Home User Security: Personal Firewalls
by Sarah Granger
Finding the right firewall
Firewalls play a crucial role in network and computer security. Part I of this series, Home User Security: Your First Defense, examined the typical functions of firewalls and how they can be of use on an individual level. More specifically, the need for personal firewalls in the home office was discussed. Now we will explore some of the best options on the market, many of which are available free of charge or are already installed on major operating systems.
In order to determine what type of firewall is best for you, here are five questions to consider:
The average user has several programs that regularly access the Internet (whether he or she knows it or not), some virus problems, and an interest in a cheap or free solution with minimal configuration and maintenance headaches. Advanced options like encryption, ad-blocking, cookie digestion and hiding offer greater privacy, but often entail more work on the user's part. There are trade-offs, as always, but most firewall packages provide simple enough interfaces that anyone can monitor the firewall's activities. Firewalls are no longer the sole responsibility of senior network administrators -- we are all qualified operators.
Without going into detail as to what these features do (please see Part I for that), here again are the main options available in personal firewall software:
Among these features, some of the most important that should be evaluated are: inbound vs. outbound filtering, application integrity verification, and user notifications. These will be discussed in more detail below.
As explained earlier, firewalls work by examining packets of data through a variety of filters. They analyze the ports used by the data, the addresses through which the data flows, the data characteristics, and the data protocols and types.
Inbound vs. outbound filtering
Inbound filtering refers to any incoming data. This is what most people equate to the work of a firewall. However, outbound filtering can be just as important, if not more important to the security of a system. For example, after installing a firewall like Zone Alarm for the first time, many a user will notice strange programs trying to access the Internet using unusual ports. These could be malware that nestled into the system through a variety of means. Many people are unaware that they already have such malware installed, and possibly have for some time. In the worst case this could cause their computer to act as a "zombie" or "drone" under the control of a third party elsewhere on the Internet. As this type of malware is often not discovered by anti-virus software, the purpose of outbound filtering is to detect these programs and prevent them from doing harm to others. In addition, outbound filtering will notify a user of other attempts to access the Internet such as by spybots and spyware, and thus prevent the leaking of your personal information into the ether.
Application integrity verification is just a fancy name for observing data changes. Dermatologists recommend watching moles for color or size changes. This is the same type of thing. If a major application has changed since the last usage and no user or administrator performed an upgrade or patch, that sets off a red flag to the firewall software that the particular application could be infected. In many cases, the alert will be due to the fact that you've just upgraded that particular application. However, in some cases it may be caused by a malicious program that has manipulated and changed a legitimate application into something more devious without your knowing.
Some firewalls have user notifications in a designated window or pop-up windows that alert the user to inbound and outbound requests. It is possible to watch every transaction and log it, but after the first fifteen minutes of using a new firewall, the novelty wears off and most users find that it's a pain to monitor the constant influx of requests. Setting up automatic acceptance and rejection of certain types of requests is fairly straight-forward in most cases and prevents the user from playing a never-ending gatekeeper role.
Who makes personal firewall software?
Now for the contenders: First off, Windows XP and Mac OS X both come with their own built-in firewalls, so if you run one of those operating systems, you already have a very basic firewall installed (but likely, not turned on). If it suits your needs outlined above, all that is required is minimal configuration to make it work. It is also worth noting that all forms of UNIX and therefore Linux have packet filtering capabilities, i.e. software firewall control in various forms.
Popular freeware firewalls include Zone Alarm, Kerio Personal Firewall 2, and Agnitum's Outpost. Other firewalls that are either inexpensive and/or have free trials include Norton Personal Firewall, Black ICE PC Protection, McAfee Personal Fireweall, and Tiny Personal Firewall.
The information reported below on each of the firewalls listed was compiled from a number of reviews from various reputed sources, in addition to testing. Some of the commercial offerings require an annual subscription, but this is worth the expense because it ensures automatic updates to the firewall software in order to maintain a high level of security. Refer to the chart for side-by-side comparisons of the products.
Native OS Firewalls
The built-in XP firewall capabilities are weak, but it's better than nothing. It is important to note that it has no outbound filtering or any additional features. By default the firewall in XP is turned off, but it's best to check before installing another firewall software solution. To locate it and enable/disable it, open "My Network Places, click on "View Network Connections", select the appropriate connection and right-click to "Properties", then click the "Advanced" tab and check "Protect My Computer And Network By Limiting Or Preventing Access To This Computer From The Internet". Voila: you have a basic firewall. Note that you should never use more than one software-based firewall at a time. Turn off XP's firewall before installing any other firewall software.
The built-in firewall for Mac OS X is, like the rest of the OS, built on a UNIX-based platform so it entails an advanced form of port monitoring. It is easy to understand and configure, but is also turned off by default, like Windows XP's firewall. Under "System Preferences", "Sharing", a tab entitled "Firewall" holds the controls. A few switches within the "Sharing" windows along with following Apple's instructions is all that is necessary to turn on the firewall. No advanced features are available in the native firewall, but it should be noted that the latest version of MacOSX, Panther, includes a version of Safari, Apple's browser, that does its own pop-up ad blocking and cookie protection.
Popular freeware firewalls
Free for home use or $39 for corporate users, Kerio has downloadable preset rules in addition to the ability to create user-defined rules. One feature unique to Kerio and Tiny (they share the same underlying architecture) is file authentication by digital signature. Files are not encrypted by the firewall, but they employ crypto as a means of application integrity monitoring. Kerio is relatively new, but has received good reviews.
This is a good, solid freeware firewall program that somehow has had little acknowledgement. It's easy to use, blocks ads and viruses, and controls cookies.
Probably the most well-known freeware firewall program on the PC market, Zone Alarm is simple to install and configure. Like all other freeware and commercial products, it filters both inbound and outbound traffic. Zone Alarm has been the recognized leader of free personal firewall software for PCs for a few years now, but a few of the others listed below are becoming quite competitive.
Inexpensive firewalls (most with free trials)
Black ICE looks to have less of an audience than some of the other leading firewalls, most likely due to its simple interface and limited feature set, but it has good intrusion detection, clear reporting and a clean look. Like most of the others, users can trace back for hacker identification. It's a cheap option, but seemingly provides no more benefits than other free firewalls.
Norton-Symantec have long been known to put out solid security products and this is no exception. Versions of Norton Personal Firewall 2004 and Norton Internet Security exist for both the PC & Mac. These programs are reportedly well-suited to novices as well as experts in security. Norton has a full feature set, pre-written rules available, and installation is simple. The Norton Internet Security version includes anti-virus and parental control. (See chart below for advanced features.) When purchasing a product from one of the big boys, it costs a bit more. Norton and McAfee advanced packages both run over $50 whereas the other products on this list are all under $50.
McAfee Personal Firewall reportedly has a pleasant user interface but a lengthy configuration process. Some reviews rank it above Norton, but due to a slightly less mature product, McAfee generally comes in second. The basic version of the firewall is $30 and the Internet Security suite for $70 includes a chat room for kids, anti-virus protection, and ad blocking.
The commercial version of Agnitum's free Outpost Firewall adds application verification and stateful inspection, among other features. The price is reasonable, and family licenses are available for the networked home. It's easy to use, blocks ads and viruses, and controls cookies. Definitely worth considering for a full house.
Previous versions are/were free, but now Tiny is moving to a free trial only. Rivaling ZoneLabs for the number one spot in the freeware market, Tiny has earned a solid reputation. Installation is easy, a multitude of expert options exist including detailed program control, and dialogs also contain a good amount of detail. The rule modification can be tedious, but many expert users enjoy this feature. One version scored low on a ShieldsUp analysis (see below to learn more about testing) and in general, Tiny's benchmarks are slightly below Zone Alarm.
A bit confusing is the plethora of options now available from Zone Labs: Zone Alarm, Zone Alarm Trial, Zone Alarm Plus 4.0, and Zone Alarm Pro 4 with Web Filtering, but it comes down to this: for free, you get a basic firewall. Pay USD$40 and add on a slick user interface and virus protection or pay $50 and add those things as well as Cache Cleaner, Ad Blocking and Cookie Control. (If you're spending the money, it seems that the extra $10 is worth it.) Zone Alarm is a robust program, but its flaws are that the mechanism for filtering of outbound communication is somewhat clunky and its incessant pop-up security warnings can become annoying.
The chart below compares the more basic firewalls as outlined above.
Similarly, the table below compares popular firewalls that provide some more advanced features available. From all the analysis, you can't go wrong with any of the options listed in either of these charts, but some are more suitable to certain environments than others. See the Resources section below for more information on where to research these options in more detail
Installation & configuration for any of these firewalls should be fairly straight-forward. Most of them use clear language, such as "Paranoid", "Nervous", "Cautious" or "Trusting" settings in BlackICE. Daily usage and monitoring can be as detailed as the software allows, but most users prefer fewer interruptions. All non-native firewall software products produce reports or logs generated as the firewall runs. Those logs can be daunting to read, but they often tell a lot about the traffic on the system and network, and can be very effective in alerting users to common threats.
Testing, 1, 2, 3
Luckily, several sites exist for scanning and testing personal firewalls. Here are three of the best:
Due to increased traffic and ever more sophisticated threats on the Internet, the need for personal firewalls has grown to become an absolute necessity for home users. Investing a little time and money is a smart strategy for your personal security and privacy. The list above is a good place to start, after first determining your needs. Pick one, download it, and try it out. Worst case, you'll have slightly improved security and a few pesky pop-up windows as security reminders. Best case, you can sleep better at night knowing your credit card numbers aren't being broadcast from your machine and that the chances of viral infection have been significantly reduced.
Bobelian, Michael, " Hackers and Viruses Don't Stand a Chance ", Forbes.com, June 13, 2003.
Gilroy, John, " When to Update Your Firewall Software ", Washingtonpost.com, November 2, 2003.
" Home PC Firewall Guide ," Firewall.com, 2003.
Keizer, Gregg, " ZoneAlarm Pro 4.5 ", CNET Reviews, November 25, 2003.
Mendelson, Edward, " Security Suites: Norton Internet Security 2004 ", PC Magazine, November 25, 2003.
" Network Firewall, Intrusion Prevention, File and System Security in ONE box ," TINY Software, 2003.
" Personal Firewall Reviews ," Firewall.com, 2003.
Rash, Wayne and Connolly, P.J.," Zone Labs simplifies personal-firewall management ", InfoWorld, February 14, 2003.
Robb, Drew, " Reining in Personal Firewalls ," ComputerWorld, June 16, 2003.
Roubini, Jonathan, " Lab Tests: Software Firewalls ", PC Magazine, November 19, 2002.
Yegulalp, Serdar, " Software Firewall Reviews ," PC Magazine, November 19, 2002.
This article originally appeared on SecurityFocus.com -- reproduction in whole or in part is not allowed without expressed written consent.