Firewall protection fantasy doused

Free firewalls are better than their paid-for cousins. That is the surprising conclusion of a test of desktop firewalls by security researchers.

Researchers at David Matousec's matousec.com carried out tests on 21 leading products using 26 assessment programs known as "leak" testers. These simulated a total of 77 test attacks on firewalls, configured using both out-of-the-box and optimal security settings. Each firewall was then awarded points based on its ability to pass each leak test in both modes.

The only two products to achieve a rating of "excellent" turned out to be free-to-use software, the Comodo Personal Firewall v2.3, and the Jetico Personal Firewall v2.0 beta. They scored, respectively, 9,350 and 9,125 points out of a possible total of 9,625, leaving the nearest rivals some way behind.

Surprisingly, paying for a product did not seem to make any difference to its ability to stop attacks - the rest of the results spread the two categories fairly evenly about the scoring. Some paid-for products turned in awful scores.

In third and fourth place were ZoneAlarm Pro 6.5, Trend Micro PC-cillin Internet Security 2007, and both of which are charged for and achieved a "very good" rating. Moving down the scoring, only three other products emerged as "good", with the remaining 14 scoring as "poor", "very poor" or as having no ability to resist the tests whatsoever. This included prominent products from Kaspersky, Symantec, McAfee, and CA.

At the very bottom of the list in 21st place scoring a resounding zero, came Microsoft's own firewall which has been part of PC protection since the company shipped its SP2 security update.

The researchers also hit the products with a "fake protection revealer" (FPR) designed to catch out software that had been optimised to pass some security tests without necessarily offering real-world protection. Only one product fell seriously foul of this test, Outpost Firewall Pro 4.0, which otherwise scored well. A number of the products that come with anti-virus engines incorrectly identified the leak tests themselves as malware.

The obvious conclusion is that many desktop firewalls aren't very good, at least if the tests are taken to be indicative of their ability. Furthermore, even the good ones don't always offer good protection settings by default, and require tweaking to improve security to meaningful levels.

"Nine of the tested firewalls were marked with 'very poor' or 'no' anti-leak protection. This result is quite worrying because it shows that even today, when the malware programs are very sophisticated, still a lot of vendors simply do not care about the outbound connection control seriously," the test commentary suggests.

Most of the leak tests used are widely available, but the team also created a number specially for the assessment. The testers also published responses (scroll down) from a number of the vendors on their good or bad showing.

Sensibly configured, a desktop firewall can be an worthwhile layer of defence. Many vendors who don't choose to charge for them see them as brand marketing tools for other security products, so the latest test is likely to attract a degree of hostility from vendors who scored poorly.

A separate test of desktop firewalls from earlier this year, based on a similar leak test methodology, is available for comparison here.