Best Software Firewalls for Maximum Protection

Technology & Science 1977 Hits > 2010-06-06 10:21:29

Best Software Firewalls for Maximum Protection

The following personal firewalls provide excellent network protection. Each firewall comes with default settings and shouldn't require tweaking except for the needs of advanced users. I provide some configuration and usage details since a little extra information may help you better answer and minimize popup alerts.

Still, firewall products in this section seem to require a fair amount of time to learn their features. They all require user involvement and some knowledge of your software to reliably answer popup alerts. However, for the technically initiated who can cope with these annoyances, these are some outstanding free products. And they are not as bad as the User Account Control (UAC) in Vista since they have various features to limit the extent of action required by you.

Some products rely of lists of known safe applications (all) or safe vendors (Comodo, Privatefirewall) or valid digital signatures (PC Tools), some products can optionally give safe or trusted status to all your current files (Comodo, Online Armor), some have training or installation modes (all but PC Tools), and some have lesser configurations to reduce monitoring (esp. Outpost).

These techniques reduce popup alerts and user intervention to varying degrees, but they also reduce protection to some extent. Since firewalls are often praised for their level of protection at their maximum security settings, users may not have the degree of protection mentioned in the reviews below when they use methods to increase automation and reduce alerts.


Comodo FirewallIf full featured security is your criterion, then the Comodo Internet Security is the top contender. It has a robust and a very active HIPS or application monitoring feature called "Defense+", which matches or exceeds the security performance of pay products. Its Defense+ also provides image execution control (or a "memory firewall") that seems unique to Comodo. Comodo allows for much control and customization, with a plethora of additional settings to tweak for the curious or for the just plain paranoid. On the minus side, its Defense+ is initially talkative with popup alerts in some configurations, which may annoy or alarm users.

During installation, it gives you a choice between three levels of security. The "Firewall Only" mode is discussed in the next section; it disables intrusion protection against outbound malware threats. The default (or middle configuration) uses most Defense+ protection and monitors for common exploits, but it turns off some monitoring (right-click the tray icon > "Manage Configurations" > "Firewall Security" to switch to it at any time). The maximum configuration, "Proactive Security", uses all Defense+ monitoring and increases its aggressiveness (right-click the tray icon > "Manage Configurations" > "Proactive Security" to switch to it).

After installation Comodo automatically selects either "Clean PC Mode" or "Safe Mode". "Safe Mode" maximizes proactive protection to a high level and is the best mode for most users. But it relies on numerous popup alerts for applications not in its trusted vendors list (you can browse this list to see if you trust the vendors: go to the Defense+ tab > "Common Tasks" > "My Trusted Software Vendors"). When you answer "allow" and "remember your answer" to popup alerts for an application, Comodo creates a custom policy for it. Some of its policies are fairly liberal (the one for CCleaner gives it "allow" status for almost everything, but the one for some parts of OpenOffice are set mostly to "ask").

In the more liberal "Clean PC Mode", Defense+ automatically treats all applications on your drive as safe (but if any malware is currently hidden on your drive, it too would be considered safe). Applications still receive some minimal monitoring for Comodo's two protected lists ("my protected registry keys" and "my protected COM interfaces") and for running as an executable, or more/less monitoring depending on their custom policy. And new files get sent to a list of files "waiting for your review" in the "Summary" page. Files listed for review will be considered possibly unsafe and will provoke popup messages, as if in Safe Mode, until their custom policies are made.

Comodo limits the frequency of alerts by automatically treating some programs as safe and allowing some applications to access the Internet. You can additionally automate the behavior of Defense+ by one or more of these methods for treating applications as safe:

  • Have it "remember your answer" to all popup alerts when an application first runs, which works for some applications (because some custom policies set this way are close to "trusted" status). But if an application still nags you, click "More Options" in the alert and use the drop down box to select "trusted" or "blocked" (etc.), if available, or set an application to trusted manually ("Defense+" > "Advanced" > "Computer Security Policy" > "Edit..." > "Use a Predefined Policy"), which finally ceases popup alerts and most intrusion prevention for that application.

  • Add files to the lists of "My Own Safe Files" or "My Trusted Software Vendors" in the interface (see the "Defense+" tab), which is most helpful for "Safe Mode" or "Paranoid Mode".

  • Use the "Clean PC Mode" (right-click the tray icon and select it under the "Defense+ Security Level"). But make sure to scan and remove any malware first.

  • You could also browse these guides on minimizing Defense+ alerts: How to Tame Comodo Defense+ Without Disabling It and Comodo Forum Help.

Alternatively, see this mini guide for an example of how to maximize some of its basic settings. Comodo nicely allows you to quickly increase or decrease protection with its different modes, configurations, and settings.


A solid contender is the free version of Online Armor Free. It has outstanding leak-test and HIPS performance (the HIPS feature is mostly in its "Program Guard"). It has a unique feature called "run safer" that allows you to selectively set risky applications (web browsers, office software, readers/viewers, instant messengers, email or news programs, multimedia software, download managers, etc.) to run as if under a limited user account (go to "Programs" tab > uncheck "Hide Trusted" > highlight a program and click "Run Safer"). It minimizes popup alerts over time with its automatic list of safe programs, your on-demand scans with its safety check wizard, and your responses to popup alerts -- especially in cases where you tell it to remember your decisions and have it treat programs as trustworthy.

Though its Program Guard also relies on user input and user interpretation to answer its numerous popup alerts (especially if you don't want to trust a program); this may be quite a challenge for average users. And it now makes it mandatory to enter an email during installation. Some users also reported compatibility problems with other security software recently (Avira, GeSWall). That said, it provides excellent proactive security and often scores very high in reader polls.

In an effort to reduce user involvement even further, it has a safety check wizard that gives you an option to trust all programs currently on your PC or to run the wizard to scan for safe applications (you can always run it again later by visiting the safety check wizard in the interface). If you decide to automatically trust everything on your PC, it liberally gives applications more access to function and therefore gives you very few popup alerts initially, but be sure to carefully scan and remove any malware first (not recommended for average users).

Otherwise, run the wizard and have it search your PC for known programs to allow/block/ask. In this case, Online Armor relies on you to respond to numerous popup alerts for unknown programs. In my testing, you receive about as many alerts as Comodo's "Safe Mode" (with its default safe vendors list or with manually adding to its safe lists). Online Armor has a couple restarts and a short two minute learning phase during installation, and you can use its learning mode to create automatic rules at any point later, say, for a trusted online game that gets constantly interrupted by firewall alerts. It also allows you to easily "check mark" applications as installers in initial popup alerts about them; I found this to be the easiest method for handling installers of all tested products.

For the curious or paranoid user, it uses excellent popup messages when it automatically allows a program to connect online and, optionally, when it automatically trusts a program/process to run (these alerts don't require user action and they can be enabled/disabled in the interface with "Options" > "Firewall", and "Programs" > "Options"). For example, I noticed a message when it auto trusted a key logger test (Zemana, which it failed initially), but after I set the tester to untrusted, it gave very informative and detailed security alerts (and then it passed the test and logged the tester in the interface under the "Key Logger" tab, but it only logged the key logger after the test was untrusted). You can even close both its tray tools from its right-click context menu. They are not needed for the firewall and HIPS components to continue running and protecting.


Warning: Unknown: write failed: Disk quota exceeded (122) in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0