Review roundup: Slim is in for Windows desktop firewalls
You don't need a bloated security suite to get the best protection from a firewall
Computerworld - Most large companies instituted solid network firewall protection long ago, and few have much need to run software at the Windows desktop level to accomplish their firewall goals. At least, that was true a few years ago.
As the workforce becomes more mobile, indiscriminately accesses the Internet and the company network from wireless hot spots, and works more frequently from home via consumer-level broadband, a solid Windows software firewall that doesn't require help desk support is a very good thing indeed. With no corporate security system protecting their networks, of course, home users are even more in need of firewall protection.
The problem many desktop security buyers face is that the established Windows software security makers -- Symantec, Check Point/ZoneAlarm, McAfee, Trend Micro, Panda and so on -- sell very large, multiple-component security suites that slow their systems to a crawl. These products are aimed at perceived value for consumers, rather than on lightweight simplicity and straight-ahead functionalism.
After years of hands-on testing of security suite products, and with the benefit of thousands of messages containing detailed insights from advanced computer users, I've come to the conclusion that Windows-based multifunction desktop security products have a low degree of customer satisfaction. Products such as Norton Internet Security require far more Windows system resources than lightweight stand-alone tools.
What's more, according to independent security testing from third-party testing sites, such as Firewall Leak Tester and Matousec, many of the biggest names offer less protection than simpler, lesser-known security products. This isn't to say that security protection from Symantec, McAfee and others isn't good. The point is that you don't have to buy big, bloated software from a well-known security company to get solid protection.
My quest with this two-part story is to identify the best lightweight software firewall for Windows desktop use. Last year, I pursued a similar long-term research project to find the best lightweight antivirus software for Windows. The result of more than a year of testing, with input from hundreds of readers about their experiences, resulted in my selection of Eset NOD32 2.7 as the best antivirus product for the Windows desktop in 2007.
I began my research to establish the best software firewall in September 2006. I've called for reader input from the start of the project, both to nominate a first round of products and provide in-depth information about their own experiences with the specific firewalls.
Your experiences, should you choose to convey them, are very important to the final assessment, coming in Part 2 of this story. Later in the story, I'll ask for your input. If you have something useful to say, please take me up on it.
What makes a good firewall
There's no way around the fact that this is a subjective assessment based on both objective and subjective measures. You may not agree with them, but I am explicit about my evaluation criteria. This isn't a beauty contest.
When it comes to desktop firewall protection, most properly configured low-cost hardware and software firewalls get the job done of protecting against casual inbound incursions to your computer or network. Network address translation, stateful packet inspection and selective, smart management of port access provide a good, if imperfect, level of protection.
The problem, as I see it, comes with outbound protection. If your antimalware protection lets in a bad piece of code via e-mail or from a Web site that runs on your system and is designed to extract data from your computer and send it somewhere out on the Internet, are you protected? My determination is that that's the key type of activity that you need your firewall to block. But not all of them are good at that. Some of the most commonly used firewalls, in fact, offer inferior outbound protection.
That's why in terms of security efficacy, outbound protection is my key metric. Currently, that sort of protection is measured by what's known as leak tests. Many such tests exist, both expensive corporate-oriented tools and freely offered tests.
Some other important criteria for firewalls:
- Must have low impact on system performance.
- Can be configured for silent operation -- or at least the product minimizes the number of needless or unexplained pop-up questions it asks.
- When a silent operation mode exists, a fully interactive mode must be an option.
- Must be compatible with other types and brands of software security products, such as VPN, antivirus, antispyware, antispam and so on.
- Must have logical controls and settings that help the user avoid security loopholes.
I'm also a big fan of the ability to configure the firewall to work with your LAN without having to constantly tend them. Any software firewall that gets in the way of basic networking functionality will not last long in my environment -- and it shouldn't in yours. No one should become a slave to their firewall.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts