Langa Letter: Firewall Feedback - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
Commentary
4/9/2002
10:29 AM
Fred Langa
Fred Langa
Commentary
50%
50%

Langa Letter: Firewall Feedback

Fred Langa tests the new crop of desktop firewalls, makes his recommendations--and wants to hear about your experiences.

It's hard to believe, but it's only two years since ZoneLabs blew the doors off the desktop firewall market by offering the free and excellent ZoneAlarm 2.0. I first wrote about the software in February 2000, and many of you stampeded to the ZoneLabs site--so many, in fact, that Gregor Freund (then president, now CEO of ZoneLabs) wrote:

"Fred, I very much appreciate your article on ZoneAlarm (except that it nearly brought down our servers!). We've had 100K plus downloads in less then a week, and it is accelerating."

ZoneAlarm is offered in two versions: the free-for-personal-use basic edition (now at version 2.6.362), and a new $50 version 3.0.118 pro edition. The 3.x pro version is, in fact, very new; in the last month or so, it's been undergoing rapid modification, with almost weekly updates.

ZoneLabs' competitors haven't stood still. Many have released new versions. Nearly all the vendors offer similar free-for-personal-use basic versions of their desktop firewalls and enhanced versions for commercial and heavy-duty use. (The exceptions are Norton and McAfee.) Most of these packages are priced at around $40 to $50 per seat, with discounts available for quantity purchases.

'Desktop' Versus 'Real' Firewalls
Put down those flamethrowers. I know that a desktop firewall isn't a "real" firewall in the formal sense of standalone hardware/firmware. And, indeed, keeping intruders from reaching your desktop in the first place is clearly a better solution than letting the bad guys get to the desktop, then trying to stop them there. That's why most enterprises use a real firewall, where the LAN connects to the outside world. Plus, many small office and home office installations have firewall functions built into the external routers and other Internet-connection sharing devices they may employ. That's good.

But I believe it's risky--almost foolish--to depend on a single line of defense (see How Much Security Is Enough?). First, a firewall can fail; no piece of hardware or software is perfect. Second, a conventional firewall may do nothing at all to protect against attacks that originate on the "safe" side of the connection or that attempt their dirty work via the usually lightly guarded outbound Internet link. These attacks can result from intramural hacking (across the local network) or from Trojans, worms, and "phone-home" spyware installed on local systems.

A good desktop firewall can help. First, it can serve as a primary firewall if the main firewall goes down or is otherwise absent or compromised. Second, a desktop firewall can help thwart LAN-side hacking and also block attempts by locally installed software to co-opt or hijack the Internet connection, preventing back-door or phone-home activities.

For these reasons, I believe all PCs--desktops and laptops, in businesses and at home--should have some kind of desktop or personal firewall. But which one?

Many Hands Make Light Work
I have a variety of machines here in my office: Intel and AMD systems in 10 hardware configurations, running Win98, ME, 2000, XP Home, and XP Pro. But I'm not a testing lab, and what follows is not a formal review--please don't take it as such. Rather, this reflects my personal experiences and my likes and dislikes regarding six popular firewalls.

I've looked at and tested the current basic and pro versions of ZoneLabs' ZoneAlarm, the base and pro versions of Agnitum's Outpost, and the free versions of Sygate Personal Firewall and Tiny Personal Firewall. To test them, I used many of the security sites listed here and also used LeakTest as a simple check for the ability to detect and prevent phone-home behavior.

But there are many other firewalls and configurations I couldn't test. That's where you come in. Collectively, we've probably used just about every firewall ever made, in just about every possible configuration. So, when you finish reading this article, please click to the discussion area and share your firewall experiences. By pooling our knowledge, we can come up with results that can be better than some lab work--because our results will be from real people in real-life situations.

Here's what I've found in my tests.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 4
Next
Comment  | 
Print  | 
More Insights
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
News
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
Slideshows
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll