Sunbelt Personal Firewall — the Review

Sunbelt Personal Firewall Review
Sunbelt Software renamed their Sunbelt Kerio Personal Firewall to be Sunbelt Personal Firewall. As the name indicates, it is their personal computer firewall software package. SPF is available in full-function mode (paid license) and in a reduced-function free (licensed free for personal non-commercial use) versions. Actually, it is the same program — at any time during the full-function 30-day trial, you can purchase a license key to activate the additional functions or if you don't qualify for the free license.

Sunbelt purchased the existing, respected firewall program Personal Firewall from Kerio in December 2005. Most importantly for consumers, Sunbelt reduced the price significantly when they released the firewall.

Sunbelt Personal Firewall is only $19.95, which includes 1 year of upgrades. Sunbelt's web site shows that annual upgrade subscriptions are priced at $9.95 per year. They also have discounts for multiple computers and/or multiple years, and even have a Home Unlimited Site License for $39.95 that lets you run it on all your home non-business computers.

Since I registered my copy immediately when I downloaded it, I know that the License and the Upgrade Subscriptions are two different things. My license expires "Never," while my upgrade subscription expires next year.

First, what do you miss with the "free" version?

It is licensed for personal and/or non-commercial use only.
Web content filtering is not available in the free version
The powerful Host Intrusion and Prevention System (HIPS) is not available in the free version
It can not be used on a computer that is providing the "Internet Connection Sharing" functions for your local network (the "Internet gateway" computer). It will block the ICS data packets, since they are not destined for this computer.
Logs can not be sent to the Windows "Syslog" server.
You can not password-protect your firewall configuration, and
You can not access and administer the firewall remotely.
I am currently using Sunbelt Personal Firewall on all my family's computers as well as on my notebook (my primary computer) and I am impressed. When you install SPF, you can choose between the "simple" and "advanced user" installations. Even if you're an advanced user, pick the "simple" installation — you'll read more about this below.

I like SPF, I have purchased my licenses for it and am using it on my primary computer (as well as for my family's computers). I prefer SPF to ZoneAlarm, which was my previous choice. However, there are some features I do not like, which I also will discuss below.

The first thing I like is speed. SPF starts up quickly and even its user interface (with the icon in the Windows status bar) starts up quickly -- much more quickly than my previous firewall did.

Speed in handling data is also good. The user interface is very straight-forward, especially the screen that shows the firewall settings (permit, deny or ask) for each program that wants to access the network and/or Internet.

Price is excellent, whether you choose the paid license or qualify for the reduced-function free license.

Performance: I have the Application Blocking function turned on (more about this later), so I have learned a lot more about the huge numbers of programs that trigger communications with the 'Net. I like this feature, especially the ability to set "remember my answer" rules for the future.

Let's Look at the Program
Overview - Connections: This is the first screen you'll see when you open the program. On this screen, you will see the applications and services which are currently accessing the network and/or Internet, or which have recently done so.


(click on the image for a larger version)
Overview - Preferences: The most important items on this screen are the "automatically check for updates" checkbox, the "Check Now" button, and the "Import" and "Export" buttons for restoring or saving your SPF configuration.


(click on the image for a larger version)
Network - Applications: This screen shows you — and allows you to control — the applications on an individual basis. You can choose ask, permit or deny for each application that tries to use the network or Internet, and you can control it inbound and outbound, to and from your Trusted network and to and from the Internet.


(click on the image for a larger version)
Be sure to set "Any other Application" to "Ask".

Network - Predefined: Here, you can control those specific programs and services that Sunbelt chose to permit or deny by default.


(click on the image for a larger version)
Network - Trusted: This is the screen where you can see and control the networks to which you have connected. The networks are identified by IP address/subnet-mask or telephone number and by interface (wireless, wired, phone).

Trusting other networks is an issue, whether you use the Sunbelt firewall or any other firewall. If you haven't changed your Workgroup from the default, anyone on that network to which you just connected with the same MSHOME workgroup will be able to share your files! So, you pull out your notebook in a coffee shop or other wireless venue (hotel, airport, etc), SPF's current version (4.6.1839.0), you'll automatically share any shared files with those other computers that similarly are using the default Workgroup name.

The other problem with default "Trust" is more insidious and potentially more dangerous — firewalls will allow responses from any other computer, but they block communication requests from other computers that are not trusted. If a computer is trusted, the communication request is allowed. Scenario: you hook up via wireless at the local coffee shop. One of the other computers there has a worm that attacks newly-discovered Windows flaws -- and you haven't run your Windows Updates recently and the hole is not patched. You've just been "had."

So, what do you do? Use non-standard IP addresses for your home network and a workgroup other than the Windows default. Then, immediately after you connect to a wireless or wired network away from home, check the IP address you are assigned — to make sure it's not in the same range as you use at home.


(click on the image for a larger version)
All firewall software (not just SPF) works by watching IP addresses. Be sure that you change the IP address range for your home network from the default. If you use the default, you're more likely to accidentally trust computers on another network, just because the other network uses the same set of IP addresses.

This particular issue is common to all firewall programs.

YOU have to pay attention to "trust" whenever you connect to another network. If you don't check, you are just rolling the "loaded" dice.

Network - Advanced: This screen gives you some extra control of specific situations, such as blocking incoming communications while you are booting or shutting down and whether this specific computer is acting as a gateway to the Internet for other computers (Internet Connection Sharing). You might be doing the latter if you use dialup and have multiple home machines. If you use cable or DSL, you should have a cable/DSL router to provide this service and additional protection for your Windows machines.


(click on the image for a larger version)
Intrusion - Main: This is where you can enable or disable the Network Intrusion Prevention System, the Host Intrusion Prevention System (not available with the free version), and Application Behavior Blocking.

If you pick the "advanced user install," Application Behavior Blocking is turned on by default. You'll quickly get hammered by every program that triggers another program to run — and you'll be amazed at how often that happens. Don't even think of leaving your computer while doing Windows Updates...

When you combine this application blocking (which I really do like!) with the typical smarts of a firewall that recognizes "changed/updated" programs as "different" programs (as it should!), you'll see this block a lot of items — even if you make a "rule" to accept an action. If you did the advanced user install, now you know where and what to turn off to stop those interruptions, if you want to stop them.

This function is so powerful and disruptive that I recommend that you do the Simple Install, and then manually turn on Application Behavior Blocking later.


(click on the image for a larger version)
Web - Ad blocking: I have hated ad blocking even before I ever started putting advertising on my web site. Now that I have ads on my web site, I really don't like users having the ability to view my content if they do not have the courtesy to view my ads also.

On the "Web - Ad blocking" control page, you can turn on or turn off "block advertisements." Independently of blocking web page ads, you can block pop-ups and pop-unders (I _do_ like to block those!). SPF wraps the whole web page (in your browser) with a big JavaScript. I found this by searching to figure out why web pages were now loading more slowly than before SPF. Result, I turned off SPF's pop-up blocker — anyway, Firefox and IE (as of XP Service Pack 2) have pop-up blockers.

You can also use SPF to block JavaScript, VBScript and ActiveX. Since I don't use IE for anything but Windows Updates, VBScript and ActiveX don't bother me. I will not turn off JavaScript, as too many web sites need JavaScript to function properly.


(click on the image for a larger version)
Web - Privacy: Let me just say that the checkboxes you see unchecked on this screen (all of checkboxes) are the ones I have unchecked for normal web surfing. There are legitimate reasons for cookies, whether they are for maintaining your shopping cart within a web site, for letting you "log in automatically" at a web site, or for enabling a web site owner to receive a commission when you purchase something from an ad on his site.

Cookies got a really bad rap a few years ago, when a couple companies announced they were going to track users all over the Internet and merge surfing habits with other personal databases. The public uproar was so great that these companies (Doubleclick was one) quickly announced that they were dropping those plans. Doubleclick went so far as to put a "Doubleclick.net ignore me" cookie generator on their web site for use by the public.


(click on the image for a larger version)
Web - Site Exceptions: This section is pre-populated with the Microsoft Update sites. You can add, remove or edit site listings here.


(click on the image for a larger version)
Summary
That's the Sunbelt Personal Firewall in a nutshell. Extensive controls, easy-to-use controls, and very reasonable pricing.

In my review of an early version of Sunbelt Personal Firewall (at the time, it was being transitioned from Kerio and was known as the Sunbelt Kerio Personal Firewall), I had a significant issue with the default "trusting" of newly connected wired and wireless networks. Even though I had the issue, even though my notebook is my primary computer, I registered SKPF and continued to use it. I reported the issue. Based on my subsequent testing, I'm satisfied that the issue is was resolved long ago.

The Bottom Line

Sunbelt Personal Firewall offers a free 30-day full-function free trial and a free reduced-function mode for personal, non-commercial use.

I tried it, I like it, I use it, and I registered it. I went back and bought three more licenses for my other computers. I have continued to renew my licenses since then. Sunbelt Personal Firewall is my #1 firewall recommendation.

I recommend that you install in "Simple" mode, not "Advanced" mode. Then, enable other tests manually, especially the "Ask" for Any Other Applications on the Network/Applications tabs — so you'll know what you changed if you want to turn those settings off.