purpose of a firewall. However, if you run one or two different malware scans you could reasonably assume your computer is clean, in which case Windows Firewall is just the ticket for the user who wishes to remain uninvolved.
Download: It's already installed!
Systems: Whichever Windows system you are running
Everyone needs an active, vigilant firewall. ZoneAlarm provides one. It actually combines several valuable features. DefenseNet (included) leverages real-time threat data from a community of millions of users to detect and block the latest attacks.
Of course, ZoneAlarm provides both inbound and outbound firewall protection, blocking uninvited transmissions either way. Inwardly, it renders your computer invisible to hackers and hack-bots. Outwardly, it prevents spyware, bot-nets, key-loggers and other malware from sending your personal data out to the internet.
ZoneAlarm runs in the background, unnoticed except when it issues an alert. It is compatible with all antivirus programs and blocks fraudulent, phishing and pharming websites. Finally, it provides you your credit scores and recovery services to secure your identity on- and off-line.
Systems: Windows XP, Vista or 7