Two recommended Windows firewalls

Finding a new firewall program has been on my to-do list for a long time. I was a long time fan of the free version of ZoneAlarm, but the upgrade from version 6 to 7 was a put-off. The file size increased tremendously (it's now 44.6MB) and the functionality hardly changed at all. That made me suspicious of what all that extra code was there for. Still, old habits die hard and I was used to it like an old pair gloves. But a few days ago, when a bug fix for Windows broke ZoneAlarm, and no other firewalls, it lost my confidence.

I can't yet recommended a firewall based on personal use, but someone I trust, Scot Finnie, recommends two. Scot, who now works for Computerworld, has been writing a free newsletter for years. I was lucky enough to discover it long ago and I've come to trust his recommendations. Recently, it morphed into a blog.

Back in March, Scot wrote The Best Firewall Software of 2008: Online Armor, the final chapter in his 19 month investigation of firewalls. That's not a typo, he spent a year and a half researching firewalls.

Cutting to the chase, he recommended two firewalls: Online Armor 2.1 and Comodo Firewall Pro 3.0.

In his own words, "Tall Emu's Online Armor 2.1 is The Scot's Newsletter Blog Best Firewall Software of 2008 ... [with] the best blend of a high degree of protection with a high level of usability."

There is a free and a paid version of Online Armor, Scot reviewed and recommended the paid version. Vista users are out of luck, Online Armor only works with Windows XP (32 bit only) and Windows 2000.

Scot felt that Comodo Firewall Pro 3.0 offered excellent security, but that it was high maintenance and thus more appropriate for techies. He doesn't like being frequently interrupted by firewall alerts, a sentiment I agree with. Comodo Firewall Pro is free and works with Windows XP (both 32 and 64 bit) and Vista.

A big reason I liked ZoneAlarm was ease of use. When it popped up an alert, the explanation of why was simple and clear. Likewise granting permissions to programs couldn't have been easier. I tried a handful of firewalls and none came close in terms of ease of use.

Once, when I was teaching a class, and a student brought in a screen shot of an alert from the Norton firewall asking what it meant. It wasn't clear if the firewall was asking the user something or telling them, let alone whether the alert was about something coming in to the computer or going out. If you watch, the TV show Boston Legal, think word salad. And, I know the lingo.

Ease of use was a big reason that Scot recommended Online Armor, saying "Online Armor's user experience is on par with ZoneAlarm Free and Sunbelt Personal Firewall -- the two firewalls I've pointed to in the past as having the best user interfaces in this field."

Part of this entails running silently, after the initial getting-to-know-you period that any firewall requires. As Scot put it "When pop-ups are too repetitive or too frequent, it's only human nature for a large segment of the user base to start ignoring them. That behavior leads to a severe loss of security." I agree completely, as, I'm sure, many Vista UAC users do too.

The criteria Scot used in his evaluation were "usability, company support, stability, compatibility, and bug resolution". Sounds perfect to me.

Another thing I agree with Mr. Finnie on, is a dislike of all-encompassing software suites. Both his recommended firewall programs are just that, firewalls. Nothing more. As he puts it:

"The impetus for this review came after more than a decade of using and reviewing multifaceted, everything-but-the-kitchen-sink security suites such as Norton Internet Security. When I kicked that habit, I looked around for something better and realized that most mainstream computer publications were for the most part reviewing only the big-name, large-footprint products. It was clear to me that there was a better way that involved selecting a small set of best-of-breed security products that work well together."

I never heard of Tall Emu, the company behind Online Armor. But, Scot was impressed with them:

"What's especially impressive about the talk and actions emanating from Australia-based Tall Emu is a strong corporate culture that values communication, honesty, a willingness to talk openly about problems, a responsive attitude, open-mindedness, and respect. I'm not sure how to say this, but I trust Tall Emu to do the right thing. I can't remember the last time I felt that way about a software company in the post-Microsoft-antitrust era."

A small point in the article bears repeating. Someone with a single computer connected to a broadband modem, doesn't need a router. Technically. Yet installing a router is nonetheless a good thing - for the firewall. Rather than depend on a single software firewall (Windows security and all that that entails) the hardware firewall in a standard, relatively cheap, consumer router provides an extra layer of defense.

It's a very long article but well worth reading.

On July 16, 2008, I wrote up my first impressions of Online Armor

See a summary of all my Defensive Computing postings.

[soccer18]

My computer was recently rendered unable to connect to the internet. I run Zone Alarm as well (I've been extremely happy with it) but the recent security update from microsoft conflicted with it and shut down all internet access. Zone Alarm has issued a fix by way of a product update on their website. I installed that and then re-installed the security update and everything is working just fine.

[Scopip]

I find this all ironic. I recently had to re-install, and felt very deceived by the mandatory zone-alarm update also. In less than 10 mins, I found armor2net, and do like it a lotl.

Both AVG and Zone alarm my old favs, hit the dump real fast. Life of the internet.....

back to avast, / armor2 net

[The_Decider]

Comodo adapts to its user quite nicely. You can put it in dumbed down mode for the masses or let it give you all the control you need.

[john55440]

Norton Internet Security 2008 is an excellent program, and proof that Symantec is moving in the right direction.

[jgfuller]

Maybe I've just been lucky, but I run the Windows [xp] firewall, Windows Defender, and AVG free, and have had no problems. I do practice Safe Computing, with regards to opening suspicious e-mails and attachments, and am careful about web sites. So far, so good.

[mhinnewyork]

Let me suggest you review the exceptions that are allowed in your copy of the Windows XP firewall. I have seen suspect software set up an exception for itself without the user being aware of it. You are safest with no exceptions, but you may need some, such as file and printer sharing. Michael Horowitz

[buchpteclare]

I just dumped ZA - which up to last week had been reliable. I replaced it with Online Armor - which looks like a keeper. Easy to install, and clear in its use.

[Maxweel]

By the time, ZA Pro has had a lot of trouble dealing with Vista (and it's definetively the firewall, not the OS), so I decided to try something new. This post was decisive, thank you: I will try Comodo and give feeedback as soon as I can.

[rharmon618]

Let's see if I got this right - a Windows bug caused a problem with ZA so this caused people to search for another firewall. What are you going to do when another Windows bug causes problems with the new firewall? Research and find another? Why not change the operating system instead?

[will482]

It would be useful to have an update comparing different free firewalls. Recently saw a recommendation of the free PCT Tools Firewall purely in terms of protection efficiency. Would be useful to have a review, that also took the UI into account as in this, now dated review