Best Free Firewall Protection

Read this article in Spanish

Introduction

Firewalls help monitor your system's communications between your network and the Internet, to help detect, alert, and prevent intrusions and attacks. They are particularly useful for controlling the activities of Internet facing applications, ie. applications that access the internet.

Firewall products are arguably one of more cumbersome software products to use and have a reputation of causing user angst - to find a suitable product that meets individual users' needs may involve a process of trial and error. A good firewall should be able to protect to user at a near-perfect level, while not being too intrusive or complicated to handle. The type of user, including what the user usually uses their computer for, may very well determine the functionality or feature set that is necessary for each individual user. In this article, we give you a selection of some of the best free firewall software, in our opinion, that is available. Our reviews and recommendations are made taking into consideration both editors' and site visitors' experience, opinions, and comments. As always, if you have more to share on your experiences with the software products mentioned and/or freeware firewall products that you like, we would love to hear from you. Please refer to the comments section at the bottom of this page.

Firewalls come in two flavours; software based and hardware based. Software based firewalls (which is what we will cover in this article) reside on your machine, running in the background in order to keep a watch on things. To avoid potential conflicts only install one (third-party) software firewall. Also, in order to achieve the best combination of protection, we would strongly suggest to use a hardware firewall (such as a router) in conjunction with a software firewall. Modern routers usually have a built-in firewall, helping to filter out content before your machine; consult your router documentation for more details. Of course, for portable devices such as laptops, you may use it to connect to other outside networks which may or may not have the hardware based protection. In this case, having a software firewall is even more crucial.

Basic firewall protection is critical for securing your PC. Simple firewalls (like the default Windows firewall) limit access to your system and personal information, and silently protect you from inbound threats. We review basic third-party firewalls as well as the built in Windows firewall, and look at features such as monitoring programs that request outgoing Internet connections (we call this "outbound protection").

Basic firewalls generally only have limited protection; proactive firewalls offer more extended protection, including HIPS or program monitoring (HIPS Explained), and watch for malicious behavior before malware gets a chance to take control of your PC or turn it into a botnet drone. They seek to achieve stronger "2-way" protection, preventing programs from broadcasting your personal information to the Internet. The downside of such firewalls are that it may be harder to use and/or require more memory consumption. Also, there is a greater risk of HIPS software causing conflicts, errors, or otherwise cause other issues with your PC.

Some kinds of malware are best detected by their behavior, so a proactive firewall (or firewall/HIPS combo) is a solid second layer of protection next to your antivirus program. It is an excellent option for high risk users. However, it's plausible to argue that a good resident antivirus will stop some malicious threats before they get a chance to make it to the Internet anyway. Many of the top antivirus programs are starting to provide behavioral blocking and extended scanning of network activity. Nevertheless, it is important to use basic or proactive firewall protection, antivirus software for active protection, and safe practices in order to minimize the risk of malware on your PC.

You can "upgrade" (for free!) your security by reading the documentation and learning about proactive firewalls or HIPS programs, or using other protection like least-privileged user accounts and/or Sandboxie or GeSWall. This information, and more, is available on various parts of our website.

[show-hide toggle]

Basic Firewalls

The built-in Windows firewall is a common choice since it passes all inbound tests (both stealth and open port) and doesn't have many popup alerts. It doesn't require a separate software installation, as it comes built-in with modern versions of Windows. Therefore, it is not likely to conflict with your other programs. And many average users may not reliably handle the popup alerts of the more complex firewalls on the market, especially at their max settings. Newer versions of Windows also feature an updated, improved version of Windows firewall that is much better than prior versions of Windows.

If you scan clean for malware, don't want/need the additional features of a third-party firewall, and are a relatively low risk user, then the Windows firewall is likely a practical and useful solution.

Alternatively, you can replace the Windows firewall with a basic third-party firewall for greater control of outbound protection and additional features. Most simple two-way firewalls ask you to allow or deny Internet access for unknown programs. Many also automatically allow trustworthy apps and remember your decisions to become silent over time. However, these software require additional configuration of settings, especially at the outset.

Windows Built in Firewall

A firewall built into Windows with no separate installation required.

Our Rating:

Gizmo's Freeware editor award for the best product in its class!

License: Commercial

Built in to Windows, no separate installation needed, simple and easy to use, effective, passes all tests, no nagging or annoying pop ups, runs seamlessly and quietly in the background, significant improvements since initial version in XP. Likely suitable for most day to day use.

Primarily incoming connecting protection only. Advanced user interface is not user friend - this interface may not be suitable for beginner users. Would be very beneficial complemented by a third party tool such as Windows 10 Firewall Control. Windows XP's version is very basic and lacks any outgoing protection. May not provide adequate protection for "high risk" users.

Read full review...

TinyWall

A lightweight firewall solution that works with the built-in Windows Firewall.

Our Rating:

License: Free

Lightweight basic firewall; simple yet effective. Non-intrusive program with no pop-ups. Ability to recognize associated processes when white-listing programs. This program could be a good choice for those not familiar with computers, as it does not require advanced knowledge to use.

No user dialog; everything is accessed from the pop-up menu. Not necessarily a bad thing, but may be different compared to what most are used to. Cannot select where to install the program. Requires .NET framework.

Read full review...

Windows 10 Firewall Control

A good choice to supplement the Windows built-in Firewall and compatible with Windows XP and higher.

Our Rating:

License: Free (Limited features)

Simple and effective; uses Window's built-in firewall platform so no third party kernel drivers are needed. Very small footprint. Three modes to choose from (Normal, EnableAll or DisableAll). Great for complementing Windows' built-in firewall.

May be a bit annoying to use at first since the user must configure the initial rules for all their applications; no training mode. The dialog box that pops up to allow/disallow a particular program has a lot of information, some of which may not be too user friendly to beginner computer users. Online manual could be more comprehensive.

Read full review...

ZoneAlarm Free Firewall

A well-established inbound and outbound OS firewall solution suited for users of every level of experience.

Our Rating:

License: Free (Limited features)

Solid inbound firewall, stealth mode, user friendly, customizable settings, anti-phishing protection, and hosts file lock.

Inadequate HIPS or program monitoring protection. No High setting for program access in Free version. In spite of available automatic update option, updates almost always must be performed manually. Help file designed for commercial version.

Read full review...

Firewalls with HIPS Protection

The following personal firewalls provide an advanced level of network and HIPS protection. Each firewall comes with default settings and, depending on the users' needs, may or may not require much adjustments.

It should be noted that firewall products in this section require more time to learn and configure, and are more complex to use than basic firewalls. There is also a higher risk of conflicts and problems arising on your system. Since firewalls are often praised for their security effectiveness at their max settings, users will likely have lower protection than mentioned by independent testing sources, such as Matousec, for practical day to day use. All of the product vendors seek to provide user friendly features, sometimes incorporating reduced levels of protection in their default settings by decreasing some HIPS monitoring. In other words, these firewalls may be more suitable for more advanced users, as well as those that are more "high risk".

Privatefirewall

A proactive multi-layer security solution with behaviour blocking and standard firewall protection.

Our Rating:

License: Free

Effective proactive security and stealth, one of the lightest of all tested firewalls on memory, simple setup (no nags or ads!). Easily choose between 3 network profiles. Has a unique "email/system anomaly detection" feature, which trains over 7 days by default. Quick to respond to queries / feature requests.

No automatic installation mode (but it has a training mode in "Settings" > "Advanced"). The tray icon flashes for log events instead of network activity per se. Program may be more suitable for advanced users due to the complex user interface and features. Program is still supported, however there appears to be no active development or updates currently.

Read full review...

Comodo Firewall

A good choice for lightly-skilled and advanced users seeking a full featured security suite.

Our Rating:

License: Free

Its Defense+ HIPS performance exceeds commercial products and leads the class, it includes a "memory firewall" feature, and it allows you to quickly switch between Defense+ security modes and configurations. Includes automatic updates. Installation can automatically configure your PC to use the Comodo SecureDNS (but you can do this without installing CIS).

No built-in help. Despite not installing the AV component, the AV files are still placed in the Comodo program folder. Possible problems when uninstalling program; remnants of the program are sometimes left on the computer.

Read full review...

Summary

Both types of firewalls (basic and HIPS/proactive) both have their benefits and drawbacks. While HIPS software do offer greater protection and control of your machine, it naturally requires more user interaction and resources, making such software not the easiest to use. There are more settings to configure and it is more complex to use than the basic firewalls.

On the contrary, basic firewalls are generally simpler to use and may be easier for the user to adjust and learn how to use it. Comparatively, they do not offer as much protection as HIPS software; for example, they cannot detect suspiciously acting software behaviour, as it primarily filters incoming and outgoing internet traffic.

If you are an advanced computer user and/or are a "high risk" user, then the increased complexity of a HIPS firewall may be the best option for you, as it offers you the maximum protection available (in this regard). However, for most average users who use their computer for regular day to day use, a basic firewall is probably more than adequate. For these latter parties, a HIPS firewall may simply be going overboard as the increased features, complexity, and configurations are unnecessary.

Additional Tips / Precautions

Before installing new resident security products, including antivirus and firewall programs, consider making a full drive image. By creating a full drive image you are able to restore your entire computer back to a previous state in the event your system becomes completely unresponsive. Drive imaging allows you to recover from unintentional conflicts as well as severe malware infections. Everyone's system is unique and may have old, latent drivers that may be incompatible with whatever you are installing, causing problems with your system. Newer versions of Windows have a built in "Complete PC Backup and Restore" feature, or you can use a free drive imaging program.
To cleanly uninstall your (third-party) firewall before installing a new one, you may consider using ZSoft Uninstaller to analyze before and after the installation. If you haven't used it on your current firewall, try Revo Uninstaller (or other vendor or Windows uninstaller), check for leftover services and drivers with Autoruns, and restart your computer.

Other/Unsupported Firewalls

The following firewalls are now unsupported by their vendors. This means they have been discontinued and/or are no longer offered by the software publisher. While they may still be available for download, they may contain undocumented bugs or stability/security issues that will not be addressed. These reviews are archived for information purposes only. Unless you run an older Windows system with no other current firewall programs available, we would suggest using another program that is currently active.

Online Armor Free's HIPS feature is mostly in its "Program Guard". It has a feature called "run safer" that allows you to selectively set risky applications (web browsers, office software, readers/viewers, instant messengers, email or news programs, multimedia software, download managers, etc.) to run as if under a limited user account (go to "Programs" tab > uncheck "Hide Trusted" > highlight a program and click "Run Safer"). It minimizes popup alerts over time with its automatic list of safe programs, your on-demand scans with its safety check wizard, and your responses to popup alerts -- especially in cases where you tell it to remember your decisions and have it treat programs as trustworthy.

Run the wizard and have it search your PC for known programs to allow/block/ask. In this case, Online Armor relies on you to respond to alerts for unknown programs. For the curious or paranoid user, it uses excellent popup messages when it automatically allows a program to connect online and, optionally, when it automatically trusts a program/process to run (these alerts don't require user action and they can be enabled/disabled in the interface with "Options" > "Firewall", and "Programs" > "Options"). For example, I noticed a message when it auto trusted a key logger test, but after I set the tester to untrusted, it gave very informative and detailed security alerts (and then it passed the test and logged the tester in the interface under the "Key Logger" tab, but it only logged the key logger after the test was untrusted). You can even close both its tray tools from its right-click context menu. They are not needed for the firewall and HIPS components to continue running and protecting.
AVS Firewall differs from other regular ones in that it comes with additional protection modules; namely a registry defender, a banner blocker, and parental control options – it is something like a suite. The firewall itself does not have as many configurable options as some of the firewalls listed on this page, but the standard selections are still there – off, which turns off the firewall; custom, which allows you to set your own connection rules; and high, which blocks all connections.

Each section of the program is displayed clearly; navigation is through the menu on the left. Alerts are generally clear and straightforward, as is configuration.

The registry defender protects the registry from being modified, with the option of only protecting select categories. The parental control limits the list of websites that can be accessed, but you must manually add each website to be trusted, ie. You cannot block specific websites; you can only allow certain websites. The anti-banner component blocks undesirable web page content including ads, flash banners, pop-ups and the like. All three of these additional modules can be disabled independently as desired. AVS Firewall also comes with a monitoring utility so you can check the size of network traffic which is sent and received by each application.

During installation of this firewall, the installer automatically installs the AVS Software Browser; there is no option to opt-out of installing this, but the program can be removed separately after installation with no effect on the actual firewall program. The installer also has a pre-checked option to install AVS Registry Cleaner, and it is recommended that it is unchecked so the installer does not install it. Therefore, while the software has some additional features not found in your everyday firewall program, most of those features can be found in other third party programs.
Outpost Firewall Free by Agnitum software technology is a good choice for users who want highly flexible protection without sacrificing usability. It appears to be built with average users in mind, judging by the care taken to simplify alert messages and make it easy to adjust intrusion prevention (or HIPS) monitoring. For example, it remembers your responses to popup alerts without the need to set "trusted" rules (like in Comodo/Online Armor), and like Online Armor it notifies you when it automatically allows an application to access the Internet (especially helpful during the learning phase).

The free version lacks many extras of the pay version, however, such as automatic updates and the ability to break active connections. The HIPS component is called "Host Protection" in the interface. It provides four default levels of protection, which can be easily set with a slider and additionally customized item by item by advanced users. The default "optimal" setting only monitors the "most dangerous activities" (such as memory injections, driver loads, and a healthy list of system critical features -- auto starts, shell extensions, and internet settings) instead of all program activities. But these "optimal" settings lack protection from keyloggers, direct disk accessing, DNS API request monitoring, etc. You can check the types of reduced monitoring in "Settings..." > "Host Protection" > "Customize...".

Agnitum has now been acquired by Yandex. As a result, Agnitum has discontinued support and sales of the Outpost product line.

Other Unsupported Firewalls for Windows 95-2000

Sygate Personal Firewall (Windows 2000/XP/2003)
NetVeda Safety.Net (Windows 95/98/Me/NT/2000/XP, requires registration)
Ashampoo FireWall Free (Windows 2000 SP4, XP SP2)
Filseclab Personal Firewall (Windows 95/98/Me/NT/2000/2003/XP, 32-bit)

[show-hide toggle]

Related to Firewalls

Security Guides

Security Products

Inbound Vulnerability Tests

Nessus (open ports test, vulnerability scan)
GRC ShieldsUp! (stealth test)
Audit My PC (open ports test)
Nmap Online (open, closed, filtered, unfiltered ports test)
Security Space (open ports test)
Symantec Security Scan (open ports test)
SecurityMetrics (stealth test)

Outbound Vulnerability Tests

Matousec Proactive Security Challenge (testing suite results)
Matousec SSTS/BSODhook (a suite of tests for experts). It may receive antivirus warnings, but they are false positives.

Learn More

How Firewalls Work
Wilders Security: Firewall Questions for Beginners
Microsoft: Firewall FAQ
US-CERT: Understanding Firewalls
OnGuard Online (threat information)

Editor

This software category is maintained by volunteer editor Tim. Registered site visitors can contact Tim by clicking here.

Back to the top of the article.

Please rate this article:

Comments

What are your thoughts about older versions of firewall like Kerio Personal Firewall or Sygate? What I am looking for is a lightweight and easy to use firewall that won't bog down the computer as some people are still running xp pro and home with 512Mb of RAM. Any ideas or thoughts. I was thinking of installng "private firewall" as it possibly fits the bill as being light and easy.

Sorry for the delay in replying. If you're still searching for one, TinyWall might be a good one to consider, as it's quite low-resource usage. Of course Private Firewall, as you mentioned, would also be a good light one - and it has behaviour blocking functionality.

So much crying over Comodo being too complicated and confusing. It installs programs without the option to say no. For starters Comodo does not force you to install anything you don't want. Geekbuddy and Comodo Dragon are optional but I guess you didn't bother to look and read before you installed the software. That's Comodo's fault, right? It's the same garbage I still read in many security forums about how Norton Antivirus is this bloated pig of a piece of software that will never touch their machine. Yes. Yes, it was. Five years ago! Comodo is bloatware. It's too complicated. Why couldn't they leave it like it was? I know, change is hard.

Actually, version 6 is as close to install and forget it as this product has ever been. But even so, I will grant you it is far more complex than the install and configuration for Zone Alarm free. Comodo is actually a brilliant piece of software that an "IT Professional" would have no trouble installing and configuring. This very website has the best instructional you will find anywhere on the planet for setting CIS up and configuring it. Step by step it's all there, but you have to do some work. If you want easy then by all means install Zone Alarm free. It's a decent product and perfect for someone who is not a hands on type when it comes to computer security. Another option is to use the Windows 7 firewall, which is actually very good, and with a bit of work, can be configured to handle both inbound and outbound traffic. Is it easy to do? That depends on the individual. It should be for an "IT Professional" but you might have to some research, and actually read a bit. Does Comodo's suite have any flaws? Yeah, more than a few. I also hate the way version 6 was thrown out into the world with what seemed like a very short beta test cycle. What I cannot stomach is the crying over what Comodo is not. Tell me it did a horrible job protecting your computer and back it up with facts. The last time I looked the entire Comodo suite was "FREE" and is easily one of the best security solutions available to the home user. It is not everyone's cup of tea. I'll buy that, but please stop the cry baby bashing of a product that does not suit your particular needs.

I have used Zone Alarm for years because it always hid my computer, and stop change programs from going out until I okay them again. While Zone Labs owned the program it was super. Then Central Point bought them out and the bloat started. Eventually vsmon.exe became so nasty it was slowing my whole system. It occurred to me then that I wanted Zone Alarm to hide my computer and stop changed programs from going out. I don't need my firewall to do any thing else. I now use Zone Alarm 4.5.x, the last Zone Labs release before the Central Point buyout and will not update it as long as I still have my XP machines.

I am a long time user of Comodo software. And I like it a lot. There are several Comodo security products and one needs to specify which product is being discussed. CIS (Comodo Internet Security) is an all-in-one package including anti-virus, firewall, defense+, sandbox, etc. Then they have other software that provides only one or two of these functions. Pick what you need.

In the past Comodo CIS has been criticized for generating too many alerts, as compared to other packages. The new CIS v6 has almost eliminated all popups for its default configuration. I think that is a good step while at the same time retaining optional settings for those who have advanced needs.

Gizmo's Freeware

Main menu

Best Free Firewall Protection