Firewall Software


A firewall allows or denies traffic into and out of a private network (intranet) or a user's computer, and is the primary method of preventing access to a computer by hackers. Firewalls are commonly used to allow valid users secure access to the Internet as well as to keep separate a company's public Web server from its internal network. Firewalls are also used to keep internal network segments secure; for example, an accounting sub-network might attract unwanted access from within the enterprise.

In the home, a "personal firewall" is frequently installed in the user's computer for protection from hackers, and in fact Windows XP actually includes basic firewall functionality in the operating system which can be enabled or disabled at the user's discretion. Advanced personal firewalls also detect outgoing traffic to protect against malicious spyware, which could be sending personal information out onto the internet where it can be intercepted. It will often alert you when software makes an outbound request for the first time, and will ask you to decide if it should allow the intercepted communication temporarily or always.


ZoneAlarm
ZoneAlarm is simple to install, and requires no setting up when you start it the first time. It also runs at windows startup with your latest settings enabled. A single license costs $49.95, but a streamlined version of the software can be downloaded free for personal use.

Whenever an application on your PC tries to access the Internet, ZoneAlarm asks you whether to allow it. If you choose to do so it will run normally - if not, the application will shutdown or return an error. ZoneAlarm also lets you grant apps such as IE/Netscape and Outlook/Mail Clients permanent access to the Web.

ZoneAlarm displays a toolbar at the top of the screen that monitors network activity. The toolbar has intelligent status indicators that tell you whether the program is locked (blocked from the Internet) or open, and icons that indicate which applications are currently accessing the Net. Features include an emergency Stop button, which immediately halts all Net traffic if - for example - an unauthorized application is sending out data. There's also an automatic Lock, which stops Internet access whenever your screensaver activates or after a prespecified period of inactivity. Lastly, ZoneAlarm offers an idle-port-blocking feature, which automatically closes ports when applications no longer need to communicate, blocking unauthorized access.

It is also worthy to note that in all security screens, ZoneAlarm was the only firewall that completely hid all the ports to a standard portscan and made the machine "invisible" to potential crackers.

Pros:
Completely conceals your computer from the Internet - most surface scans don't even acknowledge that the computer is there. Very easy to use, requires minimal computer knowledge to operate and tailor.
Cons:
Nonintuitive toolbar interface. Alerts are fairly terse with little information beyond an IP and a connection detail such as the port number.


Norton Personal Firewall
Norton can be more expensive than ZoneAlarm ($49.95 for the Personal Firewall, and $69.96 for the Security Suite), especially considering that basic ZoneAlarm is free for personal use. For standard scans, Norton cloaked all ports except 113 (IDENT) and 139 (NetBIOS). Norton reported these two ports as closed instead. So, although the computer was inaccessible, crackers know that a computer lives at that IP (at least temporarily).

Norton offers a set of prefab rules for common applications in a predefined rules list. Using this list, Norton automatically sets up network access rules for applications (such as Internet Explorer/Netscape and Outlook/Mail Clients) as you launch them for the first time. Norton Personal Firewall also lets you download ready-made, application-specific rules. This is very convenient, as more basic users may not be able to create their own access-restrictions correctly. The list, however, cannot be complete - and inevitably some users will need to address programs not in the mainstream rules database.

Norton's high-security mode also blocks JavaScript and ActiveX Controls that launch when you surf the Web or open mail attachments. Each time a script attempts to execute, Personal Firewall asks you if you want to allow it to run. Assumedly, VBS alarms are available to screen for common viruses. As a wacky bonus, Norton lets you create a database of restricted personal information - such as credit card account numbers and email and street addresses - so that when you're shopping online, you can't release your vital information unless it determines that you're connected to a secure server. Personal Firewall also blocks cookies so that sites can't collect information about you or track where you've been on the Web. This is not really firewall functionality - but it's there.

Norton Personal Firewall offers good desktop protection and keeps individual applications from unauthorized Web access. ZoneAlarm, however, is better at making your computer completely invisible to the Net and has an added bonus of separate LAN and Internet access settings. Despite these minor disadvantages, Norton is still a good choice for those who prefer the convenience of an integrated network protection suite or for those who already own other Norton utilities.

Pros:
Effectively blocks crackers. Automatically generates rules upon install that allow or restrict Net access for common applications. Good for people already using Norton - integrates with Norton Internet Security Suite.

Cons:
Access definitions get complicated. Users setting up allow/deny rules for non-standard applications can mess things up without a decent reservoir of networking knowledge. Some ports, while closed to crackers, are still visible on the network. This reveals the machine as an active host.

BlackIce Defender
BlackIce provides standard and dynamic protection filters that "analyze network traffic and detect and block suspicious patterns". This approach means, however, that BlackIce sometimes blocks applications you want to use. ZoneAlarm's customizable approach to Internet security, in which you specify applications that are allowed to access the Internet, is much easier on the user. A basic single user copy is $39.95.

BlackIce provides four security levels - Trusting, Cautious, Nervous, and Paranoid - that reflect the type of traffic (TCP or UDP, inbound or outbound) you want to allow or forbid and the type of port (system or application). The Trusting setting lets all Net traffic go by. Paranoid, on the other hand, blocks all inbound ports but allows all outbound traffic. This is potentially a problem if a Trojan horse is already inside your system. The two highest settings also sometimes block common applications such as ICQ (which I had problems getting working) and Microsoft NetMeeting (which I found other users had problems with). The only way to unblock a program is to add specific IP addresses to your Trusted list. Another problem: when you want to share files within a LAN, you have to either leave your system open to both local AND Internet traffic, or install NetBEUI to allow local sharing only.

If you find that BlackIce is blocking a common application such as ICQ, you can delve into the Intruder list, unblock specific addresses, and then add them to your Trusted list. This process is a bit of a pain, however. If you don't want to deal with IP addresses, BlackIce help (advICE) recommends simply downshifting to the Cautious or Trusting levels when using an application such as ICQ. Unfortunately, this fix then exposes your machine to outside threats and forces you to change your settings each time you use the app in question.

On the bright side, BlackIce emphasizes intrusion analysis and handling, and that's also where it excels. The Attack and Intruder lists - which tell you who has tried to access your PC, and which IP addresses are being blocked - offer many helpful features for tracing the source of an attack and determining which attacks are malicious and which are innocuous. A complete set of web pages aids beginners who may be unsure exactly what is going on, and do a very good job of differentiating between harmless request blockages and full-scale scans/attacks.

The help pages and analysis tools are very convenient and will help new users a great deal in understanding what their computer is doing.



Summary

If you are going to be running a very basic system configuration without a lot of complexity or filesharing, you may want to run BlackICE. Its help pages and analysis tools are very convenient and will help new users a great deal in understanding what their computer is doing. Users that already have Norton Utilities or have enough networking knowledge to create custom firewall rules may want to use Norton Personal Firewall. The flexibility that this program allows can be convenient, and keeping an integrated Security Suite is certainly convenient.

For the best money/funtionality ratio, however, ZoneAlarm seems to be the product of choice. The basic version is free for personal use, and its interface is very simple if a little unfamiliar. The application-based approach to firewalling works very well and results in minimum upkeep for the user. Lastly, ZoneAlarm was the only product that completely hid the target computer from casual scans - and this in itself can be a great defensive tool.