The Best Free Firewalls For Windows
A firewall is an electronic defense wall. Its responsibility is to control network communication between specific programs. In this guide we will go through the best free Firewall apps available for Windows, and see their features and functions.
- The history of Windows Firewall
- Windows Firewall
- Firewall applications which complement Windows Firewall
- Standalone firewall applications with additional features
- Older firewalls which are not supported anymore
- Your router (possibly) already complements the existing firewall
In October 2001, Microsoft released Windows XP, which was the first version of Windows that incorporated a somewhat limited firewall. But it was disabled by default, due to incompatibility concerns.
Additionally, in order to configure it, someone had to dig deep in order to find the buried network settings, something that most users never did. This resulted in the firewall to be used very rarely.
In 2003, the Worm Blaster virus infected a large number of Windows computers. In late 2003, another virus, the Worm Sasser, did something similar. However, these viruses did not require the user to run an infected file; Due to lack of a firewall, if a computer was connected to the Internet without any antivirus, it was very probable that it would be infected very easily.
Due to these facts, and many criticisms concerning the protection of users from threats, Microsoft decided to get serious about it, thus significantly improved the functionality and interface of the built-in Windows XP firewall, and decided to activate it by default on Windows XP SP2.
Now, Windows Firewall is available in all newer Windows systems and activated by default. From Windows XP and up to Windows 10, the Windows Firewall is located in the Control Panel.
The big advantage of Windows Firewall is that it rarely needs some user interaction. When an unknown program needs to receive incoming data from a network- for example, a new Torrent client- the Firewall detects, blocks it, and asks you if you want to allow access. The Windows Firewall will remember this option and will not bother you again. There is no need to configure the firewall manually, which makes it extremely convenient. However, if you need to edit the permissions of a program, you can do it from its settings.
The major disadvantage of the Windows Firewall is that it is, by definition, a one-way firewall. This means that it only detects applications that receive data from the internet. On the other hand, programs that want to send data to the internet are free to do so.
The only way to prevent them is to configure outgoing trafic rules manually.
For most users, the answer is yes.
By default, Windows Firewall does only what is truly important: block incoming connections. It has some more advanced features, but they are hidden and not so easy to use. If you just make simple daily use of your computer, Windows Firewall is more than enough for you.
However, if you need something more advanced, you can use third-party applications, so that you have greater control over both inbound as well as outbound connections.
Of course there is another solution too: applications which complement Windows Firewall.
If you are satisfied with Windows Firewall, but want to expand its features and have better control over the connections, you can reach out to third-party applications.
Windows 10 Firewall Control is a good option to supplement the built-in Windows Firewall. Despite its name, the program is compatible even with Windows XP. It allows the user to better regulate Windows firewall in order to block or allow applications connect to the internet.
It also adds a much better configuration options of outgoing connections, than the built-in Firewall. It is based on the built-in Windows Filtering Platform, so there is no need to install any third-party Kernel Drivers.
To download the free version of the program, visit this link. The software company Sphinx provides other, paid versions of the program as well.
The size of the program is very small (about 4MB), and the installation procedure is very simple.
Once finished, you can see an icon in the system tray, from where you can access the application.
The program’s interface is simple and clean, reflecting its basic functionality: to allow or block network access to applications.
There are four categories into which programs fall into:
- EnableAll: Allows applications to send and receive packets from the network (both directions).
- DisableAll: completely blocks the connection of applications to the network.
- IncomingOnly: Allows applications only to receive packets from the network.
- OutgoingOnly: Allows applications only to send packets to the network.
So when an application wants to connect to the network, a window is displayed and asks you what permissions it should be given.
The main tabs in the program are the following ones:
The “Programs” tab, which displays information about the programs which are connected, the “Events” tab, which displays the interaction of applications with the firewall, the “Connections” tab, which displays details regarding the connections of each program, the communication protocols, IP addresses, etc. and finally, the “Settings” tab, which includes application’s settings, rules configuration, the behavior of the program, etc.
A similar application to Windows 10 Firewall Control is Windows Firewall Control. Unlike the previous application, Windows Firewall Control does not support Windows XP.
The program can be downloaded from this website.
The installation package is very small (about 1MB), and its installation procedure is very simple. Once the installation is complete, you will see an icon in the notifications area, from where you can access the application.
The interface of the application is simple and clean.
The first tab includes settings regarding the application’s profile and the level of program filtering. It’s divided into four categories- high, medium, low, and no filtering. The application recommends that the “medium” filter settings is applied.
The second tab is about the program notifications, the third tab contains the settings of the program (integrate in the context menu, auto-start, color alerts, reset, etc.), the fourth tab is for the firewall’s rules, from there you can define the rules for each new program, as well as how they will be applied to different network types. The next two tabs have settings regarding the program’s security enhancements and additional system utility tools.
In any case, Windows Firewall Control’s features are simple and can be used by all users.
Like the previous two programs, TinyWall works similarly, and complements Windows Firewall. It doesn’t disturb the user with pop-up windows, and is an ideal solution since it works silently in the background.
TinyWall can be downloaded for free from here. The installer is about 1MB, while the installation procedure is very simple and straightforward.
Unlike the previous two programs, TinyWall does not have a main menu; the basic features are available from the icon in the notification area.
The application’s interface is very neat- perhaps it’s the simplest we've seen so far.
From the pop-up menu, the user can view and select the operating mode, the overall network activity, add exceptions, but also access some settings.
Having the same philosophy as the previous programs, it has five main functions:
- Normal protection
- Block all
- Allow outgoing
- Disable firewall
The program’s settings can be found under the "Manage" option. From there the user can protect the application by adding a password, add exceptions and define applications which are allowed to communicate with the network.
In there, you can also find a "Tracking" mode feature, from where the program will try to detect known applications installed in the system.
Furthermore, TinyWall is able to automatically recognize multiple processes of an application. For example, if you have a program which has more than one process running, and you add the first process, then the rest of them will be automatically added to the "whitelist".
The "Special Exceptions" tab allows the user to manage advanced settings and choose between system services. It is recommended to leave these options as they are, unless there's something you really want to change.
The "Maintenance" tab allows the user to import/export settings and manually check for updates.
TinyWall is small and lightweight, making it a solid choice for anyone looking for a reliable firewall application with low resources consumption.
In this section you will find free firewall applications which completely replace Windows Firewall and provide you with tools and features that will enhance the security of your system.
It should be noted that when we install a standalone firewall in Windows, the built-in Windows Firewall is disabled automatically in most cases, but sometimes you need to do that manually.
Also keep in mind that under no circumstances should you be running two firewalls at the same time- it’s rather pointless, and can create serious compatibility issues.
GlassWire is not a simple firewall. It is a security tool, which displays the activity of your network in graphs. GlassWire warns you of possible threats, has its own firewall, remote control servers, and helps the user understand his network activity.
GlassWire can be downloaded from here. Apart from the free version, it has three more paid versions, with additional features and capabilities.
The installation procedure is simple and you don’t have to configure anything throughout it.
One of GlassWire’s most important features is that it has a quite attractive interface. This detail plays an important role as the attractive environment urges the user to open and monitor the network’s activity.
The graphs regarding the applications connected to the network are drawn in real-time, while the zoom feature at the bottom of the window allows you to check for longer time periods.
Once GlassWire is installed, you can see that notifications are displayed when a new program tries to connect to the internet. These alerts appear in the program’s interface.
You can see the date and time of the network activity of each application, as well as the name of the program and the server it is connected to. Alerts can be marked as read, so it is easier to identify new ones.
By default, the program allows network activity to all programs, but you can easily change that by pressing the icon with the flame next to each application.
There are additional features as well, but to access them you must buy the full version.
If you wish to use GlassWire just to observe the activity of your network, you can quite easily disable the firewall feature of the program.
The “Usage” tab displays statistics regarding internet usage. There you can see the total incoming and outgoing data, as well as a list of applications and the traffic type.
Finally, it should be mentioned that the application has a settings menu, supports changing themes, and more.
ZoneAlarm was first released in 2000 by the software company Zone Labs. In 2004 it was acquired by Check Point. Right now it is one of the most recognizable free third-party firewalls, which has survived the test of time.
Recently the company wanted to expand the functionality of the free firewall, and to create a free security suite with basic features.
In order to download the free version of ZoneAlarm, simply visit this link. You will be asked if you want to download the paid version- simply decline that offer and get the free firewall instead.
ZoneAlarm is no longer compatible with Windows XP. Its installation procedure doesn’t hide any third-party app, and doesn’t require any configurations either.
It is recommended to select “Quick Install”, where the program will be installed with the default settings.
ZoneAlarm’s main window is divided into three categories.
The first category is about virus protection, which can be installed optionally. The second category is about firewall settings, while the third category is for settings regarding privacy protection.
Moving to the firewall settings, there are two categories: one for basic firewall settings, and one for controlling applications.
The protection zones of the basic firewall are two: one for public networks and one for trusted networks. Protection for public networks is set to maximum automatically. ZoneAlarm will block any attempt which tries to connect to the computer, and will notify you accordingly.
In trusted networks (such as the home network, for example), the rules are less strict, allowing the sharing of printers and files. In any case, the security level can be changed.
In the “Advanced” option you will find settings for advanced users, such as IP filtering, VPN protocols, etc.
The application control feature is for filtering applications which connect to the network. The control level has to do with the density of notifications you will be receiving, and will require your approval. By default, the control level is set to medium, which means that there is a balance between security and fewer alerts.
Also, DefenseNet automatically sets permissions for a vast number of known programs.
From the “View Programs” menu you can see in detail all the programs which are connected, their zone, plus you can intervene in any of them.
ZoneAlarm offers identity protection features, and 5 GB free space of encrypted storage from the company IDrive.
The identity protection service monitors your credit card and warns you of changes, protecting you from unauthorized management of your personal data. This service is provided by a partner company, and you can access this service for free for one year.
ZoneAlarm Free has all the necessary features that a good firewall should have, with its own extra bonus features. If you want a separate firewall, instead of Windows Firewall, then it is certainly worth trying out.
Comodo Firewall is a whole category by itself.
The Comodo company was founded in 1998 by the Turkish-American Melih AbdulhayoÄŸlu, who remains the CEO of the company until today. The company is currently the largest issuer of SSL certificates, with a market share of 33.6%.
Comodo, apart from its free Firewall, has one free complete security suite, Comodo Internet Security.
Additionally, apart from its free services and software, has paid security solutions as well.
Recently Comodo was accused for using GeekBuddy, a remote assistance service, which was using third-party software. Thus, it’s recommended that during the installation of Comodo products not to install GeekBuddy.
Comodo Free Firewall is a very good choice for users seeking a full-featured firewall. It is intended for advanced users who are aware of the programs that are installed on their system.
One important feature is the Comodo Defense+, which supports HIPS (Host Intrusion Preventation), Auto-Sandbox, and Viruscope technologies. These technologies ensure that all applications, files, processes, and services are safe. Such technologies are usually included in expensive security solutions.
Comodo includes a very good firewall and a lightweight sandbox, for restrict changes made to your computer by applications that you install.
By default, Comodo has user-friendly features, but at the same time allows advanced users to keep control over their system.
You can find Comodo Free Firewall at this link.
It’s recommended that you uncheck the two boxes in the first steps during the installation procedure which ask you to send data to the company’s servers, since you don’t have to let the company know what you’re doing on your computer, even anonymously.
Also, you should choose a custom installation, in order remove what you do not need (e.g. GeekBuddy and Chromodo Browser).
Additionally, it’s better to choose the setting for displaying as few alerts as possible.
Once the installation is complete, your system will reboot.
Once Comodo is installed, you will be seeing popups once in a while, which will be informing you of various applications running on our computer. You have to manually intervene in any application, which will be added to a list of trusted applications.
Of course, many applications from trusted sources are configured automatically via a cloud-based technology. Thus, the number of pop-ups is limited to just the essentials.
Also, the first time you connect to a network, either a wireless or a wired, you will be asked to specify its location (home, work or public). This will determine how much your system will be exposed to the rest of the network (shared printers, file sharing, etc.).
Comodo’s interface is very beautiful and practical. In the main window you see the security status of your system, while at the bottom of the window there are shortcuts for instant access to key functions. Also, you can activate Game Mode for undisturbed gaming sessions.
Don’t forget that Comodo Firewall provides a desktop gadget too, which displays information and allows you to manage your firewall easily.
From the application’s icon in the system tray you can specify the level of protection, as well as disable any feature that you don’t want.
In the inner workings of Comodo Firewall you can see four categories of settings with various options. The first category relates to the general settings of the application, the second category has to do with the firewall’s features and capabilities, from the third category you can control the features of the sandbox, while the last category is related to advanced functions, creation of boot disk, process managing, activity monitoring, etc.
As you see, Comodo Free Firewall has several features that extend far beyond the meaning of a firewall as you know it. To analyze all these possibilities, a whole guide would be required for it.
It is a powerful security solution that anyone will appreciate- especially advanced users. At the same time it gives you the ability to activate the free Internet Security, in order to fully protect your system.
In the past there was an even greater range of free firewall applications, many of which ceased support for modern versions of Windows.
Of course, if one wishes, he can still install them on his system, especially if it’s an older version of Windows.
In the past, Online Armor was the rival of Comodo Firewall.
When it passed into the hands of Emsisoft, it didn’t stay in the spotlight for long since the company recently decided to cease support. Thus, it was absorbed by Emsisoft Internet Security.
You can download Emsisoft Online Armor here.
Outpost Firewall used to be a good and reliable security solution in the past as well.
In December 2015, its technology was transferred to the company Yandex, and is used in the Yandex Browser.
You can find Outpost Firewall here.
Private Firewall is a decent firewall with extra features.
Although it hasn’t been updated since 2013, the authors claim that it is compatible with all Windows versions from XP up to 10.
In the past, some of its features were paid, but now they are offered completely free.
You can download Private Firewall here.
PeerBlock (formerly known as PeerGuardian), is a special type of firewall. It is designed to protect you from IP addresses that you do not trust.
Once you install it, you will be asked to select the type of websites that you want to exclude, for example adware/spyware networks, P2P websites, etc.
Although you can still install it in Windows 10, the developer company ceased support in 2013. The official page redirects you automatically to PeerBlock blog, which is still working.
You can download PeerBlock from here.
Modern routers complement in their own way the security level of each connected device.
NAT (Network Address Translation) is an internet standard that enables a local area network (LAN) to use a set of IP addresses for internal traffic and a second set of addresses for external (WAN).
NAT is located, in essence, at the point where a local network meets internet, and makes all the necessary translations for the IP addresses.
It serves three main purposes:
- It provides a kind of firewall to hide internal IP addresses.
- It allows a company to use more internal IP addresses. Since they are used only internally, there is no possibility of conflict with IP addresses used by other companies and organizations.
- It allows a company to combine multiple ISDN connections into a single internet connection.
Please note that NAT is not a security product. However, it can provide some level of security as a byproduct, since nothing from the inside is accessible "from the outside", unless you open a new port manually.
The same result can be achieved with a firewall that blocks all incoming connections.
Hardware firewalls are devices which are installed between your computer or network and the internet.
Some better-quality routers have a built-in hardware firewall. They are mainly used by companies or large organizations with computer networks.
A Hardware Firewall can protect all your devices, doesn’t consume system resources and is not vulnerable to malware.
The built-in Windows Firewall has improved a lot from its first appearance, and can meet the needs of most users.
If you want additional features, there are additional free firewalls as you saw, which are based on Windows Firewall. But if you are a power user, then Comodo Firewall is a must, since it can give you complete control of your system.