It's a dangerous world out there--but which firewall should you use? We rate the five top software firewalls and let you know which is the best.
It's amazing to think there was once a time when the idea of a firewall for one's desktop computer was thought of as overkill, if not downright ridiculous. Now it's practically mandatory -- not just to protect your computer from outside threats, but to keep Trojans and e-mail viruses from hijacking your system from within.
Other things have changed, too. Today, standalone firewall products are more the exception than the rule. I took a look at five major firewalls on the market today, and almost everything that came my way was either available both as a standalone and as part of a suite of security products from the same manufacturer, or was only available as part of that suite. For the most part, this is good news -- it means you can get more for your money than ever before. On the other hand, it might also mean you're forced to buy more than you really need; but the sheer diversity of the products out there helps alleviate that a bit.
The nature of the problems a firewall has to guard against has also changed. The problems have shifted from outside attacks (the "ping of death," and so on) to compromising a system from the inside via Trojans. To that end, most of the testing I did of these products was twofold, both from the outside -- using the DSLReports.com PortScan utility -- and from the inside, to see if they were as good at stopping emergent threats from within.
Incidentally, although the dangers to PCs may have changed, some operating systems have stayed the same. If you're still using Windows 98 or ME, your choice of a firewall will be somewhat more limited: While Norton Personal Firewall and PC-cillin Internet Security support the older operating systems, McAfee and ZoneAlarm do not.
One somewhat controversial program that I used to test, but didn't rely on as an absolute indicator of a firewall's value, was the Atelier Web Firewall Tester. This program uses a number of dirty tricks to open a connection to the outside world, mostly by invoking Internet Explorer or the IE ActiveX control, and its makers claim that very few, if any, personal firewalls can block this kind of spoofing. For that reason, the fact that many of the firewalls here flunked this test is more informational than anything else; it's a sobering hint of how tough it can really be to block unauthorized traffic from a program on your computer.
I should point out that there will probably never be a perfect software solution to computer security as long as the user remains the weakest link. If I have a firewall that blocks outbound connections from programs it doesn't know by default, that's a good thing -- until a well-written Trojan comes along and uses a bogus name like "Windows Network Process" to fool me into granting it access. To that end, anyone who plans on investing in a firewall -- or, for that matter, using the Internet at all -- deserves to know as much as they can about what not to do with their PC, and how a firewall isn't in itself total protection from anything, least of all carelessness or stupidity.
Some of the features I've seen packaged with firewalls and security software are becoming more explicitly educational, such as McAfee's SiteAdvisor browser plug-in. I'm hoping in the future we'll see more software that works in a behavioral fashion to guide people away from doing the dumb things that most often get them infected.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.