More on Software Firewalls for Windows

Reviewed: ZoneAlarm 7.0.337 (freeware)
Look ‘n’ Stop 2.06
Eset’s Smart Security Suite Beta
Myths About Other Firewalls

The research for my ongoing series on software firewalls for Windows has entered an interesting phase since the last newsletter, in which I focused on Comodo, Jetico, and Kerio.

For one thing, a large number of readers responded with requests and suggestions. The suggestion I heard most frequently was: Please consider ZoneAlarm. (I also received some flames from misinformed ZoneAlarm fanatics, but that’s another story.) So, I’m starting this issue with a full test of ZoneAlarm.

Review: ZoneAlarm 7.0.337 Free Version
Last September, when I launched my search for a great lightweight, quiet, low-overhead software firewall, I left Check Point’s free ZoneAlarm software off the list. My primary security focus was outbound firewall protection. Testing from earlier last year by showed that ZoneAlarm Pro offers excellent outbound software firewall protection, and the free version of ZoneAlarm — surprisingly — does not.

As it happens, Check Point has upgraded its free ZoneAlarm firewall from 6.1 to 7.0.337 since FirewallLeakTester conducted its March 2006 tests.

For the detailed results of the FirewallLeakTester tests, visit this page. (Scroll to the bottom of this page and click the “View Results” button.)

Because so many SFNL readers use the free ZoneAlarm, I decided to retest it fully using as much of FirewallLeakTester’s methodology as I could find on the site. At the time of the March 2006 test, FirewallLeakTester had 18 leak tests. There are 19 tests on the site now. One of the tests, Immunity, appears to have gone commercial and apparently did not allow FirewallLeakTester to continue to offer a download link to a free version. Newly added tests include the Comodo Parenting Injection Leak (CPIL) test and the PC Flank leak test. So 17 of the original tests are the same, and there are two new ones. In my tests, I was unable to make three of the tests work: Outbound, MBtest, and BreakOut. So that brings the number of available tests down to 16.

With that as a preamble, let me give you the results of my testing of ZoneAlarm 7.0.337. Check Point’s free firewall passed only 5 of 16 tests. ZoneAlarm Free 6.1 passed only 3 of 18 tests when FirewallLeakTester tried in in March 2006. You could say that it has improved marginally, but you’d be kidding yourself.

It’s important to note that ZoneAlarm Pro tests much better than free ZoneAlarm. In FirewallLeakTester’s tests, ZA Pro passed 14 out of 18 tests. I didn’t retest ZA Pro because it doesn’t meet my criteria of being small and lightweight. Also, many SFNL readers have complained that it has serious interoperability problems with other security products. ZA Pro includes an anti-spyware module, and there’s also anti-spam, identity theft, and a bunch of other protections that raise my hackles. I’m looking solely for lightweight firewall security. I rely on Eset’s Nod32 for anti-malware protection.

So, why does ZoneAlarm Pro test better than free ZoneAlarm? Well, I’ll tell you. Check Point wants you to spend some money on its products. If you look in the “Program Control” configuration area, you’ll find that the slider bar is limited to Medium protection. The High setting, which is specifically designed to protect your computer from “the abuse of trusted programs” (the precise thing that leak tests check for), is disabled. A note tells you that you have to upgrade to ZoneAlarm Pro to get that protection.

The moral of the story: If you’re concerned about your level of outbound protection from a software firewall, free ZoneAlarm is a bad way to go. If you don’t believe my tests, then please check out Matousec’s fully up-to-date set of leak tests. Matousec lists ZoneAlarm Free as “very poor.”

Keep in mind, even if your firewall passed all of the leak tests out there, that wouldn’t mean squat. There are many other spoofs and exploits that leak tests don’t check for. You want the best protection you can get — and 5 out of 16 tests doesn’t even come close.

I hope I’ve put to rest the question of why I omitted ZoneAlarm from my software firewall tests. Check Point could change my mind by making changes. And if it did that, I might very well opt for ZoneAlarm. But in the meantime, you should not be relying on the free ZoneAlarm firewall product.

What’s Good About ZA
I still love the ZoneAlarm user interface. (You never forget your first firewall, I guess.) It’s easy to configure and the controls make sense. You don’t get a blizzard of pop-ups, and the ones you get offer links to detailed information and recommendations about programs it detects. ZoneAlarm is the most evolved desktop software firewall product.

In putting the product through its paces, I set up a trusted zone for my network. ZoneAlarm still does this better than any software firewall competitor. Interestingly, I found that my Windows XP/Vista peer network ran much better with ZoneAlarm running and a trusted zone in place than it had before. As soon as I turned on the trusted zone, several nodes on my network popped up, one after another, in the Network Places folder. I generally experience intermittent balkiness with XP computers appearing in the network browse folder.

In using ZoneAlarm, the only annoyance was its incompatibility with Cisco’s VPN client software. ZoneAlarm “disables” the VPN client on installation, and while the Cisco client still runs, it just won’t connect. Since most desktop users aren’t able to choose the VPN they use, this seems like a bad decision to me. Check Point should get to the bottom of the problem and fix it, and not just assume that the user can get along without his or her VPN client.

All in all, I like ZoneAlarm. I always have. But the free version is defanged, and the Pro version comes with a lot of stuff that mucks up the works. ZoneAlarm doesn’t have the right stuff anymore.

Look ‘n’ Stop 2.06 Gets a Miss
Unfortunately, I’m crossing another one off the list. Look ‘n’ Stop offers good, basic, do-it-yourself security, and its new 2.06 version purportedly runs on Vista (I haven’t tested that claim). But this is one strange product that’s neither silent nor particularly confidence-inspiring.

I can boil down my big problem with Look ‘n’ Stop to this: After I installed it and ran a small handful of Internet clients, it caused my Windows XP computer to beep on the order of once per second for most of an hour. With each beep, the program was apparently announcing the appearance of yet another uploaded or downloaded filtered packet of data.

Look ‘n’ Stop appears to have been designed to give you this level of granular notification and control. And if you don’t have a life, and like to manage your software firewall this intimately, it may be the product for you. But I have better things to do. Much better. I finally had to turn off the sound on my computer. It was maddening after a while. Even after it got through its initial list, with the sound back on, I found that Look ‘n’ Stop would still issue a beep now and then, and, of course, any time I ran a new Internet client. Nothing is worth this kind of hassle.

I also had trouble creating a trusted zone for networking that would work properly. Though the UI exists for doing this, I got only partial network operation once I was done messing around with it. No software firewall should mess with my local-area networking without making it relatively easy to restore.

In a nutshell, I want protection and convenience. And other products already do a better job of this. Comodo, for example, while not being the ideal solution for convenience, is less noisy than either Jetico or Look ‘n’ Stop. The question is, does Comodo have the security? It appears to, but as I narrow down the list of contenders, I’ll shine more light on that question.

Eset’s Smart Security Suite Beta Is Intriguing
The late entrant in the race is Eset Smart Security beta, a small suite product. You know how I feel about security suites, but Eset is also the maker of Nod32, Scot’s Newsletter’s Best Antivirus Product of 2007. The company’s new suite adds a firewall and anti-spam functionality to the Nod32 anti-malware engine.

If the firewall performs well, this product could be a contender. The anti-spam module, which supports only Microsoft Outlook in Beta 1a, can be disabled. The Nod32 engine has been updated to version 3.0 (the current version is 2.7). And the controls and settings have received a bit of a facelift. The settings are still there in the Advanced mode with the full configuration tree exposed. But a lighter, less intense screen is what you see first.

I’ve been testing Eset Smart Security only for a short while, but so far so good. I’m impressed. I’ll continue to work with it and let you know in future what I learn.

So why would I smile on a suite product? Eset’s Smart Security is really only two security utilities: anti-malware and software firewall. You can turn off anything you don’t like. I need to spend time with the firewall and test its protective qualities. One thing of note: It’s got a silent mode that’s switched on by default. Naturally, I’ve changed that to interactive for test purposes.

Something else I was impressed by: As part of installation, Eset Smart Security’s firewall sets up a trusted zone for your network. Smart indeed.

For more information and to download Eset Smart Security yourself, see the company’s beta page.

Myths About Other Firewalls
A number of you have sent suggestions about other firewalls that I should evaluate. Since my focus is primarily on outbound protection, again, I’ll be relying on third-party testing as well as performing my own tests.

The Matousec site labeled Windows Personal Firewall Analysis has a regularly updated multiple leak test product comparison chart that is hugely useful.

But to get right down to the nub of the matter, here are Matousec’s ratings for firewalls based on its extensive list of leak tests and firewall ratings.

What you’ll find on this page is that Comodo tops the list, followed closely by Jetico Personal Firewall beta. These are the only two firewalls that Matousec deems to be excellent. ZoneAlarm Pro (not free) 7.0.337 comes in third. Eset’s Smart Security has not been tested yet.

Those of you who want to send me input should look at these Matousec ratings and see where your recommended firewall stands on the list. You may be surprised by where products like Outpost Firewall Pro 4.0, Avira, BitDefender, SyGate, McAfee, Norman, and Ashampoo Firewall Pro place — all products that have been recommended to me recently.

I don’t mean to discourage suggestions. Your input matters a lot. But you should be aware of some of my yardsticks. To offer your software firewall experiences and recommendations, please drop me a line.

If you’re suggesting a little-known firewall, a link would be helpful.

Leave a Reply

You must be logged in to post a comment.