I. Best Software Firewalls for Maximum Protection and Greater User Involvement
The following personal firewalls provide excellent network protection. Each firewall comes with default settings and shouldn't require tweaking except for the needs of advanced users. I provide some configuration and usage details since a little extra information may help you better answer and minimize popup alerts.
Still, firewall products in this section seem to require a fair amount of time to learn their features. They all require user involvement and some knowledge of your software to reliably answer popup alerts. However, for the technically initiated who can cope with these annoyances, these are some outstanding free products. And they are not as bad as the User Account Control (UAC) in Vista since they have various features to limit the extent of action required by you.
Some products rely of lists of known safe applications (all) or safe vendors (Comodo, Privatefirewall) or valid digital signatures (PC Tools), some products can optionally give safe or trusted status to all your current files (Comodo, Online Armor), some have training or installation modes (all but PC Tools), and some have lesser configurations to reduce monitoring (esp. Outpost).
These techniques reduce popup alerts and user intervention to varying degrees, but they also reduce protection to some extent. Since firewalls are often praised for their level of protection at their maximum security settings, users may not have the degree of protection mentioned in the reviews below when they use methods to increase automation and reduce alerts.
 If full featured security is your criterion, then the Comodo Internet Security is the top contender. It has a robust and a very active HIPS or application monitoring feature called "Defense+", which matches or exceeds the security performance of pay products. Its Defense+ also provides image execution control (or a "memory firewall") that seems unique to Comodo. Comodo allows for much control and customization, with a plethora of additional settings to tweak for the curious or for the just plain paranoid. On the minus side, its Defense+ is initially talkative with popup alerts in some configurations, which may annoy or alarm users.
During installation, it gives you a choice between three levels of security. The "Firewall Only" mode is discussed in the next section; it disables intrusion protection against outbound malware threats. The default (or middle configuration) uses most Defense+ protection and monitors for common exploits, but it turns off some monitoring (right-click the tray icon > "Manage Configurations" > "Firewall Security" to switch to it at any time). The maximum configuration, "Proactive Security", uses all Defense+ monitoring and increases its aggressiveness (right-click the tray icon > "Manage Configurations" > "Proactive Security" to switch to it).
After installation Comodo automatically selects either "Clean PC Mode" or "Safe Mode". "Safe Mode" maximizes proactive protection to a high level and is the best mode for most users. But it relies on numerous popup alerts for applications not in its trusted vendors list (you can browse this list to see if you trust the vendors: go to the Defense+ tab > "Common Tasks" > "My Trusted Software Vendors"). When you answer "allow" and "remember your answer" to popup alerts for an application, Comodo creates a custom policy for it. Some of its policies are fairly liberal (the one for CCleaner gives it "allow" status for almost everything, but the one for some parts of OpenOffice are set mostly to "ask").
In the more liberal "Clean PC Mode", Defense+ automatically treats all applications on your drive as safe (but if any malware is currently hidden on your drive, it too would be considered safe). Applications still receive some minimal monitoring for Comodo's two protected lists ("my protected registry keys" and "my protected COM interfaces") and for running as an executable, or more/less monitoring depending on their custom policy. And new files get sent to a list of files "waiting for your review" in the "Summary" page. Files listed for review will be considered possibly unsafe and will provoke popup messages, as if in Safe Mode, until their custom policies are made.
Comodo limits the frequency of alerts by automatically treating some programs as safe and allowing some applications to access the Internet. You can additionally automate the behavior of Defense+ by one or more of these methods for treating applications as safe:
- Have it "remember your answer" to all popup alerts when an application first runs, which works for some applications (because some custom policies set this way are close to "trusted" status). But if an application still nags you, click "More Options" in the alert and use the drop down box to select "trusted" or "blocked" (etc.), if available, or set an application to trusted manually ("Defense+" > "Advanced" > "Computer Security Policy" > "Edit..." > "Use a Predefined Policy"), which finally ceases popup alerts and most intrusion prevention for that application.
- Add files to the lists of "My Own Safe Files" or "My Trusted Software Vendors" in the interface (see the "Defense+" tab), which is most helpful for "Safe Mode" or "Paranoid Mode".
- Use the "Clean PC Mode" (right-click the tray icon and select it under the "Defense+ Security Level"). But make sure to scan and remove any malware first.
- You could also browse these guides on minimizing Defense+ alerts: How to Tame Comodo Defense+ Without Disabling It and Comodo Forum Help.
Alternatively, see this mini guide for an example of how to maximize some of its basic settings. Comodo nicely allows you to quickly increase or decrease protection with its different modes, configurations, and settings.
 A solid contender is the free version of Online Armor Free. It has outstanding leak-test and HIPS performance (the HIPS feature is mostly in its "Program Guard"). It has a unique feature called "run safer" that allows you to selectively set risky applications (web browsers, office software, readers/viewers, instant messengers, email or news programs, multimedia software, download managers, etc.) to run as if under a limited user account (go to "Programs" tab > uncheck "Hide Trusted" > highlight a program and click "Run Safer"). It minimizes popup alerts over time with its automatic list of safe programs, your on-demand scans with its safety check wizard, and your responses to popup alerts -- especially in cases where you tell it to remember your decisions and have it treat programs as trustworthy.
Though its Program Guard also relies on user input and user interpretation to answer its numerous popup alerts (especially if you don't want to trust a program); this may be quite a challenge for average users. And it now makes it mandatory to enter an email during installation. Some users also reported compatibility problems with other security software recently (Avira, GeSWall). That said, it provides excellent proactive security and often scores very high in reader polls.
In an effort to reduce user involvement even further, it has a safety check wizard that gives you an option to trust all programs currently on your PC or to run the wizard to scan for safe applications (you can always run it again later by visiting the safety check wizard in the interface). If you decide to automatically trust everything on your PC, it liberally gives applications more access to function and therefore gives you very few popup alerts initially, but be sure to carefully scan and remove any malware first (not recommended for average users).
Otherwise, run the wizard and have it search your PC for known programs to allow/block/ask. In this case, Online Armor relies on you to respond to numerous popup alerts for unknown programs. In my testing, you receive about as many alerts as Comodo's "Safe Mode" (with its default safe vendors list or with manually adding to its safe lists). Online Armor has a couple restarts and a short two minute learning phase during installation, and you can use its learning mode to create automatic rules at any point later, say, for a trusted online game that gets constantly interrupted by firewall alerts. It also allows you to easily "check mark" applications as installers in initial popup alerts about them; I found this to be the easiest method for handling installers of all tested products.
For the curious or paranoid user, it uses excellent popup messages when it automatically allows a program to connect online and, optionally, when it automatically trusts a program/process to run (these alerts don't require user action and they can be enabled/disabled in the interface with "Options" > "Firewall", and "Programs" > "Options"). For example, I noticed a message when it auto trusted a key logger test (Zemana, which it failed initially), but after I set the tester to untrusted, it gave very informative and detailed security alerts (and then it passed the test and logged the tester in the interface under the "Key Logger" tab, but it only logged the key logger after the test was untrusted). You can even close both its tray tools from its right-click context menu. They are not needed for the firewall and HIPS components to continue running and protecting.
 Also a solid performer in the personal firewall class is PC Tools Firewall Plus. It provides a HIPS-like component through its "enhanced security verification," which alerts the user about possibly malicious behavior. It relies on a list of known programs and a check for valid digital signatures to significantly reduce the frequency of popup alert messages, so it will mainly ask you about unknown programs, programs connecting online, and programs requiring more access. It seems more liberal and user friendly in its default settings than previous versions, giving me fewer popup alerts for common tasks like opening and working on a well known word processor.
I did notice many popup alerts when programs update or connect to the Internet, at least initially, and it lacks an installer or training mode (installing new programs makes me want to disable the firewall temporarily). So it still expects a high learning curve to respond to alerts (like with all top firewalls, a high level of familiarity with your PC's software and your firewall's features helps you reliably answer popup alerts -- mindlessly clicking them away not included!). In any case, it nearly matched Comodo's overall degree of protection in the Matousec tests, so obviously it has an excellent HIPS in performance.
But one very surprising difference was the ease of installation and configuration. In fact, I didn't have to do anything; no searching for or adding programs -- it just installs and starts protecting your PC. But, of course, this means a few extra popup alerts will appear initially (especially when programs go to connect online) if you have many unknown applications or if you disable, say, its feature to automatically allow applications with valid digital signatures. As with all of the top firewalls, the automatic allow features (which are in the interface under "Settings" > "General") may be a security concern since they seem a bit permissive (acting similarly to Online Armor/Comodo when set with lists of clean/safe/trusted applications). For example, it fails the Zemana key logger test when it's set to automatically allow programs with valid digital signatures.
Additionally, it has an interesting "Full Screen" mode or game mode that suppresses all alerts (by allowing all alerts or blocking all alerts) while, say, you play an online game. And it supports password protection for its settings and for shutdowns. Like Comodo it has automatic updating and it's an excellent unrestricted freeware product, but it does have an "Upgrade Now" link to its commercial security product. The program looks and feels user-friendly, with a simple setup and simplified alert messages; still, it's not quite for average users. Recently many users reported major problems with it preventing them from connecting to their Internet, but the newest version fixed this bug.
 Outpost Firewall Free is a good choice for users who want highly flexible protection without sacrificing usability. It was obviously made with average users in mind, judging by the care taken to simplify alert messages and make it easy to adjust intrusion prevention (or HIPS) monitoring. For example, it remembers your responses to popup alerts without the need to set "trusted" rules (like in Comodo/Online Armor), and like Online Armor it notifies you when it automatically allows an application to access the Internet (especially helpful during the learning phase).
The free version lacks many extras of the pay version, however, such as automatic updates and the ability to break active connections. I also didn't like the advertisements for its commercial version and the occasional news updates, which popup when they download (requiring user intervention). This being so, I saw a few user reports of satisfaction with how it works and this is probably because of the extra care taken to reduce user involvement and limit outbound monitoring to a reasonable level.
The HIPS component is called "Host Protection" in the interface. It provides four default levels of protection, which can be easily set with a slider and additionally customized item by item by advanced users. The default "optimal" setting only monitors the "most dangerous activities" (such as memory injections, driver loads, and a healthy list of system critical features -- auto starts, shell extensions, and internet settings) instead of all program activities. But these "optimal" settings lack protection from keyloggers, direct disk accessing, DNS API request monitoring, etc. You can check the types of reduced monitoring in "Settings..." > "Host Protection" > "Customize...". I believe the intention of the "optimal" level is to acclimate users to the firewall and provide more outbound protection than the windows firewall. After you get used to the firewall or find some spare time, you can increase its protection to try it out.
The installation asks whether you want to train the firewall for a week (using its Auto-Learn mode and Rules Wizard). In this mode, it sets rules automatically for known safe applications. I'm not a fan of this week long feature (it's initially unchecked during the installation), and you can easily switch to it at any later point, say for an hour while you start using a new, trusted program (right-click the tray icon and select the "Rules Wizard" under "Firewall Policies", then click "Enter Auto Learn Mode..." to turn it on). In my testing it greatly reduces protection during the time the firewall trains, but if you're present while programs connect online, you can monitor its allow messages or check its application rules in "Settings..." > "Application Rules". But for some strange reason it doesn't display application rules for applications you allow yourself after the learning phase. One technical advantage over Comodo is that the self-protection component works well in all its levels of protection, whereas self-protection in Comodo depends largely on having Defense+ enabled (this becomes more important in their lesser configurations).
Next to be reviewed: Privatefirewall, which is also effective against outbound threats, but is ineffective at self-protection from malicious attacks (see quick select for more details).
II. Best Software Firewalls for Basic Protection and Less User Involvement
Some users (of many degrees of experience) prefer to avoid advanced firewalls that employ a constant "security guard" that question them daily. The following alternatives accommodate the use of your favorite active security programs, such as other HIPS software, active anti-malware, or browser protection (virtualization, isolation, rights reduction).
Firewall Only ("Set it and Forget it Options")
The built-in Windows firewall is a common choice since it passes all inbound tests and it doesn't have popup alerts. It lacks proactive security against outbound malware intrusions, but some users are simply unprepared to reliably handle the numerous popup alerts of the best firewalls on the market. And users who click "allow" to each and every popup alert will not have the level of protection they think they have. If you're fairly sure malware isn't on your computer and you don't want the other features of a third party firewall, then the Windows firewall is actually a practical and useful solution.
You could marginally increase security with the alternate configurations below or with the default "no popup" settings of Sunbelt-Kerio. But Windows firewall doesn't require installation, so it's the least likely to crash your PC or conflict with your other programs.
Nearly "Silent" Firewall Configurations
If you disable or reduce program monitoring in the following firewalls, they still provide excellent inbound protection, marginal outbound filtering, and more features than the built-in Windows firewall. They make it easier to filter access to the Internet, view network activity, and quickly upgrade security with a click. These alternate configurations make some of the very best firewalls act just like ZoneAlarm Free.
Most of the firewall configurations below will ask you whether unknown programs should have access to the Internet, but they will not worry if you start OpenOffice Writer to compose your next poem. They did alert me when some of my other lesser known programs tried to go online for updates, but the alerts settle down quickly once the firewall has a good list of rules for your Internet-bound software. They seem to remember your responses to Internet access alerts in a simple, straightforward way. Additionally, all of them have a list of programs they automatically allow. For example, I noticed that none of them asked whether Firefox should be allowed to connect online.
Select the appropriate installation options or settings to reduce the proactive monitoring components in these firewalls:
- Outpost Firewall Free: Comes with reduced monitoring in its default settings, the top choice for this section if you can put up with the ads. And you can further reduce or disable intrusion protection if it becomes too much of a nag -- right click the tray tool > "Settings..." > "Host Protection" > and select "Low" on the slider (to disable anti-leak protection). Also in "Host Protection", you could select "Customize..." to manually configure proactive monitoring.
- Comodo Internet Security: Right-click its tray icon > set "Defense+" to "disabled", or select the "Firewall only" configuration during installation. Or you could manually reduce its Defense+ monitoring in the interface Defense+ tab: "Advanced" > "Defense+ Settings".
- Online Armor Free: Right-click its tray icon > uncheck the "Program Guard". It's a very lightweight and attractive option for this configuration if it doesn't conflict with your other software.
- PC Tools Firewall: Uncheck "Enhanced Security Verification" (the application monitor/filterer) in "Settings" > "Filtering Settings", or during installation (click "Advanced" to uncheck it).
- Privatefirewall: In the interface > "Process Monitor" tab > move the slider to "Off". It will still alert you to some programs starting for the first time since that doesn't count as a process (of a running program).
Cautions
Though these less proactive choices will lose you important protection from malware running on your PC, such as root-kits, keyloggers, Trojans, viruses, adware, or spyware. The additional security layers below help to safeguard against malware and prevent it from harming your PC, or from making outbound connections to steal your personal information or to take control of your PC.
I highly recommend using secure DNS providers (OpenDNS or Comodo SecureDNS), site safety advisers (WOT), software update monitors (Secunia PSI), and, especially, browser protection (Sandboxie, GeSWall) to avoid malware problems in the first place. And our site has related articles that cover other security essentials: anti-virus software, anti-spyware software, HIPS software, etc. |
