Having good cybersecurity at home should be on everyone’s priority list. Hackers continue to exploit vulnerabilities of major websites like Facebook, LinkedIn, Twitter, and many others. Oftentimes when these websites get hacked, malware, ransomware and other virus files are uploaded to that website tricking unsuspecting visitors to download them. What’s worse is that home routers are horrible security devices. These devices can be tricked into accepting internet traffic that you never requested. This can lead a hacker straight to the devices on your home network. Once a hacker is in the network, they can view all the devices on the network and send payloads to exploit vulnerabilities. The only thing protecting your device from receiving traffic it did not request is a good firewall.
What does a firewall do?
A firewall inspects internet traffic for multiple things.
- A firewall makes sure that traffic that is coming into the network has been requested. For example, if you went to a website, your computer is requesting data from that website, therefore the traffic is valid and legitimate. If you did not go to a website, yet a website is sending your computer data, that traffic is not legitimate because you never requested it.
- A firewall will automatically block ports that are not relevant to what you do. If you don’t use an FTP service, you don’t need port 20 or 21 open. If you don’t use Internet Relay Chat (IRC), port 193 should be blocked.
Modern firewalls have more features than just port blocking and ensuring that internet traffic to your home network is legitimate. They can do things like automatically block known bad internet sites, restrict bad content like gambling or adult website, and they can also do things like prevent sensitive information from going over the internet.
What are the top 5 firewalls for Windows in 2022?
- Windows Defender Firewall
- Malwarebytes Firewall Control
The top 5 firewalls for Windows in 2022 have been ranked according to their ease of use, features, and effectiveness.
ZoneAlarm ranks first on the list of top 5 firewalls for Windows in 2022. ZoneAlarm is maintained by CheckPoint Software, the industry’s leading firewall manufacturer for corporate enterprises. ZoneAlarm comes with three core services: antivirus, firewall, and mobility.
ZoneAlarm’s Application Control is really what sets it apart from Windows Defender Firewall. Application Control prevents unauthorized programs from accessing the network and acting as a server as well as other malicious-style behavior. For example, it can prevent exploiting kernel timing vulnerabilities, prevent untrusted programs from launching trusted programs for Internet access, and can also prevent malicious applications that try to abuse standard Windows service calls.
The antivirus feature is similar to Windows Defender Antivirus but it also incorporates Behavioral Scanning. Behavioral scanning detects malware that has never been seen before by watching what a file does vs based on a known virus signature. An example of this is a PDF file trying to inject code into a Windows System file. The typical antivirus would not catch this if it had not been already catalogued, but because of Behavioral Scanning, ZoneAlarm would be able to see this activity and quarantine the virus.
The last feature for ZoneAlarm is its Mobility service. Mobility safeguards your identity with monitoring and alerting of sensitive information. With Mobility, you can enter predefined sensitive information and create rules to block it from leaving your computer. For example, you can enter your social security number (it will be encrypted) and ZoneAlarm will identify anytime your social security number is at jeopardy of leaving your computer. The only exception to this is any sites you tell it to trust, such as your bank.
- Windows Defender Firewall Overview
When talking about firewalls for Windows, it is imperative to discuss the native Windows Defender firewall that comes built into the Windows Operating System. Windows Defender Firewall is a good basic firewall. It creates inbound and outbound rules based on the applications you use. When you install a new application, User Access Control (UAC) prompts you to ask if you want to let the application make changes to Windows. This will open needed ports for the application and routes to the application vendors network if needed.
Windows Defender Firewall will also change your network security settings depending on if you are on a public or private Wi-Fi. On private Wi-Fi, your computer becomes discoverable so that file sharing can happen between computers if desired. On public networks, discoverability is disabled so your computer does not show up to other computers on the public network.
More advanced rules can be created, such as blocking FTP services while on a public network, or blocking port 80 while on a public network in order to prevent potential sensitive data being transmitted unencrypted wirelessly. These are good rules to add, but this is the extent of Windows Defender Firewall and why people seek out third party providers.
TinyWall is a basic light-weight firewall with some nice features that are not available in Windows Defender Firewall or ZoneAlarm. For example, it can block the internet when your computer goes into Power Save mode. It also provides a nice display of applications and the associated outbound and inbound IP addresses, which can not only be useful for identifying potential malicious applications talking to a command-and-control server, but also useful for troubleshooting.
You can also quickly see what ports are open and actively listening on your computer. This is helpful in determining if there are any open ports that should not be open. TinyWall is a good basic firewall that is easy to download, install, and use, but it lacks features that ZoneAlarm has Antivirus with Behavioral Scanning and Data Loss Prevention. If you’re looking for just a basic firewall that has some above and beyond features to Windows Defender, then TinyWall is a good choice.
Malwarebytes Firewall Control is another good basic firewall with some advanced features. It has a lot of the same features that the other vendors provide like location-based firewall rules for public or private networks, but it also provides some security enhancements that the others do not. Malwarebytes Firewall Control provides Secure Boot, Secure Profile, and Secure Rules.
Secure Boot is good because it provides the ability to automatically block all connections at start up until you manually change the profile. This can be useful if you are troubleshooting a malware situation as it will prevent malware from using your internet connection to communicate to a command-and-control server.
OpenDNS is not a firewall in the traditional sense, but it is such a powerful network security tool that I felt compelled to include it in the list of firewalls. In a sense, it does offer firewall-like capabilities. OpenDNS provides DNS-Layer protection, URL filtering. A lot of commercial grade firewalls now include this in their basic security packages. What URL filtering and DNS-Layer protection provides is an automatic detection and blocking of known bad websites. For example, you can set a rule to block a predefined set of websites, like adult or gaming websites. It will also block connections to known malicious IP addresses and websites. If a website is known to be distributing malware or phishing passwords, OpenDNS will automatically block you from going to that website and will alert you as to why.
What makes OpenDNS really powerful is that you can protect all the devices in your home with it by changing your router DNS entry to the DNS entry that OpenDNS provides. This will block all known malicious traffic to and from your home network and all while allowing you to monitor and review the bad connections that are flowing from your network. OpenDNS is also powerful because it is connected to a curated database of IP addresses and websites that is continually being updated by threat researchers. The only downside to OpenDNS is that it can take some advanced configuration skills in order to set up. To counter that, OpenDNS has created an intuitive guide on their website to help.
In conclusion, there are several firewall vendors available on the web that you can search for and download. There are several firewalls which were reviewed for this article that did not make the list. The reasons for that are the following:
- Firewalls were difficult to download and install, requiring sign up processes
- Firewalls raised red flags and security alerts from Windows Defender when trying to download
- Firewalls required a Linux operating system or required a physical device to act as a network firewall versus an operating system firewall for Windows.
- Firewalls were vastly out of date, with some of them having latest releases dating back to 2011.
- Some tools are marketed as a firewall, but are really more network monitoring tools than firewalls.
The firewalls that did make the list were downloaded, trialed, and tested for ease of use, effectiveness, and features. Each firewall has unique capabilities that make it different from the others. In order to select the best firewall, you should think about your needs and match it up to the unique capabilities that each firewall offers.