A look at six popular personal firewall products for Windows machines

All you want to do is use your computer to do your job, play games, learn, buy, and surf the Web. You don’t want to worry about malicious intruders, port scans, Trojan horses, worms, and all the other mischievous stuff that hunts your computer. You shouldn’t have to worry, but you must; thousands of malicious programs exist solely to break into your PC. That’s where personal firewalls come in. Personal firewalls are software programs you install on the PCs they protect. More expensive hardware-based and corporate firewalls protect entire networks, cost more than personal firewalls, and usually aren’t as user-friendly. Personal firewalls are designed to keep the bad guys and programs out of your PC. The best-of-breed will keep malicious intruders outside your PC, turn away their unwanted probes, and prevent bad programs that have already staked a claim on your PC from doing further damage.

The best firewalls will also be easy to configure and manage. In the security world, functionality is crucial, but form also has a place because most home users want to install their firewalls and forget about them. Most users aren’t experienced enough with computer security to decide whether a particular configuration decision is the right one. Accordingly, the best personal firewalls install themselves in a reasonably secure mode with minimal user interaction.

At last count, more than two dozen personal firewall products were available. Some of these products are great, even the free ones. Other firewalls, as Gibson Research’s Steve Gibson (the infamous firewall tester of Shields Up!! fame) says, "are much worse for the security of your computer than using nothing at all!" (To read Gibson's comments about firewalls, see http://grc.com/su-evilportmon.htm.)

What makes a firewall great?
All personal firewall products filter data packets between a host PC and a network, which is usually the Internet. The features beyond that given role can make or break a firewall. Let’s look at the features common to six popular personal firewalls for Windows machines: Network Associates’ McAfee Firewall 3.0, Symantec’s Norton Personal Firewall 2002, Internet Security Systems’ (ISS's) BlackICE PC Protection 3.5, Tiny Software’s Tiny Personal Firewall 2.0, Zone Labs’ ZoneAlarm Pro 3.0, and Windows XP’s Internet Connection Firewall (ICF). Then, let’s look at how these products stood up under testing. To test firewall efficiency, I used several intruder utilities and creations to simulate external and internal threats.

Feature 1: Stop External Attacks
Even the most basic firewall should protect your PC from external malicious threats. These types of attacks include port scans, network traffic floods, malformed network packets, fragmentation attacks, and IP spoofing (i.e., rogue traffic that bypasses the firewall to exploit a deficiency in the OS or application). For more information about common attacks that intruders use, see the sidebar "External Firewall Attacks." Many PCs run services and applications that make them even more vulnerable to attack. For example, Symantec estimates that nearly 30 percent of Internet-connected Windows PCs have drive shares that don’t have passwords. Internet intruders can connect to these drive shares to download and upload files without the owner’s permission. Firewalls should prevent unauthorized access, deny invalid network packets, and stop external attacks.

Feature 2: Stop Internal Threats
If malicious software, or malware, executes on your PC, it might attempt to initiate connections over the Internet so that it can spread to other PCs, contact its originator, perform further configurations, or transfer files and information from your machine. Many of today’s worms and Trojan horses initiate an Instant Messaging (IM) session with a predetermined intruder channel and announce their latest victim. The intruder can then connect directly to the PC and raid it. Other malware might email its successes to predetermined recipients. Sophisticated worms (e.g., Hybris) download new modules and configure themselves on the fly. Clearly, intruders aren’t just trying to break in; they’re also trying to break out.

Feature 3: Automation
In the past, users had to have a fair amount of computer-security knowledge to install personal firewalls. Upon installation, either the firewalls allowed no Internet connectivity or users had to make security decisions and determine which traffic to allow, which led to recklessly installed firewalls—worse than no firewall at all because users thought they were protected. Today, most personal firewalls autoconfigure with a well-considered blend of default security and minimal user intervention, which leaves most of the common legitimate programs free to work and gives users the least inconvenience. The best personal firewalls notice patterns of malicious activity (such as a port scan) and configure themselves to automatically block future attacks from the same location. In addition, personal firewalls automatically check for newer versions of themselves and updated definition files.

Most personal firewalls come with preset levels of protection (i.e., protection modes) you can change on the fly. The most protective mode doesn’t allow any Internet activity, which isn’t as stupid as it first sounds. You can disable all Internet traffic when you’re away from your PC to minimize risk while your PC churns away unattended. The least protective mode lets all Internet activity occur.

Feature 4: Application Control
Personal firewalls work by letting traffic into and out of a PC through predefined IP ports. In response, intruders scan for the ports that firewalls aren’t blocking, then attack and connect to those ports. For example, most firewalls let users surf the Web over IP port 80. A worm or Trojan horse running on a local hard disk can use port 80 as its opening back to the Internet to continue its maliciousness. Early firewalls couldn’t discern legitimate traffic from rogue traffic. The highest-performing firewalls have instituted a process called application control (or application scanning or application blocking). Only applications the user and firewall have approved can connect to the Internet.

Today’s personal-firewall debates focus on how well firewalls determine whether an application that requests Internet access is legitimate. Some firewalls show only the application’s filename, and the user has to make the decision whether to let the application access the Internet. Other firewalls contain a database of application filenames. When an application requests Internet access, the firewalls compare the application’s filename against the filenames in the database. If a match occurs, the firewalls permit the application access. Although this strategy worked initially, malicious intruders soon discovered that if their malware had the same name as an allowed legitimate application, the malware could masquerade as that legitimate application and gain access to the Internet. Firewall vendors responded to these types of attacks by creating a database that contained the application’s filename and some sort of stored checksum that could prove the application was what it said it was. Although intruders learned how to defeat the checksum application control, adding the database and checksum controls were steps in the right direction.

Feature 5: Protection Zones
Most home networks don’t need the same level of protection inside the home that they need against the Internet and outside intruders. Some firewalls let you define different protection zones (usually local and Internet) with particular levels of default security. Hence, PCs on your LAN might need accessibility to file- and print-sharing services but not to outside machines. Protection zones allow this type of control. Some firewalls automatically detect the local network machines, and others wait for the user to define the machines.

Feature 6: Logs and Alerts
A good firewall automatically logs malicious activity for the user to analyze. Logging should contain enough information to be helpful during future investigations. At a bare minimum, the average log records the event’s date and time and provides a brief description of which event caught the firewall’s attention. The best logs offer configurable levels of detail or links to more information that describes the attack. The firewall should alert the user with a pop-up message whenever an attack is high risk or consistent. Most people don’t have the time to research every attack; I’ve successfully stopped persistent attackers by calling my ISP. On the downside, firewalls can alert you to every suspicious packet even when nothing is wrong (i.e., a false-positive).

The Test Laboratory
Besides a personal firewall’s features, a firewall’s efficiency is crucial, so I decided to test the six popular person firewalls I mentioned earlier. I set up four victim machines typical of today’s home networks: XP Home Edition, Windows 2000 Professional, Windows Me, and Windows 98. I installed the latest crucial patches on each machine as Microsoft’s Windows Update indicated. My attack machine ran Windows NT Server 4.0; I installed professional security-vulnerability scanners and malicious cracker-attack tools. Tests simulated popular external attacks and scans against the firewall, and internal tests simulated how the firewall handled locally executed malicious code (e.g., Trojan horses, worms).

The assessment and attack tools I used included Gibson Research’s ShieldsUp!! and LeakTest applications, ISS's Internet Scanner 6.2.1, Foundstone’s SuperScan 3.0, Security Software Technologies’ (SST's) Cerberus Internet Scanner (CIS) 5.0.02, an Internet Control Message Protocol (ICMP) bomber, a TCP, and a UDP port flooder. The malware I used for the internal tests included the NetBus Trojan horse, Back Orifice 2000 Trojan horse, Magistr virus, Strange Brew (a Java virus), Hybris worm, Badtrans worm, CIH virus, SubSeven Trojan horse, VBS.LoveLetter worm, Exploder (a malicious ActiveX control), and Keydropper (a boot virus). Although these external-attack and internal-attack tests are far from scientific, they gave the firewalls a good trial and demonstrated their weaknesses.

The Overall Test Results
Overall, how did the personal firewalls do? Except for one contender, ICF, each personal firewall I reviewed provided significant protection for a Windows-based PC. The other firewalls seemed to hopelessly outclass ICF, Microsoft’s first consumer firewall product. All the personal firewalls installed themselves as services, which is important because they provide security anytime you turn on your machine. Each firewall did its job, although false-positive alerts were a problem. I expect vendors to spend the coming year better identifying legitimate threats and providing more information to users so that they can identify the real problems.

All the firewalls I tested prevented most known external attacks from causing problems on the victim machines. Even my largest Denial of Service (DoS) attempts caused only a slight slowing on each PC. The firewalls did their job, and the machines didn’t encounter any large exploits. Although the firewalls provided the needed protection, they didn’t log all the malicious attempts. This deficiency could permit cracking activity to continue unnoticed and let intruders succeed in future efforts.

I wish I could be as upbeat about the internal tests. Most of the firewalls stopped locally executed Trojan horses and worms from connecting to the Internet, but in their default configurations failed to stop any other type of local malicious activity. Viruses, worms, and Trojan horses still executed and were free to manipulate the local computer system without fear of firewall interference. Malicious ActiveX controls and Java applets went untouched through the browser. Visual Basic (VB) worms still executed and attached themselves to Microsoft Outlook email. I expected this result and, to be honest, it was great to see the firewalls preventing malicious connections to the Internet. Last year, half the personal firewalls would have failed this test. This result is evidence of tougher firewall rules and application controls. Clearly, however, no PC is secure without a locally installed antivirus program, too.

The Individual Test Results
How did each personal firewall perform? Here are each product’s test results.

McAfee Firewall 3.0. You can download McAfee Firewall from Network Associates’ Web site (http://www.mcafee-at-home.com) for $29.99, which includes 1 year of free updates. Free trials are also available. McAfee Firewall runs on XP Professional Edition, XP Home, Win2K Pro, NT Workstation 4.0, Windows Me, and Win98 and Win95b.

McAfee Firewall was the most elegant of the firewalls I tested. The installation was easy, and it checked for updates near the end of the installation process. The Configuration Assistant let me choose from three modes: block all, allow all, and filter all (the default) traffic. The assistant then displayed a list of four potential applications it would allow to connect to the Internet: Microsoft Internet Explorer (IE), Windows Explorer, Microsoft DirectShow, and Outlook Express. The assistant didn’t select any applications by default; it asked me to choose which applications I wanted to allow.

Without a doubt, McAfee Firewall has the art of the firewall UI down cold. As Figure 1 shows, the UI is attractive and functional; it shows ongoing firewall activity, tells you your current selections, shows whether your firewall is up-to-date, and lets you easily change your settings. McAfee designed the firewall for both the beginner and the enthusiast, and you can fine-tune its operation and learn attack details with a little digging.

Overall, I was impressed with McAfee Firewall’s security, although its handling wasn’t perfect. The software seemed to have problems dealing with rogue ICMP packets and handling successive attacks from the same host. During the ICMP tests, the software either wouldn’t block the packets or would block them and not log the event. So, intruders could likely use ICMPs in a DoS attack if they used enough packets. Also, the software didn’t automatically block successive ICMP attacks and port scans from the same host, as the Norton Personal Firewall does.

Another small concern was that McAfee Firewall constantly bothered me with messages showing how it blocked incoming or outgoing HTTP traffic when I was visiting legitimate Web sites. Despite this annoyance, Web surfing seemed to work correctly without errors. I searched and tested but couldn’t determine what was bothering the firewall, which is a problem because the log quickly fills up with hundreds of warning messages when no real harm is being done.

This firewall exhibited a peculiar behavior: If I pinged a Web site by using its IP address (e.g., 64.58.76.222), the ping failed without any warning messages from the firewall. If I pinged the same Web site by using its Fully Qualified Domain Name (FQDN—e.g., http://www.yahoo.com), the firewall popped up an alert that asked me whether I wanted to let the ping be successful. If I said yes, it processed the related DNS query to resolve the name to the correct IP address but didn’t let the ping work.

In spite of these small concerns, McAfee Firewall’s security prevented all major external crack attacks and prevented unrecognized local programs from connecting to the Internet. The firewall’s attractive UI and proven companion antivirus scanner (which you must purchase separately) make it a top choice.

Norton Personal Firewall 2002. You can download Norton Personal Firewall from Symantec’s Web site (http://www.symantec.com) for $49.95, which includes 1 year of updates. A free trial is available. The software runs on XP Home, XP Pro, Win2K Pro, NT 4.0, Windows Me, Win98, and Mac OS 8.1 or later.

Norton Personal Firewall’s installation took a bit longer than the other firewalls I tested. Like other Symantec products, the automatic firewall updates use the seemingly ubiquitous LiveUpdate utility. The Security Assistant appeared after the installation reboot to help configure the firewall. Like McAfee Firewall’s Configuration Assistant, Norton Personal Firewall’s Security Assistant searched for legitimate programs that could connect to the Internet, but it found 28 candidates compared with McAfee Firewall’s 4. New users might find the larger list confusing; it contains programs that Windows uses internally. But more is better, so kudos to Symantec.

On a related note, none of the firewalls provided many details about the applications they found. Users must decide which applications to trust, which isn’t an easy job, even when they’re experts.

Norton Personal Firewall’s UI is excellent, but I have to give a small edge to McAfee Firewall’s UI, which is less busy; has a cleaner, crisper look; and is slightly easier to understand if you’re new to firewalls. McAfee Firewall gets top honors for user-friendliness, but Norton Personal Firewall grabs the golden ring for security. Norton Personal Firewall prevented (and logged, in most cases) all external attacks, but it had the same problem that McAfee Firewall did—it wouldn’t log ICMP attacks, although it always blocked them. One of Norton Personal Firewall’s best features is the way it proactively notices frequent host attackers and automatically blocks all traffic originating from the same location. Symantec calls this feature Autoblock. Default blocking time is 30 minutes, which I think is too short, but the blocking time is configurable.

I found it difficult to find the message log (choose the Options menu item, the Event Log button, then the Firewall tab). Norton Personal Firewall’s messages were more difficult to understand than McAfee Firewall’s event log. Norton Personal Firewall provides a bit more of the internal details for users to examine, but those details can be confusing to people who aren’t used to firewalls.

Norton Personal Firewall had no problem blocking a NetBus Trojan horse connection attempt, as Figure 2 shows. This product is more than just a firewall; it offers privacy controls and browser-content scanning. If you set the Security Level to High, Norton blocks ActiveX controls and Java applets, although you’ll get more granularity from IE’s security settings.

Norton Personal Firewall took the top place in this six-way contest. Although it created a small, but noticeable, performance penalty, I believe in security over speed, and I accept small decreases in performance from my firewalls and virus scanners. Speaking of antivirus protection, Norton Personal Firewall integrates nicely with Norton AntiVirus.

BlackICE PC Protection 3.5. You can download BlackICE PC Protection from ISS's Web site (http://www.iss.net) for $39.95. A free trial is available. BlackICE PC Protection runs on XP Home, XP Pro, Win2K Pro, NT Workstation 4.0, Windows Me, and Win9x.

BlackICE PC Protection (under its former name BlackICE Defender) was one of the first personal firewalls available. Because it worked fairly well and was also free, it became one of the most popular personal firewalls. ISS then purchased the software and made it a commercial product. When I first started writing this article, I reviewed an earlier version, BlackICE Defender 2.9, and found a few deficiencies when I stacked up the product against its competition. The latest release eliminates most of those reservations. BlackICE continues to enjoy widespread use. Figure 3 shows the BlackICE interface.

Unlike McAfee Firewall and Norton Personal Firewall, BlackICE PC Protection stopped all external attacks and logged all ICMP packet storms. It features automatic blocking, one-click drive-map enabling, and a nice summary window that lists the number of attacks by IP address under the Intruders tab. Although some of the other firewalls let you sort the event log by source IP address, this view is always readily available in BlackICE PC Protection. This feature comes in handy when you’re trying to quickly determine whether a particular attack is coming from a persistent intruder or machine.

BlackICE PC Protection comes with four levels of protection, ranging from Paranoid (blocks all unsolicited inbound traffic) to Trusting (allows all inbound traffic). The default Cautious level allows most inbound inquiries and in my opinion is too permissive. I’d like to see ISS set the default to more protection. People have criticized the software for not doing more to block unauthorized outbound transactions, but the software no longer has this weakness. The company did its homework; its application blocking is one of the best in this review. BlackICE PC Protection not only shows you applications and locations it found but also lists individual files and components and uses checksums to help prevent piggybacking Trojan horses. BlackICE PC Protection claims to have an Intrusion Detection System (IDS) that works with the firewall functionality. But any IDS should be able to detect and specifically identify unique Trojan traffic signatures and report them accurately. BlackICE PC Protection detected inbound Back Orifice attempts as Trojan horse probes, but it didn’t identify them as Back Orifice traffic, as some of the other firewalls did. And if I "accidentally" let NetBus or SubSeven Trojans execute locally and initiate outbound connections, as might happen with a Trojan game in the real world, the firewall didn’t pick up on the malicious traffic signature as a true IDS would. BlackICE PC Protection’s logs often perform this way—they list an attack but don’t provide enough details. For example, when I made hundreds of probes to the test machines, BlackICE PC Protection reported each probe and the number of probes to a particular port number but not the specific port under attack. Or if it blocked an application, it didn’t list the blocked application. To give BlackICE PC Protection credit where it’s due, however, you can access helpful general-event discussions by clicking the advICE button on the event screen. So if you’re interested in what a Telnet probe is doing, ISS's Web site will provide an explanation. Also, previous BlackICE releases seemed to suffer from bugs that caused premature unloading, without alerting users. This action could result in users thinking they’re protected when they aren’t. I couldn’t make the new version hiccup. Even with imperfect logging and IDS capabilities, BlackICE PC Protection is a serious contender and should remain a popular personal firewall choice.

Tiny Personal Firewall 2.0. You can download Tiny Personal Firewall from Tiny Software’s Web site (http://www.tinysoftware.com). It’s free for home users and $39 for business users. Tiny Personal Firewall runs on XP Home, XP Pro, Win2K Pro, NT 4.0, Windows Me, and Win98.

Tiny Personal Firewall originally was a component of Tiny Software’s larger WinRoute Professional offering, then it became a standalone product. Tiny Personal Firewall is stable, fast, reliable, and one of the few personal firewalls ICSA Labs has certified. (ICSA Labs is a respected part of the TruSecure security organization.)

When the company uses the word tiny, it means tiny. You get few frills—no automatic blocking, no privacy filters, and no content scanning. (However, Tiny Software offers content screening through another commercial product called Tiny Trojan Trap.) Tiny Personal Firewall has only four preset rules, as the Filter Rules tab in Figure 4 shows; only a few dozen options (compared with nearly a hundred in the other products I reviewed); and no automatic search for Internet-connecting programs. When you execute a program and it connects to the Internet, Tiny Personal Firewall takes notice—then and only then. DNS and ping are the only default permitted protocols. Maybe that limitation is good, because why would you want to approve a program you’ll never use? Extra opened ports or unused applications are security holes.

Tiny Personal Firewall was successful in detecting and stopping all incoming and outgoing connection attempts. When it detects a new application (such as Windows Update Notification) that needs Internet access, the software prompts the user to select Deny or Permit. It even creates the appropriate filter rule to consistently apply your decision in the future.

In addition to its overall lack of special features, Tiny Personal Firewall’s logging capability is second poorest of the products I reviewed. The log file, filter.log, is a text file, so you must open it with a text editor. Although the software’s event messages are understandable, McAfee Firewall, Norton Personal Firewall, and ZoneAlarm Pro blow Tiny Personal Firewall away.

Why would anyone recommend this product? Three reasons: First, it’s reliable; what it does, it does well. If a simple firewall with application control is what you want, it’s a great tool. Second, it’s free. Third, it’s the fastest of the six firewalls I tested. It installs quickly, is the least intrusive, and lets approved Internet connectivity speed along. Because of these three reasons and its ICSA certification, it’s often the top choice of technical purists.

ZoneAlarm Pro 3.0. Home users can download a 30-day free trial of ZoneAlarm Pro or the free (but less feature-rich) ZoneAlarm 2.6.362 for from Zone Labs’ Web site (http://www.zonelabs.com). Business users pay $19.95 for ZoneAlarm 2.6.362 or $49.95 for the enhanced ZoneAlarm Pro. The software runs on XP Home, XP Pro, Win2K Pro, NT 4.0, Windows Me, and Win9x.

Zone Labs didn’t win almost every security-magazine award and get to the top of the heap without earning those honors. The software is the standard by which other firewalls are measured. Installation is fast and smooth. ZoneAlarm Pro is built for people who don’t care about firewalls. You don’t see any filter rules and need little understanding of TCP and UDP. You install the software and forget about it until an alert message pops up.

As the name implies, ZoneAlarm Pro has local and Internet zones. It gives machines on the LAN (i.e., your home network) one security treatment; traffic that originates from the Internet is set to a higher security setting. Figure 5 shows the products Security Settings dialog box. By default, the firewall uses medium security to manage machines in the local zone. The high setting of the Internet zone doesn’t allow NetBIOS traffic by default and denies all applications that try to connect to the Internet, except IE. For example, when I ran the Ping utility, ZoneAlarm Pro asked me for my approval.

On my first external attack, ZoneAlarm Pro recorded 157 UDP attempts to closed ports and sent a warning message. Its messages were short and to the point, although choosing the Detail button on any message will take you to Zone Labs’ Web site for a detailed discussion. ZoneAlarm Pro was one of the few firewalls that logged ICMP flooder traffic, but I couldn’t tell whether it would automatically block future traffic from the attack machine, which leads to my only negative about the ZoneAlarm Pro firewall: It’s so perfect for users who know nothing about firewalls that it doesn’t have the detail, granularity, and features that some of the other products offer. But if you’re a typical user, you can’t go wrong with ZoneAlarm Pro.

ICF. ICF is available as part of XP Home and XP Pro (http://www.microsoft.com). The other personal firewalls I tested are good products and have nothing to fear from Microsoft’s first foray into the field. ICF works, but it has absolutely no features beyond a bare-bones firewall. It doesn’t have a configuration assistant, fancy alert messages, application control, and stopping of internally executed malware. ICF also lacks the intelligent logic present in the other personal firewalls. For example, if an intruder scans your computer’s ports, ICF will note the probes, but the intruders can continue probing as long as they want. ICF doesn’t see any relationship between one bad packet and the next. Not surprisingly, in my tests, internal exploits executed without a hitch.

Most of the calls I get about ICF deal with turning it on. In some cases, the software is on, but it does its job so silently that nobody notices. If you need to enable it on your XP machine, go to the Control Panel, double-click Networking and Internet Connections, click Network Connections, right-click your network connection icon, choose the Properties option, select the Advanced tab, and select the Protect my computer or network check box. Choose the Settings button and the Services tab, which Figure 6 shows, to activate preconfigured inbound ports, or click Add to create new allowable inbound and outbound ports. By default, ICF refuses all inbound connections (unless they’re initiated internally) and allows all outbound connections.

Logging is ICF’s weakest link; logging isn’t enabled by default, so you must turn it on by selecting Log Dropped Packets under the Security Logging tab. The software writes events to an ASCII text file, pfirewall.log, which resides in the Windows directory. ICF doesn’t send alerts when your XP machine is under attack and doesn’t display messages that explain whether it refused a connection attempt because of the firewall.

ICF reminds me of Microsoft’s first (and only) attempt at providing a free virus scanner in the latter days of DOS. The company was late to market, and the product that made it to market wasn’t competitive. Microsoft’s virus scanner didn’t last long. If you have only ICF, do yourself a favor and pick up one of the other contenders. You’ll have better protection and less stress.

The Problem with Firewalls
Personal firewalls will never be install-and-forget software, at least not any of the good products. They have several problems, including the sheer number of alerts, false-positives, inherent vulnerabilities, and the denial of legitimate services. The biggest drawback with firewalls is the number of alerts or event-log messages that can pop up. First-time firewall users often are excited to see their first attack alerts, but after a few days of seeing hundreds of messages, users can become numb to them. Many firewall users stop reading their logs or simply switch off logging, which means the users lose half the benefits that firewalls provide. Many alerts will be false-positives from legitimate Internet traffic and services. No matter how good the firewall is, it can’t effectively determine the difference between good and bad traffic. The firewall only makes a guess, which means allow and accept decisions are left up to users, who often aren’t knowledgeable about security.

Like any other application, a personal firewall sits on an unpredictable OS. The firewall is vulnerable and buggy just like the applications it’s designed to protect. Some firewalls I reviewed were vulnerable to specific types of attacks, including attacks that disable or bypass the firewall. Software that doesn’t have a publicized weakness probably does have weaknesses. Intruders might eventually look for (not avoid) machines with firewalls, then exploit a known vulnerability to take over the machines. Keeping your firewall updated is important.

When the firewalls do the job they’re designed to do, they end up blocking some of your legitimate activity. Many new firewall users complain that their browsers no longer connect to a particular Web site or their browser add-ins (e.g., RealNetworks' RealPlayer) no longer work the way they did before. Other common complaints involve email problems or disappearing drive mappings. Unless you get lucky, the firewall doesn’t tell you it’s the culprit.

Which Firewall to Choose
Out of the six personal firewalls I reviewed, McAfee Firewall, Norton Personal Firewall, and ZoneAlarm Pro are great choices. These three firewalls are feature-rich and integrate well with antivirus and privacy tools. Norton Personal Firewall is the most secure, but McAfee Firewall is the easiest to use. Tiny Personal Firewall and BlackICE PC Protection aren’t in the same class as Norton Personal Firewall and McAfee Firewall but are still very good. (See Table 1 for details about each product.) Each of the five firewalls configures with minimum help, contains a lot of features, and significantly increases your PC’s protection. These five firewalls are routinely updated and usually automated. Go ahead; install one of these firewalls if you haven’t already done so. Like every other firewall user, you’ll probably be surprised how often the software will alert you to cracking probes.

Corrections to this Article:

  • The print version of "Personal Firewalls" (InstantDoc ID 25348) includes an incorrect URL for the expanded version of the article. The correct URL is http://www.winnetmag.com/articles/index.cfm?articleid=25348. We apologize for any inconvenience this error might have caused.