The Individual Test Results
How did each personal firewall perform? Here are each product’s test results.
McAfee Firewall 3.0. You can download McAfee Firewall from Network Associates’ Web site (http://www.mcafee-at-home.com) for $29.99, which includes 1 year of free updates. Free trials are also available. McAfee Firewall runs on XP Professional Edition, XP Home, Win2K Pro, NT Workstation 4.0, Windows Me, and Win98 and Win95b.
McAfee Firewall was the most elegant of the firewalls I tested. The installation was easy, and it checked for updates near the end of the installation process. The Configuration Assistant let me choose from three modes: block all, allow all, and filter all (the default) traffic. The assistant then displayed a list of four potential applications it would allow to connect to the Internet: Microsoft Internet Explorer (IE), Windows Explorer, Microsoft DirectShow, and Outlook Express. The assistant didn’t select any applications by default; it asked me to choose which applications I wanted to allow.
Without a doubt, McAfee Firewall has the art of the firewall UI down cold. As Figure 1 shows, the UI is attractive and functional; it shows ongoing firewall activity, tells you your current selections, shows whether your firewall is up-to-date, and lets you easily change your settings. McAfee designed the firewall for both the beginner and the enthusiast, and you can fine-tune its operation and learn attack details with a little digging.
Overall, I was impressed with McAfee Firewall’s security, although its handling wasn’t perfect. The software seemed to have problems dealing with rogue ICMP packets and handling successive attacks from the same host. During the ICMP tests, the software either wouldn’t block the packets or would block them and not log the event. So, intruders could likely use ICMPs in a DoS attack if they used enough packets. Also, the software didn’t automatically block successive ICMP attacks and port scans from the same host, as the Norton Personal Firewall does.
Another small concern was that McAfee Firewall constantly bothered me with messages showing how it blocked incoming or outgoing HTTP traffic when I was visiting legitimate Web sites. Despite this annoyance, Web surfing seemed to work correctly without errors. I searched and tested but couldn’t determine what was bothering the firewall, which is a problem because the log quickly fills up with hundreds of warning messages when no real harm is being done.
This firewall exhibited a peculiar behavior: If I pinged a Web site by using its IP address (e.g., 64.58.76.222), the ping failed without any warning messages from the firewall. If I pinged the same Web site by using its Fully Qualified Domain Name (FQDN—e.g., http://www.yahoo.com), the firewall popped up an alert that asked me whether I wanted to let the ping be successful. If I said yes, it processed the related DNS query to resolve the name to the correct IP address but didn’t let the ping work.
In spite of these small concerns, McAfee Firewall’s security prevented all major external crack attacks and prevented unrecognized local programs from connecting to the Internet. The firewall’s attractive UI and proven companion antivirus scanner (which you must purchase separately) make it a top choice.
Norton Personal Firewall 2002. You can download Norton Personal Firewall from Symantec’s Web site (http://www.symantec.com) for $49.95, which includes 1 year of updates. A free trial is available. The software runs on XP Home, XP Pro, Win2K Pro, NT 4.0, Windows Me, Win98, and Mac OS 8.1 or later.
Norton Personal Firewall’s installation took a bit longer than the other firewalls I tested. Like other Symantec products, the automatic firewall updates use the seemingly ubiquitous LiveUpdate utility. The Security Assistant appeared after the installation reboot to help configure the firewall. Like McAfee Firewall’s Configuration Assistant, Norton Personal Firewall’s Security Assistant searched for legitimate programs that could connect to the Internet, but it found 28 candidates compared with McAfee Firewall’s 4. New users might find the larger list confusing; it contains programs that Windows uses internally. But more is better, so kudos to Symantec.
On a related note, none of the firewalls provided many details about the applications they found. Users must decide which applications to trust, which isn’t an easy job, even when they’re experts.
Norton Personal Firewall’s UI is excellent, but I have to give a small edge to McAfee Firewall’s UI, which is less busy; has a cleaner, crisper look; and is slightly easier to understand if you’re new to firewalls. McAfee Firewall gets top honors for user-friendliness, but Norton Personal Firewall grabs the golden ring for security. Norton Personal Firewall prevented (and logged, in most cases) all external attacks, but it had the same problem that McAfee Firewall did—it wouldn’t log ICMP attacks, although it always blocked them. One of Norton Personal Firewall’s best features is the way it proactively notices frequent host attackers and automatically blocks all traffic originating from the same location. Symantec calls this feature Autoblock. Default blocking time is 30 minutes, which I think is too short, but the blocking time is configurable.
I found it difficult to find the message log (choose the Options menu item, the Event Log button, then the Firewall tab). Norton Personal Firewall’s messages were more difficult to understand than McAfee Firewall’s event log. Norton Personal Firewall provides a bit more of the internal details for users to examine, but those details can be confusing to people who aren’t used to firewalls.
Norton Personal Firewall had no problem blocking a NetBus Trojan horse connection attempt, as Figure 2 shows. This product is more than just a firewall; it offers privacy controls and browser-content scanning. If you set the Security Level to High, Norton blocks ActiveX controls and Java applets, although you’ll get more granularity from IE’s security settings.
Prev. page
1
2
[3]
4
5
6
next page 
