Safety First: 5 Firewalls For Your Desktop PC

It's a dangerous world out there--but which firewall should you use? We rate the five top software firewalls and let you know which is the best.
Since the Microsoft Windows Firewall ships with Windows itself, the only recommendation to make is to replace it with something more robust as quickly as possible. McAfee's best attraction is SiteAdvisor, which adds a layer of behavioral protection on top of all the other things you normally get (although it is available separately), and Symantec's firewall is best if you want to integrate it into an existing suite of Symantec products already on your system.

ZoneAlarm is the best freeware choice, and can be readily upgraded to a full version later on. PC-cillin has the best all-around protection and sports a collection of nice bonus tools.

Vista Security: No Need for Firewalls?

Will Vista bring with it no need for firewalls? Or at least no need for third-party ones? Even if that's not what Microsoft actually achieves with the rewritten firewall and networking system in Windows Vista, the company is certainly aiming to provide a firewall for Vista that is written to better address the realities of defending a computer from both the outside and the inside. Aside from a badly needed way to perform outbound packet filtering by port or application, there are also convenience features like location profiles (home vs. work vs. on the road), and better management features for the firewall through Group Policy and Active Directory.


•  Introduction

•  McAfee Internet Security

•  Microsoft Windows Firewall

•  Norton Personal Firewall

•  Trend Micro PC-cillin

•  ZoneAlarm Security Suite

•  Conclusions

•  Vista: No Need for Firewalls?

These features have already showed up in the beta builds as far back as January 2006, although they were criticized as too difficult to find and use. Microsoft left the original Windows Firewall console untouched for the sake of familiarity, but the newer console that governs all the new features such as two-way filtering has only been available as a Management Console snap-in that you had to configure manually. One can hope the final version isn't this obscure.

Along with the firewall and network stack itself, the Windows kernel is also getting a heavy revamp to protect it against attacks via process-hooking strategies (a common tactic of viruses and Trojans). Ironically enough, the very kernel-level changes to Windows that are designed to protect it from attack are now apparently making it all the harder for third-party developers of legitimate security software to do their thing. Symantec was one of the loudest complainers, but the argument has the flavor of a doctor complaining that less of his patients get sick nowadays thanks to better prenatal vaccinations.

There's always going to be room for a third-party developer to improve on what Microsoft provides, whether it's in the form of kernel-level defenses or behavioral functionality like SiteAdvisor (which doesn't need kernel hooks to work).

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing