Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Home User Security: Personal Firewalls

Created: 07 Dec 2003 • Updated: 02 Nov 2010
Language Translations
Anonymous's picture
-1 1 Vote
Login to vote

by Sarah Granger

Finding the right firewall

Firewalls play a crucial role in network and computer security.   Part I of this series, Home User Security: Your First Defense, examined the typical functions of firewalls and how they can be of use on an individual level. More specifically, the need for personal firewalls in the home office was discussed. Now we will explore some of the best options on the market, many of which are available free of charge or are already installed on major operating systems.

In order to determine what type of firewall is best for you, here are five questions to consider:

  • What features are most important to me?
  • Do I have a history of getting viruses and worms?
  • What other security practices do I employ?
  • How much am I willing to spend on a firewall solution?
  • Do I use many programs that automatically access the Internet?

The average user has several programs that regularly access the Internet (whether he or she knows it or not), some virus problems, and an interest in a cheap or free solution with minimal configuration and maintenance headaches.   Advanced options like encryption, ad-blocking, cookie digestion and hiding offer greater privacy, but often entail more work on the user's part.   There are trade-offs, as always, but most firewall packages provide simple enough interfaces that anyone can monitor the firewall's activities.   Firewalls are no longer the sole responsibility of senior network administrators -- we are all qualified operators.

Feature selection

Without going into detail as to what these features do (please see Part I for that), here again are the main options available in personal firewall software:

  • Inbound filtering
  • Outbound filtering
  • Application integrity verification
  • Data encryption
  • Hiding your presence
  • Reporting/Logging
  • Email virus protection
  • Pop-up ad blocking
  • Cookie digestion
  • Spyware protection
  • Laptop protection

Among these features, some of the most important that should be evaluated are: inbound vs. outbound filtering, application integrity verification, and user notifications. These will be discussed in more detail below.

As explained earlier, firewalls work by examining packets of data through a variety of filters.   They analyze the ports used by the data, the addresses through which the data flows, the data characteristics, and the data protocols and types.

Inbound vs. outbound filtering

Inbound filtering refers to any incoming data.   This is what most people equate to the work of a firewall.   However, outbound filtering can be just as important, if not more important to the security of a system.   For example, after installing a firewall like Zone Alarm for the first time, many a user will notice strange programs trying to access the Internet using unusual ports.   These could be malware that nestled into the system through a variety of means. Many people are unaware that they already have such malware installed, and possibly have for some time. In the worst case this could cause their computer to act as a "zombie" or "drone" under the control of a third party elsewhere on the Internet. As this type of malware is often not discovered by anti-virus software, the purpose of outbound filtering is to detect these programs and prevent them from doing harm to others. In addition, outbound filtering will notify a user of other attempts to access the Internet such as by spybots and spyware, and thus prevent the leaking of your personal information into the ether.

Application integrity

Application integrity verification is just a fancy name for observing data changes.   Dermatologists recommend watching moles for color or size changes.   This is the same type of thing.   If a major application has changed since the last usage and no user or administrator performed an upgrade or patch, that sets off a red flag to the firewall software that the particular application could be infected. In many cases, the alert will be due to the fact that you've just upgraded that particular application. However, in some cases it may be caused by a malicious program that has manipulated and changed a legitimate application into something more devious without your knowing.

User notifications

Some firewalls have user notifications in a designated window or pop-up windows that alert the user to inbound and outbound requests.   It is possible to watch every transaction and log it, but after the first fifteen minutes of using a new firewall, the novelty wears off and most users find that it's a pain to monitor the constant influx of requests. Setting up automatic acceptance and rejection of certain types of requests is fairly straight-forward in most cases and prevents the user from playing a never-ending gatekeeper role.

Who makes personal firewall software?

Now for the contenders:   First off, Windows XP and Mac OS X both come with their own built-in firewalls, so if you run one of those operating systems, you already have a very basic firewall installed (but likely, not turned on). If it suits your needs outlined above, all that is required is minimal configuration to make it work. It is also worth noting that all forms of UNIX and therefore Linux have packet filtering capabilities, i.e. software firewall control in various forms.

Popular freeware firewalls include Zone Alarm, Kerio Personal Firewall 2, and Agnitum's Outpost.   Other firewalls that are either inexpensive and/or have free trials include Norton Personal Firewall, Black ICE PC Protection, McAfee Personal Fireweall, and Tiny Personal Firewall.

The information reported below on each of the firewalls listed was compiled from a number of reviews from various reputed sources, in addition to testing.   Some of the commercial offerings require an annual subscription, but this is worth the expense because it ensures automatic updates to the firewall software in order to maintain a high level of security.   Refer to the chart for side-by-side comparisons of the products.

Native OS Firewalls

Windows' Internet Connection Firewall :

The built-in XP firewall capabilities are weak, but it's better than nothing.   It is important to note that it has no outbound filtering or any additional features.   By default the firewall in XP is turned off, but it's best to check before installing another firewall software solution.   To locate it and enable/disable it, open "My Network Places, click on "View Network Connections", select the appropriate connection and right-click to "Properties", then click the "Advanced" tab and check "Protect My Computer And Network By Limiting Or Preventing Access To This Computer From The Internet".   Voila: you have a basic firewall.   Note that you should never use more than one software-based firewall at a time. Turn off XP's firewall before installing any other firewall software.

Mac OS X Firewall :

The built-in firewall for Mac OS X is, like the rest of the OS, built on a UNIX-based platform so it entails an advanced form of port monitoring.   It is easy to understand and configure, but is also turned off by default, like Windows XP's firewall.   Under "System Preferences", "Sharing", a tab entitled "Firewall" holds the controls.   A few switches within the "Sharing" windows along with following Apple's instructions is all that is necessary to turn on the firewall.   No advanced features are available in the native firewall, but it should be noted that the latest version of MacOSX, Panther, includes a version of Safari, Apple's browser, that does its own pop-up ad blocking and cookie protection.

Popular freeware firewalls

Kerio Personal Firewall 2:

Free for home use or $39 for corporate users, Kerio has downloadable preset rules in addition to the ability to create user-defined rules.   One feature unique to Kerio and Tiny (they share the same underlying architecture) is file authentication by digital signature.   Files are not encrypted by the firewall, but they employ crypto as a means of application integrity monitoring.   Kerio is relatively new, but has received good reviews.

Outpost Firewall, by Agnitum:

This is a good, solid freeware firewall program that somehow has had little acknowledgement. It's easy to use, blocks ads and viruses, and controls cookies.  

Zone Alarm, by ZoneLabs :

Probably the most well-known freeware firewall program on the PC market, Zone Alarm is simple to install and configure.   Like all other freeware and commercial products, it filters both inbound and outbound traffic. Zone Alarm has been the recognized leader of free personal firewall software for PCs for a few years now, but a few of the others listed below are becoming quite competitive.

Inexpensive firewalls (most with free trials)

Black ICE PC Protection :

Black ICE looks to have less of an audience than some of the other leading firewalls, most likely due to its simple interface and limited feature set, but it has good intrusion detection, clear reporting and a clean look.   Like most of the others, users can trace back for hacker identification.   It's a cheap option, but seemingly provides no more benefits than other free firewalls.

Norton Personal Firewall 2004 :

Norton-Symantec have long been known to put out solid security products and this is no exception.   Versions of Norton Personal Firewall 2004 and Norton Internet Security exist for both the PC & Mac.   These programs are reportedly well-suited to novices as well as experts in security.   Norton has a full feature set, pre-written rules available, and installation is simple.   The Norton Internet Security version includes anti-virus and parental control.   (See chart below for advanced features.)   When purchasing a product from one of the big boys, it costs a bit more.   Norton and McAfee advanced packages both run over $50 whereas the other products on this list are all under $50.

McAfee Personal Firewall :

McAfee Personal Firewall reportedly has a pleasant user interface but a lengthy configuration process.   Some reviews rank it above Norton, but due to a slightly less mature product, McAfee generally comes in second.   The basic version of the firewall is $30 and the Internet Security suite for $70 includes a chat room for kids, anti-virus protection, and ad blocking.

 

Outpost Firewall PRO, by Agnitum:

The commercial version of Agnitum's free Outpost Firewall adds application verification and stateful inspection, among other features. The price is reasonable, and family licenses are available for the networked home.   It's easy to use, blocks ads and viruses, and controls cookies.   Definitely worth considering for a full house.

Tiny Personal Firewall :

Previous versions are/were free, but now Tiny is moving to a free trial only.   Rivaling ZoneLabs for the number one spot in the freeware market, Tiny has earned a solid reputation.   Installation is easy, a multitude of expert options exist including detailed program control, and dialogs also contain a good amount of detail.   The rule modification can be tedious, but many expert users enjoy this feature.   One version scored low on a ShieldsUp analysis (see below to learn more about testing) and in general, Tiny's benchmarks are slightly below Zone Alarm.

Zone Alarm Plus or Zone Alarm Pro, by ZoneLabs :

A bit confusing is the plethora of options now available from Zone Labs: Zone Alarm, Zone Alarm Trial, Zone Alarm Plus 4.0, and Zone Alarm Pro 4 with Web Filtering, but it comes down to this: for free, you get a basic firewall.   Pay USD$40 and add on a slick user interface and virus protection or pay $50 and add those things as well as Cache Cleaner, Ad Blocking and Cookie Control.   (If you're spending the money, it seems that the extra $10 is worth it.)    Zone Alarm is a robust program, but its flaws are that the mechanism for filtering of outbound communication is somewhat clunky and its incessant pop-up security warnings can become annoying.

A comparison

The chart below compares the more basic firewalls as outlined above.

 

Basic Firewalls
Program: Cost for basic or home version: Configuration & rule modification: User interface: Inbound filtering: Outbound filtering: Application integrity monitoring: Reporting & logging:
Black ICE PC Protection $40 w/$20 annual renewal easy WinXP-based solid solid solid clear and concise
Kerio Personal Firewall 4 free for home use robust basic solid solid solid clear and concise
Mac OS X Firewall included in all versions of MacOSX easy Mac OSX basic none basic clear and concise
McAfee Personal Firewall Plus 4.1 $30 robust good solid limited (3 basic levels) solid confusing warnings
Norton Personal Firewall 2004 $50 for PC, $70 for Mac version   robust good solid solid solid clear and concise, full packet logging
Outpost Firewall FREE free version easy good solid solid none clear and concise
Tiny Personal Firewall 5 30 day free trial only robust good solid solid solid detailed warnings
Windows Internet Connection Firewall included in Windows XP operating system easy WinXP basic none none none
Zone Alarm free version easy good solid limited solid detailed warnings, full packet logging

Similarly, the table below compares popular firewalls that provide some more advanced features available. From all the analysis, you can't go wrong with any of the options listed in either of these charts, but some are more suitable to certain environments than others.   See the Resources section below for more information on where to research these options in more detail

 

Advanced Firewalls
Program: Cost: Virus protection: Encryption: Hiding: Pop-up ad blocking: Spyware protection: Cookie digestion: Laptop protection: Multi-User Capability:
Black ICE PC Protection $40 w/$20 annual renewal no no no no no no no no
Kerio Personal Firewall 4 (for businesses) $45 single user; $22 subscription no only for authentication purposes no yes yes yes yes yes
McAfee Internet Security Suite 5.0 $75 yes (McAfee VirusScan) no no yes yes no no no
Norton Internet Security 2004 $70 for PC, $100 for Mac version yes (only additional feature above Personal Firewall: Norton AntiVirus) no yes yes yes yes yes yes (via Professional)
Outpost Firewall PRO 2 $39.95 yes no yes yes yes yes yes no
Tiny Personal Firewall 5 $50 no only for authentication purposes no no yes no no yes
Zone Alarm Plus & Pro 4 $40; $50 yes yes yes (Pro only) yes (Pro only) yes (Pro only) yes (Pro only) yes yes (via Integrity 2)

Firewall management

Installation & configuration for any of these firewalls should be fairly straight-forward.   Most of them use clear language, such as "Paranoid", "Nervous", "Cautious" or "Trusting" settings in BlackICE.   Daily usage and monitoring can be as detailed as the software allows, but most users prefer fewer interruptions.   All non-native firewall software products produce reports or logs generated as the firewall runs.   Those logs can be daunting to read, but they often tell a lot about the traffic on the system and network, and can be very effective in alerting users to common threats.

Testing, 1, 2, 3

Luckily, several sites exist for scanning and testing personal firewalls.   Here are three of the best:

  • HackerWhacker -- free evaluations or memberships are available here for scanning and testing
  • ShieldsUp! Internet Vulnerability Profiling and Leak Test . Also web-based, ShieldsUp! port profiling services are free and fairly thorough; Leak Test bypasses browsers to test whether it is possible to sneak past firewalls undetected
  • Security Space: Desktop Audit -- for $10/year, this company will provide web-based security audits on your desktop computer, lasting 30 minutes to an hour

To review

Due to increased traffic and ever more sophisticated threats on the Internet, the need for personal firewalls has grown to become an absolute necessity for home users.   Investing a little time and money is a smart strategy for your personal security and privacy. The list above is a good place to start, after first determining your needs.   Pick one, download it, and try it out.   Worst case, you'll have slightly improved security and a few pesky pop-up windows as security reminders.   Best case, you can sleep better at night knowing your credit card numbers aren't being broadcast from your machine and that the chances of viral infection have been significantly reduced.

Resources

Bobelian, Michael, " Hackers and Viruses Don't Stand a Chance ", Forbes.com, June 13, 2003.

Gilroy, John, " When to Update Your Firewall Software ", Washingtonpost.com, November 2, 2003.

" Home PC Firewall Guide ," Firewall.com, 2003.

Keizer, Gregg, " ZoneAlarm Pro 4.5 ", CNET Reviews, November 25, 2003.

Mendelson, Edward, " Security Suites: Norton Internet Security 2004 ", PC Magazine, November 25, 2003.

" Network Firewall, Intrusion Prevention, File and System Security in ONE box ," TINY Software, 2003.

" Personal Firewall Reviews ," Firewall.com, 2003.

Rash, Wayne and Connolly, P.J.," Zone Labs simplifies personal-firewall management ", InfoWorld, February 14, 2003.

Robb, Drew, " Reining in Personal Firewalls ," ComputerWorld, June 16, 2003.

Roubini, Jonathan, " Lab Tests: Software Firewalls ", PC Magazine, November 19, 2002.

Yegulalp, Serdar, " Software Firewall Reviews ," PC Magazine, November 19, 2002.

 

 

 

 

Author Credit

View more articles by Sarah Granger on SecurityFocus.

This article originally appeared on SecurityFocus.com -- reproduction in whole or in part is not allowed without expressed written consent.