Best Free Firewall
No other single product class seems to cause as much angst to average users, in their installation and day-to-day use, as Firewalls.
For such users, Sunbelt-Kerio Personal Firewall is our top recommendation, as it seems to cause the fewest problems yet also manages reasonable protection.
Kerio dropped the product in late 2005 but, thankfully, Sunbelt Software, the makers of the excellent CounterSpy anti-spyware scanner, picked it up and continue to make it available. The free and paid versions of Sunbelt Kerio are the same. If you don't buy the product, some advanced features are automatically turned off after 30 days. The product will also nag you every time you start it. For some, this is a small price to pay for a great free firewall. For others, it's a real turnoff.
If performance rather than ease of use is your criterion, then the Comodo firewall is the top contender. The firewall itself is very robust, and the just-released version 3 includes a well-designed intrusion detection system and Vista compatibility. Comodo also supports internet connection sharing, whereas the free versions of Kerio and ZoneAlarm do not. On the minus side, the IDS is initially rather talkative, and this may unnecessarily alarm inexperienced users. There have also been reports that the new version 3 has some bugs, so it may be better to wait a couple of months until it's stabilized. Additionally, Comodo has been known to conflict with some other security products. However, for the technically initiated who can cope with these annoyances, this is an outstanding free product and an easy first choice. Make sure that you install it in "Advanced" mode, because the "Basic" installation has the HIPS, which includes the leak test protection, disabled.
A recent contender is the free version of Online Armor Personal Firewall V2, which has been getting praise for its outstanding leak-test performance and ease of use. We were impressed with the full commercial version, but as we've yet to test the cut down free version, we're reluctant to make a recommendation. The feedback we've been getting from users has been very positive.
Also technically impressive is the Jetico Firewall. It rates highest on the leak tests of all firewalls, but I find it awkward to use. It may, however, suit you.
Another tricky product is NetVeda Safety.Net firewall. It's performance is quite outstanding and it also offers application control and content filtering. This highly capable product deserves to be better known, and experienced users should definitely put it on their short list.
We no longer recommend the free version of the ZoneAlarm firewall. First, it is a very basic product compared to the commercial ZoneAlarm Pro version. The leak-test performance of the latest free version is extremely poor, whereas the Pro version is excellent. The download also includes the large commercial ZoneAlarm suite, so be careful not to install it. ZA free does have the advantage of working with Vista.
Product Details
Sunbelt-Kerio Personal Firewall
Website: http://www.sunbelt-software.com/Home-Home-Office/Sunbelt-Personal-Firewall/
Download link: http://www.sunbelt-software.com/Home-Home-Office/Sunbelt-Personal-Firewall/
Author: Sunbelt Software
Current version: 4.5.916
Version date: April 26, 2007
Download file size: 6.27MB
License: Freeware
Operating systems supported: Windows 2000/XP, Vista
Additional software required: None
64 Bit capable: No
Portable version available: No
Non-English languages supported: Yes
Comodo firewall
Website: http://www.personalfirewall.comodo.com/
Download link: http://www.personalfirewall.comodo.com/download_firewall.html
Author: Comodo Group
Current version: 3.0.25.378
Version date: May 30, 2008
Download file size: 18.6MB
License: Freeware
Operating systems supported: Windows Xp/Vista
Additional software required: No
64 Bit capable: Yes
Portable version available: No
Non-English languages supported: Yes
Other relevant information: Version 2.4 is available for Windows 2000
Online Armor Personal Firewall V2
Website: http://www.tallemu.com/product_overview.html
Download link: http://www.tallemu.com/downloads.html
Author: Tall Emu Pty Ltd
Current version: 2.1.0.31
Version date: November 16, 2007
Download file size: 9.92MB
License: Freeware
Operating systems supported: Windows NT/2000/XP; Vista Support in near future
Additional software required: None
64 Bit capable: No
Portable version available: No
Non-English languages supported: No
Other relevant information: Free version doesn't include Mail Shield (spam filter) or automatic updates; could cause conflicts with F-Secure AV
Jetico Firewall
Website: http://www.jetico.com/jpfirewall.htm
Download link: http://www.jetico.com/jpfirewall.htm
Author: Jetico, Inc.
Current version: 1.0.1.61
Version date: July 19, 2005
Download file size: 2.7MB
License: Freeware
Operating systems supported: Windows 98/Me/NT/2000/XP
Additional software required: None
64 Bit capable: Yes
Portable version available: No
Non-English languages supported: Yes
Other relevant information: Free Version has become outdated; No Development or Support seen in the near future to upgrade this version
NetVeda Safety.Net firewall
Website: http://www.netveda.com/consumer/safetynet.htm
Download link: http://www.netveda.com/downloads/index.htm
Author: NetVeda
Current version: 3.8.1
Version date: October 7th, 2007
Download file size: 4.31MB
License: Freeware
Operating systems supported: Windows 95/98/Me/2000/XP
Additional software required: None
64 Bit capable: No
Portable version available: No
Non-English languages supported: No
Other relevant information: Email Address required as registration
ZoneAlarm free firewall
Website: http://www.zonealarm.com/store/content/catalog/products/sku_list_za.jsp
Download link: http://www.zonealarm.com/store/content/company/products/znalm/freeDownload.jsp
Author: Check Point Software
Current version: 7.0.462.000
Version date: December 14, 2007
Download file size: 205KB
License: Freeware
Operating systems supported: Windows 2000/XP/Vista
Additional software required: None
64 Bit capable: No
Portable version available: No
Non-English languages supported: Yes
This software category is maintained by volunteer editor Clint Morissette.
Delicious
Digg
Technorati
Online Armor is the great performer in all kind of todays firewall for me praise for it
-mark, "the poor"
Hi
For those who might still be interested in my private research I have now completed evaluation of DSA on my test PC. After trialing with various firewalls have found it and Jetico (free) to be the perfect combination. Of course DSA won't work very happily with the likes of Comodo or OA but if you prefer on of these "all-in-one" solutions then you won't really need DSA anyway. You will need to be patient with DSA in the early stages as it builds memory during the "training period" and some applications will need to be added manually to avoid involuntary reboots (modem dialer, CD Burner XP from my line up) other than that an excellent performer. Jumps in first time to block all the leak tests too. So, I now have just about the best "true" free firewall in Jetico partnered with all the additional protection I need from DSA without having to navigate my way through the extra "Comodo" of bells and whistles!!
MIDNIGHTCOWBOY
So you paired DSA (a Free HIPS)with Jetico Personal Firewall v.1.0 (a Free Firewall)to get a Free Firewall+HIPS combination.
Matousec's Latest Results
[http://www.matousec.com/projects/firewall-challenge/results.php]
-Dynamic Security Agent (DSA) 2.0.11.22 is a -Poor- Performer.
-The -PAID- version of Jetico (=Personal Firewall 2.0.2.4.2264)
***NOT the Free version (=Jetico Personal Firewall v.1.0)***
scores lower than BOTH
a) Comodo Firewall Pro 3.0.22.349
and
b) Online Armor Personal Firewall 2.1.0.131 Free.
If you don't like the
(many users don't like it, too)
then,
Online Armor Personal Firewall 2.1.0.131 Free is an ideal option.
With the friendliest Free HIPS ever made,
it offers a better protection than your combination: DSA + Jetico Firewall v.1.
Hi
DSA already has a firewall (with SPI I think), it's just not very configurable. So I don't really see the reason to use Jetico as well? There could be conflicts, and not much added protection.
Thanks
I am an average user, i.e. with limited computer knowledge, XP Home SP3, using Comodo 2.4 (latest Swedish version), NOD32 2.7, ThreatFire 3.5 and Webroot´s Spy Sweeper 5.5 (without antivirus protection). As an average user I want some basic security peace of mind, and I have now used Comodo for several months, which, however, quite often creates uneasiness due to security warnings of the following kind (trying to translate from Swedish).
Security warning: Full red. Generic Host Process for Win32 Services tries to act as server. What do you want to?
Details: Program svchost.exe, IP address and Port, Source services.exe.
Security considerations: C\WINDOWS\explorer.exe has tried to use svchost.exe via OLE automation, which can be used to take control of other applications. Perhaps explorer.exe uses scvhost.exe to connect to Internet.
I am now given the choice to Permit or Refuse. The problem is that the security warning information is of no use for me. How can I make a sound choice? Would I be better off using e.g. the Sunbelt-Kerio free version?
If you really need a firewall, I would recommend Online Armor. Its less cryptic than Comodo but does offer solid protection.
Thanks for your comment, which I have missed until now. You say "If you really need a firewall" - do you really mean that it is´nt necessary?
Hi
Well I guess he means you'll do fine with the Windows Firewall.
In terms of performance, footprint, support, and easiness of use, my favorite is Online Armor. After running it for a few weeks to create rules, I hardly know it's there except when installing new programs. I previously tried ZoneAlarm, which was bulky and memory-hogging, and Comodo, which was very intrusive and conflicted with other software on my computer.
I have been using Online Armor Free version for almost a year, and have nothing but praises for it's format and ease of use. I have tried Sunbelt paid version, Commodo Pro, and Zone Alarm. Online Armor uses less system resourses and shuts down the unwanted, much more effectively.
Even though Online Armor Free is a pretty good product, your guys should try jetico 1 to see which one has smaller footprint and cpu usage.
What do you think about PCTools Firewall Plus ?
Have you tried it ?
Martin
Why don't you mention Windows XP or Vistas own in-built Firewall?
What's wrong with that one? Is it so much worse protection than the once you mention?
Thanks!
Hi
Once you get infected with malware or some virus, some of them try to send your important data or information from your computer to internet... in this case windows inbuilt firewall wont warn you. in other words windows firewall provide only inbound protection it doesn't provide outbound protection... that is the possible reason why it's not recommended here...
I think a personal firewall is not necessary on a clean system, but if your system is acting strange I would recommend a firewall to sort out the problem.
That is a bit silly, you can also say antivirus and antispyware are not necessary "on a clean system, but if your system is acting strange I would recommend" an antivirus and antispyware "to sort out the problem". Do yourself a favour, focus on prevention.
Prevention starts with watching what you download. Windows firewall does protect your computer from inbound attacks. Outbound attacks should be detected by your antimalware software when you download a rogue program. It all depends if you are a risky downloader or not. Just make sure to scan whatever it is you download and you should be okay. It works for me. It just best to prevent malware from installing on your system, instead of trying to find it on your system.
I have heard of computer running without any protection alot recently.
The only point is restrict your access......
That sounds similar to relationship between sex and condom.
There is enough reason not to use condom, and there is also enough reason to use it.
Moderator: I hope this is not out of place.
I am trying understand why we need to have a software firewall - if we have a hardware firewall installed? That is if you have a WRT54G Linksys router (most commonly used with laptops in the home) with the DD-WRT firmware update installed. Or, even the ActionTec Modem for folks that are on FIOS..
Why do you need both a software firewall when you have a hardware firewall enabled?
Thanks,
Kent Dyer
Hardware firewalls, like the one built into most routers, are great for most people and will protect their computers 99% of the time. But the shortcoming of the router's firewall is the same as the built in window's firewall, they block incoming packets but nothing outgoing. So if you DO get a virus or some other malware that keylogs your credit card numbers, passwords, and other personal information there is nothing from stopping it from sending that information out. Another thing is that laptop might be safe at home on your firewall network but if you take it out with you someplace, is it going to be safe on some other network?
I don't use any other firewalls other than the hardware firewall in my linksys router and the Windows firewall built into Vista. But most people don't know the risk as well as I do. They don't format and clean install their OS every 6 months or use Virtual Machines to test software before installing it on their main systems.
I recommend a software firewall to everyone who wants to be as secure as they can be.
I don't think you really know how a firewall works. And the confusion is not your fault; it's the leaktests. Inbound-outbound protection against malware is not the core technology of a firewall; this is the Intrusion Prevention/Detection component, which Windows Firewall and router firewalls do not have. And IPS/IDS is not exclusive to firewalls. You can get this separately, ThreatFire being one example.
The core technology of the personal firewall is SPI (Stateful Packet Inspection). The firewall's kernel driver keeps track of inbound traffic on a "state table." When you make an outbound request for data from a server, like when you type a URL, type a query into your search engine, or update your antivirus software; a "SYN" packet is sent to a remote server. The server responds to your computer with an "ACK" packet, acknowledging that the request has been accepted. Your computer then completes the "three-way handshake" with a complete "SYN-ACK" packet, and the server starts sending you the information you requested. Your firewall admits all incoming packets from this server's IP address in sequential order, through a predetermined port.
If a third party you never solicited attempts to connect with you, the firewall checks the packet headers against the information in the state table. If the IP address or port number(s) do not match, or if the number of the packet is out of sequential order, the packet is dropped. This is how the personal firewall works. Anything else is separate technology, such as leak protection, application behavior blocking, HIPS, and NIPS. And depending on the capabilities of the other components in your apparatus, these extras aren't always necessary.
Hi,
Footnote to the footnote about Dynamic Security Agent - day three of my installation and it crashed me out when I tried to launch Gnumeric and again with CDBurner XP. One of these launches from Stardock and the other from the tray (Kaufman) so maybe there is some process conflict here? Also, it won't work with Sygate (complete freeze when attempting dial-up access to the net) despite what the makers say in their blurb about not conflicting with installed firewalls. Anyway I have now moved DSA onto my test PC so that I can evaluate it's potential and weaknesses with greater accuracy (and calm!). Best to be forewarned though in case anyone else is thinking of trying this programme. Pity really because I do like the additional features and information it gives over and above what you would normally get from your average anti-M app. My wife said "no wonder it's free", but then so are Avira, Threatfire, Advanced Windows Care and CFP3 - and you can't get much better than them! I've emailed Privacyware and will post if I get a response.
MIDNIGHTCOWBOY.
If the DSA is a firewall, it should not go with Sygate together. No one suggest you to install two firewall at the same time on one system. One exception is windows firewall, especially xp firewall, which I have not heard any conflict with other firewalls installed, even the other firewall will not always automatically disable it.
I didn't try DSA, but I think that SSM 2 free should not belong to a firewall. It is a hips. So what the MatouSec's leakage test is not strictly a firewall test. The leaktest, however, should be the functionality of Hips or Antimalware, or the combination of several categories. Especially something like Keylogger. A conclusion, don't take matousec's result too serious. That is not everything about firewall. But it is really useful for some simple comparison, say, ZA free and jetico 1, 30M vs 3M download size, for the basic firewall functionality, but leaktest result reversed.......
Jetico 1 is a wonderful firewall, but it is not for everyone. Sygate is another choice. Modern things like Online Armor Free is good if you are not using torrent too much ---- I personally have the experience that once utorrent starts, net surfing is extremely slow.
Also the combination of the software should be carefully chosen. A firewall with hips + hips + antivirus with hips will create enough popups to drive you crazy, suppose you are using a powerful system. With a outdated system running several modern "powerful" security softwares together, most of the time you are waiting.
My favorite combination on my P4 2.4G system was Jetico 1 + AVS + winpatrol, plus on demond ad/spyware scanners. Simple and fast.
I forgot to say that my second attempt to install two firewall together ended up with reinstall system ---- xp didn't crash, while it get very slow when sensiveguard is added onto another firewall I can't remember. I was trying firewalls and forgot to remove the last one I tried. System extremely slow, lost networks, even after I removed both and did some repair. So I learned that the what expert suggested is worth listening, previously I have sygate and safetynet run together for a while.
I didn't hear that hips can't run together, I have some simple running together, winpatrol and teatimer, only problem is too many popups. And they must allow each other.
I didn't find anti sypyware can't run together, because the freewares normally install real time protection
I didn't try two antivirus running together, because some experts said we should not do that.
Greetings,
You might find that the latest version of WinPatrol (http://www.winpatrol.com/) is enough without the need for Teatimer. (Spybot itself is becoming less effective as time goes by.)
WinPatrol is compatible with virtually all versions of Windows and is far more effective, apart from the fact that it also adds more control over your system than the Windows Task Manager.
If you'd still like additional protection, instead of Teatimer, you might consider the paid-for version of Malwarebytes' Anti-Malware (http://www.malwarebytes.org/)
It has a "Protection Module" which safeguards your system.
Also, there is Threatfire (http://www.threatfire.com/) as has been suggested elsewhere in this thread.
As regards the advisability of running two firewalls, AVs or AS' at the same time ...
The main problem is the fact that they'd interfere with each other.
This is particularly the case with two firewalls or two anti-virus applications.
In both cases, it's like having two doormen or "bouncers" on a door - they start arguing over which of them is actually doing the job. As a result, all sorts of riff-raff get through!
In the latter case, it's their "active" or "real-time" protection which would result in their interfering with each other, as explained above.
If you do have two AVs - NOT firewalls! - you could set one as the "real-time" protection and keep the other as a "on-demand" scanner (weekly, monthly, etc). Even so, you'd still have to disable the real-time protection of the first before running the other - if you're connected to the internet, disconnect first before disabling the "real-time" protection and running the "on-demand" scanner.
You could try to run two anti-spyware/malware scanners at the same time - but this wouldn't be the best thing to do. They'd tend to trip each other up as they detect each other's executable, although some scanners seem not to mind.
Kindest regards,
James
(aka Dragan_Glas @ CastleCops)
Does any one know of a better site than matousec.com that does test firewall.
Hi
I saw Gizmo mention this link.
http://www.testmypcsecurity.com/view_results_xp.html
Though both these sites only test the outbound protection.
Thank you very much for the site. The site has Comodo in first place followed by the paid version of Online Armor, not the free version.
Thats a good question, I am curious toknow if anyone knows of another firewall testing site that is similar to matousec.com. I would like to have a second opinion.
I was using "Online Armor" until recently it started causing some serious problems (on 3 different PCs) and all problems where related to file/folder sharing, in any case here's the latest leak-test chart I could find, feel free to check it out because IMHO you might need to re-arrange the best free firewall list according to these new test results.
http://www.matousec.com/projects/firewall-challenge/results.php
Edit: Sorry, I didn't notice that "Shane" already posted that link.
Post new comment