Choosing The Right Personal FirewallChoosing The Right Personal Firewall

If you're reading this on a Windows machine and you don't know if you have a personal firewall installed and running, then stop what you're doing and take care of that right now. At the very least, turn on the Windows firewall. This feature is available in the PC control panel, and enabling it only takes a few seconds. You can come back and read this once you've done that. I'll wait.

OK. You're back. Now breathe a big sigh knowing that you may have prevented a worm infestation that truly would have ruined your day. Feel better? I know I do. Let's continue.

You've noticed by now that I believe personal firewalls are vital on Windows machines. While you may also have a firewall on your network, that's not enough protection. The reason is that while a firewall between you and the Internet will keep worms and hackers from entering down that path, it will do nothing to prevent attacks that come from within your network—or through paths that aren't blocked by the company firewall. And those can ruin your day just as effectively.

There are a lot of personal firewalls options on the market to choose from. Most make similar claims, but there are differences, and depending on what you're doing with your computer, those differences can matter. But then, so can the cost, and that can matter a lot since some choices are free.

Free Stuff

If you're using a reasonably recent Windows version, you probably already know Microsoft has included a personal firewall as part of its systems package. If you have upgraded to Service Pack 2, you've noticed that the firewall is turned on by default. If you want to check, go to your control panel and click on the security center icon. It'll tell you whether your personal firewall is installed and running, and if it's not, the security center will help you do this. Incidentally, the security center will also tell you if your anti-virus software is up to date, assuming you're using one a mainstream AV product and it will offer to turn automatic updates on.

The Windows firewall prevents worms and other malware, as well as some routine hacking attempts, from entering your machine through open ports and the like. It does not check outgoing traffic, so if a worm or virus gets into your machine, or if some other type of malware attempts to communicate with the outside world, the Windows firewall will do nothing to stand in its way.

What will stand in the way is ZoneAlarm from Zone Labs (www.zonelabs.com), which is now part of Check Point. There's a free version of the highly regarded firewall that's available for personal use with a simple download. Zone Labs includes an automatic update feature that will prompt you when a new version of their software is available and take you to a download site.

ZoneAlarm, even in its free version, is full implementation of a personal firewall. While there are limits to what you can ask it to do, it will prevent intrusion by worms or hackers, and it will also prevent them from communicating with the outside world if they do get on your machine. In one test with an earlier free version of ZoneAlarm, I found that it protected a number of Windows machines against all attempts, while an unprotected, but otherwise identical, machine with completely up-to-date Windows patches lasted less than 11 minutes on the open Internet before it was overcome with malware.

Stuff That's Not Free

The major anti-virus vendors feature personal firewalls as part of their security suites. Norton's Internet Security (www.symantec.com) suite is probably the best known, and most expensive of the bunch. It includes Norton's firewall, which is really pretty good, along with anti-virus, anti-spam, privacy protection and parental control features. Competitor McAfee's Internet Security (www.mcafee.com) suite provides the same capabilities, but at a lower price. And Trend Micro's PC-cillin (www.trendmicro.com) includes those capabilities, and also adds some wireless intrusion detection features, anti-phishing and vulnerability scanning " a very full set of features for a reasonably priced security product aimed at the home and small business user.

Zone Labs, as you'd expect, also makes a version of their firewall with many more features than the free version. ZoneAlarm Pro adds the ability to fine tune protection, it can quarantine suspicious e-mail attachments, both inbound and outbound, and it can log suspicious activities and provide a means for reporting them to the authorities. You also get the ability to protect your settings with a password so that even if someone gains access to your computer (perhaps while you're at lunch) they can't disable your protection. Zone also makes a complete security suite that includes anti-virus.

Any of these solutions will work well, but which one you choose depends on what else you have on your computer, and what you're doing with it. For example, if you're already using an AV product, you might consider getting a firewall from the same vendor, or more likely the matching security suite. That will allow you to integrate these products, making it a little easier to keep tabs on them, or to manage updates.

Business Stuff

For larger businesses, you might need something you can manage centrally so that you can make sure your entire enterprise is protected and up to date. All three of the vendors mentioned above, plus Sygate, (www.sygate.com) can provide solutions that allow central management, security monitoring and updating, and all support automated deployment support in one fashion or another.

What really matters most is that you have a personal firewall of some sort. This is true even if you only connect to the Internet by dialing in from time to time. A worm or other type of intrusion can happen in a few minutes, and you may not know about it until it's too late to do anything about it. If you have a broadband connection that's always on, then personal firewall protection is absolutely critical. It's a must have. This is true even if you connection to the cable or DSL modem is through a router that includes a firewall. While the hardware firewall may protect against direct threats, it probably will never notice threats that arrive from e-mail, or Web sites or those that find another path into your network.

Focus Where The Threat Is

You'll notice that I've been focusing on Windows computers. They have the greatest vulnerability by far. Macintosh users don't seem to have a lot to worry about due to a lack of threats. Linux users will note that virtually all recent distributions of Linux have a firewall as a standard feature, and the threats there are considerably fewer.

So if you're running Windows, and you haven't already done something about installing a personal firewall, it's time to do it now.