14 DAY TRIAL // Third party counterparts to what Windows OS has to offer have always been a better alternative in time and the same goes for the built-in firewall. Although the latest version in Vista is somewhat heftier than its predecessor, there is still a great deal of options to integrate in order to please most consumers.
Sunbelt has gained more and more echoes in the world of computer protection due to its products and low prices. Starting from the engine of GIANT (now under development at Microsoft bearing the name of Windows Defender), Sunbelt has created CounterSpy, an application dedicated to rooting spyware out of your computer leaving it clean of code ready to track down your habits and reporting to a remote server. With the firewall, they simply turned the much acclaimed Kerio Personal Firewall into Sunbelt Personal Firewall and started bringing improvements to it.
Their firewall product is in the spotlight now, the latest version in particular, which is no longer confined to running on Windows XP. Although Sunbelt kept its users waiting a bit in order to enjoy the product on Vista, the price tag of $19.95 and 30 days of trying the full-featured application are a pleasant surprise.
Installation
Installing the application is an easy job irrespective of your computer skills and shortly after initiating the process, you will be prompted to choose between simple and advanced installation. The latter involves learning mode and starts with no beforehand settings at all. For the simple install, Sunbelt makes available a list of trusted applications for which you will not be prompted to allow connecting or denying the action.
As soon as you make your choice, a new screen will inform you of the fact that during the installation of Sunbelt Personal Firewall, network connectivity will be lost. Despite the news bringing a bit of discomfort, it is one of the few firewalls that actually announce this, as most of them simply get to action and re-establishing the connectivity generally falls in the hands of the user. A reboot after the installation of the application and SPF (Sunbelt Personal Firewall) will be protecting the computer against any malevolent actions originating from shady programs.
The interface is exactly the same as the late Kerio's and traditional users will find it straight forward and extremely easy to access. All the menus run down in the left hand side of the screen covering network security, intrusions, web protection, logs and alerts.
Interface
The menu also features a traffic monitor under the form of a graph that displays the amount of incoming and outgoing KBs per second. For denying all connections (both incoming and outgoing), Sunbelt Personal Firewall makes available a switch that will do the trick chop-chop. You will immediately notice a drop in traffic and the graph will record it.
Also, there is the Overview section at the beginning that records the active current connections, statistics (events matching the given conditions) and preferences section.
The details for the current connections include the local and remote connection point, protocol used for communication, speed in and out, as well as amount of data incoming or outgoing in bytes. At the bottom of the window, there will be a general overview providing the number of connections in and out and those in stand-by (listening).
Statistics is the area where you benefit from logs for detected network intrusions (NIPS), detected attacks (HIPS), ads blocked, cookies dodged or scripts barred. The window displays only the numbers but for a detailed view, feel free to click on the titles and the log will unfold, providing info on the date and time of the action taken, value and action applied.
The same reports can be viewed from the Logs and Alerts menu on the left side and you can wade through Network, NIPS, HIPS, Behavior and Web logs. Where available, you can also learn about the direction of the intrusion blocked (in or out).
Moving onward to Preferences tab of Overview, users will find that the application can automatically check for updates. I suggest you turn this on as the developer generally updates SPF components one at a time and you should benefit from the latest set of rules, driver, HIPS driver or SFE API.
Additional options present in the general configuration section of the app permit importing or exporting configuration files. This comes in handy if you want to back everything up and enjoy the same configuration either on a different machine or in case something goes wrong with your system and you need to re-install the OS.
In order to prevent unwanted persons from changing your settings, SPF allows you to protect them with a password. Despite this being sheer necessity, it has its own downs as it will be required only the first time you access the interface. This means that the GUI can be called by anyone the moment the authentication is made. It would be great if the countersign was required each time you access the interface as, this way, only authorized users would be able to juggle with your options.
Installing Sunbelt Personal Firewall in advanced mode will cause the application to ask for user's opinion at each operation, regardless of its direction. All the programs chosen are listed in the Network Security menu of the firewall. You will find a list with applications that are requested access to send or receive data and the rules you set. Any of the items in the list can be edited and permission for both trusted incoming/outgoing, as well as for Internet incoming/outgoing can be changed.
To make things easier for you, Sunbelt Personal Firewall comes with a list of predefined network security. Again, all entries are subject to changing according to your decision.
If your computer is sharing the Internet connection, you can enable "gateway mode" from the Advanced section of the menu. Moreover, the firewall is perfectly able to block all incoming connections during computer boot and shut-down operations.
Sunbelt Personal Firewall makes for a very good protection method against network and host intrusions. Built-in NIPS (Network Intrusion Prevention System) is designed to scan network traffic and block all the attacks in its database. Users can set up the action to be taken (permit or deny) according to the priority (low, medium and high) of each intrusion.
In the case of HIPS (Host Intrusion and Prevention System), things are adapted to the new type of attack. Unlike NIPS, HIPS does not need a database to detect the malicious actions, but its processing is based on behavioral activity. Configuration includes buffer overflow (block, log and disable alerts) and code injection settings (block, log and disable alerts).
For advanced users, the personal firewall from Sunbelt brings an application behavior blocking section which gives extra edge over applications launching others. This allows the user to have total control over the action of each app on the computer, not permitting to decide legitimate/illegitimate actions.
The Settings area for behavior blocking lets you enable automatic permission of the action or asking the user for a decision. You will also benefit from a list of applications and for each of them, you can reconfigure permissions for starting, modifying or launching other apps.
Web menu makes the user pay attention to the fact that Sunbelt Personal Firewall can block advertisements and web content such as JavaScripts, VBScripts and ActiveX components. The tests the program was subjected to revealed that it can handle ad-blocking very fine, without affecting the structure of the web page. Of course, not all ad panels would be rooted out of the webpage but, in most cases, SPF cleaned the page nicely without leaving gaps or discontinued text flow.
Where reconstruction of the webpage is not possible in the blank space, the message "Ad blocked here by SPF" appears so that the user understands that Sunbelt did its job. However, it would be better if the message did not use the abbreviation "SPF" but the entire name of the application (for disambiguation reasons).
SPF also deals with pop-ups and pop-under windows and the great thing is that all these can very easily be overridden with the use of a hotkey of your choice.
Personal Firewall's flexibility is extended in this area through the possibility of blocking ads according to URL and their path on the server. There is already a default list which can be enriched by the user and you can also disable the blocking of certain ads and server paths.
Sunbelt Personal Firewall performed well when faced with sneaky data leakage activities and successfully alerted the user of the anomaly and once the action denied, no details exited our test computer. It also did a very good job with closing communication ports and leaving open only those granted by the user.
The application is one of the few firewalls on the market that comes at a measly $19.95. It will alert you on any suspicious launching of a program and will do exactly what you wish.
However, there is a downside if you go with the advanced installation as it takes a while to whitelist all your habitual apps as the firewall will ask to make a decision at each and every activity and although it is not the effort that counts here, it's all about interruptions.
In the case of the simple installation, there is obviously less stress because SPF acts based on a list of programs, thus making your job a whole lot easier.
On the downside, it would be great to have a switch that would allow you to toggle between the advanced and simple interface whenever you want. I looked for something that would enable this, but it seems that there isn't a clear delimitation between the two types of installation; I could not find the way to turn from simple to advanced. The major difference between the two was noted in the Network Security menu: there was a general rule defined for all programs that were not on the list and it was set to ask the user for everything.
The Good
For a home-use firewall, Sunbelt's product is easy to access and provides one of the best protections against data leakage. It comes wrapped in a swiftly installable package and does not require any specific knowledge and computer experience in order to be harnessed accordingly.
The pop-up and ad-blocker do their job very fine without making the user strive too much. Once you create a rule and define the ports to be accessed (for advanced users), the application will act consequently.
The Bad
The ports are closed, but not stealthy. Also, password protection is not too efficient: if you access the settings area once and minimize the window to system tray, the next time you launch it, no protection is enforced.
There is no clear delimitation between advanced and simple settings or a button that would revert all the settings to default.
The Truth
All in all, Sunbelt Personal Firewall does a great job protecting you as it alerts you on each suspicious activity on your computer allowing you to decide on your own.
The interface is simple and poses absolutely no problem with the navigation or with the understanding of the various settings available.
Ad-blocking is an important component in Sunbelt's Firewall as it makes Web surfing a lot more comfortable.
Here are some snapshots of the application in action:
