Scot’s Newsletter Blog

I have several bits of info for the hoppers of those following along in my quest to find the best software firewall for Windows.

For those of you new to the saga, you’ll need to catch up with the rest of us by reading (or at least scanning) these previous articles:

• More on Software Firewalls for Windows(June 2007)
• Update: Software Firewalls for Windows XP (April 2007)
• Kicking off a Software Firewall Comparo (Sept. 2006)

Or, to get an up-to-date story that covers the bases of the three links above, including updated information, see this Computerworld story: Review Roundup: Slim Is in for Windows Desktop Firewalls (June 2007).

With that bit of housekeeping out of the way, on to the twists and turns.

Eset Smart Security Not So Stellar
Admittedly, I’m testing Beta 1b of Eset Smart Security, and rumor has it that Beta 2 is due out shortly. But I recently conducted a FirewallLeakTester.com-style leak test of Eset Smart Security, and the results weren’t good. For more information on the set of leak tests I used, please see my review of the free version of ZoneAlarm 7.0.337 in the last issue of the newsletter.

(more…)

- Reviewed: ZoneAlarm 7.0.337 (freeware)
- Look ‘n’ Stop 2.06
- Eset’s Smart Security Suite Beta
- Myths About Other Firewalls

The research for my ongoing series on software firewalls for Windows has entered an interesting phase since the last newsletter, in which I focused on Comodo, Jetico, and Kerio.

For one thing, a large number of readers responded with requests and suggestions. The suggestion I heard most frequently was: Please consider ZoneAlarm. (I also received some flames from misinformed ZoneAlarm fanatics, but that’s another story.) So, I’m starting this issue with a full test of ZoneAlarm.

Review: ZoneAlarm 7.0.337 Free Version
Last September, when I launched my search for a great lightweight, quiet, low-overhead software firewall, I left Check Point’s free ZoneAlarm software off the list. My primary security focus was outbound firewall protection. Testing from earlier last year by FirewallLeakTester.com showed that ZoneAlarm Pro offers excellent outbound software firewall protection, and the free version of ZoneAlarm — surprisingly — does not.

(more…)

I’ve been getting a lot of requests for an update on my research into software firewalls for XP. The research is ongoing, but I do have plenty to update and pass along.

Back in September of last year, I kicked off comparison research and the first of a series of articles focusing on inexpensive, lightweight software firewalls for use with Windows XP. Please check out that first piece, and check out what I’m looking for in a software firewall: An emphasis on outbound protection, nearly silent operation (after you’ve run most of your apps once), and a rational means of protecting, without breaking, your network. Anything with an endless number of pop-ups isn’t going to cut it with me. I’m not going to become a slave to a software firewall.

I’ve been working on this research off and on ever since. The products I mentioned then — Comodo, Jetico, Look ‘n’ Stop, Outpost Pro, Tiny Personal Firewall, and Kerio — are the products I’ve been keeping tabs on during this period. I’ve also looked at some others that have come along. But I’m only looking at lightweight standalone firewalls; that leaves out several notable names, including Kaspersky, Norton, McAfee, Trend Micro, CA, Check Point, F-Secure, and others. They’re out of my research on purpose: I don’t recommend any of them. Steer clear of security suites.

(more…)

Windows Vista is far more secure than Windows XP, but is it completely buttoned up? The answer is no. You still need both anti-malware and firewall protection for Vista. Microsoft’s failure to solve this problem may, in fact, be a mistake that comes back to haunt the company. On the other hand, at least it didn’t put a whole bunch of additional software companies out of business.

I’ve previously recommended Eset’s Nod32 version 2.7 for all current versions of Windows, including Vista. Nod32 is a done deal, a no-brainer, just get it.

But the firewall picture for Vista is nowhere near as obvious. As I’ve written many times before, every computer connected to the Internet should be sitting behind some sort of hardware firewall that adds NAT (network access translation) stealthing and SPI (stateful packet inspection), both of which help protect against inbound threats. Good security is about layers, though, and a good software firewall complements the hardware firewall by adding application controls for outbound transmissions and network protections. The combination of hardware and software is very powerful. The problem is, very few popular software firewalls currently support Vista.

(more…)

A number of people criticized my selection last year of F-Secure’s Anti-Virus 2006 as the Best Antivirus Product of 2006 for Windows. And now I’m going to have to eat crow, because in 2007, those people are right.

Eset’s Nod32 2.5 came in second last year, despite the fact that I had several criticisms of it. My assessment last year was based on a series of factors. But the most important criterion was that the utility run without bogging down the system and, basically, do no harm to your computer. Of course, catching the bad stuff was very important too.

Even though F-Secure’s 2006 product skirted the primary requirement pretty finely, the user interface and the included anti-spyware module combined, in my mind, to make it a great value. What’s more, F-Secure took me through a real-world test — one that I didn’t plan — with flying colors. (Nod32 got other people through the exact same real-world test, by the way.)

But F-Secure has an Achilles’ heel. It doesn’t play nicely with other security apps. It has a tendency to create a mess if other security products are present — even if they’re not running. It has a tendency to pop up dialogs informing you that it can’t install unless you uninstall this or that specific program. This was something I came across with F-Secure Anti-Virus 2006 only when I purposely installed it while AVG was running. And the process of uninstalling AVG worked so well in my test, that I felt comfortable recommending F-Secure.

(more…)

According to FirewallLeakTester.com, Agnitum Outpost 4.0’s leak-test functionality is designed to block a very broad range of leak tests. In its fully aggressive mode, Outpost 4.0 may make your life a living hell with repetitive prompts. It’s nice to know, however, that you can ratchet up the protective power any time, even if you wind up turning down to one of Outpost’s more permissive modes (as I did).

I installed Outpost Pro 4 on a machine running F-Secure Anti-Virus 2006. In other words, I tempted fate, since both products contain anti-spyware and F-Secure is noted for its strong tendency toward incompatibility. I disabled Outpost’s anti-spyware scan during installation, but the anti-spyware module came up running by default post installation. It is possible to fully disable it at that point.

With F-Secure running alongside Outpost 4, I quickly ran into difficulties. It worked fine for a while, but on subsequent reboots I found that Outpost froze or that my Internet connection died. I was also unable to make my VPN connection work, even though I directed Outpost to give it full rein.

Eventually I was forced to remove Outpost in order to get any work done. I’m currently setting up a test machine that will provide a cleaner environment for Outpost to give it a proper test. This first two-hour experiment was a little unfair.

I can draw some conclusions from installing and using Outpost even for that short period of time. Outpost 4 may well be the most powerful and comprehensive personal firewall I’ve examined. This product is loaded with good features. The graphical log file, which also allows you to make settings changes, is absolutely superb. The level of fine control is perfection.

On the other hand, the networking control features are less clear-cut than I’d like. And for my simple tastes, Agnitum has packs way too many extra modules into this package. I don’t want anti-spyware in my firewall. I also don’t want content filtering, ad blocking, Internet-based sharing of my settings, attachment quarantine, or DNS caching. I would be quite interested in “Outpost 4 Lite,” if such a thing existed, consisting of the firewall, application controls, intrusion detection, leak protection, and network monitoring.

So, bottom line, I will continue to test Outpost 4 to give it a fair shake. And if you’re looking for a top-notch firewall with a lot of bells and whistles, this is almost certainly it.

But I’m crossing it off the list of lightweight firewalls that are under consideration for my ongoing series: “Looking for the Right Software Firewall” because it it’s so much more than the simple firewall I’m looking for.

Over the last month I’ve received a ton of email from readers asking me to help them pick firewall software to go along with F-Secure. I had intended to kick off a software firewall comparison review anyway, so I just got started a little earlier. My very preliminary research has *not* resulted in any sort of formal firewall pick by me as yet.

My considered advice on this subject is to start by choosing a hardware firewall of some sort, and then layer in a software firewall on every machine. This combination maximizes your protection and also provides you the most flexibility and convenience.

Firewall routers for home use are not expensive. Most are available in 1, 4, or 8-port switch combinations, with the 4-port models selling for as little as $25 with rebates. The average price is in the $50 range.

(more…)