Tiny Personal Firewall was successful in detecting and stopping all incoming and outgoing connection attempts. When it detects a new application (such as Windows Update Notification) that needs Internet access, the software prompts the user to select Deny or Permit. It even creates the appropriate filter rule to consistently apply your decision in the future.
In addition to its overall lack of special features, Tiny Personal Firewall’s logging capability is second poorest of the products I reviewed. The log file, filter.log, is a text file, so you must open it with a text editor. Although the software’s event messages are understandable, McAfee Firewall, Norton Personal Firewall, and ZoneAlarm Pro blow Tiny Personal Firewall away.
Why would anyone recommend this product? Three reasons: First, it’s reliable; what it does, it does well. If a simple firewall with application control is what you want, it’s a great tool. Second, it’s free. Third, it’s the fastest of the six firewalls I tested. It installs quickly, is the least intrusive, and lets approved Internet connectivity speed along. Because of these three reasons and its ICSA certification, it’s often the top choice of technical purists.
ZoneAlarm Pro 3.0. Home users can download a 30-day free trial of ZoneAlarm Pro or the free (but less feature-rich) ZoneAlarm 2.6.362 for from Zone Labs’ Web site (http://www.zonelabs.com). Business users pay $19.95 for ZoneAlarm 2.6.362 or $49.95 for the enhanced ZoneAlarm Pro. The software runs on XP Home, XP Pro, Win2K Pro, NT 4.0, Windows Me, and Win9x.
Zone Labs didn’t win almost every security-magazine award and get to the top of the heap without earning those honors. The software is the standard by which other firewalls are measured. Installation is fast and smooth. ZoneAlarm Pro is built for people who don’t care about firewalls. You don’t see any filter rules and need little understanding of TCP and UDP. You install the software and forget about it until an alert message pops up.
As the name implies, ZoneAlarm Pro has local and Internet zones. It gives machines on the LAN (i.e., your home network) one security treatment; traffic that originates from the Internet is set to a higher security setting. Figure 5 shows the products Security Settings dialog box. By default, the firewall uses medium security to manage machines in the local zone. The high setting of the Internet zone doesn’t allow NetBIOS traffic by default and denies all applications that try to connect to the Internet, except IE. For example, when I ran the Ping utility, ZoneAlarm Pro asked me for my approval.
On my first external attack, ZoneAlarm Pro recorded 157 UDP attempts to closed ports and sent a warning message. Its messages were short and to the point, although choosing the Detail button on any message will take you to Zone Labs’ Web site for a detailed discussion. ZoneAlarm Pro was one of the few firewalls that logged ICMP flooder traffic, but I couldn’t tell whether it would automatically block future traffic from the attack machine, which leads to my only negative about the ZoneAlarm Pro firewall: It’s so perfect for users who know nothing about firewalls that it doesn’t have the detail, granularity, and features that some of the other products offer. But if you’re a typical user, you can’t go wrong with ZoneAlarm Pro.
ICF. ICF is available as part of XP Home and XP Pro (http://www.microsoft.com). The other personal firewalls I tested are good products and have nothing to fear from Microsoft’s first foray into the field. ICF works, but it has absolutely no features beyond a bare-bones firewall. It doesn’t have a configuration assistant, fancy alert messages, application control, and stopping of internally executed malware. ICF also lacks the intelligent logic present in the other personal firewalls. For example, if an intruder scans your computer’s ports, ICF will note the probes, but the intruders can continue probing as long as they want. ICF doesn’t see any relationship between one bad packet and the next. Not surprisingly, in my tests, internal exploits executed without a hitch.
Most of the calls I get about ICF deal with turning it on. In some cases, the software is on, but it does its job so silently that nobody notices. If you need to enable it on your XP machine, go to the Control Panel, double-click Networking and Internet Connections, click Network Connections, right-click your network connection icon, choose the Properties option, select the Advanced tab, and select the Protect my computer or network check box. Choose the Settings button and the Services tab, which Figure 6 shows, to activate preconfigured inbound ports, or click Add to create new allowable inbound and outbound ports. By default, ICF refuses all inbound connections (unless they’re initiated internally) and allows all outbound connections.
Logging is ICF’s weakest link; logging isn’t enabled by default, so you must turn it on by selecting Log Dropped Packets under the Security Logging tab. The software writes events to an ASCII text file, pfirewall.log, which resides in the Windows directory. ICF doesn’t send alerts when your XP machine is under attack and doesn’t display messages that explain whether it refused a connection attempt because of the firewall.
ICF reminds me of Microsoft’s first (and only) attempt at providing a free virus scanner in the latter days of DOS. The company was late to market, and the product that made it to market wasn’t competitive. Microsoft’s virus scanner didn’t last long. If you have only ICF, do yourself a favor and pick up one of the other contenders. You’ll have better protection and less stress.
Prev. page
1
2
3
4
[5]
6
next page 
