Try searching for the term “personal firewall” with your favorite software search engine. I did, and the results were staggering.
Download.com returned nearly 70 different firewalls! How can a person make an informed decision with so many products available?
SysOpt.com is here to help. We have taken several of the most popular offerings available and put them to the test.
The packages include BlackICE Defender, Internet Firewall 2000, McAfee Personal Firewall, Sygate Personal Firewall, and ZoneAlarm.
While other software does exist, these products are the most widely marketed solutions available at the consumer level. The results of this comparison are very surprising.
What Is A Personal Firewall?
A personal firewall is a software package that acts as a door for your computer’s incoming and outgoing connections.
The firewall will only allow authorized communications to pass. The Internet is the largest network ever envisioned, but it can also be the most threatening.
Computers connected to the Internet can be subject to tampering, eavesdropping, and vandalism from malicious people seeking to obtain your personal data or create chaos in your life.
As the Internet grows, so will this underlying base of unlawful users. Policing the Internet is not a viable option due to its massive complexity, so it is up to individual users to take action themselves.
Personal security is a real-world concern, especially considering the complexity of Microsoft Windows and the proliferation of thousands of Internet-aware applications.
The Internet is a hostile environment, and should be treated as such. A dedicated hardware firewall solution would the best choice, but this type of technology often requires a complex understanding of network theory.
The cost is also a major objection, as hardware firewalls can run to thousands of dollars. A user-friendly and cost effective solution would come in the concept of a software-based personal firewall.
Personal firewalls attempt to protect PCs from various malicious network activities. The most common attack is a denial of service (DoS).
DoS attacks exploit vulnerabilities in software to cause the victim’s system to either stall or crash.
Another popular attack is a Trojan horse, which acts as backdoor, thus allowing an intruder complete access to your system’s resources. Most Trojans are housed within unsolicited e-mail messages and should be regarded as viruses.
The Internet Protocol (IP) address is a fundamental networking concept. Each computer on a network must have some kind of identification for data to be directed to and from systems.
The IP address identifies each computer within a network, even the Internet. Without an assigned IP number, network data cannot be directed to a computer.
The concept of a port lies at the heart of the networking layer. Each network service has a dedicated port.
One port might handle only HTTP web transfers, while another transports only SMTP e-mail data. Within Windows’s scope of networking, thousands of these ports exist.
For most Internet users, only two or three small segments are actually needed, but the default Windows installation leaves nearly 65,000 ports open for access.
These open ports create major security risks. Most personal firewalls attempt to close unneeded ports and filter ones required for standard Internet use.
A complete explanation of network theory is outside the scope of this article. If you’re seeking more information about personal firewalls and how they relate to networking, you may want to reference the following sources:
- Home PC Firewall Guide
- Security Portal
- Internet Security Systems, Inc.
Testing Procedure
Each product was thoroughly examined with a battery of online security tests. Testing included:
- Steve Gibson’s Shields Up Scanner
- Sygate’s Online Security Service
- SecureMe’s Automated Security Scan
- Hacker Whacker
A fresh installation of Windows Millennium was used for each firewall tested. The same Internet service provider was used for each testing phase, so results could be consistent.
All tests were executed with the default Windows network configuration; no optimizations or changes were applied before or during testing.
BlackICE Defender
Vendor: NetWorkICE
Download Size: ~1.9 Megabytes
Suggested Price: $39
BlackICE Defender’s graphical user interface is efficient and well designed. The most impressive portion of the interface is the detailed level of network logging.
BID’s log interface displays information about suspicious network activities, including the attacker’s host name, IP address, and other valuable data needed to track down the malicious individual.
However, BID lacks an interface to efficiently browse and analyze these activity logs. To obtain this ability, one needs to obtain a third-party software package, such as Brady and Associates’ ClearICE Log Analyzer.
To include a similar utility with BID would likely have required little effort by NetworkICE, so it’s hard to understand why they bypassed it.
Extensive testing of BID capabilities resulted in uncovering several possible security risks. BID does not provide protection for outbound network connections.
While most applications require that information be exchanged in both directions, a clever Trojan horse could send data by exploiting this vulnerability.
The default configuration also lacks proper filtering settings to protect against several common backdoor applications, such as Back Orifice or NetBus.
The default setup also allows both incoming and outgoing ICMP port transfers. These ICMP transfers are ping requests.
If multiple pings are directed to one IP address, the receiving system can be flooded with data transfer requests.
This flood of data can lead to a system stall, thus rendering the computer useless until rebooted. BID also has incompatibilities with certain Virtual Private Networking (VPN) technologies.
VPN provides an encrypted network connection. This will likely be a moot issue for most users, as only a small portion of Internet Service Providers (ISP) support this advanced protocol.
NetworkICE’s BlackICE Defender (BID) was the first personal firewall mass marketed to the end-user community.
It features the ability to guard against most Internet attacks and intrusion attempts. BID’s signature checking capabilities include the ability to detect and block over 200 of the most popular network attacks.
These signatures include such popular attacks as Back Orifice, the Melissa Internet Worm, and TCP slow scanning.
Another positive feature includes the ability to configure NetBIOS file share and print share capabilities with ease.
The most impressive feature is BID’s ability to automatically block all network traffic from specific IP addresses during and after a critical level attack or intrusion.
Other noted problems with BlackICE Defender were minor. During testing with a Local Area Network (LAN), BID would consistently post false alerts for trusted activities.
While this is not a clearly defined bug, it is annoying. Another annoying characteristic is how one must configure the blocking of specific ports.
This process involved manually editing BID’s “firewall.ini” configuration file. Most novice users will likely not feel comfortable with this process.
The uninstall routine also features numerous bugs, as it does not properly remove registry entries, configuration files, and log files.
While this does not affect the security aspects of the application, the manual removal of these files and entries can be a tedious and time-consuming task.
BlackICE Defender provides an effective interface, but the possibility of the above-mentioned security issues could prove troublesome or even dangerous.
Until these critical risks are addressed, I cannot recommend BID to those seeking a secure personal firewall. BID could prove effective for some situations, but it is not a complete online security solution.
BlackICE Defender Ratings
| Criteria | Grade |
|---|---|
| User Interface: | A- |
| Effectiveness: | B |
| Customizability: | B- |
| Overall Value: | B |
Internet Firewall 2000
Vendor: Digital Robotics
Download Size: ~1.1 Megabytes
Suggested Price: $39
Digital Robotics’ Internet Firewall 2000 is marketed as “the most technologically advanced and easiest to use suite of Internet security tools available. In reality, IWF2K is the opposite.
The only positive I noted with this software package is the inclusion of a visually appealing graphical user interface.
Upon loading IWF2K, the user is presented with a screen outlined with burning text and other supposedly “cool” graphics. My positive experience ended there.
Utilizing the series of online tests listed earlier, I found Internet Firewall 2000 not to be a true firewall application.
It is really a port monitoring utility. Port monitoring simply listens for activity on certain ports. Port listening requires that the port be placed in an open state.
Then, if a suspicious activity occurs, the port monitor will attempt to close the port and alert the user.
Since the port was originally open, a clever attacker could bypass Internet Firewall 2000’s “security features”.
A true firewall configures a protected port to be stealth compatible, which means the port will not respond to any inbound network activity.
Thus, the protected system should appear nonexistent to attackers using port scanning tools.
Another severe security risk associated with IWF2K is that it does not close the NetBIOS (Port 139) to transfers.
NetBIOS governs network file share capabilities. Port 139 is the easiest way for an intruder to access a Windows system, and this port should be closed to all Internet activity.
IWF2K’s inability to block this port attests to its complete lack of usefulness.
To further examine inherent security risks, a complete port scan yielded a surprising result. I first configured Internet Firewall 2000 for the maximum security available.
Then I launched an nmap network scan with Hacker Whacker. The scan was able to probe and access a large number of open ports. Not once did Internet Firewall 2000 actively do anything to block these scan attempts.
IFW2K also lacks the ability to trace or log network activity, a feature that most firewalls in this review include.
I cannot recommend Internet Firewall 2000 to anyone seeking a personal firewall package.
Even with its integrated features, such as virus scanning, the $39 cost cannot be rationalized. Its virus scan utilizes an online utility.
For those interested in this capability, Trend Micro’s HouseCall provides free online virus scanning. IFW2K was the most disappointing product employed in this review.
Internet Firewall 2000 Ratings
| Criteria | Grade |
|---|---|
| User Interface: | B- |
| Effectiveness: | F |
| Customizability: | D |
| Overall Value: | D- |
McAfee Personal Firewall
Vendor: McAfee
Download Size: ~8.0 Megabytes
Suggested Price: $29 for one-year subscription.
McAfee Personal Firewall is a rather odd product. First, you do not actually purchase it.
Users purchase a one-year subscription from McAfee online services. The core technologies employed within MPF were actually developed by Signal9 Solutions.
Signal9 is best known for their corporate and business level firewalls. One of the more successful Signal9 applications is Conseal PC Firewall.
Conseal provides an effective level of protection, but its use of detailed and hard-to-configure rule-sets made it unpopular with most users. For brute force packet level filtering, Conseal is a powerful solution.
Does McAfee Personal Firewall have these same characteristics? Under close examination, the underlying firewall software is actually an updated version of Conseal PC Firewall.
McAfee has replaced the graphical user interface of Conseal with a more efficient front-end. Also eliminated is the need for complex rule-sets.
MPF’s new interface also provides per application rights assignment. However, the new interface allows only minimal configurations, thus limiting the usefulness of the powerful Conseal firewall engine.
For people interested in protecting only one system, MPF should prove more than adequate. For those with a system connected to a LAN, then MPF has limited functionality.
The new interface does not allow specific port rights to be user defined. Another disturbing issue is that MPF does not close the NetBIOS Port 139 by default.
The user can configure this option, but all Internet security packages should provide this simple option within the default configuration.
McAfee Personal Firewall’s network logging is efficient, as it allows users to view applications, processes, services, and ports with current network activity.
Another useful feature is that the generated log file is formatted as standard text. This means the log can easily be diagnosed and analyzed with a simple word processor.
Testing of MPF proved it to be a viable firewall once the advanced settings were optimized for maximum security.
Numerous port scans and intrusion attempts were rejected and promptly logged by MPF. With a few updates to address the lack of specific port configurations and more user-defined settings, MPF could prove to be a valuable personal firewall solution.
I am still puzzled by the one-year licensing strategy, but can see how this would force a person to update firewall technology at regular intervals.
McAfee Personal Firewall could be a great package with a few fixes and updates. However, I honestly would not recommend it to most people seeking a personal firewall until these issues are corrected. Perhaps McAfee’s next release will address these problems.
McAfee Personal Firewall Ratings
| Criteria | Grade |
|---|---|
| User Interface: | A- |
| Effectiveness: | A- |
| Customizability: | B- |
| Overall Value: | B |
Sygate Personal Firewall
Vendor: Sygate Technologies
Download Size: ~2.5 Megabytes
Suggested Price: Freeware
Sygate Personal Firewall is an impressive package featuring an effective level of Internet protection.
SPF integrates a secure networking layer with an intuitive graphical interface. SPF can be easily configured for most situations with its included predefined security rule-sets.
Novice users will benefit most by these built-in options, as it does not require intricate network knowledge to set up SPF for use with a stand-alone Internet capable system.
I was unable to compromise the security of Sygate Personal Firewall with thorough testing procedures.
SPF successfully detected and blocked all intrusion and online scan attempts.
SPF’s flexibility to include user definable configurations for both general network settings and per-application rights is equally impressive.
One can easily set up specific port and IP addresses trusted with access through the graphical user interface, which is an invaluable option.
The ability to set trusted communications ensures that LAN communications are not compromised.
SPF also allows most VPN protocols to bypass the firewall, so users using encrypted networking standards can still utilize the advanced features of this firewall.
SPF’s ability to automatically reconfigure itself for specific networks is impressive. This allows users with multiple ISPs to benefit from complete protection.
Another SPF option is an automated e-mail notification system. With this capability, SPF can forward an e-mail message when it logs suspicious network activity.
This is a great option for users with remote systems where interactive monitoring is not possible.
Another valuable feature allows the firewall to block all inbound and outbound network communications during certain time periods or while the system’s screen saver is active.
To protect the configuration of all options, the system’s owner can set a private password to access the firewall configuration settings.
Sygate Personal Firewall even includes a detail-rich logging system. When set for “detailed logging”, SPF will archive important data needed to find would-be attackers.
Archive data includes the time, date, remote IP, remote port, local IP, local port, and direction of network activities.
The log will even indicate when a firewall setting has been altered, which is useful for achieving more effective system security.
The only downside to the logging process is the lack of a search or sort option. While this option is not needed for actual security level checking, it could simplify log file analysis.
Sygate Personal Firewall offers an efficient level of security with a great interface. Novice users will like the pre-configured settings, and power users will enjoy the ability to further define custom settings for specific port, address, and VPN transfers.
I have no concern recommending Sygate Personal Firewall as a secure software package. The pricing is great—free—and the download is small. Definitely take a look at this product.
Sygate Personal Firewall Ratings
| Criteria | Grade |
|---|---|
| User Interface: | A |
| Effectiveness: | A+ |
| Customizability: | A |
| Overall Value: | A+ |
ZoneAlarm
Vendor: ZoneLabs
Download Size: ~1.6 Megabytes
Suggested Price: Freeware Personal Edition
ZoneLabs’ ZoneAlarm (ZA) is a valuable personal firewall. The easy to understand interface makes it a great option for most Internet users.
ZA allows simultaneous, but independent, settings for both Internet and LAN access rights. These rights are configured through the use of three predefined network settings.
Also included for both network zones are user definable application rights. ZA also provides grantable server rights and supports user defined trusted IP addresses.
The underlying firewall filter can filter both incoming and outgoing network packets.
ZA includes another useful feature dubbed MailSafe. MailSafe isolates and allows the user to delete Visual Basic Script (VBS) files found as email attachments.
VBS files are the easiest way for malicious intruders to install backdoor applications. They are also used for data collection and file editing and deletion.
While VBS was intended for legitimate purposes, this scripting language has become the programming interface of choice for illegal activities.
ZoneAlarm’s logging engine is useful and efficient. For analysis of the activity data, ZA requires the user to connect to ZoneLabs’ web site.
While I personally trust ZoneLabs’ privacy policies, many people object to this process.
ZoneLabs could gather user information during this process, but this would constitute a direct violation of the company’s privacy agreements.
A major drawback to ZA is the lack of advanced user controls. ZA also will not block all ICMP ping requests from un-trusted sources.
In contrast, ZoneAlarm did block all other port scans employed with my battery of tests. It is rather odd that certain ICMP transfers are allowed, as this could be a security issue.
The ICMP protocol is an integral part of most denial of service attacks. Another potential hazard is how the application rights process identifies programs.
The detection system uses the application’s file header data. Assuming a backdoor program was encoded with the same header information as a trusted application presents a large risk.
ZoneAlarm is an efficient and well-engineered personal firewall. Only minor issues exist with its security routines, but these problems could prove dangerous under the right conditions.
ZoneLabs releases updates to ZA on a regular basis, so I would expect these issues to be addressed with a future version.
While ZoneAlarm does offer a useful interface and the important MailSafe utility, I would still recommend Sygate’s Personal Desktop as a superior alternative until the minor problems with ZA are corrected.
ZoneAlarm Ratings
| Criteria | Grade |
|---|---|
| User Interface: | A- |
| Effectiveness: | A |
| Customizability: | B- |
| Overall Value: | A- |
Criteria Ratings Overall
| BlackICE | Internet Firewall | McAfee | Sygate | ZoneAlarm | |
|---|---|---|---|---|---|
| User Interface: | A- | B- | A- | A | A- |
| Effectiveness: | B | F | A- | A+ | A |
| Customizability: | B- | D | B- | A | B- |
| Overall Value: | B | D- | B | A+ | A- |
Comparison Summary
One great disappointment is Internet Firewall 2000. Its feature set is limited and the interface lacks good organization.
IFW’s behavior of opening ports creates an enormous security risk, one that I’m not willing to take.
As for its integrated feature set, most of these options can already be found in currently available freeware.
I can find no real usefulness for this product compared to the other firewalls covered in this review.
I honestly would not waste the time to download the Internet Firewall 2000 demo, let alone spend $39 for the full version.
BlackICE Defender fared better than IFW2K, as it does feature several useful options. Its logging capabilities exceed the usability of any other product in this review.
BID could use several improvements, however. A potential security risk is its inability to filter outgoing packet data.
As intrusion programs become more sophisticated, the lack of outbound filtering could prove hazardous.
Since outgoing connections are not monitored, a malicious program could transfer files and even personal information to any persons wishing to use the data for malicious purposes.
Do remember that BlackICE Defender isn’t free, and I believe that better freeware packages are currently available.
McAfee Personal Firewall offers decent options to protect a single system for most Internet attacks.
With a few updates to the base configuration, this package could be a powerful product. The interface is easily serviceable, especially for first time firewall users.
The only major flaw I noted is the lack of viable LAN support features. It is hoped that McAfee will address this issue with a future release, as they have a great foundation to build on.
Zonelabs’ ZoneAlarm is a great freeware package. With simple network settings and a great interface, this adds up to a powerful Internet security package.
ZA could become one of the best solutions available with a few minor improvements to the base package.
The addition of more advanced configuration options would be useful, and would complete the already impressive feature set of this package.
Even without this feature, ZoneAlarm proves to be a valuable product. I would have little problem in recommending this product to anyone seeking a decent personal firewall.
I would designate Sygate Personal Firewall as the most comprehensive personal firewall solution reviewed.
SPF’s robust feature set combined with an efficient interface makes it suitable for all Internet users, whether they be novices or network administrators.
With a freeware personal version available, I would recommend that all Internet users take a look at this product.
The current version offers excellent security, and I only see SPF improving with future releases. If you only try one product, then Sygate Personal Firewall should be it.
The results of this firewall comparison are rather interesting. In most scenarios, the freeware applications were capable of meeting and even exceeding the capabilities of the purchased packages.
It is refreshing to see that freeware applications are still viable, especially in this era when most useful products are tagged with costly prices.
Stay on top of the latest technology trends — delivered directly to your inbox, free!
Subscription Form Posts
Written by Bobby
YOU MAY ALSO LIKE
