Sunday, May 06, 2007

Freeware Vista Firewall Options

I guess I couldn't leave a firewall discussion alone.

Now that I have Vista, I'm considering the current batch of free firewall options for this system.

To really provide sufficient protection and monitoring for your system, you may want to keep an eye on outbound packet sends as well and not just inbound unsolicited packet connection attempts from remote systems.

By keeping an eye on "leaking", a more advanced firewall can alert you to any attempts by programs to send data "back home." This is helpful in making sure that malware doesn't try to fire off any scraped data from your system, or use it as a zombie machine.

Does the average home user REALLY need outbound packet filtering and leak protection? I can't honestly say. I know I personally like the extra control and monitoring ability it provides me, and feel much more comfortable with it present, but for some users it may be overkill or end up killing a noobie user's network connectivity by accident or poor rule-block selection. I guess it comes down to being a personal decision based on your own risk tolerance level with pc security.

Microsoft's Vista Firewall

Vista does come with a bit more "advanced" firewall from Microsoft, although accessing its advanced features takes a bit of work.

By default, the Microsoft Vista firewall (like XP's) does provide blocking of unsolicited packet requests. That is definitely better than nothing at all.

I've read some articles and peeked around with the advanced firewall configuration options, but am convinced that Microsoft's Advanced Firewall settings will probably end up being to big a headache for average users to attempt to configure.

When is a firewall not a firewall? When it’s Vista’s built-in firewall - via ZDNet.com

Security Watch: Outward bound with Vista's new firewall - CNET reviews

The Windows Vista Firewall - Support 4 Vista

Windows Vista’s Firewall With Advanced Security - IT Professionals

The New Windows Firewall in Windows Vista and Windows Server "Longhorn" - Microsoft's TechNet: The Cable Guy, January 2006 (bit dated...)

Introduction to Windows Firewall with Advanced Security - Microsoft DOC file

I like (and many users are now used to) firewall products that either block all outbound connections by default and then alert the user to allow/deny as encountered, or use that with a "whitelist" of pre-approved "safe" applications to cut down on the initial chatter.

Tying to get Microsoft's Advanced Firewall settings correctly and effectively configured will probably turn all but the most hard-core Microsoft lovers away and looking for an alternative product.

So, what other freeware firewall products are available for Vista?

Jetico..yes but...

I love Jetico's firewall. It is one of the few products that rates very strong against leak tests.

It does have a high learning curve and the advanced configuration and rule modifications can take a bit of time to become familiar with. But it does do it's job well.

So when I saw that Jetico was releasing Jetico Personal Firewall v2 (now out of Beta) and it is Vista compatible, I was very excited.

I downloaded it and it seemed to perform very well on my Vista machine.

Except for one (tiny) problem. Version 2 of Jetico is no longer free. It will run for 30 days, but after that will not save configuration data. You will have to make a purchase.

That's too bad as Jetico is quite probably my most favorite freeware firewall choice for XP with their version 1 product (which remains free). But I understand Jetico needs to pay its bills.

So if you really want a strong leakproof firewall, and are an "advanced" users willing to work with its interface, Jetico v2 still seems like a great bargain for Vista users at just under $40.

PC Tools Firewall Plus 2.0

Next one up I located and tried was PC Tools Firewall Plus 2.0.

It is 100% free, no nagware/adware, and designed for Vista.

According to reports in some forums, earlier builds did have some problems with Vista, but I didn't encounter any on my system.

The interface is very user friendly and I didn't have any problems navigating and understanding which applications were blocked and allowed, nor were the advanced rules to hard to understand. It also can use a whitelist of known good applications to cut down on alert chatter. This option is enabled by default, although I couldn't find documentation as to what applications were included, so it's hard to say if I am comfortable with trusting someone else's choices. It can be easily disabled, however.

Since I hadn't used this one before, I did some testing.

I downloaded the latest version from their website and installed it without any issues.

Upon reboot, I checked the Windows Security Center and found that it had automatically disabled the default Windows firewall, which is good. It requested permission to allow itself network access. And found two updates available. I installed those (a help file and FWAA update) and rebooted. Once going, I used Process Explorer to monitor it, and found it was only taking up 2008K for the FIrewallGUI.exe process and 800K for FWService.exe. Not to bad.

So to put it through it's paces for leaktesting I downloaded Matousec's battery of leak tests to toss at it.

Now, let me say clearly up front, these were not super-controlled experiments and I am not doing tests and analysis with the level of expertise of the Matousec crew; however I did get some interesting results tossing them at PC Tools Firewall.

There were many leaktests that PC Tools Firewall alerted on and blocked successfully.

There were quite a few leaktests that breached the PC Tools Firewall without any alert at all.

And then there were quite a few leaktests that just didn't run or alert on. I don't know if this is because of Vista and IE7's advanced security features didn't give them a chance to get to the firewall, or if it was that these particular leaktests couldn't run correctly in Vista.

I'll wait with interest to see if the firewall testing pros at Matousec put it under their microscope and see what their evaluation is.

So while PC Tools Firewall has a great interface, is quite configurable, and does provide some level of outbound leak protection, I can't say for certain that it will be effective against all attempts, particularly with well designed malware, and either alert or block the traffic. The lack of documentation for the "whitelisted" applications also bothers me a bit. But then again, the whitelisting feature may make it more home-user friendly.

The popup alerts are fairly informative and shouldn't give users much difficulty in interpreting them.

Overall, however, it seems like a great free alternative firewall with some caveats to consider for average home users.

Where are the rest?

While XP is a "mature" OS, and support for its networking structure is well know and lots of freeware firewall products are available, other well known free firewall providers are still working on delivering their Vista compatible firewall programs.

Sunbelt Software provides a nice firewall Sunbelt Personal Firewall (formerly known as Kerio). President Alex Eckelberry recently promised that their Vista 32-bit firewall product is in the works to be followed by a 64bit product a bit later...but no release dates yet.

PC World's Steve Bass went looking and also found that ZoneAlarm also has a Vista version in works, along with the team from AVG Firewall. Some established security suite providers also have paid versions of their firewalls available for purchase. Steve Bass's Tips & Tweaks Vista Compatible Firewalls? Keep Waiting. As for now, no Vista ready beta versions are yet available that I could find.

Comodo's free firewall also rates very high in leaktest results. Its interface is user friendly and seems like a great product. I tried it under XP for a while and liked it a lot.

According to a Comodo Forum moderator, Comodo Firewall version 3 is being readied with Vista support and may be ready for beta release around mid-May. Comodo Firewall Pro Windows Vista and x64 Compatibility. So it looks like a final release will be a bit further off for now.

More Vista related threads in Comodo's forums.

For the Brave Beta Testers...ESET Smart Security Suite

ESET is looking for people to help test ESET Smart Security Public Beta 1 (ESS). It contains the following components:

• The next version of ESET's anti-malware engine (NOD32 v3.0)
• A personal firewall with port stealthing and advanced filtering features
• Antispam filtering with Bayesian filter, whitelisting and blacklisting.

The beta test version is a precursor of the final product without full functionality and documentation. It is intended for experienced users and should not be installed on computers which perform critical tasks because it may cause errors or crashes.

ESET Beta testers page here with download link.

Ryan over at CyberNet Tech News has a post on this product with some helpful screen shots to help you decide it you are interested. Download Eset Smart Security 3 Public Beta (Screenshots) - CyberNet News

So, for now, if you REALLY want a freeware firewall product other that those already listed, AND don't mind it being beta with whatever weaknesses that may entail, AND getting some AV protection and extras in the mix, check it out.

As for me, for now...

On my Vista system, I'm going to content myself with using Vista's Microsoft firewall, under it's default configuration. I'm sitting behind our home router/firewall so inbound protection is pretty solid. I don't have many applications installed on the Vista notebook yet, and will hope that Vista's UAC security (enabled) and IE7 security features in Vista will keep it safe from any dangers for now.

If I ever have to take and connect it to a network outside my own home network, at this moment I would probably go ahead and install PC Tool's Firewall version 2 for the extra outbound blocking controls, just in case.

And if I was a notebook road-warrior, I wouldn't hesitate to pony up the $ for Jetico's version 2 Personal Firewall. For now, it might just be one of the best firewalls available for Vista...free or not.

However, I have no doubt that if we Vista adopters will be patient a while longer...we will be rewarded with a flood of Vista compatible freeware firewall offerings from vendors we trust.

If you have run into any other freeware Vista compatable firewalls right now, please drop a tip in the comments for me to check out.

It only remains to be seen how effective they will end up being on leakproofing.

Stay safe!

--Claus

Additional Links

Matousec's List of Personal Firewalls, with icons to indicate OS compatibility and pricing.

Matousec's Current Personal Firewall Results table.

4 comments:

Anonymous said...

hey, just poppin the cherry on this comments board... you've pretty much got it covered. the pc tools fw has been download heaps from dl.com but many reviews are full of hatred. i probably wont be going for it..
i've just downloaded the look 'n' stop (beta) one myself for the hell of it until the 7th of june when (fingers crossed) the comodo beast is unleashed for forum members to beta test.
/rich, sweden

Anonymous said...

ok, the lns wont even bother installing on my 64 bit version...
but that's one you might wanna check out

cheers
/rich

Claus said...

Hi Rich, thanks for dropping by.

For now I'm just running the Windows Vista firewall on my Vista system and Kerio on my XP system.

I'm figuring that I just have to accept that Vista is a new beast for developers to tame and it might just be awhile longer before we see some truly "mature" (outbound) firewall products. It is good to know that they are in development. These first ones might be a bit buggy, but you gotta crawl before you can walk.

I only wish the developers would be a bit more up-front about providing information to their fans as to Vista version compatability updates. It's a pain to go digging into the forums and blogs to try to uncover the details.

Anonymous said...

Thank you for the comprehensive coverage on the window vista firewall. Actually I still prefer to use third party firewall such as ZoneAlarm. Click here for more freeware.