The ideal firewall would also work quietly in the background but alert the user to anything worth reporting, and provide comprehensive logs of events. Unfortunately, most of these products tend to overwhelm the user with data. Firewall novices may be stunned at how often someone "touches" their PC. Most of that contact, however, is innocuous traffic that security expert Steve Gibson calls IBR - 'Internet background radiation'. According to Gibson, who maintains the Shields Up Web site, "All firewalls overreport, and they don't do a useful job of discriminating between IBR and actual attacks."
Spikes of IBR occur for various reasons. For example, Internet services sometimes send data to the wrong IP address when they attempt to contact users. A firewall might interpret that activity as a port scan. Internet privacy and security guru Simson Garfinkel, author of Database Nation, criticises the misinformation typical firewall products generate.
The most frequent complaint ISPs receive is no longer about spam, he says, but about firewall alerts of attempted scans. "Lots of people are going to scan you," he said. "You just can't react every time."
Of the products we examined, BlackICE - using carefully crafted reporting windows - provides the clearest, most useful information. The program notes the source of any probe, and it's the only personal firewall we tested that automatically looks up IP addresses and provides contact information about whoever "touched" your PC. An honorable mention goes to Norton and Secure Desktop, which log events in accessible text windows. But ZoneAlarm went a bit overboard: we finally turned off its endless stream of pop-up alert windows, relying instead on its comprehensive event logging for detailed information. However, only ZoneAlarm effectively alerts you in real time to all potential threats - a level of detail that may appeal to some hands-on users. Most firewalls simply flash an icon in the system tray when they detect something, but you won't see it if your system tray is covered or if you're not looking for it.