Best Free Firewall

  Go straight to the Quick Selection Guide
 

New - Poll Results for Best Free Firewall of 2009

Comodo Internet Security: 28.32% (79 Votes)

Online Armor Free: 21.51% (60 Votes)

PC Tools Firewall Plus: 11.47% (32 Votes)

ZoneAlarm Free Firewall: 8.60% (24 Votes)

Outpost Firewall Free: 8.24% (23 Votes)

Windows Firewall: 8.24% (23 Votes)

PrivateFirewall: 3.94% (11 Votes)

Sunbelt-Kerio Personal Firewall: 2.87% (8 Votes)

No other freeware product causes as much angst to users, whether in installation or day-to-day use, as a firewall. To find a stable and high quality firewall for windows often involves a process of trial and error. Firewalls should protect while not being too intrusive or too complicated to handle. This article gives you a selection of the best free software firewalls available.

If you want to learn more about firewalls, visit these excellent sites: How Firewalls Work and Microsoft Security Firewalls FAQ. If you don't decide to use one of the firewall products in the article, at least remember to turn on the Windows firewall. Be sure to use only one software firewall at a time. But feel free to combine a hardware and a software firewall to improve protection. Additionally, most products highly recommend uninstalling other third-party software firewalls before installation (and disabling the Windows firewall if they don't).

Oh, and I always create a drive image or restore point before installing a new firewall since they are known to give your PC serious problems if they conflict with anything. I installed and uninstalled each firewall several times during testing and had no major problems, but I was careful to make sure each one uninstalled cleanly before installing another firewall (often with Revo/Zsoft Uninstaller and additional cleaning as needed with CCleaner/Autoruns, or with a fresh drive image or restore point).

Firewalls are increasingly useful to help you control the activities of Internet facing applications. Many users now leave their Internet on all the time, increasing their risk to malware. It's also becoming difficult to tell when applications connect online because they link so many of their features to Internet resources. Few programs stop to ask your permission. So I predict that firewalls will be ever more important for privacy and control.

I organized the article into two sections: (I) software firewalls for broad protection and greater user involvement; (II) software firewalls for basic protection and less user involvement.

I. Best Software Firewalls for Maximum Protection and Greater User Involvement

The following personal firewalls provide excellent network protection. Each firewall comes with default settings and shouldn't require tweaking except for the needs of advanced users. I provide some configuration and usage details since a little extra information may help you better answer and minimize popup alerts.

Still, firewall products in this section seem to require a fair amount of time to learn their features. They all require user involvement and some knowledge of your software to reliably answer popup alerts. However, for the technically initiated who can cope with these annoyances, these are some outstanding free products. And they are not as bad as the User Account Control (UAC) in Vista since they have various features to limit the extent of action required by you.

Some products rely of lists of known safe applications (all) or safe vendors (Comodo, Privatefirewall) or valid digital signatures (PC Tools), some products can optionally give safe or trusted status to all your current files (Comodo, Online Armor), some have training or installation modes (all but PC Tools), and some have lesser configurations to reduce monitoring (esp. Outpost).

These techniques reduce popup alerts and user intervention to varying degrees, but they also reduce protection to some extent. Since firewalls are often praised for their level of protection at their maximum security settings, users may not have the degree of protection mentioned in the reviews below when they use methods to increase automation and reduce alerts.
 

If full featured security is your criterion, then the Comodo Internet Security is the top contender. It has a robust and a very active HIPS or application monitoring feature called "Defense+", which matches or exceeds the security performance of pay products. Its Defense+ also provides image execution control (or a "memory firewall") that seems unique to Comodo. Comodo allows for much control and customization, with a plethora of additional settings to tweak for the curious or for the just plain paranoid. On the minus side, its Defense+ is initially talkative with popup alerts in some configurations, which may annoy or alarm users.

During installation, it gives you a choice between three levels of security. The "Firewall Only" mode is discussed in the next section; it disables intrusion protection against outbound malware threats. The default (or middle configuration) uses most Defense+ protection and monitors for common exploits, but it turns off some monitoring (right-click the tray icon > "Manage Configurations" > "Firewall Security" to switch to it at any time). The maximum configuration, "Proactive Security", uses all Defense+ monitoring and increases its aggressiveness (right-click the tray icon > "Manage Configurations" > "Proactive Security" to switch to it).

After installation Comodo automatically selects either "Clean PC Mode" or "Safe Mode". "Safe Mode" maximizes proactive protection to a high level and is the best mode for most users. But it relies on numerous popup alerts for applications not in its trusted vendors list (you can browse this list to see if you trust the vendors: go to the Defense+ tab > "Common Tasks" > "My Trusted Software Vendors"). When you answer "allow" and "remember your answer" to popup alerts for an application, Comodo creates a custom policy for it. Some of its policies are fairly liberal (the one for CCleaner gives it "allow" status for almost everything, but the one for some parts of OpenOffice are set mostly to "ask").

In the more liberal "Clean PC Mode", Defense+ automatically treats all applications on your drive as safe (but if any malware is currently hidden on your drive, it too would be considered safe). Applications still receive some minimal monitoring for Comodo's two protected lists ("my protected registry keys" and "my protected COM interfaces") and for running as an executable, or more/less monitoring depending on their custom policy. And new files get sent to a list of files "waiting for your review" in the "Summary" page. Files listed for review will be considered possibly unsafe and will provoke popup messages, as if in Safe Mode, until their custom policies are made.

Comodo limits the frequency of alerts by automatically treating some programs as safe and allowing some applications to access the Internet. You can additionally automate the behavior of Defense+ by one or more of these methods for treating applications as safe:

• Have it "remember your answer" to all popup alerts when an application first runs, which works for some applications (because some custom policies set this way are close to "trusted" status). But if an application still nags you, click "More Options" in the alert and use the drop down box to select "trusted" or "blocked" (etc.), if available, or set an application to trusted manually ("Defense+" > "Advanced" > "Computer Security Policy" > "Edit..." > "Use a Predefined Policy"), which finally ceases popup alerts and most intrusion prevention for that application.
• Add files to the lists of "My Own Safe Files" or "My Trusted Software Vendors" in the interface (see the "Defense+" tab), which is most helpful for "Safe Mode" or "Paranoid Mode".
• Use the "Clean PC Mode" (right-click the tray icon and select it under the "Defense+ Security Level"). But make sure to scan and remove any malware first.
• You could also browse these guides on minimizing Defense+ alerts: How to Tame Comodo Defense+ Without Disabling It and Comodo Forum Help.

Alternatively, see this mini guide for an example of how to maximize some of its basic settings. Comodo nicely allows you to quickly increase or decrease protection with its different modes, configurations, and settings.
 

A solid contender is the free version of Online Armor Free. It has outstanding leak-test and HIPS performance (the HIPS feature is mostly in its "Program Guard"). It has a unique feature called "run safer" that allows you to selectively set risky applications (web browsers, office software, readers/viewers, instant messengers, email or news programs, multimedia software, download managers, etc.) to run as if under a limited user account (go to "Programs" tab > uncheck "Hide Trusted" > highlight a program and click "Run Safer"). It minimizes popup alerts over time with its automatic list of safe programs, your on-demand scans with its safety check wizard, and your responses to popup alerts -- especially in cases where you tell it to remember your decisions and have it treat programs as trustworthy.

Though its Program Guard also relies on user input and user interpretation to answer its numerous popup alerts (especially if you don't want to trust a program); this may be quite a challenge for average users. And it now makes it mandatory to enter an email during installation. Some users also reported compatibility problems with other security software recently (Avira, GeSWall). That said, it provides excellent proactive security and often scores very high in reader polls.

In an effort to reduce user involvement even further, it has a safety check wizard that gives you an option to trust all programs currently on your PC or to run the wizard to scan for safe applications (you can always run it again later by visiting the safety check wizard in the interface). If you decide to automatically trust everything on your PC, it liberally gives applications more access to function and therefore gives you very few popup alerts initially, but be sure to carefully scan and remove any malware first (not recommended for average users).

Otherwise, run the wizard and have it search your PC for known programs to allow/block/ask. In this case, Online Armor relies on you to respond to numerous popup alerts for unknown programs. In my testing, you receive about as many alerts as Comodo's "Safe Mode" (with its default safe vendors list or with manually adding to its safe lists). Online Armor has a couple restarts and a short two minute learning phase during installation, and you can use its learning mode to create automatic rules at any point later, say, for a trusted online game that gets constantly interrupted by firewall alerts. It also allows you to easily "check mark" applications as installers in initial popup alerts about them; I found this to be the easiest method for handling installers of all tested products.

For the curious or paranoid user, it uses excellent popup messages when it automatically allows a program to connect online and, optionally, when it automatically trusts a program/process to run (these alerts don't require user action and they can be enabled/disabled in the interface with "Options" > "Firewall", and "Programs" > "Options"). For example, I noticed a message when it auto trusted a key logger test (Zemana, which it failed initially), but after I set the tester to untrusted, it gave very informative and detailed security alerts (and then it passed the test and logged the tester in the interface under the "Key Logger" tab, but it only logged the key logger after the test was untrusted). You can even close both its tray tools from its right-click context menu. They are not needed for the firewall and HIPS components to continue running and protecting.
 

Also a solid performer in the personal firewall class is PC Tools Firewall Plus. It provides a HIPS-like component through its "enhanced security verification," which alerts the user about possibly malicious behavior. It relies on a list of known programs and a check for valid digital signatures to significantly reduce the frequency of popup alert messages, so it will mainly ask you about unknown programs, programs connecting online, and programs requiring more access. It seems more liberal and user friendly in its default settings than previous versions, giving me fewer popup alerts for common tasks like opening and working on a well known word processor.

I did notice many popup alerts when programs update or connect to the Internet, at least initially, and it lacks an installer or training mode (installing new programs makes me want to disable the firewall temporarily). So it still expects a high learning curve to respond to alerts (like with all top firewalls, a high level of familiarity with your PC's software and your firewall's features helps you reliably answer popup alerts -- mindlessly clicking them away not included!). In any case, it nearly matched Comodo's overall degree of protection in the Matousec tests, so obviously it has an excellent HIPS in performance.

But one very surprising difference was the ease of installation and configuration. In fact, I didn't have to do anything; no searching for or adding programs -- it just installs and starts protecting your PC. But, of course, this means a few extra popup alerts will appear initially (especially when programs go to connect online) if you have many unknown applications or if you disable, say, its feature to automatically allow applications with valid digital signatures. As with all of the top firewalls, the automatic allow features (which are in the interface under "Settings" > "General") may be a security concern since they seem a bit permissive (acting similarly to Online Armor/Comodo when set with lists of clean/safe/trusted applications). For example, it fails the Zemana key logger test when it's set to automatically allow programs with valid digital signatures.

Additionally, it has an interesting "Full Screen" mode or game mode that suppresses all alerts (by allowing all alerts or blocking all alerts) while, say, you play an online game. And it supports password protection for its settings and for shutdowns. Like Comodo it has automatic updating and it's an excellent unrestricted freeware product, but it does have an "Upgrade Now" link to its commercial security product. The program looks and feels user-friendly, with a simple setup and simplified alert messages; still, it's not quite for average users. Recently many users reported major problems with it preventing them from connecting to their Internet, but the newest version fixed this bug.
 

Outpost Firewall Free is a good choice for users who want highly flexible protection without sacrificing usability. It was obviously made with average users in mind, judging by the care taken to simplify alert messages and make it easy to adjust intrusion prevention (or HIPS) monitoring. For example, it remembers your responses to popup alerts without the need to set "trusted" rules (like in Comodo/Online Armor), and like Online Armor it notifies you when it automatically allows an application to access the Internet (especially helpful during the learning phase).

The free version lacks many extras of the pay version, however, such as automatic updates and the ability to break active connections. I also didn't like the advertisements for its commercial version and the occasional news updates, which popup when they download (requiring user intervention). This being so, I saw a few user reports of satisfaction with how it works and this is probably because of the extra care taken to reduce user involvement and limit outbound monitoring to a reasonable level.

The HIPS component is called "Host Protection" in the interface. It provides four default levels of protection, which can be easily set with a slider and additionally customized item by item by advanced users. The default "optimal" setting only monitors the "most dangerous activities" (such as memory injections, driver loads, and a healthy list of system critical features -- auto starts, shell extensions, and internet settings) instead of all program activities. But these "optimal" settings lack protection from keyloggers, direct disk accessing, DNS API request monitoring, etc. You can check the types of reduced monitoring in "Settings..." > "Host Protection" > "Customize...". I believe the intention of the "optimal" level is to acclimate users to the firewall and provide more outbound protection than the windows firewall. After you get used to the firewall or find some spare time, you can increase its protection to try it out.

The installation asks whether you want to train the firewall for a week (using its Auto-Learn mode and Rules Wizard). In this mode, it sets rules automatically for known safe applications. I'm not a fan of this week long feature (it's initially unchecked during the installation), and you can easily switch to it at any later point, say for an hour while you start using a new, trusted program (right-click the tray icon and select the "Rules Wizard" under "Firewall Policies", then click "Enter Auto Learn Mode..." to turn it on). In my testing it greatly reduces protection during the time the firewall trains, but if you're present while programs connect online, you can monitor its allow messages or check its application rules in "Settings..." > "Application Rules". But for some strange reason it doesn't display application rules for applications you allow yourself after the learning phase. One technical advantage over Comodo is that the self-protection component works well in all its levels of protection, whereas self-protection in Comodo depends largely on having Defense+ enabled (this becomes more important in their lesser configurations).
 

Next to be reviewed: Privatefirewall, which is also effective against outbound threats, but is ineffective at self-protection from malicious attacks (see quick select for more details).

II. Best Software Firewalls for Basic Protection and Less User Involvement
 

Some users (of many degrees of experience) prefer to avoid advanced firewalls that employ a constant "security guard" that question them daily. The following alternatives accommodate the use of your favorite active security programs, such as other HIPS software, active anti-malware, or browser protection (virtualization, isolation, rights reduction).
 

Firewall Only ("Set it and Forget it Options")

The built-in Windows firewall is a common choice since it passes all inbound tests and it doesn't have popup alerts. It lacks proactive security against outbound malware intrusions, but some users are simply unprepared to reliably handle the numerous popup alerts of the best firewalls on the market. And users who click "allow" to each and every popup alert will not have the level of protection they think they have. If you're fairly sure malware isn't on your computer and you don't want the other features of a third party firewall, then the Windows firewall is actually a practical and useful solution.

You could marginally increase security with the alternate configurations below or with the default "no popup" settings of Sunbelt-Kerio. But Windows firewall doesn't require installation, so it's the least likely to crash your PC or conflict with your other programs.
 

Nearly "Silent" Firewall Configurations

If you disable or reduce program monitoring in the following firewalls, they still provide excellent inbound protection, marginal outbound filtering, and more features than the built-in Windows firewall. They make it easier to filter access to the Internet, view network activity, and quickly upgrade security with a click. These alternate configurations make some of the very best firewalls act just like ZoneAlarm Free.

Most of the firewall configurations below will ask you whether unknown programs should have access to the Internet, but they will not worry if you start OpenOffice Writer to compose your next poem. They did alert me when some of my other lesser known programs tried to go online for updates, but the alerts settle down quickly once the firewall has a good list of rules for your Internet-bound software. They seem to remember your responses to Internet access alerts in a simple, straightforward way. Additionally, all of them have a list of programs they automatically allow. For example, I noticed that none of them asked whether Firefox should be allowed to connect online.

Select the appropriate installation options or settings to reduce the proactive monitoring components in these firewalls:

• Outpost Firewall Free: Comes with reduced monitoring in its default settings, the top choice for this section if you can put up with the ads. And you can further reduce or disable intrusion protection if it becomes too much of a nag -- right click the tray tool > "Settings..." > "Host Protection" > and select "Low" on the slider (to disable anti-leak protection). Also in "Host Protection", you could select "Customize..." to manually configure proactive monitoring.
• Comodo Internet Security: Right-click its tray icon > set "Defense+" to "disabled", or select the "Firewall only" configuration during installation. Or you could manually reduce its Defense+ monitoring in the interface Defense+ tab: "Advanced" > "Defense+ Settings".
• Online Armor Free: Right-click its tray icon > uncheck the "Program Guard". It's a very lightweight and attractive option for this configuration if it doesn't conflict with your other software.
• PC Tools Firewall: Uncheck "Enhanced Security Verification" (the application monitor/filterer) in "Settings" > "Filtering Settings", or during installation (click "Advanced" to uncheck it).
• Privatefirewall: In the interface > "Process Monitor" tab > move the slider to "Off". It will still alert you to some programs starting for the first time since that doesn't count as a process (of a running program).
   

Cautions

Though these less proactive choices will lose you important protection from malware running on your PC, such as root-kits, keyloggers, Trojans, viruses, adware, or spyware. The additional security layers below help to safeguard against malware and prevent it from harming your PC, or from making outbound connections to steal your personal information or to take control of your PC.

I highly recommend using secure DNS providers (OpenDNS or Comodo SecureDNS), site safety advisers (WOT), software update monitors (Secunia PSI), and, especially, browser protection (Sandboxie, GeSWall) to avoid malware problems in the first place. And our site has related articles that cover other security essentials: anti-virus software, anti-spyware software, HIPS software, etc.

Several other free firewalls were brought up in comments here or noted from other sources. As they are not rated in this review, I am listing some of them here with brief descriptions and links to their sites for ease of reference.

Additional Options for Simplicity and Basic Protection: I recommend the firewalls in section II, but if they don't work for you one of these might. No complete test results exist for the proactive components of these firewalls, but in general they aren't as good as the max security modes of the firewalls in section I. Loosely ordered from best to worst all around:

• Sunbelt-Kerio Personal Firewall. Pros: Simple setup, silent "no popup" mode, lightweight on memory, automatic updates, built-in help, optional behavior blocker, and more features than windows firewall. Cons: Loses its HIPS, some logging, and password protection after 30 days. It has many advertisements for its full commercial version. Some users experienced system crashes in the comments recently and in the past, but I had no problems with it in my testing. Details: XP, Vista, 32-bit only, 5.71 MB.
   
• ZoneAlarm Free Firewall. Pros: Simple setup, easy to use, game mode, built-in help, automatic updates, and more features than windows firewall. Cons: It has a huge download size, lacks any options for extra proactive security, and only displays traffic activity in the tray icon. It initially gave me trouble by blocking my Comodo SecureDNS (I was able to easily fix it through the log section). The installation has pre-checked nags and there are many advertisements for its commercial products in the interface. Details: XP (32-bit), Vista & Windows 7 (32/64 bit), 32.3 MB.
   
• Windows 7 Firewall Control. Pros: Simple setup, safe to install (uses Windows filtering platform and doesn't install third-party kernel drivers), very light and works without the tray icon, built-in help, more features than Windows firewall. Cons: Fails GRC stealth test (it set many ports to closed on my system, so it passed other inbound testing sites), popup alerts/settings may not be for average users, doesn't auto allow known safe applications, doesn't display network activity, and bans editing system application rules in the free version. Details: Vista, Windows 7, 32/64 bit versions, portable version (32-bit only), 1.11 MB.

Firewalls Compatible with Older Versions of Windows:

• Sygate Personal Firewall - v5.0.1150 (Windows 95-XP), v5.6.2808 (Windows 2K-XP, XP-64bit)
• NetVeda Safety.Net (Windows 98-XP, requires registration)
• Ashampoo FireWall Free (Windows 2K/XP)
• Filseclab Personal Firewall Professional Edition (Windows 95-2003, 32-bit only)
• Ghostwall (Windows 2K-XP, 64-bit compatible)
• Windows 95: see ZoneAlarm v2.6
• Windows 2000: see Outpost Firewall Free, Privatefirewall

General Firewall Sources and Information:

• TSA Articles: Matousec Personal Firewall Tests Analyzed, HIPS Explained
• Test results: Matousec Proactive Security Challenge.
• Inbound testing: GRC ShieldsUp!, SecurityMetrics, Audit My PC, Security Space, Symantec Security Scan.
• Other tests: PC Flank Tests, Zemana Key logger Test, Matousec SSTS/BSODhook (a suite of tests for experts, free for personal use). Some receive antivirus warnings, but they are non-malicious.

TSA Security Advice and Guides:

• Security Advice Wizard: Get personalized results and our security team's up-to-date suggestions.
• Probably the Best Security List in the World: Read Ako's excellent suggestions.
• Gizmo's Guide to Securing Your PC: Increase computer security with safe practices.
• How to Surf More Securely: Improve security with Sandboxie or DropMyRights.
• Spyware Removal Guide: Clean up after using bad practices or verify that you are malware free.
• How to Improve Security When Using a Public Terminal: Learn how to type passwords & more.
• Safe Computing in Under an Hour: Read MidnightCowboy's excellent suggestions.
• How to Block Ads or Unwanted Content Missed by Filters
• How to Remove Google Text Ads
• How to Reduce Spam

TSA Security Software Articles:

• Best Free Intrusion Prevention and Detection Utility for Home Use (HIPS)
• Best Free Antivirus Software
• Best Free Adware/Spyware/Scumware Remover
• Best Internet Safety Check Freeware
• Best Free Browser Protection Utility
• Best Free Encryption Utility
• Best Free Software Update Monitor
• Best Free Password Manager
• Best Free Trojan Scanner/Trojan Remover
• Best Free Anonymous Surfing Service
• Best Free Secure Erase Utility
• Best Free Spam Filter for the Average User
• Best Free Spam Filter for the Experienced User
   

Find more free software at The Editors' Choice List: Our Selection of the Best PC Freeware!

You are invited to share and discuss your views in our freeware forum. To post in the forum you need to register first but that's quick and immediate. Alternatively, anyone can leave a comment at the bottom of this page. You can also help us by rating this review at the end of the article.

Vote for the Best Free Firewall of 2009 (see the results; closed for practical purposes).

This software category is maintained by volunteer editor cyberlightning

The reviews holistically draw from the listed inbound tests (and other listed tests and articles above), Matousec testing results (since they can modify their tests and detect tactics a product might use to trick the tests), personal usage experiences (user friendliness, frequency of alerts, alert clarity, behavior/reliability during tests, etc. -- some of these seriously effect protection quality since many of the products rely on user responses), community experiences (wiki edits, forum user experiences, and, especially, the comments section below), installation/uninstallation/compatibility issues, memory use of active components as measured by Process Explorer, and comparison of features/settings of interest. All of my testing is on Vista (SP 2, 32-bit) of late.