We ran each of the six firewalls through a number of scenarios to check its compatibility with other applications and its responsiveness to a potential Trojan horse. Compatibility is an important concern with applications that access the Internet: a poorly designed firewall might misconstrue as hacking attempts such legitimate activities as opening ports for Internet communication, and it may mistake legiti-mate programs for malware, or malicious software. Some firewalls will ask the user for permission to run applications, while others will allow or block the apps without providing feedback. In overall compatibility, BlackICE Defender had nearly flawless results, and McAfee.com finished close behind. Norton and ZoneAlarm worked well in most instances; Secure Desktop and ESafe performed poorly.
A good firewall can distinguish between network traffic related to trusted applications and malicious traffic from a hacker or Trojan horse. Some firewalls focus on applications, while others focus on data traffic. In the first case, Norton uses a lookup table of preapproved applications. BlackICE Defender, on the other hand, doesn't note what apps are running. Instead, it scrutinises all data passing to and from the computer for suspicious behaviour, or signatures. BlackICE has an extensive, updatable signature file of known hacking techniques, so it can often identify and explain exactly what is happening to your PC.
In our tests, we evaluated each firewall's ability to work with common applications that access the Internet: Microsoft Internet Explorer and NetMeeting, WS-FTP LE (a file-transfer program), ICQ (a messaging program), Napster (MP3 music search and download software), PC Anywhere (a program that allows remote control of one computer by another), and RealPlayer (music and video player software).
Sometimes the biggest challenge was determining whether the firewalls were working at all. For instance, in its default installation, McAfee.com does not launch at system start-up or appear in the system tray. You must select those options in the program's configuration. And even though Secure Desktop launches automatically at start-up, it runs entirely in the back-ground - there isn't even an icon for the program in the system tray.
Secure Desktop did ask for permission to run some applications, but when operating at its highest security setting, the program would not allow other applications - ICQ, Napster, or NetMeeting - to run at all. McAfee.com and ZoneAlarm worked fairly smoothly, asking permission for each application. Norton automatically configured rules to permit some apps, but in other cases it made us walk through an overly detailed, six-screen Q&A to manually configure rules for future use of the app. BlackICE doesn't scrutinise applications per se, but it accurately monitors the types of data they send and receive.
Finally, we ran a not-so-trusted application: the freeware version of PKZip (file-compression software). This download includes a built-in application called TSAdbot, which acts as a conduit for advertisements from the Internet and displays them while PKZip is running. TSAdbot is not a malicious program, but it does function similarly to a Trojan horse and thus tests the firewalls' sensitivity to these intruders. McAfee.com, Norton, Secure Desktop, and ZoneAlarm detected TSAdbot and asked us for authorisation. ESafe failed to react; BlackICE did not recognise TSAdbot's behaviour as harmful. When we asked Network ICE about this result, spokesperson Robert Graham said, "Currently, Network ICE does not consider adbots to be malware." But he added, "Maybe we should reconsider our position."