The problem many desktop security buyers face is that the established Windows software security makers -- Symantec, Check Point/ZoneAlarm, McAfee, Trend Micro, Panda and so on -- sell very large, multiple-component security suites that slow their systems to a crawl. These products are aimed at perceived value for consumers, rather than on lightweight simplicity and straight-ahead functionalism.

    Products that bundle in four or more security modules (such as antivirus/anti-malware, separate antispyware engine, firewall, antispam, identity theft, privacy) are specifically excluded from this evaluation. Some consideration is open to products with two or three modules when any or all of those modules can be fully disabled and when the product has few or no incompatibility issues with other software security products.

    When it comes to desktop firewall protection, most properly configured low-cost hardware and software firewalls get the job done of protecting against casual inbound incursions to your computer or network. Network address translation, stateful packet inspection and selective, smart management of port access provide a good, if imperfect, level of protection.

    The problem, as I see it, comes with outbound protection. If your anti-malware protection lets in a bad piece of code via e-mail or from a Web site that runs on your system and is designed to extract data from your computer and send it somewhere out on the Internet, are you protected?

    Outbound protection is my key metric. Currently, that sort of protection is measured by what's known as leak tests. Many such tests exist, both expensive corporate-oriented tools and freely offered tests.

    Some other important criteria for firewalls:

            * Must have low impact on system performance.
            * Can be configured for silent operation -- or at least the product minimizes the number of needless or unexplained pop-up questions it asks.
            * When a silent operation mode exists, a fully interactive mode must be an option.
            * Must be compatible with other types and brands of software security products, such as VPN, antivirus, antispyware, antispam and so on.
            * Must have logical controls and settings that help the user avoid security loopholes.

    When the smoke cleared on all the research, initial trials and hard first-pass comparisons, five software firewalls remained on the list:

            * Comodo Firewall Pro 2.4
            * Jetico Personal Firewall 2.0 beta
            * Sunbelt Personal Firewall 4.5
            * Look 'n' Stop Firewall 2.06
            * Eset Smart Security Beta 1a

    I've tested the operation and functionality of all five of these products.

    Comodo Firewall Pro is currently my leading software firewall contender.

Source - ComputerWorld