... and recommends ZoneAlarm as a solution to the problem. It is better than BlackIce, is there anything better than ZoneAlarm? I am building a new Win98 machine for our accountant and even behind a firewall, I'd like to put some good tools on it. It depends on what you want from it - ZoneAlarm is very much "personal firewalling for lusers" rather than an industry leader these days. how clued is the Accountant?
ZA standard has two sliders - one marked "internet" and one marked "lan" - and you get to define a list of hosts / network interface to be defined as "lan" (note that defining the hosts/interface is labeled an ADVANCED task - and that there is no nice convenient popup to let you decide per event). then, per app, you get to define a) if the app can connect out to the lan/internet (six checkboxes, yes/no/ask every time for either route) b) if the app can "act as a server" (not defined, but means opening ports; six checkboxes in the *latest* version, used to be one checkbox covering both the routes, then one checkbox meaning "yes" per route, in both cases unchecked meant ask - so something like IE would bug you each time it started until you made it an automatic server). the sliders are basically three position - "unprotected" "medium" (139 etc autoblocked, nothing much else done) and "high" (unused ports stealthed, but otherwise see "medium") the PRO addition allows you to define ports for each app. not hosts (although you can do this vaguely with the local zone defs) but it gives you some crude filtering that standard doesn't (not worth the extra money in MHO) BlackIce is an IDS - it repeatedly claims to have told GRC it isn't a firewall (although of course its marketing claims it is - marketdroids in action) and concentrates almost exclusively on logging inbound per port and per host, with a bit of filtering thrown in. Tiny PFW (free for home use - and I admit it is my current personal firewall so I may be a little biased here) is everything ZA pro should have been, but without the luser-friendly interface - it blocks per app, per host, per port (both local and remote) in either direction, is ICMP aware for rules , and the latest version has a nice "other protocols" section that can (for example) be set to protocol 2 for IGMP packets... and has a similar popup interface to ZA (accept/deny buttons and a checkbox for create rule) but there is a major philosophy difference between ZA and Tiny - Tiny filters packets (and is app aware, but doesn't care that much - you can create rules for "any" as an app, and any app can open a port - just can't use it to get packets if the rule isn't in place) while ZA filters apps (it doesn't care about actual traffic - just if a app can send, and if an app can open a port) Look'n'stop is a new contender and worth watching - originally a packet-only firewall (but one with a good default rulebase against common internet attacks like teardrop) it has the interesting distinction of binding to a single network interface - so you can bind it to your dialup, and filter traffic between that interface and the web, while leaving the Lan interface untouched. The latest version has some crude application filtering, but isn't in the same league as even ZA standard for that. Probably going to be held back by the fact it is payware for the home market - not something its user base can currently sustain, given there is no "grassroots" support for it the way there is for Zone Alarm (and even ZA has a free for home use "standard" version - LnS "lite" is the old pre-app aware version) PGP firewall is pretty crude, and only worth considering if you are buying it anyway (it comes bundled with the current release of PGP for corporate security; I won't have it installed though because of the PKZ/closed source issue) There are a few other firewalls I will not review per each - Conseal & Sygate are good examples - but I regard them as being inferior to Tiny but superior to ZA standard (the jury is still out for one or two of them vs ZA pro) but of course I stress that that is just *my* honest opinion - you may wish to try them (each has a free trial you can use; ZA pro also has a (code limited - key requred) 30 day trial, and Tiny gives their main product for free for non-commerical use, with a 30 day trial licence for commercial (so the licencing is administrative/paper, and has no effect on the package; no keys or anything to fiddle with); most of the others follow one or the other model (Conseal and sygate are unlimited, Look'n'stop is time-limited shareware) And most of them have additional non-firewall "added features" - ZA has a POP3 filter that will rename attachments on the fly to non-executable names; one of the others (sygate or conseal - I can't remember which) has what amounts to the webwasher http ad removal proxy built in, and so forth (Tiny has no additional features; I believe this is a good thing, but some may disagree - I do like having my firewalls just be firewalls though :)