I’ve never had any trouble with personal firewalls in Linux passing various tests. In Windows? Notsomuch.
Here’s the deal: right now I depend on my router’s firewall as a first line of defense. NAT and SPI help quite a bit on the router end, and most folks who have a broadband connection really, really should connect through a router with both NAT and SPI.
But most folks, including me, need another layer of protection. I used to run a Linux box that was nothing but a firewall, but keeping it up proved to be a tad of a pain, and it was a dedicated computer, using more wattage, needing more cooling, etc. Windows Firewall is finally almost good enough for the average user to have as a second layer of defense on their personal computer, but not quite good enough, as it’s not very (*heh*) good at blocking suspicious outbound traffic. I’m fine with it on my Win7 box, as the traffic that needs blocking is almost universally the result of self-infection with a worm, keylogger, etc., that “phones home”… and I’ve (not yet) infected any of my own computers with, well, anything. (Going on 25 years “virus” free. It’s not really that hard. Of course, the front end of that was not web related, although there was some internet use even back then where I could have infected myself had I been careless.)
But most folks aren’t paranoid enough to keep themselves malware free, so a decent personal firewall to complement their router firewall and anti-malware front line software is a pretty good idea.
Right now, I’m pretty happy with the testing I’ve done with Comodo Firewall. It’s a part of Comodo’s free Internet Security download. Note that the download includes Comodo’s anti-virus and a couple of other things I’d avoid installing were I you. 😉 Comodo’s antivirus may have imnproved since I last gave it a try, but it was such a resource hog, intrusive and slow then that I avoided even trying it out when I decided to give the firewall another try. The other two pieces of crudware are a search bar and something else I don’t recall. Just untick them on installation of the firewall.
After a few days of trial, I can say I kinda like the free Comodo Firewall. It does bug the user about new programs attempting to access the internet, but most personal firewalls do that. It also asks about changes to system files when installing new software. Some users may find that confusing, but it’s not that intrusive–certainly not any more intrusive than Vista’s nagging, and much more pointed and useful, IMO. Still, some folks may find that off-putting. It can be turned off in the user control interface, though, should one desire.
Easily “Good Enough” IMO.
There are other Windows personal firewalls out there, but none of the other free ones are either good enough or well-mannered enough–or good enough AND well-mannered enough–for my taste. (I abhor “free” software that nags about “upgrading” to a paid version. Just Go Away already!)
Update: For all PCs (yeh, Macs, too), the basics of personal computing security–the very basics–can be covered by
- A router-based firewall
- An anti-malware software suite (including a good personal firewall on all networked computers)
- A way to stay up-to-date with security patches for both Windows and your applications
- A secure browser
That said, the devil’s in the details…
Rabbit trail: I did like it enough that I installed it on the “new” (a 3.4Ghz refurb) computer I’m readying for my dad to take home with him after Lovely Daughter’s wedding. At 86 (with his 87th birthday anniversary approaching), he’s ceertainly capable of handling Comodo Firewall’s prompts, and it’ll keep him safer on the interwebs as he’s running around on WinXP Pro. (Yes, I did consider Win7, but he’s well used to XP, now, and there’s no sense making that transition right now. Ditto a transition to Unbuntu or some other easy-to-use alternative to XP. Besides, on the Linux front, Magic Jack still doesn’t have capabilities there, and he does like his Magic Jack :-))