Best Free Firewall

No other freeware product causes as much angst to users, whether in installation or day-to-day use, as a firewall. To find a stable and high quality firewall for windows often involves a process of trial and error. Firewalls should protect while not being too intrusive or too complicated to handle. This article gives you a selection of the best free software firewalls available.

If you want to learn more about firewalls, visit this excellent introduction on How Firewalls Work. Be sure to use only one software firewall at a time. But feel free to combine a hardware and a software firewall to improve protection. Additionally, most products highly recommend uninstalling other third-party software firewalls before installation.

Firewalls are increasingly useful to help you control the activities of Internet facing applications. It's becoming difficult to tell when applications connect online because they link so many of their features to Internet resources. Few programs stop to ask your permission. Often when you click for "Help," you find your browser launching and connecting to the Internet; sort of like asking your doctor for information and finding a needle in your arm instead of an answer. So, I predict that firewalls will be ever more important for privacy and control and choice.

I organized the article into three sections ranging from (I) broad protection and greater user involvement; (II) to basic 'firewall only' configurations and less user involvement; (III) to narrow protection and "set it and forget it" products.

I. Best Software Firewalls for Maximum Protection and Greater User Involvement

The following personal firewalls provide excellent network protection. Each firewall comes with default settings and shouldn't require tweaking except for the needs of advanced users. I provide some configuration and usage details since a little extra information may help you better answer popup alerts. I also give a few tips to help minimize alerts without letting malware through.

Still, they seem to require a fair amount of time to learn their features and they require more user involvement. But they are not as bad as the User Account Control (UAC) in Vista and they have various features that limit the extent of action required by you.

Oh, and I always create a drive image before installing a new firewall since they are known to give your PC serious problems if they conflict with anything. However, I installed and uninstalled each firewall several times during testing and had no problems.

Outpost Firewall Free is my top choice for users who want highly flexible protection without sacrificing usability. It was obviously made with average users in mind, judging by the care taken to simplify alert messages and make it easy to adjust intrusion prevention (or HIPS) monitoring. The default settings include port stealthing, self-protection, and an automatic silent mode for programs (such as games) entering full screen mode in addition to its inbound firewall and outbound HIPS components. The resource usage of Outpost is about half the size of the current version of Comodo.

The free version lacks many extras of the pay version, however, such as automatic updates, additional malware protection, anti-spam protection, and web safety features. Though, more annoyingly, the free version lacks helpful features such as breaking active connections you don't want. I also didn't like the automatic Outpost news updates, which place up-to-date advertisements for the Outpost Pro version in the interface. This being so, I see many user reports of satisfaction over Comodo and this is probably because of the extra care taken to reduce user involvement and limit outbound monitoring to a reasonable level.

The HIPS component is called "Host Protection" in the interface. It provides four default levels of protection, which can be easily set with a slider and additionally customized item by item by advanced users. The default "optimal" setting only monitors "most dangerous activities" instead of all program activities. So the default "optimal" settings lack protection from keyloggers, direct disk accessing, window hooking, DNS API request monitoring, etc. You can check the types of reduced monitoring by clicking the "customize" button in the Host Protection section. I believe the intention of the "optimal" level is to acclimate users to the firewall and provide more outbound protection than the windows firewall. After you get used to the firewall, you can increase its protection.

The installation asks users whether they want to train the firewall for a week (using its Auto-Learn mode and Rules Wizard). I'm not a fan of this feature (it's initially unchecked during the installation) and you can easily switch to it at any later point, say for an hour while you start using a new, trusted program. In my testing it greatly reduces protection during the time the firewall trains so (like with the other top firewalls) it's best to only train for short periods of time. One technical advantage over Comodo is that the self-protection component works well in all its levels of protection, whereas self-protection in Comodo depends largely on having Defense+ enabled.

Additionally, (along with the firewall from PC Tools) it's alert messages do not depend on the user to set "trusted" rules if they want to permanently automate HIPS alert responses for a program (in its maximum security settings). So it has the advantages of PC Tools firewall in usability and similar proactive security protection to Comodo in its maximum settings. Outpost also has a helpful feature to set rules automatically for known safe applications. Otherwise Outpost's maximum security settings are not much more user friendly than Comodo and Online Armor. It prompts the user with just as many popup alerts. And Outpost lacks some of the techniques used by Comodo and Online Armor to decrease the number of alerts in their maximum security settings, such as the more flexible safe programs list in Comodo or the security wizard in Online Armor. So Comodo and Online Armor have the potential to be less intrusive in their max settings, but the continual work and annoyance in configuring them reduces their advantages in user-friendliness, giving Outpost a considerable edge for many types of users.

If full featured security rather than ease of use is your criterion, then the Comodo Internet Security is the top contender. The firewall itself is very robust and includes an intrusion detection system (or HIPS feature -- called "Defense+" in Comodo). It also provides buffer overflow protection (a "memory firewall"), a training mode to automatically create rules for programs you trust, and a parental control password to automatically block all alerts (so children and inexperienced users do not make poor decisions on popup alerts). It's the only top, free firewall with full anti-keylogger protection. I found its "safe" mode setting for the Firewall quite user-friendly (in contrast to Defense+). On the minus side, the Defense+ HIPS is initially rather talkative, and this may unnecessarily alarm inexperienced users. The "Threatcast" community feature helps you respond to alerts by allowing you to see how others typically respond, but in my testing it rarely provided feedback. However, for the technically initiated who can cope with these annoyances, this is an outstanding free product.

During installation, it gives you a choice between three levels of security. The "Firewall Only" mode is discussed in the next section. The intermediate option mainly turns off some protection from Defense+, including some direct access monitoring. The "Proactive Security" configuration uses all Defense+ monitoring and increases in aggressiveness over the "Firewall Security" configuration. I recommend using the "Proactive Security" configuration (check this setting by right-clicking the tray icon and selecting configuration). You can reduce the number of popup messages you get and automate the behavior of Defense+ by (1) using the "Clean PC Mode"; (2) adding files to "My Own Safe Files" for safe mode; (3) treating applications that regularly need more access as trusted or blocked or isolated (etc.) when you get popup alerts about them. Though any of these require much knowledge and work on part of the user, and if the user gets frustrated they may allow malware through.

If you are fairly certain your PC is malware free, set Comodo to the "Clean PC Mode." In "Clean PC Mode" it automatically treats all applications on your drive as safe (but if any malware is currently hidden on your drive, it too would be considered "safe" in this mode). The exceptions to this rule are new files and applications. They get sent to a list of files "waiting for your review" in the "Summary" page. Files listed for review will be considered "possibly unclean" while you are in "Clean PC Mode" and will provoke popup messages. If you want to prevent initial alerts about these new files, you can manage the list before you run any programs listed in it -- you could empty it (if you are malware free) or add known safe applications to your safe files list. If you treat them as trusted or blocked (etc.) as you get alerts for them, this also automates the responses of Defense+ (even if you leave them in the list of new files waiting for your review).

It also has an alternative "Safe Mode" in which you will get many popup alerts at first. But Comodo limits these alerts by automatically allowing some known safe applications to run (unless you use "Paranoid Mode"). Also, if a safe program needs additional access to run, then Defense+ will alert you and you can decide whether to treat it as a "trusted application" (which, finally, ceases most alerts about it from Defense+ in every mode). If you don't add your everyday programs to your safe files list or treat them as trusted or blocked or isolated (etc.), Defense+ in safe mode seems to alert you constantly.

A solid contender is the free version of Online Armor Personal Firewall. The free version strips out its web shield (including a DNS spoof checker and a list of dangerous websites to warn you about or block). It has outstanding leak-test and HIPS performance (the HIPS feature is named "Program Guard"). And it also has the ability to set a password to block all alerts (which also makes it a "parental control;" just with a different name), but as with Comodo, this password lock will also block programs from running or accessing the Internet if user input is required. Though, its Program Guard also relies on user input and user interpretation to answer its numerous popup alerts, so this may be quite a challenge for average users. It will learn your programs so that alerts will eventually decrease over time with a combination of its automatic list of safe programs, your responses of trustworthy programs, and your on-demand scans with its "Safety check" wizard.

The installation is lengthy if you go through its "Safety check" wizard, but it will accomplish much of what you have to do manually in Comodo's max security modes: it will search your PC for programs to set as safe and it also uses its own list of safe applications to automatically allow programs to run or access the Internet. You can disable this automatic feature in the settings, but it uses an excellent popup message when it automatically allows a program (it doesn't require user action). It has a short learning phase after installation and you can use its learning mode to create automatic rules at any point later, say, for a trusted online game that gets constantly interrupted by firewall alerts. On my testing, you receive about as many alerts as Comodo's "Safe Mode" (with applications manually added to its safe files list). But I found the installation more straightforward and user-friendly.

Additionally, Online Armor was the most resource efficient on memory use. It also allows you to close both its tray tools from its right-click context menu. Both are not needed for the firewall and HIPS components to continue running and protecting, and even with the two tray tools active, it is still the most resource efficient firewall of all top contenders in this article (with PC Tools a close second).

Also a solid performer in the personal firewall class is PC Tools Firewall Plus. It provides a HIPS-like component through its "enhanced security verification," which asks the user for input about any possible malicious behavior. It relies on a whitelist of safe programs to reduce popup alert messages, so it will only ask you about unknown programs and it will remember your decisions. In the online help it discusses an option between silent and normal modes for this HIPS, but none exists in the program interface that I can find. In any case, it matched Online Armor's overall degree of protection in the Matousec tests, so obviously it's an excellent HIPS in performance. That said, it gave me nearly as many popup alerts as Online Armor and Comodo, and it still expects a learning curve and high level of knowledge from the user to respond to the many alerts. It also lacks most anti-keylogger protection.

However, one very surprising difference was the ease of installation and configuration. In fact, I didn't have to do anything; no searching for or adding programs -- it just installs and starts protecting your PC. But, of course, this means a few extra popup alerts will appear if you have rare and unknown programs not in its automatic list of safe applications. It seems to download this list with a "PC Tools Plus Service," but if you have a slow Internet connection you may experience an overall lag for any program connecting and using the Internet until the service finishes downloading. Like the other firewalls above, you can disable the automatic allow feature in the settings to take back control.

It also has a password feature that prevents users from setting permanent rules. But you can still run any program you want as long as you don't mind clicking "allow" countless times without use of the "remember this setting" feature (so it is not really comparable to the parental controls of Comodo and Online Armor). Though, it does have an interesting "Full Screen" mode or game mode that blocks all alerts while, say, you play a trusted online game. The program looks and feels user-friendly, with a simple setup and simplified alert messages, but still it's not for average users.

Please note: Currently PC Tools Firewall Plus does not support Mobile Broadband or USB network connections, an ethernet connection will be required for your connection to be correctly detected. The software will still install on your computer but will not function correctly.
 

II. Best 'Firewall Only' Configurations for Basic Protection and Less User Involvement

The same three firewalls above have alternate configurations (see below to configure them) that compare favorably to user friendly firewall products. These configurations accommodate the use of your favorite active anti-malware and HIPS programs, and they reduce the burden of answering chains of popup alerts and make them easier to manage for average users. Additionally, some users (of many degrees of experience) prefer to avoid advanced firewalls that employ a constant "security guard" that question them daily when they want to connect to the Internet, install a new program, play online games, or run their programs. The more you install and uninstall programs, the more the fancier firewalls need user involvement and extra work.

Outpost Firewall Free comes with reduced monitoring in its default settings. You can check this setting with a right click on the tray tool, click "Settings..." > "Host Protection" > the slider should be set "Optimal". This leads the section and is the best reduced monitoring configuration. It isn't quite a "firewall only" configuration, but it's much more user friendly than its maximum configurations.

If you disable behavior monitoring in the following firewalls, then they still provide excellent inbound protection, minimal/marginal outbound filtering, and additional features such as port stealthing.

First, of course, you must download and install the following software of your choice, then change their settings to reduce their level of protection/monitoring (in other words, disable their HIPS components). Here are the key settings to adjust:

• Comodo Internet Security: Right-click on its tray icon and set the "Defense+" feature to "disabled" or select the "Firewall only" configuration during installation. You will see the number of alerts significantly decrease like the others and I didn't notice a significant difference in usability from the other choices here (in this configuration). Comodo describes this as an excellent configuration for advanced users who use an alternative HIPS, but it also seems good for average users in my view (if not more so), especially when combined with a silent HIPS program.
• Online Armor Personal Firewall: Right-click on its tray icon and uncheck the "Program Guard" to disable the HIPS component (or do the same in the interface options). Be sure the firewall component is turned on, though! This would be an excellent, user-friendly choice for this sort of configuration and for use with other security layers of your liking.
• PC Tools Firewall: Uncheck "Enhanced Security Verification" and it will let you easily open your everyday applications without annoyance, but, of course, this includes malicious programs too as with Comodo & Online Armor in this basic configuration.

All three will still ask you whether unknown programs should have access to the Internet, but they will not worry if you start OpenOffice Writer to compose your next poem. They also seem to remember your responses to alerts in a simple, straightforward way. Additionally, all three have a list of programs they automatically allow. For example, I noticed that none of them asked whether Firefox should be allowed to connect online. Though, they did alert me when some of my other lesser known programs tried to go online for updates. So there will still be a learning curve in dealing with popup alerts, but the alerts settle down quickly once the firewall has a good list of rules for your Internet-bound software.

Though, these configurations will lose you important protection from malware running on your PC, such as root-kits, keyloggers, Trojans, viruses, or spyware, and dramatically increases the chance such malware will successfully make outbound connections (if you're without other security software). You would need additional security software to supplement these configurations. We have articles on options such as virtualization, HIPS and anti-malware. These are important security layers to help safeguard against malware and prevent it from harming your PC or from making outbound connections to steal your personal information or take control of your PC.

For average users who want to try an alternative, simple and lightweight free firewall, Sunbelt-Kerio Personal Firewall causes very little annoyance for the user in its default settings. Yet it also manages excellent inbound protection, with marginal outbound protection. Its 'no popup' configuration disables "Application Behavior Blocking." If you use its feature for advanced users, the behavior blocker, then its protection is better and it superficially operates more like the top three firewalls (except its performance isn't in their league). You would also have many popup alerts to handle at least initially. Some advanced features are automatically turned off after the 30 day trial period and some users experienced system crashes in the past. But I had no problems with it in my recent testing. Other user friendly alternatives include Ashampoo FireWall Free and ZoneAlarm Free Firewall.

III. Best Firewall for Novice Users

The built-in windows firewall is an excellent choice for novice or impatient users since it avoids the hassle and confusion of incessant alerts while employing excellent inbound protection. This may sound unusual; a Gizmo Freeware article advocating the use of a built-in windows product -- almost seems impossible. Most novice users, however, are simply not prepared to reliably handle the numerous popup alert messages of the best firewalls on the market.

Windows firewall is lacking against outbound malware threats, but users who merely click "yes" to each and every alert they encounter will not have the level of protection they think they have (and certainly not if the user gets so frustrated that they uninstall their maximum security personal firewall).

Additionally, it does not require installation, so it's the least likely to conflict with other programs or your PC. If you are fairly sure no malware exists on your computer and you have no use for the other features of a personal firewall, then windows firewall is actually a practical and useful solution.

Please help us by rating this review.

Related to Firewalls:

• Matousec Personal Firewall Tests Analyzed
• Best Free Intrusion Prevention and Detection Utility for Home Use (HIPS)
• HIPS Explained

Related to Security:

• Best Free Antivirus Software
• Best Free Adware/Spyware/Scumware Remover
• Best Free Trojan Scanner/Trojan Remover
• Spyware Removal Guide
• Best Free Browser Protection Utility
• Best Internet Safety Check Freeware
• Gizmo's Guide to Securing Your PC
• How to Surf More Securely
• How to Improve Your Security When Using a Public Terminal
• Free Password Manager: LastPass, TSA Article
• Best Free Encryption Utility

Related Firewall Testing Sites:

• Matousec Proactive Security Challenge
• GRC ShieldsUp!, Audit My PC, etc. (there are many of this type)

There are four major ways to send feedback: registered users can contact me directly here or in the forum under Contact Info. Registered users may also post in the forum. And anyone can post a comment at the bottom of this page.