Author Topic: XP firewall revisited  (Read 9693 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
XP firewall revisited
« on: April 10, 2007, 10:48:42 PM »
Extracted from:
Scot’s Newsletter

Software Firewalls for Windows XP

I've been getting a lot of requests for an update on my research into software firewalls for XP. The research is ongoing, but I do have plenty to update and pass along.

Back in September of last year, I kicked off comparison research and the first of a series of articles focusing on inexpensive, lightweight software firewalls for use with Windows XP. Please check out that first piece, and check out what I'm looking for in a software firewall: An emphasis on outbound protection, nearly silent operation (after you've run most of your apps once), and a rational means of protecting, without breaking, your network. Anything with an endless number of pop-ups isn't going to cut it with me. I'm not going to become a slave to a software firewall.

I've been working on this research off and on ever since. The products I mentioned then — Comodo, Jetico, Look 'n' Stop, Outpost Pro, Tiny Personal Firewall, and Kerio — are the products I've been keeping tabs on during this period. I've also looked at some others that have come along. But I'm only looking at lightweight standalone firewalls; that leaves out several notable names, including Kaspersky, Norton, McAfee, Trend Micro, CA, Check Point, F-Secure, and others. They're out of my research on purpose: I don't recommend any of them. Steer clear of security suites.

In November, I tried Outpost Pro 4, which comes riddled with other security features and an overly complex set of configuration options. I didn't like it. Here's what I wrote about Outpost 4 last fall.

Scratch one off my list.

After its acquisition of Tiny Personal Firewall, Computer Associates appears to have no intention of continuing the firewall in its current form, but instead will roll it into its CA line of integrated security products. Scratch another one off my list.

So, for the moment, I'm down to these four products: Comodo, Jetico, Kerio and Look 'n' Stop

For this issue, I closely examined the latest versions of the first three products. I'll be looking at Look 'n' Stop in the near future.

Comodo Firewall Pro 2.4

Comodo Firewall Pro should get an award for being the most improved. When I first looked at it a year ago, I was not impressed. As I wrote last September:

Comodo reminds me of Norton Personal Firewall. It's very noisy, always popping up boxes, repeatedly — even when I tell it to remember settings. In one browsing session with Firefox, I had to say "Yes, let it work and remember this" eight or nine times. And I had trouble networking with Comodo; its settings for allowing networking were tough to configure.

Well, the Comodo Group must have been listening. The maddening pop-up boxes are a thing of the past in its 2.4 version. You'll still encounter a few pop-ups on the first or second usage of many apps, but the program has a system of aggregating pop-up boxes and accepting answers a lot more adroitly. While I could quibble with the UI of the pop-up boxes, overall, the user experience is greatly improved. Bottom line: I can live with Comodo (and that's exactly what I'm doing).

Comodo still doesn't use the "trusted zone" metaphor for configuring networks. I miss that way of working, but the truth is, I had no trouble configuring it to work with my network.

Even so, the process of configuring a firewall to work with a local-area network should be handled by a purpose-built piece of UI designed to make the chore easier. Comodo lacks that functionality. In fact, there is still no software firewall product I'm aware of that equals Check Point's ZoneAlarm for network-configuration user interface. Too bad the free ZoneAlarm firewall-only product is nowhere near as protective as the others on my list. (The firewall in ZoneAlarm Pro is vastly superior, but it comes with security-suite baggage.)

Jetico Personal Firewall Beta

I was sorely disappointed in Jetico Personal Firewall. This firewall's 1.0 release scored very well at on outbound leak tests, but the Jetico user experience is very poor. You'll be faced with a blizzard of apparently repeat pop-ups. In fact, you can basically take my September 2006 comments on Comodo and transfer them to Jetico. On my third and fourth runs of Internet Explorer, I was still getting pop-ups from Jetico related to IE. It appears there are no preconfigured application-control rules, and no way to simplify the OK, OK, OK tap dance. Who needs it?

I also had trouble with intermittent balkiness with networking when using Jetico, another no-no from my perspective. It's bad enough when network configuration is difficult to find, but when there are intermittent blockages, I'm done. That's the same kind of problem that drove me away from ZoneAlarm — even before it turned into Check Point's more expensive suite product line.

As if that weren't enough, see the next article in this issue of the newsletter for details about my problems attempting to use Jetico with Vista (which it is supposed to work with). Not a pretty picture.

Because Jetico is currently a beta product, I will look at it again when it's further along. But it's going to have to deliver considerable improvements to keep from getting crossed off the list.

Sunbelt Kerio Personal Firewall 4 (Free)

Kerio Personal Firewall was my leading contender back in September. I still prefer its user interface slightly over Comodo's. But Comodo offers much better configuration controls. When you step back, it's apparent that Kerio's real problem is that it's in need of a major update. I think Sunbelt should do away with the Simple operational mode, which is probably way too permissive, and focus on making the Advanced mode a little easier to use and configure.

I also had some networking trouble with Kerio. I've had lots of reports from people who use dynamic IP assignment with their printers that Kerio can't print to them. I don't use dynamic IP assignment with printers. I statically assign the IPs of all my printers, and I recommend working that way on your network. Some things are just better off being static.

My problem with Kerio had to do with connecting to a virtualized instance of Windows XP. Kerio would not allow the computer running virtualized XP to connect to the host Kerio was running on. Every other firewall I've tested recently has had no trouble allowing a virtualized instance of XP to connect to the firewall's host PC. I haven't tested Kerio in enough settings to learn whether this is a repeatable problem — so I can't say for sure that you'll run into it. But any firewall that causes these kinds of troubles on my network is unlikely to be picked as the Best Software Firewall of 2007.

Don't mess with my network.

This Month's Takeaways
In case you're new to Scot's Newsletter, I do ongoing series reviews. You'll know I'm done with a series review when I announce a winner. We're not at that point yet with software firewalls. This is a mid-term report.

Comodo Firewall Pro is currently my leading software firewall contender. Having shed its Jetico-like barrage of pop-ups and offering excellent options and settings, Comodo is a very good product. It's also one heckuva bargain with its 100% free lifetime license. I don't expect all future Comodo versions will be free. Comodo Group will probably start charging at some point. For now, the price is very, very good.

Another thing I admire about Comodo is that its developers have been very active in continuing to improve the product with numerous updates. By contrast, it appears to me that Kerio has had only one minor update since I kicked off my research. That's not going to get the job done.

Look 'n' Stop Firewall by Frederic Gloannec and Jean-Francois Catte is next up for testing, but one thing that's different about this one is that it's not free or available (as Kerio is) in a lesser version free of charge. Its developers want $39 for it, which I think may be a little steep unless it's a stellar product. There is, at least, a 30-day trial version.

I welcome your input on other software firewalls you think might be worth my time to test. Please keep in mind that I'm interested solely in products that are software firewalls only: no products that include antivirus, anti-malware/spyware, content filtering, pop-up blockers — in short, no suites. Send a message about the firewall you like, and please tell me why you like it. A link would be helpful. Thanks.
The best things in life are free.

Offline BJ_GeOrgE

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 350
  • prevention is better than cure
Re: XP firewall revisited
« Reply #1 on: April 10, 2007, 11:18:46 PM »
thnx for the firewall comments tech..its a gd way to help users who look for the most suitable for their needs work  ;D
OS:Windows 7 Professional 64-bit SP1
Antivirus: Avast Free v8.0.1497/Firewall: Windows Firewall/On Demand: Malwarebytes Free Edition/Other tools: CCleaner

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48705
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: XP firewall revisited
« Reply #2 on: April 10, 2007, 11:47:28 PM »
I sent out a request to add PC Tools Firewall Plus to this list this morning.  :)
Free Security Seminar:  -  Important: -- My Web Site: - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast & Clean Install -- My Online Activity


  • Guest
Re: XP firewall revisited
« Reply #3 on: April 11, 2007, 02:14:24 PM »
I sent out a request to add PC Tools Firewall Plus to this list this morning.  :)
It would be nice, cause I use it too ;D

Offline OrangeCrate

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 798
Re: XP firewall revisited
« Reply #4 on: April 11, 2007, 02:20:34 PM »
In case you missed it, PC Tools Firewall Plus was mentioned in the other thread Tech posted by the same author:

I spent about 30 minutes with PC Tools Firewall Plus prior to writing this article. My sense about PC Tools is that it's a very simple, lightweight firewall. I can't speak for its protective qualities yet, but it works well without being annoying. The UI for controlling networking isn't great. In order to make peer-based networking work, I had to set a rule that basically allowed all TCP/IP transmissions. I'm sure there's a more restrictive way, but the UI didn't make it obvious. I really liked PC Tools' simple application-control settings.

Anyone who has used PC Tools Firewall Plus more than I have, please drop me a note about your experiences, positive or negative.

Of the three third-party firewalls, I'd have to recommend PC Tools Firewall Plus — at least, on a temporary basis until other products, such as Comodo, Sunbelt's Kerio, or Look 'n' Stop Firewall begin supporting Vista. It doesn't seem to me to be a great product. But it's free and serviceable.

Offline Abraxas

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 730
  • Perseverance Furthers...
    • PCLinuxOS-Forums
Re: XP firewall revisited
« Reply #5 on: April 11, 2007, 09:52:46 PM »
Thanks for the info Tech . Great source . I've used ZoneAlarm Free for years . Now it's bundled into a suite  ( 38 MB's download of optional components ) it's time to make a change . Plus crazy installation process if I want a clean install  ::)
I haven't updated the latest two releases and are looking for an alternative .

Cheers  :)


  • Guest
Re: XP firewall revisited
« Reply #6 on: April 12, 2007, 02:56:49 PM »
In case you missed it, PC Tools Firewall Plus was mentioned in the other thread
Sorry OrangeCrate i haven't read that tread :P

Offline OrangeCrate

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 798
Re: XP firewall revisited
« Reply #7 on: April 12, 2007, 03:01:21 PM »
In case you missed it, PC Tools Firewall Plus was mentioned in the other thread
Sorry OrangeCrate i haven't read that tread :P

The comment wasn't aimed at you personally, just a general reference to PC Tools Firewall Plus by the same author in the other thread that Tech had posted.