Free firewalls outclass paid-for ones, test reveals

Free firewalls are better than their paid-for cousins. That is the surprising conclusion of a test of desktop firewalls by security researchers. Researchers at David Matousec's matousec.com carried out tests on 21 leading products using 26 assessment programs known as "leak" testers. These simulated a total of 77 test attacks on firewalls, configured using both out-of-the-box and optimal security settings. Each firewall was then awarded points based on its ability to pass each leak test in both modes.

The only two products to achieve a rating of "excellent" turned out to be free-to-use software, the Comodo Personal Firewall v2.3, and the Jetico Personal Firewall v2.0 beta. They scored, respectively, 9,350 and 9,125 points out of a possible total of 9,625, leaving the nearest rivals some way behind.

Surprisingly, paying for a product did not seem to make any difference to its ability to stop attacks -- the rest of the results spread the two categories fairly evenly about the scoring. Some paid-for products turned in awful scores.

In third and fourth place were ZoneAlarm Pro 6.5, Trend Micro PC-cillin Internet Security 2007, and both of which are charged for and achieved a "very good" rating. Moving down the scoring, only three other products emerged as "good", with the remaining 14 scoring as "poor", "very poor" or as having no ability to resist the tests whatsoever. This included prominent products from Kaspersky, Symantec, McAfee, and CA.

At the very bottom of the list in 21st place scoring a resounding zero, came Microsoft's own firewall which has been part of PC protection since the company shipped its SP2 security update.

The researchers also hit the products with a "fake protection revealer" (FPR) designed to catch out software that had been optimized to pass some security tests without necessarily offering real-world protection. Only one product fell seriously foul of this test, Outpost Firewall Pro 4.0, which otherwise scored well. A number of the products that come with anti-virus engines incorrectly identified the leak tests themselves as malware.