The following personal firewalls provide excellent network protection. Each firewall comes with default settings and shouldn’t require tweaking except for the needs of advanced users. I provide some configuration and usage details since a little extra information may help you better answer and minimize popup alerts.

Still, firewall products in this section seem to require a fair amount of time to learn their features. They all require user involvement and some knowledge of your software to reliably answer popup alerts. However, for the technically initiated who can cope with these annoyances, these are some outstanding free products. And they are not as bad as the User Account Control (UAC) in Vista since they have various features to limit the extent of action required by you.

Some products rely of lists of known safe applications (all) or safe vendors (Comodo, Privatefirewall) or valid digital signatures (PC Tools), some products can optionally give safe or trusted status to all your current files (Comodo, Online Armor), some have training or installation modes (all but PC Tools), and some have lesser configurations to reduce monitoring (esp. Outpost).

These techniques reduce popup alerts and user intervention to varying degrees, but they also reduce protection to some extent. Since firewalls are often praised for their level of protection at their maximum security settings, users may not have the degree of protection mentioned in the reviews below when they use methods to increase automation and reduce alerts.

If full featured security is your criterion, then the Comodo Internet Security is the top contender. It has a robust and a very active HIPS or application monitoring feature called “Defense+”, which matches or exceeds the security performance of pay products. Its Defense+ also provides image execution control (or a “memory firewall”) that seems unique to Comodo. Comodo allows for much control and customization, with a plethora of additional settings to tweak for the curious or for the just plain paranoid. On the minus side, its Defense+ is initially talkative with popup alerts in some configurations, which may annoy or alarm users.

During installation, it gives you a choice between three levels of security. The “Firewall Only” mode is discussed in the next section; it disables intrusion protection against outbound malware threats. The default (or middle configuration) uses most Defense+ protection and monitors for common exploits, but it turns off some monitoring (right-click the tray icon > “Manage Configurations” > “Firewall Security” to switch to it at any time). The maximum configuration, “Proactive Security”, uses all Defense+ monitoring and increases its aggressiveness (right-click the tray icon > “Manage Configurations” > “Proactive Security” to switch to it).

After installation Comodo automatically selects either “Clean PC Mode” or “Safe Mode”. “Safe Mode” maximizes proactive protection to a high level and is the best mode for most users. But it relies on numerous popup alerts for applications not in its trusted vendors list (you can browse this list to see if you trust the vendors: go to the Defense+ tab > “Common Tasks” > “My Trusted Software Vendors”). When you answer “allow” and “remember your answer” to popup alerts for an application, Comodo creates a custom policy for it. Some of its policies are fairly liberal (the one for CCleaner gives it “allow” status for almost everything, but the one for some parts of OpenOffice are set mostly to “ask”).

In the more liberal “Clean PC Mode”, Defense+ automatically treats all applications on your drive as safe (but if any malware is currently hidden on your drive, it too would be considered safe). Applications still receive some minimal monitoring for Comodo’s two protected lists (“my protected registry keys” and “my protected COM interfaces”) and for running as an executable, or more/less monitoring depending on their custom policy. And new files get sent to a list of files “waiting for your review” in the “Summary” page. Files listed for review will be considered possibly unsafe and will provoke popup messages, as if in Safe Mode, until their custom policies are made.

Comodo limits the frequency of alerts by automatically treating some programs as safe and allowing some applications to access the Internet. You can additionally automate the behavior of Defense+ by one or more of these methods for treating applications as safe:

• Have it “remember your answer” to all popup alerts when an application first runs, which works for some applications (because some custom policies set this way are close to “trusted” status). But if an application still nags you, click “More Options” in the alert and use the drop down box to select “trusted” or “blocked” (etc.), if available, or set an application to trusted manually (“Defense+” > “Advanced” > “Computer Security Policy” > “Edit…” > “Use a Predefined Policy”), which finally ceases popup alerts and most intrusion prevention for that application.
• Add files to the lists of “My Own Safe Files” or “My Trusted Software Vendors” in the interface (see the “Defense+” tab), which is most helpful for “Safe Mode” or “Paranoid Mode”.
• Use the “Clean PC Mode” (right-click the tray icon and select it under the “Defense+ Security Level”). But make sure to scan and remove any malware first.
• You could also browse these guides on minimizing Defense+ alerts: How to Tame Comodo Defense+ Without Disabling It and Comodo Forum Help.

Alternatively, see this mini guide for an example of how to maximize some of its basic settings. Comodo nicely allows you to quickly increase or decrease protection with its different modes, configurations, and settings.

A solid contender is the free version of Online Armor Free. It has outstanding leak-test and HIPS performance (the HIPS feature is mostly in its “Program Guard”). It has a unique feature called “run safer” that allows you to selectively set risky applications (web browsers, office software, readers/viewers, instant messengers, email or news programs, multimedia software, download managers, etc.) to run as if under a limited user account (go to “Programs” tab > uncheck “Hide Trusted” > highlight a program and click “Run Safer”). It minimizes popup alerts over time with its automatic list of safe programs, your on-demand scans with its safety check wizard, and your responses to popup alerts — especially in cases where you tell it to remember your decisions and have it treat programs as trustworthy.

Though its Program Guard also relies on user input and user interpretation to answer its numerous popup alerts (especially if you don’t want to trust a program); this may be quite a challenge for average users. And it now makes it mandatory to enter an email during installation. Some users also reported compatibility problems with other security software recently (Avira, GeSWall). That said, it provides excellent proactive security and often scores very high in reader polls.

In an effort to reduce user involvement even further, it has a safety check wizard that gives you an option to trust all programs currently on your PC or to run the wizard to scan for safe applications (you can always run it again later by visiting the safety check wizard in the interface). If you decide to automatically trust everything on your PC, it liberally gives applications more access to function and therefore gives you very few popup alerts initially, but be sure to carefully scan and remove any malware first (not recommended for average users).

Otherwise, run the wizard and have it search your PC for known programs to allow/block/ask. In this case, Online Armor relies on you to respond to numerous popup alerts for unknown programs. In my testing, you receive about as many alerts as Comodo’s “Safe Mode” (with its default safe vendors list or with manually adding to its safe lists). Online Armor has a couple restarts and a short two minute learning phase during installation, and you can use its learning mode to create automatic rules at any point later, say, for a trusted online game that gets constantly interrupted by firewall alerts. It also allows you to easily “check mark” applications as installers in initial popup alerts about them; I found this to be the easiest method for handling installers of all tested products.

For the curious or paranoid user, it uses excellent popup messages when it automatically allows a program to connect online and, optionally, when it automatically trusts a program/process to run (these alerts don’t require user action and they can be enabled/disabled in the interface with “Options” > “Firewall”, and “Programs” > “Options”). For example, I noticed a message when it auto trusted a key logger test (Zemana, which it failed initially), but after I set the tester to untrusted, it gave very informative and detailed security alerts (and then it passed the test and logged the tester in the interface under the “Key Logger” tab, but it only logged the key logger after the test was untrusted). You can even close both its tray tools from its right-click context menu. They are not needed for the firewall and HIPS components to continue running and protecting.

Also a solid performer in the personal firewall class is PC Tools Firewall Plus. It provides a HIPS-like component through its “enhanced security verification,” which alerts the user about possibly malicious behavior. It relies on a list of known programs and a check for valid digital signatures to significantly reduce the frequency of popup alert messages, so it will mainly ask you about unknown programs, programs connecting online, and programs requiring more access. It seems more liberal and user friendly in its default settings than previous versions, giving me fewer popup alerts for common tasks like opening and working on a well known word processor.

I did notice many popup alerts when programs update or connect to the Internet, at least initially, and it lacks an installer or training mode (installing new programs makes me want to disable the firewall temporarily). So it still expects a high learning curve to respond to alerts (like with all top firewalls, a high level of familiarity with your PC’s software and your firewall’s features helps you reliably answer popup alerts — mindlessly clicking them away not included!). In any case, it nearly matched Comodo’s overall degree of protection in the Matousec tests, so obviously it has an excellent HIPS in performance.

But one very surprising difference was the ease of installation and configuration. In fact, I didn’t have to do anything; no searching for or adding programs — it just installs and starts protecting your PC. But, of course, this means a few extra popup alerts will appear initially (especially when programs go to connect online) if you have many unknown applications or if you disable, say, its feature to automatically allow applications with valid digital signatures. As with all of the top firewalls, the automatic allow features (which are in the interface under “Settings” > “General”) may be a security concern since they seem a bit permissive (acting similarly to Online Armor/Comodo when set with lists of clean/safe/trusted applications). For example, it fails the Zemana key logger test when it’s set to automatically allow programs with valid digital signatures.

Additionally, it has an interesting “Full Screen” mode or game mode that suppresses all alerts (by allowing all alerts or blocking all alerts) while, say, you play an online game. And it supports password protection for its settings and for shutdowns. Like Comodo it has automatic updating and it’s an excellent unrestricted freeware product, but it does have an “Upgrade Now” link to its commercial security product. The program looks and feels user-friendly, with a simple setup and simplified alert messages; still, it’s not quite for average users. Recently many users reported major problems with it preventing them from connecting to their Internet, but the newest version fixed this bug.

Outpost Firewall Free is a good choice for users who want highly flexible protection without sacrificing usability. It was obviously made with average users in mind, judging by the care taken to simplify alert messages and make it easy to adjust intrusion prevention (or HIPS) monitoring. For example, it remembers your responses to popup alerts without the need to set “trusted” rules (like in Comodo/Online Armor), and like Online Armor it notifies you when it automatically allows an application to access the Internet (especially helpful during the learning phase).

The free version lacks many extras of the pay version, however, such as automatic updates and the ability to break active connections. I also didn’t like the advertisements for its commercial version and the occasional news updates, which popup when they download (requiring user intervention). This being so, I saw a few user reports of satisfaction with how it works and this is probably because of the extra care taken to reduce user involvement and limit outbound monitoring to a reasonable level.

The HIPS component is called “Host Protection” in the interface. It provides four default levels of protection, which can be easily set with a slider and additionally customized item by item by advanced users. The default “optimal” setting only monitors the “most dangerous activities” (such as memory injections, driver loads, and a healthy list of system critical features — auto starts, shell extensions, and internet settings) instead of all program activities. But these “optimal” settings lack protection from keyloggers, direct disk accessing, DNS API request monitoring, etc. You can check the types of reduced monitoring in “Settings…” > “Host Protection” > “Customize…”. I believe the intention of the “optimal” level is to acclimate users to the firewall and provide more outbound protection than the windows firewall. After you get used to the firewall or find some spare time, you can increase its protection to try it out.

The installation asks whether you want to train the firewall for a week (using its Auto-Learn mode and Rules Wizard). In this mode, it sets rules automatically for known safe applications. I’m not a fan of this week long feature (it’s initially unchecked during the installation), and you can easily switch to it at any later point, say for an hour while you start using a new, trusted program (right-click the tray icon and select the “Rules Wizard” under “Firewall Policies”, then click “Enter Auto Learn Mode…” to turn it on). In my testing it greatly reduces protection during the time the firewall trains, but if you’re present while programs connect online, you can monitor its allow messages or check its application rules in “Settings…” > “Application Rules”. But for some strange reason it doesn’t display application rules for applications you allow yourself after the learning phase. One technical advantage over Comodo is that the self-protection component works well in all its levels of protection, whereas self-protection in Comodo depends largely on having Defense+ enabled (this becomes more important in their lesser configurations).

Next to be reviewed: Privatefirewall, which is also effective against outbound threats, but is ineffective at self-protection from malicious attacks (see quick select for more details).

Some users (of many degrees of experience) prefer to avoid advanced firewalls that employ a constant “security guard” that question them daily. The following alternatives accommodate the use of your favorite active security programs, such as other HIPS software, active anti-malware, or browser protection (virtualization, isolation, rights reduction).

Firewall Only (“Set it and Forget it Options”)

The built-in Windows firewall is a common choice since it passes all inbound tests and it doesn’t have popup alerts. It lacks proactive security against outbound malware intrusions, but some users are simply unprepared to reliably handle the numerous popup alerts of the best firewalls on the market. And users who click “allow” to each and every popup alert will not have the level of protection they think they have. If you’re fairly sure malware isn’t on your computer and you don’t want the other features of a third party firewall, then the Windows firewall is actually a practical and useful solution.

You could marginally increase security with the alternate configurations below or with the default “no popup” settings of Sunbelt-Kerio. But Windows firewall doesn’t require installation, so it’s the least likely to crash your PC or conflict with your other programs.

Nearly “Silent” Firewall Configurations

If you disable or reduce program monitoring in the following firewalls, they still provide excellent inbound protection, marginal outbound filtering, and more features than the built-in Windows firewall. They make it easier to filter access to the Internet, view network activity, and quickly upgrade security with a click. These alternate configurations make some of the very best firewalls act just like ZoneAlarm Free.

Most of the firewall configurations below will ask you whether unknown programs should have access to the Internet, but they will not worry if you start OpenOffice Writer to compose your next poem. They did alert me when some of my other lesser known programs tried to go online for updates, but the alerts settle down quickly once the firewall has a good list of rules for your Internet-bound software. They seem to remember your responses to Internet access alerts in a simple, straightforward way. Additionally, all of them have a list of programs they automatically allow. For example, I noticed that none of them asked whether Firefox should be allowed to connect online.

Select the appropriate installation options or settings to reduce the proactive monitoring components in these firewalls:

• Outpost Firewall Free: Comes with reduced monitoring in its default settings, the top choice for this section if you can put up with the ads. And you can further reduce or disable intrusion protection if it becomes too much of a nag — right click the tray tool > “Settings…” > “Host Protection” > and select “Low” on the slider (to disable anti-leak protection). Also in “Host Protection”, you could select “Customize…” to manually configure proactive monitoring.
• Comodo Internet Security: Right-click its tray icon > set “Defense+” to “disabled”, or select the “Firewall only” configuration during installation. Or you could manually reduce its Defense+ monitoring in the interface Defense+ tab: “Advanced” > “Defense+ Settings”.
• Online Armor Free: Right-click its tray icon > uncheck the “Program Guard”. It’s a very lightweight and attractive option for this configuration if it doesn’t conflict with your other software.
• PC Tools Firewall: Uncheck “Enhanced Security Verification” (the application monitor/filterer) in “Settings” > “Filtering Settings”, or during installation (click “Advanced” to uncheck it).
• Privatefirewall: In the interface > “Process Monitor” tab > move the slider to “Off”. It will still alert you to some programs starting for the first time since that doesn’t count as a process (of a running program).

Cautions

Though these less proactive choices will lose you important protection from malware running on your PC, such as root-kits, keyloggers, Trojans, viruses, adware, or spyware. The additional security layers below help to safeguard against malware and prevent it from harming your PC, or from making outbound connections to steal your personal information or to take control of your PC.

I highly recommend using secure DNS providers (OpenDNS or Comodo SecureDNS), site safety advisers (WOT), software update monitors (Secunia PSI), and, especially, browser protection (Sandboxie, GeSWall) to avoid malware problems in the first place. And our site has related articles that cover other security essentials: anti-virus software, anti-spyware software, HIPS software, etc.

Additional Options for Simplicity and Basic Protection: I recommend the firewalls in section II, but if they don’t work for you one of these might. No complete test results exist for the proactive components of these firewalls, but in general they aren’t as good as the max security modes of the firewalls in section I. Loosely ordered from best to worst all around:

• Sunbelt-Kerio Personal Firewall. Pros: Simple setup, silent “no popup” mode, lightweight on memory, automatic updates, built-in help, optional behavior blocker, and more features than windows firewall. Cons: Loses its HIPS, some logging, and password protection after 30 days. It has many advertisements for its full commercial version. Some users experienced system crashes in the comments recently and in the past, but I had no problems with it in my testing. Details: XP, Vista, 32-bit only, 5.71 MB. Download here.
• ZoneAlarm Free Firewall. Pros: Simple setup, easy to use, game mode, built-in help, automatic updates, and more features than windows firewall. Cons: It has a huge download size, lacks any options for extra proactive security, and only displays traffic activity in the tray icon. It initially gave me trouble by blocking my Comodo SecureDNS (I was able to easily fix it through the log section). The installation has pre-checked nags and there are many advertisements for its commercial products in the interface. Details: XP (32-bit), Vista & Windows 7 (32/64 bit), 32.3 MB.
• Windows 7 Firewall Control. Pros: Simple setup, safe to install (uses Windows filtering platform and doesn’t install third-party kernel drivers), very light and works without the tray icon, built-in help, more features than Windows firewall. Cons: Fails GRC stealth test (it set many ports to closed on my system, so it passed other inbound testing sites), popup alerts/settings may not be for average users, doesn’t auto allow known safe applications, doesn’t display network activity, and bans editing system application rules in the free version. Details: Vista, Windows 7, 32/64 bit versions, portable version (32-bit only), 1.11 MB.

Comodo Internet Security Its Defense+ HIPS performance exceeds commercial products and leads the class, it includes an excellent “memory firewall” feature, and it allows you to quickly switch between Defense+ security modes and configurations. Includes automatic updates. Installation can automatically configure your PC to use the Comodo SecureDNS (but you can do this without installing CIS). It was the heaviest on memory resources of all top picks. The automatic installation mode popups are very annoying and much better handled in Online Armor. It also comes with an optional antivirus that bloats its download size to 3 times the other products. You get 3 pre-checked nags/options during installation. I didn’t find Threatcast very active or helpful at all as of yet. http://www.personalfirewall.comodo.com/ http://www.personalfirewall.comodo.com/download_firewall.html 2.8 MB (installer)   4.0   Unrestricted Freeware    Windows XP (SP2), Vista, Windows 7 64-bit version available (use the download link and select 64-bit Windows from the drop down box) The “Clean PC Mode” and some automatic custom policies may be risky for users without other security layers. Requires a heavy learning curve to reliably answer popup alerts (it helps to know your PC’s software and your firewall’s features). Additional Features of Interest (as Found in its Interface): Installation mode/training mode, auto updating, built-in help and tips, parental control with password protection, extra themes and languages, and a stealth ports wizard. Purges old or unused firewall/Defense+ policies or unused files (safe files, files waiting for review, etc.). Displays balloon messages for instant logging events. To learn more visit its forum, online help, change log, or download the CIS User Guide.

Online Armor Free Excellent proactive security performance. Includes a “run safer” feature to reduce rights for specific risky applications, a helpful security wizard to minimize popup alerts, and the ability to monitor key logger activity and host files. It handles the installation of new programs better than any other tested product. You can also close its tray icons to save memory and it still functions fully. It doesn’t have automatic updates or a built-in help. It’s mandatory to enter an email during installation, and it has a pre-checked option to send it anonymous information. I also noticed an advertisement popup for its commercial product (but I could check to disable them). Windows Vista gave me two security warnings during installation: “Windows can’t verify the publisher of this driver software” (details: some OA drivers don’t have a valid digital signature it seems, but OA is a safe application to install obviously). http://www.tallemu.com/product_overview.html http://www.tallemu.com/downloads.php 11.33 MB    4.0.0.35    Restricted Freeware   Windows XP, Vista, Windows 7 (32-bit only) Some users report compatibility problems with other security software recently (Avira, GeSWall). It has a quite liberal auto trust list and an even more liberal trust everything option that seems risky for users without other security layers (be very sure to scan and remove malware before using this option). Requires a heavy learning curve to reliably answer popup alerts (it helps to know your PC’s software and your firewall’s features). Additional Features of Interest (as Found in its Interface): Set passwords, protect programs (right-click > “Advanced options”), key Loggers tab/Hosts tab, and multi desktop support. To learn more visit its online help, forum, and blog.

PC Tools Firewall Plus Provides excellent proactive security performance comparable to Comodo. The installation and initial setup is amazingly easy, the popup alert format is fairly simplistic, and the full screen or “game mode” works nicely to prevent popup alerts. Includes default profiles to quickly personalize network rules. Automatically updates. Doesn’t have an installation/training mode, so installing new programs can be frustrating. Some network profiles may not get perfect GRC stealth results, such as “home” for me (but it passed all my other inbound tests). It fails the Zemana key logger test in its default settings (but it passes the test when I disable “automatically allow applications with valid signatures”). Minimal built-in help, and doesn’t break active connections. You also get a pre-checked option to install a Spyware Doctor evaluation during installation. http://www.pctools.com/firewall/ Use home page link above. 10.452 MB    6.0.0.88    Unrestricted Freeware    Windows XP (32-bit only), Vista, Windows 7 64-bit compatible (designed for both 32-bit and 64-bit) Older versions have given users major problems recently, so make sure to download the newest version. Its list of known programs in combination with allowing programs with valid digital signitures is somewhat permissive, which seems possibly risky for users without other security layers. Requires a heavy learning curve to reliably answer popup alerts (it helps to know your PC’s software and your firewall’s features). Additional Features of Interest (as Found in its Interface): Advanced network options for experts, with three default settings to modify (Home, Public, Work). Updates automatically, many language options, password protection, and full screen mode. To learn more visit its online help, change log, and forum.

Outpost Firewall Free Proactive security (at max settings) compares with Online Armor. Highly flexible protection, simplified alert messages, and includes a full screen mode. It fails tests for protection against malicious logouts or system shutdowns. The free version lacks automatic updates and the ability to break active connections. Displays annoying news advertisements. And I found that the installation hangs a little, so you have to be patient. http://free.agnitum.com/ http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html 16.63 MB    2009    Restricted Freeware    Windows 2000, XP, Vista 64-bit version available (see here and click “Outpost Firewall Free x64 Version”) It comes with reduced HIPS monitoring (lacking anti-key logger protection for example) and asks users whether to do an initial week long learning phase during installation, which seems risky for users without other security layers. Requires a heavy learning curve to reliably answer popup alerts (it helps to know your PC’s software and your firewall’s features). Additional Features of Interest (as Found in its Interface): Built-in “Help”, full screen mode or entertainment mode.

Privatefirewall Effective proactive security and stealth, one of the lightest of all tested firewalls on memory, simple setup (no nags or ads!). Easily choose between 3 network profiles. Has a unique “email/system anomaly detection” feature, which trains over 7 days by default. Ineffective self-protection, fails a leak test (see echo2), and fails some tests for prevention of malicious system shutdowns. It doesn’t have an automatic installation mode (but it has a training mode in “Settings” > “Advanced”). The tray icon flashes for log events instead of network activity per se. No update feature. Lots of information/clutter in the main menu. http://www.privacyware.com/personal_firewall.html Use home page link above. 8.3 MB   7.0.20.37    Unrestricted Freeware    Windows 2000, Server 2003, XP, Vista, Windows 7 (32/64 bit*). *Partially 64-bit compatible, but without the process monitor Requires a heavy learning curve to reliably answer popup alerts (it helps to know your PC’s software and your firewall’s features). Additional Features of Interest (as Found in its Interface): Built-in help and tips. Auto trusts safe vendors. Able to block outbound email automatically. Network options for experts, with three default settings to modify (Home, Public, Work). To learn more visit its feature list and online support (change log, user guide, tutorials).