Software Firewalls for Windows XP



Hi, buddies. This is a interesting thread to read. Take advantage of it. Best Regards.

"Software Firewalls for Windows XP

I’ve been getting a lot of requests for an update on my research into software firewalls for XP. The research is ongoing, but I do have plenty to update and pass along.

Back in September of last year, I kicked off comparison research and the first of a series of articles focusing on inexpensive, lightweight software firewalls for use with Windows XP. Please check out that first piece, and check out what I’m looking for in a software firewall: An emphasis on outbound protection, nearly silent operation (after you’ve run most of your apps once), and a rational means of protecting, without breaking, your network. Anything with an endless number of pop-ups isn’t going to cut it with me. I’m not going to become a slave to a software firewall.

I’ve been working on this research off and on ever since. The products I mentioned then — Comodo, Jetico, Look ‘n’ Stop, Outpost Pro, Tiny Personal Firewall, and Kerio — are the products I’ve been keeping tabs on during this period. I’ve also looked at some others that have come along. But I’m only looking at lightweight standalone firewalls; that leaves out several notable names, including Kaspersky, Norton, McAfee, Trend Micro, CA, Check Point, F-Secure, and others. They’re out of my research on purpose: I don’t recommend any of them. Steer clear of security suites.

In November, I tried Outpost Pro 4, which comes riddled with other security features and an overly complex set of configuration options. I didn’t like it. Here’s what I wrote about Outpost 4 last fall.

Scratch one off my list.

After its acquisition of Tiny Personal Firewall, Computer Associates appears to have no intention of continuing the firewall in its current form, but instead will roll it into its CA line of integrated security products. Scratch another one off my list.

So, for the moment, I’m down to these four products: Comodo, Jetico, Kerio and Look ‘n’ Stop

For this issue, I closely examined the latest versions of the first three products. I’ll be looking at Look ‘n’ Stop in the near future.

Comodo Firewall Pro 2.4

Comodo Firewall Pro should get an award for being the most improved. When I first looked at it a year ago, I was not impressed. As I wrote last September:

Comodo reminds me of Norton Personal Firewall. It’s very noisy, always popping up boxes, repeatedly — even when I tell it to remember settings. In one browsing session with Firefox, I had to say “Yes, let it work and remember this” eight or nine times. And I had trouble networking with Comodo; its settings for allowing networking were tough to configure.

Well, the Comodo Group must have been listening. The maddening pop-up boxes are a thing of the past in its 2.4 version. You’ll still encounter a few pop-ups on the first or second usage of many apps, but the program has a system of aggregating pop-up boxes and accepting answers a lot more adroitly. While I could quibble with the UI of the pop-up boxes, overall, the user experience is greatly improved. Bottom line: I can live with Comodo (and that’s exactly what I’m doing).

Comodo still doesn’t use the “trusted zone” metaphor for configuring networks. I miss that way of working, but the truth is, I had no trouble configuring it to work with my network.

Even so, the process of configuring a firewall to work with a local-area network should be handled by a purpose-built piece of UI designed to make the chore easier. Comodo lacks that functionality. In fact, there is still no software firewall product I’m aware of that equals Check Point’s ZoneAlarm for network-configuration user interface. Too bad the free ZoneAlarm firewall-only product is nowhere near as protective as the others on my list. (The firewall in ZoneAlarm Pro is vastly superior, but it comes with security-suite baggage.)

Jetico Personal Firewall Beta

I was sorely disappointed in Jetico Personal Firewall. This firewall’s 1.0 release scored very well at on outbound leak tests, but the Jetico user experience is very poor. You’ll be faced with a blizzard of apparently repeat pop-ups. In fact, you can basically take my September 2006 comments on Comodo and transfer them to Jetico. On my third and fourth runs of Internet Explorer, I was still getting pop-ups from Jetico related to IE. It appears there are no preconfigured application-control rules, and no way to simplify the OK, OK, OK tap dance. Who needs it?

I also had trouble with intermittent balkiness with networking when using Jetico, another no-no from my perspective. It’s bad enough when network configuration is difficult to find, but when there are intermittent blockages, I’m done. That’s the same kind of problem that drove me away from ZoneAlarm — even before it turned into Check Point’s more expensive suite product line.

As if that weren’t enough, see the next article in this issue of the newsletter for details about my problems attempting to use Jetico with Vista (which it is supposed to work with). Not a pretty picture.

Because Jetico is currently a beta product, I will look at it again when it’s further along. But it’s going to have to deliver considerable improvements to keep from getting crossed off the list.

Sunbelt Kerio Personal Firewall 4 (Free)

Kerio Personal Firewall was my leading contender back in September. I still prefer its user interface slightly over Comodo’s. But Comodo offers much better configuration controls. When you step back, it’s apparent that Kerio’s real problem is that it’s in need of a major update. I think Sunbelt should do away with the Simple operational mode, which is probably way too permissive, and focus on making the Advanced mode a little easier to use and configure.

I also had some networking trouble with Kerio. I’ve had lots of reports from people who use dynamic IP assignment with their printers that Kerio can’t print to them. I don’t use dynamic IP assignment with printers. I statically assign the IPs of all my printers, and I recommend working that way on your network. Some things are just better off being static.

My problem with Kerio had to do with connecting to a virtualized instance of Windows XP. Kerio would not allow the computer running virtualized XP to connect to the host Kerio was running on. Every other firewall I’ve tested recently has had no trouble allowing a virtualized instance of XP to connect to the firewall’s host PC. I haven’t tested Kerio in enough settings to learn whether this is a repeatable problem — so I can’t say for sure that you’ll run into it. But any firewall that causes these kinds of troubles on my network is unlikely to be picked as the Best Software Firewall of 2007.

Don’t mess with my network.

This Month’s Takeaways
In case you’re new to Scot’s Newsletter, I do ongoing series reviews. You’ll know I’m done with a series review when I announce a winner. We’re not at that point yet with software firewalls. This is a mid-term report.

Comodo Firewall Pro is currently my leading software firewall contender. Having shed its Jetico-like barrage of pop-ups and offering excellent options and settings, Comodo is a very good product. It’s also one heckuva bargain with its 100% free lifetime license. I don’t expect all future Comodo versions will be free. Comodo Group will probably start charging at some point. For now, the price is very, very good.

Another thing I admire about Comodo is that its developers have been very active in continuing to improve the product with numerous updates. By contrast, it appears to me that Kerio has had only one minor update since I kicked off my research. That’s not going to get the job done.

Look ‘n’ Stop Firewall by Frederic Gloannec and Jean-Francois Catte is next up for testing, but one thing that’s different about this one is that it’s not free or available (as Kerio is) in a lesser version free of charge. Its developers want $39 for it, which I think may be a little steep unless it’s a stellar product. There is, at least, a 30-day trial version.

I welcome your input on other software firewalls you think might be worth my time to test. Please keep in mind that I’m interested solely in products that are software firewalls only: no products that include antivirus, anti-malware/spyware, content filtering, pop-up blockers — in short, no suites. Send a message about the firewall you like, and please tell me why you like it. A link would be helpful. Thanks."

It appears there are no preconfigured application-control rules, and no way to simplify the OK, OK, OK tap dance. Who needs it?
not everyone wants to be pampered by their firewall. In any case, correct config would eliminate the problem, unless you want a one by one control.
Comodo reminds me of Norton Personal Firewall. It's very noisy, always popping up boxes, repeatedly — even when I tell it to remember settings.
hmmm. I like being in control. I prefer to be asked for every process that needs access through the firewall. Comodo should use several predefined configs at install time. These would of course, be configurable later on as required. basic: The firewall holds your hand completely. Anything deemed unknown is automatically blocked, forwarded for investigation, and updates would sort it out as rules were created based on the findings Intermediate: As basic, plus the ability to define your own rules for limited actions. no updates etc. Advanced: Total control over even predefined processes.