Langa Letter: Firewall Feedback - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

10:29 AM
Fred Langa
Fred Langa

Langa Letter: Firewall Feedback

Fred Langa tests the new crop of desktop firewalls, makes his recommendations--and wants to hear about your experiences.

It's hard to believe, but it's only two years since ZoneLabs blew the doors off the desktop firewall market by offering the free and excellent ZoneAlarm 2.0. I first wrote about the software in February 2000, and many of you stampeded to the ZoneLabs site--so many, in fact, that Gregor Freund (then president, now CEO of ZoneLabs) wrote:

"Fred, I very much appreciate your article on ZoneAlarm (except that it nearly brought down our servers!). We've had 100K plus downloads in less then a week, and it is accelerating."

ZoneAlarm is offered in two versions: the free-for-personal-use basic edition (now at version 2.6.362), and a new $50 version 3.0.118 pro edition. The 3.x pro version is, in fact, very new; in the last month or so, it's been undergoing rapid modification, with almost weekly updates.

ZoneLabs' competitors haven't stood still. Many have released new versions. Nearly all the vendors offer similar free-for-personal-use basic versions of their desktop firewalls and enhanced versions for commercial and heavy-duty use. (The exceptions are Norton and McAfee.) Most of these packages are priced at around $40 to $50 per seat, with discounts available for quantity purchases.

'Desktop' Versus 'Real' Firewalls
Put down those flamethrowers. I know that a desktop firewall isn't a "real" firewall in the formal sense of standalone hardware/firmware. And, indeed, keeping intruders from reaching your desktop in the first place is clearly a better solution than letting the bad guys get to the desktop, then trying to stop them there. That's why most enterprises use a real firewall, where the LAN connects to the outside world. Plus, many small office and home office installations have firewall functions built into the external routers and other Internet-connection sharing devices they may employ. That's good.

But I believe it's risky--almost foolish--to depend on a single line of defense (see How Much Security Is Enough?). First, a firewall can fail; no piece of hardware or software is perfect. Second, a conventional firewall may do nothing at all to protect against attacks that originate on the "safe" side of the connection or that attempt their dirty work via the usually lightly guarded outbound Internet link. These attacks can result from intramural hacking (across the local network) or from Trojans, worms, and "phone-home" spyware installed on local systems.

A good desktop firewall can help. First, it can serve as a primary firewall if the main firewall goes down or is otherwise absent or compromised. Second, a desktop firewall can help thwart LAN-side hacking and also block attempts by locally installed software to co-opt or hijack the Internet connection, preventing back-door or phone-home activities.

For these reasons, I believe all PCs--desktops and laptops, in businesses and at home--should have some kind of desktop or personal firewall. But which one?

Many Hands Make Light Work
I have a variety of machines here in my office: Intel and AMD systems in 10 hardware configurations, running Win98, ME, 2000, XP Home, and XP Pro. But I'm not a testing lab, and what follows is not a formal review--please don't take it as such. Rather, this reflects my personal experiences and my likes and dislikes regarding six popular firewalls.

I've looked at and tested the current basic and pro versions of ZoneLabs' ZoneAlarm, the base and pro versions of Agnitum's Outpost, and the free versions of Sygate Personal Firewall and Tiny Personal Firewall. To test them, I used many of the security sites listed here and also used LeakTest as a simple check for the ability to detect and prevent phone-home behavior.

But there are many other firewalls and configurations I couldn't test. That's where you come in. Collectively, we've probably used just about every firewall ever made, in just about every possible configuration. So, when you finish reading this article, please click to the discussion area and share your firewall experiences. By pooling our knowledge, we can come up with results that can be better than some lab work--because our results will be from real people in real-life situations.

Here's what I've found in my tests.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 4
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll