Read this article in SpanishIntroduction
Firewalls help monitor your system's communications between your network and the Internet, to help detect, alert, and prevent intrusions and attacks. They are particularly useful for controlling the activities of Internet facing applications, ie. applications that access the internet.
Firewall products are arguably one of more cumbersome software products to use and have a reputation of causing user angst - to find a suitable product that meets individual users' needs may involve a process of trial and error. A good firewall should be able to protect to user at a near-perfect level, while not being too intrusive or complicated to handle. The type of user, including what the user usually uses their computer for, may very well determine the functionality or feature set that is necessary for each individual user. In this article, we give you a selection of some of the best free firewall software, in our opinion, that is available. Our reviews and recommendations are made taking into consideration both editors' and site visitors' experience, opinions, and comments. As always, if you have more to share on your experiences with the software products mentioned and/or freeware firewall products that you like, we would love to hear from you. Please refer to the comments section at the bottom of this page.
Firewalls come in two flavours; software based and hardware based. Software based firewalls (which is what we will cover in this article) reside on your machine, running in the background in order to keep a watch on things. To avoid potential conflicts only install one (third-party) software firewall. Also, in order to achieve the best combination of protection, we would strongly suggest to use a hardware firewall (such as a router) in conjunction with a software firewall. Modern routers usually have a built-in firewall, helping to filter out content before your machine; consult your router documentation for more details. Of course, for portable devices such as laptops, you may use it to connect to other outside networks which may or may not have the hardware based protection. In this case, having a software firewall is even more crucial.
Basic firewall protection is critical for securing your PC. Simple firewalls (like the default Windows firewall) limit access to your system and personal information, and silently protect you from inbound threats. We review basic third-party firewalls as well as the built in Windows firewall, and look at features such as monitoring programs that request outgoing Internet connections (we call this "outbound protection").
Basic firewalls generally only have limited protection; proactive firewalls offer more extended protection, including HIPS or program monitoring (HIPS Explained), and watch for malicious behavior before malware gets a chance to take control of your PC or turn it into a botnet drone. They seek to achieve stronger "2-way" protection, preventing programs from broadcasting your personal information to the Internet. The downside of such firewalls are that it may be harder to use and/or require more memory consumption. Also, there is a greater risk of HIPS software causing conflicts, errors, or otherwise cause other issues with your PC.
Some kinds of malware are best detected by their behavior, so a proactive firewall (or firewall/HIPS combo) is a solid second layer of protection next to your antivirus program. It is an excellent option for high risk users. However, it's plausible to argue that a good resident antivirus will stop some malicious threats before they get a chance to make it to the Internet anyway. Many of the top antivirus programs are starting to provide behavioral blocking and extended scanning of network activity. Nevertheless, it is important to use basic or proactive firewall protection, antivirus software for active protection, and safe practices in order to minimize the risk of malware on your PC.
You can "upgrade" (for free!) your security by reading the documentation and learning about proactive firewalls or HIPS programs, or using other protection like least-privileged user accounts and/or Sandboxie or GeSWall. This information, and more, is available on various parts of our website.
Review Index
Basic Firewalls
The built-in Windows firewall is a common choice since it passes all inbound tests (both stealth and open port) and doesn't have many popup alerts. It doesn't require a separate software installation, as it comes built-in with modern versions of Windows. Therefore, it is not likely to conflict with your other programs. And many average users may not reliably handle the popup alerts of the more complex firewalls on the market, especially at their max settings. Newer versions of Windows also feature an updated, improved version of Windows firewall that is much better than prior versions of Windows.
If you scan clean for malware, don't want/need the additional features of a third-party firewall, and are a relatively low risk user, then the Windows firewall is likely a practical and useful solution.
Alternatively, you can replace the Windows firewall with a basic third-party firewall for greater control of outbound protection and additional features. Most simple two-way firewalls ask you to allow or deny Internet access for unknown programs. Many also automatically allow trustworthy apps and remember your decisions to become silent over time. However, these software require additional configuration of settings, especially at the outset.
Platforms/Download:
Version reviewed: n/a
Gizmos Freeware
| Our Rating: 5/5 |
|
Read more...
Platforms/Download: Windows (Desktop) |
Version reviewed: n/a
Gizmos Freeware
| Our Rating: 5/5 |
Read more...
Windows 10 Firewall Control
A good choice to supplement the Windows built-in Firewall and compatible with Windows XP and higher.
Platforms/Download: Windows (Desktop) |
Version reviewed: 7.5
Gizmos Freeware
| Our Rating: 4/5 |
Read more...
ZoneAlarm Free Firewall
A well-established inbound and outbound OS firewall solution suited for users of every level of experience.
Platforms/Download: Windows (Desktop) |
Version reviewed: 14.1.011.000
Gizmos Freeware
| Our Rating: 3/5 |
Read more...
Firewalls with HIPS Protection
The following personal firewalls provide an advanced level of network and HIPS protection. Each firewall comes with default settings and, depending on the users' needs, may or may not require much adjustments.
It should be noted that firewall products in this section require more time to learn and configure, and are more complex to use than basic firewalls. There is also a higher risk of conflicts and problems arising on your system. Since firewalls are often praised for their security effectiveness at their max settings, users will likely have lower protection than mentioned by independent testing sources, such as Matousec, for practical day to day use. All of the product vendors seek to provide user friendly features, sometimes incorporating reduced levels of protection in their default settings by decreasing some HIPS monitoring. In other words, these firewalls may be more suitable for more advanced users, as well as those that are more "high risk".
Privatefirewall
A proactive multi-layer security solution with behaviour blocking and standard firewall protection.
Platforms/Download: Windows (Desktop) |
Version reviewed: n/a
Gizmos Freeware
| Our Rating: 5/5 |
Read more...
Comodo Firewall
A good choice for lightly-skilled and advanced users seeking a full featured security suite.
Platforms/Download: Windows (Desktop) |
Version reviewed: n/a
Gizmos Freeware
| Our Rating: 3/5 |
Read more...
Summary
Both types of firewalls (basic and HIPS/proactive) both have their benefits and drawbacks. While HIPS software do offer greater protection and control of your machine, it naturally requires more user interaction and resources, making such software not the easiest to use. There are more settings to configure and it is more complex to use than the basic firewalls.
On the contrary, basic firewalls are generally simpler to use and may be easier for the user to adjust and learn how to use it. Comparatively, they do not offer as much protection as HIPS software; for example, they cannot detect suspiciously acting software behaviour, as it primarily filters incoming and outgoing internet traffic.
If you are an advanced computer user and/or are a "high risk" user, then the increased complexity of a HIPS firewall may be the best option for you, as it offers you the maximum protection available (in this regard). However, for most average users who use their computer for regular day to day use, a basic firewall is probably more than adequate. For these latter parties, a HIPS firewall may simply be going overboard as the increased features, complexity, and configurations are unnecessary.
Additional Tips / Precautions
- Before installing new resident security products, including antivirus and firewall programs, consider making a full drive image. By creating a full drive image you are able to restore your entire computer back to a previous state in the event your system becomes completely unresponsive. Drive imaging allows you to recover from unintentional conflicts as well as severe malware infections. Everyone's system is unique and may have old, latent drivers that may be incompatible with whatever you are installing, causing problems with your system. Newer versions of Windows have a built in "Complete PC Backup and Restore" feature, or you can use a free drive imaging program.
- To cleanly uninstall your (third-party) firewall before installing a new one, you may consider using ZSoft Uninstaller to analyze before and after the installation. If you haven't used it on your current firewall, try Revo Uninstaller (or other vendor or Windows uninstaller), check for leftover services and drivers with Autoruns, and restart your computer.
Other/Unsupported Firewalls
The following firewalls are now unsupported by their vendors. This means they have been discontinued and/or are no longer offered by the software publisher. While they may still be available for download, they may contain undocumented bugs or stability/security issues that will not be addressed. These reviews are archived for information purposes only. Unless you run an older Windows system with no other current firewall programs available, we would suggest using another program that is currently active.
-
Online Armor Free's HIPS feature is mostly in its "Program Guard". It has a feature called "run safer" that allows you to selectively set risky applications (web browsers, office software, readers/viewers, instant messengers, email or news programs, multimedia software, download managers, etc.) to run as if under a limited user account (go to "Programs" tab > uncheck "Hide Trusted" > highlight a program and click "Run Safer"). It minimizes popup alerts over time with its automatic list of safe programs, your on-demand scans with its safety check wizard, and your responses to popup alerts -- especially in cases where you tell it to remember your decisions and have it treat programs as trustworthy.
Run the wizard and have it search your PC for known programs to allow/block/ask. In this case, Online Armor relies on you to respond to alerts for unknown programs. For the curious or paranoid user, it uses excellent popup messages when it automatically allows a program to connect online and, optionally, when it automatically trusts a program/process to run (these alerts don't require user action and they can be enabled/disabled in the interface with "Options" > "Firewall", and "Programs" > "Options"). For example, I noticed a message when it auto trusted a key logger test, but after I set the tester to untrusted, it gave very informative and detailed security alerts (and then it passed the test and logged the tester in the interface under the "Key Logger" tab, but it only logged the key logger after the test was untrusted). You can even close both its tray tools from its right-click context menu. They are not needed for the firewall and HIPS components to continue running and protecting.
-
AVS Firewall differs from other regular ones in that it comes with additional protection modules; namely a registry defender, a banner blocker, and parental control options – it is something like a suite. The firewall itself does not have as many configurable options as some of the firewalls listed on this page, but the standard selections are still there – off, which turns off the firewall; custom, which allows you to set your own connection rules; and high, which blocks all connections.
Each section of the program is displayed clearly; navigation is through the menu on the left. Alerts are generally clear and straightforward, as is configuration.
The registry defender protects the registry from being modified, with the option of only protecting select categories. The parental control limits the list of websites that can be accessed, but you must manually add each website to be trusted, ie. You cannot block specific websites; you can only allow certain websites. The anti-banner component blocks undesirable web page content including ads, flash banners, pop-ups and the like. All three of these additional modules can be disabled independently as desired. AVS Firewall also comes with a monitoring utility so you can check the size of network traffic which is sent and received by each application.
During installation of this firewall, the installer automatically installs the AVS Software Browser; there is no option to opt-out of installing this, but the program can be removed separately after installation with no effect on the actual firewall program. The installer also has a pre-checked option to install AVS Registry Cleaner, and it is recommended that it is unchecked so the installer does not install it. Therefore, while the software has some additional features not found in your everyday firewall program, most of those features can be found in other third party programs.
-
Outpost Firewall Free by Agnitum software technology is a good choice for users who want highly flexible protection without sacrificing usability. It appears to be built with average users in mind, judging by the care taken to simplify alert messages and make it easy to adjust intrusion prevention (or HIPS) monitoring. For example, it remembers your responses to popup alerts without the need to set "trusted" rules (like in Comodo/Online Armor), and like Online Armor it notifies you when it automatically allows an application to access the Internet (especially helpful during the learning phase).
The free version lacks many extras of the pay version, however, such as automatic updates and the ability to break active connections. The HIPS component is called "Host Protection" in the interface. It provides four default levels of protection, which can be easily set with a slider and additionally customized item by item by advanced users. The default "optimal" setting only monitors the "most dangerous activities" (such as memory injections, driver loads, and a healthy list of system critical features -- auto starts, shell extensions, and internet settings) instead of all program activities. But these "optimal" settings lack protection from keyloggers, direct disk accessing, DNS API request monitoring, etc. You can check the types of reduced monitoring in "Settings..." > "Host Protection" > "Customize...".
Agnitum has now been acquired by Yandex. As a result, Agnitum has discontinued support and sales of the Outpost product line.
Other Unsupported Firewalls for Windows 95-2000
- Sygate Personal Firewall (Windows 2000/XP/2003)
- NetVeda Safety.Net (Windows 95/98/Me/NT/2000/XP, requires registration)
- Ashampoo FireWall Free (Windows 2000 SP4, XP SP2)
- Filseclab Personal Firewall (Windows 95/98/Me/NT/2000/2003/XP, 32-bit)
Related Products and Links
Related to Firewalls
- Comprehensive List of Firewalls (PBSLW)
- Best Free Intrusion Prevention and Detection Utility (HIPS)
- HIPS Explained
- Matousec Proactive Security Tests Analyzed
Security Guides
- Security Advice Wizard
- Probably the Best Security List in the World
- Gizmo's Guide to Securing Your PC
- Safe Computing in Under an Hour
- Best Free Security Diet Plan
- How to Stay Safe While Online
- How to Improve Security When Using a Public Terminal
Security Products
- Best Free Antivirus Software
- Best Free Browser Protection Utility
- Best Free Adware/Spyware/Scumware Remover
- Best Internet Safety Check Freeware
- Best Free Software Update Monitor
- Best Free Encryption Utility
- Best Free Anonymous Surfing Service
- Best Free Drive Imaging Program
- Best Free Password Manager
Inbound Vulnerability Tests
- Nessus (open ports test, vulnerability scan)
- GRC ShieldsUp! (stealth test)
- Audit My PC (open ports test)
- Nmap Online (open, closed, filtered, unfiltered ports test)
- Security Space (open ports test)
- Symantec Security Scan (open ports test)
- SecurityMetrics (stealth test)
Outbound Vulnerability Tests
- Matousec Proactive Security Challenge (testing suite results)
- Matousec SSTS/BSODhook (a suite of tests for experts). It may receive antivirus warnings, but they are false positives.
Learn More
- How Firewalls Work
- Wilders Security: Firewall Questions for Beginners
- Microsoft: Firewall FAQ
- US-CERT: Understanding Firewalls
- OnGuard Online (threat information)
Editor
This software category is maintained by volunteer editor Tim. Registered site visitors can contact Tim by clicking here.
Back to the top of the article.
We are looking for people with skills or interest in the following areas:
Comments
Having your browser hijacked is a "minor inconvenience"?
No, it's a reason never to go near the guilty party ever again.
What are your thoughts about older versions of firewall like Kerio Personal Firewall or Sygate? What I am looking for is a lightweight and easy to use firewall that won't bog down the computer as some people are still running xp pro and home with 512Mb of RAM. Any ideas or thoughts. I was thinking of installng "private firewall" as it possibly fits the bill as being light and easy.
So much crying over Comodo being too complicated and confusing. It installs programs without the option to say no. For starters Comodo does not force you to install anything you don't want. Geekbuddy and Comodo Dragon are optional but I guess you didn't bother to look and read before you installed the software. That's Comodo's fault, right? It's the same garbage I still read in many security forums about how Norton Antivirus is this bloated pig of a piece of software that will never touch their machine. Yes. Yes, it was. Five years ago! Comodo is bloatware. It's too complicated. Why couldn't they leave it like it was? I know, change is hard.
Actually, version 6 is as close to install and forget it as this product has ever been. But even so, I will grant you it is far more complex than the install and configuration for Zone Alarm free. Comodo is actually a brilliant piece of software that an "IT Professional" would have no trouble installing and configuring. This very website has the best instructional you will find anywhere on the planet for setting CIS up and configuring it. Step by step it's all there, but you have to do some work. If you want easy then by all means install Zone Alarm free. It's a decent product and perfect for someone who is not a hands on type when it comes to computer security. Another option is to use the Windows 7 firewall, which is actually very good, and with a bit of work, can be configured to handle both inbound and outbound traffic. Is it easy to do? That depends on the individual. It should be for an "IT Professional" but you might have to some research, and actually read a bit. Does Comodo's suite have any flaws? Yeah, more than a few. I also hate the way version 6 was thrown out into the world with what seemed like a very short beta test cycle. What I cannot stomach is the crying over what Comodo is not. Tell me it did a horrible job protecting your computer and back it up with facts. The last time I looked the entire Comodo suite was "FREE" and is easily one of the best security solutions available to the home user. It is not everyone's cup of tea. I'll buy that, but please stop the cry baby bashing of a product that does not suit your particular needs.
I have used Zone Alarm for years because it always hid my computer, and stop change programs from going out until I okay them again. While Zone Labs owned the program it was super. Then Central Point bought them out and the bloat started. Eventually vsmon.exe became so nasty it was slowing my whole system. It occurred to me then that I wanted Zone Alarm to hide my computer and stop changed programs from going out. I don't need my firewall to do any thing else. I now use Zone Alarm 4.5.x, the last Zone Labs release before the Central Point buyout and will not update it as long as I still have my XP machines.
I am a long time user of Comodo software. And I like it a lot. There are several Comodo security products and one needs to specify which product is being discussed. CIS (Comodo Internet Security) is an all-in-one package including anti-virus, firewall, defense+, sandbox, etc. Then they have other software that provides only one or two of these functions. Pick what you need.
In the past Comodo CIS has been criticized for generating too many alerts, as compared to other packages. The new CIS v6 has almost eliminated all popups for its default configuration. I think that is a good step while at the same time retaining optional settings for those who have advanced needs.
Pages