SQL Server Magazine

Norton Personal Firewall took the top place in this six-way contest. Although it created a small, but noticeable, performance penalty, I believe in security over speed, and I accept small decreases in performance from my firewalls and virus scanners. Speaking of antivirus protection, Norton Personal Firewall integrates nicely with Norton AntiVirus.

BlackICE PC Protection 3.5. You can download BlackICE PC Protection from ISS's Web site (http://www.iss.net) for $39.95. A free trial is available. BlackICE PC Protection runs on XP Home, XP Pro, Win2K Pro, NT Workstation 4.0, Windows Me, and Win9x.

BlackICE PC Protection (under its former name BlackICE Defender) was one of the first personal firewalls available. Because it worked fairly well and was also free, it became one of the most popular personal firewalls. ISS then purchased the software and made it a commercial product. When I first started writing this article, I reviewed an earlier version, BlackICE Defender 2.9, and found a few deficiencies when I stacked up the product against its competition. The latest release eliminates most of those reservations. BlackICE continues to enjoy widespread use. Figure 3 shows the BlackICE interface.

Unlike McAfee Firewall and Norton Personal Firewall, BlackICE PC Protection stopped all external attacks and logged all ICMP packet storms. It features automatic blocking, one-click drive-map enabling, and a nice summary window that lists the number of attacks by IP address under the Intruders tab. Although some of the other firewalls let you sort the event log by source IP address, this view is always readily available in BlackICE PC Protection. This feature comes in handy when you’re trying to quickly determine whether a particular attack is coming from a persistent intruder or machine.

BlackICE PC Protection comes with four levels of protection, ranging from Paranoid (blocks all unsolicited inbound traffic) to Trusting (allows all inbound traffic). The default Cautious level allows most inbound inquiries and in my opinion is too permissive. I’d like to see ISS set the default to more protection. People have criticized the software for not doing more to block unauthorized outbound transactions, but the software no longer has this weakness. The company did its homework; its application blocking is one of the best in this review. BlackICE PC Protection not only shows you applications and locations it found but also lists individual files and components and uses checksums to help prevent piggybacking Trojan horses. BlackICE PC Protection claims to have an Intrusion Detection System (IDS) that works with the firewall functionality. But any IDS should be able to detect and specifically identify unique Trojan traffic signatures and report them accurately. BlackICE PC Protection detected inbound Back Orifice attempts as Trojan horse probes, but it didn’t identify them as Back Orifice traffic, as some of the other firewalls did. And if I "accidentally" let NetBus or SubSeven Trojans execute locally and initiate outbound connections, as might happen with a Trojan game in the real world, the firewall didn’t pick up on the malicious traffic signature as a true IDS would. BlackICE PC Protection’s logs often perform this way—they list an attack but don’t provide enough details. For example, when I made hundreds of probes to the test machines, BlackICE PC Protection reported each probe and the number of probes to a particular port number but not the specific port under attack. Or if it blocked an application, it didn’t list the blocked application. To give BlackICE PC Protection credit where it’s due, however, you can access helpful general-event discussions by clicking the advICE button on the event screen. So if you’re interested in what a Telnet probe is doing, ISS's Web site will provide an explanation. Also, previous BlackICE releases seemed to suffer from bugs that caused premature unloading, without alerting users. This action could result in users thinking they’re protected when they aren’t. I couldn’t make the new version hiccup. Even with imperfect logging and IDS capabilities, BlackICE PC Protection is a serious contender and should remain a popular personal firewall choice.

Tiny Personal Firewall 2.0. You can download Tiny Personal Firewall from Tiny Software’s Web site (http://www.tinysoftware.com). It’s free for home users and $39 for business users. Tiny Personal Firewall runs on XP Home, XP Pro, Win2K Pro, NT 4.0, Windows Me, and Win98.

Tiny Personal Firewall originally was a component of Tiny Software’s larger WinRoute Professional offering, then it became a standalone product. Tiny Personal Firewall is stable, fast, reliable, and one of the few personal firewalls ICSA Labs has certified. (ICSA Labs is a respected part of the TruSecure security organization.)

When the company uses the word tiny, it means tiny. You get few frills—no automatic blocking, no privacy filters, and no content scanning. (However, Tiny Software offers content screening through another commercial product called Tiny Trojan Trap.) Tiny Personal Firewall has only four preset rules, as the Filter Rules tab in Figure 4 shows; only a few dozen options (compared with nearly a hundred in the other products I reviewed); and no automatic search for Internet-connecting programs. When you execute a program and it connects to the Internet, Tiny Personal Firewall takes notice—then and only then. DNS and ping are the only default permitted protocols. Maybe that limitation is good, because why would you want to approve a program you’ll never use? Extra opened ports or unused applications are security holes.

Prev. page     1 2 3 [4] 5 6     next page