Firewall Software – Reviews On The Best Personal Firewalls

The most important facts

  • A desktop firewall or personal firewall is a software or hardware solution
  • Between two networks, the firewall filters data traffic – often between the Internet and the computer
  • The purpose of the firewall is to protect the PC from attacks (viruses, worms, spyware) from the network
  • Since software firewalls are rarely offered as stand-alone solutions, the products tested here are Internet security suites

Our winners

In our comparison, Kaspersky, Bitdefender and McAfee were particularly successful. Kaspersky offers a wide range of features, one of the best virus scanners and maximum compatibility. This is how Kaspersky Internet Security works with Windows, MacOS, Android and iOS. The Romanian security software manufacturer Bitdefender also deserved to place itself in the top three of the comparison. In addition to excellent protection, Bitdefender scores with the best performance among security programs. The user interface is also very well thought-out and the autopilot, which relieves the user of all decisions, is able to convince.

At McAfee, the combination of excellent protection performance and ease of use is compelling. Internet security software is one of the most expensive products in our test, but it is also intended for multi-device use. It can be installed on an unlimited number of devices, including not only Windows PCs and laptops, but also smartphones and Macs. Other manufacturers’ products cost a similar amount of money if you want to use them on more than one or up to three devices at the same time, but not all of them are compatible with such a wide range of different operating systems.

1. Essential protection for the computer

If a PC is connected to the Internet or if it is in a network, there are inevitably various dangers. Due to a missing, not updated or incorrectly configured firewall, attackers can gain access to the device and thus view, modify, block or steal data. Personal data such as documents and photos are at risk, but the financial risks associated with online banking are also increasing tremendously, because users without firewalls make it too easy for hackers to get their money out of their pockets by manipulating the Internet. Software installed on the computer can also send unauthorized data to third parties.

Who benefits from a firewall?

Therefore, it is clear that a firewall is recommended for every PC user. Regardless of whether you are an Internet occasional user, e-sportsman, e-business professional, dealing with customers via the Internet, or a user who occasionally hangs around on dubious sites. Threats and attacks lurk everywhere: on specially crafted pages designed to download files to your computer, or through email attachments. They are aimed at providing unauthorized third parties with access to the data of unprotected users. If a hacker has already found a vulnerability in the system, it is usually too late.

What does a firewall do?

A firewall protects the computer against such attacks. Unlike antivirus programs, it does not detect malicious code and isolates it so that it cannot cause any damage. A firewall blocks unauthorized access to the device. It serves as a filter that checks whether programs want to and are allowed to exchange data with the Internet or a network. In the case of a firewall, this is done via port sharing. Ports are part of a network protocol that assigns connections and data packets between servers (usually on the Internet) and clients (user programs, for example a browser). Each such connection includes two ports, one on the server’s side that requests data, and one on the program’s side that is used to download data to the computer.

A good example of the ports’ functionality is downloading a file from a server using an Internet browser. There is now an open port on the server and browser side for downloading. If you now want to start a second download from the same server in parallel, you need to open another port on the browser side in order to distinguish between the two incoming data streams from the server. The port of the server is the same for all downloads. These ports act as a kind of pass-through port for data. All unneeded ports, except those needed for browsing, retrieval of emails or other data use, should be closed.

This task is performed by a firewall. The firewall closes unnecessary ports and in case of doubt asks if a program is authorized to use ports to exchange data with the Internet. This can be done on the one hand by a whitelist, i. e. a permission list, and a blacklist, i. e. a prohibition list. Many providers maintain such lists of the most common programs and assign rights automatically. Using these lists, the security suites then provide reliable protection against security risks. On the other hand, rights can also be granted through a learning effect of the firewall, which prompts the user to grant or deny access rights the first time a third party program is called. Of course, it is safest to have a firewall and antivirus software running in parallel. If configured incorrectly, however, the two programs can block all Internet traffic. This is another argument in favour of good firewall software that is easy and clear to use and takes the user’s most important decisions when necessary.

Check for frequent updates

Both operating systems and anti-virus software require constant updating in order to quickly close previously discovered vulnerabilities. Until these gaps are closed, a firewall is often the only protection for the system. The firewall allows only certain connections and therefore has an active impact on network traffic. It explicitly distinguishes between specifically requested and unwanted connections. Without an intelligent firewall or manual fine-tuning, the data transfer can be slowed down or, in the worst case, stopped.

2. Personal Firewall vs. External Firewall

A distinction is made between “personal firewalls” and external firewalls. The former are installed directly on the device to be protected. Since Windows XP SP2 and all following systems the software-based Windows Firewall is installed on Windows computers. When starting programs that offer server services, users with administrator privileges have the choice of allowing incoming connections to the ports opened by the programs through a command prompt. This software-based firewall, supplied by Microsoft, deactivates users when necessary to replace it with another vendor’s firewall.

Personal Firewall

The software solution “Personal Firewall” is often included in antivirus programs or Internet security suites. These are available from several vendors exclusively for Windows, but not for Mac (iOS). For the aforementioned reasons, we strongly advise against not using the functions of a “personal firewall”. If there is no firewall or if it is not optimally configured, hackers can gain access to the computer. The unsightly results include, for example, the loss of sensitive documents, the violation of privacy when strangers read personal messages or steal and distribute private photos, and the extremely dangerous manipulation of online banking. The advantage of using software-based firewalls lies in the price, especially when operating only one or two PCs in a network. The purchase of one or two licenses is cheaper than the purchase of a hardware component. In addition, these firewalls also control outbound traffic – a particularly good spyware protection. Moreover, the software’s signatures are more up-to-date thanks to updates.

Disadvantages of this variant are that the computer is unprotected for a short time at start-up, the firewall check takes up the computing power of the device and the operating system or the firewall crashes, but data can still fall into unauthorized hands. The learning phase, in which the user teaches the firewall which connections should be allowed and which not, requires some patience, especially at the beginning of the installation. Incorrect or careless settings can endanger the protection of your computer. In contrast to the one-time purchase of hardware, it is sometimes necessary to purchase a subscription for software in order to get new signature updates. In addition, the software-based personal firewall only protects the device on which it is installed. In addition, such a software-based solution can be attacked and is usually only suitable for one or two devices. The advantages and weaknesses of a “personal firewall” will be compared in the following:


  • Software solution is cheaper if there are only a few devices in a network
  • Good anti-spyware protection, because outgoing traffic is also controlled
  • Regular signature updates


  • Permanent binding of computing power through permanent monitoring
  • Incorrect settings can be dangerous

External Firewall

This is where the hardware-side solution (external firewall) comes into its own: It is often already included in the router and protects all devices against attacks that enter the Internet via this access point, no matter how many devices are present and with which operating system they operate. In addition, the computers do not have to be individually configured, monitoring by the external firewall is sufficient. This is an advantage for large networks with many computers and different operating systems. Since a separate device is used for testing, it is guaranteed that the PC processes the data quickly and does not need to provide firewall resources itself, which could cause the PC to run other programs at a slower pace if necessary. There are also disadvantages with this variant. In the case of external firewalls, for example, there is almost no control of the outgoing data traffic. If a program uses an open port and establishes a connection to a server that is not on the block list, the protection usually does not apply. It should be borne in mind that in this constellation, space for setting up the device and a power supply are essential for operation and that the purchase of only one computer is comparatively more expensive. The advantages and disadvantages of an “external firewall” in brief:


  • Quite often already included in the router
  • Protects all devices that access the Internet via this access point
  • Protects devices regardless of operating system
  • Devices do not need to be configured individually
  • Fast processing without tying up computer resources


  • Hardly any control of outgoing traffic
  • Requires space to set up the device and its own power supply

3. Next-Generation Firewalls (NGFWs)

Next-generation firewalls (NGFWs) offer even better protection. In addition to the usual advantages, this firewall is capable of specifically regulating data packets of individual applications. An NGFW can be configured by the IT department for different users with different authorizations. The NGFW is therefore particularly useful for large companies.

The first firewalls worked as pure packet filters: With the help of certain tricks, attackers were able to gain undetected access to the system from the firewall. Nowadays, most firewalls work on both the transport and application layers. This became necessary because more and more malicious code was hidden in the data part of the packets. If you look at the example above, where one or more ports have been opened in the browser for one or more downloads, it becomes clear why the next-generation firewall can score here. In contrast to the classic firewall, where only the packets are assigned to the ports, the next-generation firewall is also able to view the contents of the packets and block unwanted data traffic.

However, this security only applies if the data has to pass through the firewall to be checked. If malicious programs spread behind the firewall, i. e. within the network, no check takes place. Usually this is caused by mobile removable media such as USB sticks or CDs that employees use on a PC and thus direct malware past the firewall directly into the network. The dangers posed by hardware components are completely new and per se not suspicious. The Federal Office for Information Security warns against hidden malware in e-cigarettes. These are often charged at the USB port of a computer. Recently, cyber criminals have been exploiting this opportunity to infiltrate viruses and Trojans unnoticed into the system. Protection against this type of threat can only be provided by a “personal firewall” that, unlike an external firewall, can detect threats on individual devices, even if they are already in the company’s internal network.

4. This is how we test

Our test is limited to the “personal firewalls” (software firewalls), hardware firewalls are not considered. As there are virtually no standalone firewall solutions on the market, we have taken a closer look at various Internet security suites. Internet security programs ensure reliable all-round protection against the many and varied threats from the Internet. But what are the criteria that buyers should pay attention to?

With this comparison, we want to make it easier for undecided users to make a purchase decision. For the evaluation, we selected four test parameters to test the various products: equipment, safety, performance and operation. At best, a product can achieve 5.00 points per test parameter. The average of the individual evaluations finally results in a total score. Short summaries at the end of the test report summarise the main points of the four test criteria and present relevant positive and negative aspects.


Some of the Internet security suites differ considerably in their performance. While some products leave nothing to be desired in terms of functionality, we had the impression with others that the software was quickly extended by a few functions in order to be able to sell the virus scanner as Internet security.

At first glance, it is not necessarily obvious what a function stands for in detail behind the terms used by manufacturers to advertise their products. Online banking protection can prove to be a minimum enhanced phishing protection, but it can also be a specially secured desktop environment (“sandbox”) with its own browser (usually a modified version of the open source browser Chromium), which shields the connection to the bank server, prevents secret screenshots and protects against keyloggers with a virtual keyboard.

Therefore, we installed each program individually and tested it for its product promise. However, we limit our tests to the core functions, since a detailed examination of all functions would go well beyond the scope of such a test. Functional areas in which individual programs differ from the others are therefore of particular interest.

An important component of such a comprehensive security solution is the so-called phishing protection. This refers to a website security ranking by the providers. On the positive side, all tested products have implemented this function. With the providers Avast, Avira, F-Secure, G-Data, Kaspersky, McAfee, Norton and Trend Micro, an icon is displayed on the search results pages of Google or bing next to the search results indicating the trustworthiness of a website.

We found the McAfee solution particularly useful. A plug-in allows the user to browse through each web page, displaying security-relevant information such as malware or phishing suspicion and the status of SSL encryption.

The intrusive approach of Norton’s software, which also knows how to estimate the trustworthiness of individual pages by icon, is negative for us, but changes the default search engine to Norton Safe Search without being asked. This can be changed at a later date, but it requires knowledge and is not customer-friendly. The better solution would be to deliver the user during installation and not hidden from the choice.

Nice additions without test-relevant character

The essence of an Internet security solution is to protect the system and the data it contains. Some programs go one step further in terms of functionality. BullGuard, G-Data, Norton and Panda include a backup function. This feature is certainly useful in terms of data security, but we do not think it is a key component of a security software package.

This also applies to other functions, which are usually not very complex to program, and which some providers provide as a friendly additional service. These include tools for securely deleting data, virtual keyboards (to make keylogging more difficult; already included in Windows by default), system optimizers (useful to increase PC performance; but has nothing to do with security) and “sandboxes” (irrelevant for normal users).


The main task of a firewall is a kind of guard function. It controls, figuratively speaking, how a bouncer controls the entrance and exit of the computer and decides which data is allowed to enter and which data to leave. By blocking numerous ports, it prevents hackers from gaining access to the system, or prevents data from leaving the computer unintentionally to third parties through software. In the present test of the Internet security suites, we include features such as anti-phishing and anti-spyware protection as well as e-mail protection in the rating in addition to the firewall function. Extra points are awarded for programs equipped with extras such as a password manager.

For the evaluation of anti-malware modules, we also base our evaluations on the ratings of independent test laboratories. These recognized testing institutes regularly check different anti-virus programs. In doing so, they subject the software to comprehensive tests with various sets of malware samples.

Test laboratories from the German-speaking countries are world leaders in this field. Probably the most important of them is AV-Test based in Magdeburg. AV-Comparatives from Austria also tests a large number of relevant programs. The British test laboratory SE Labs is also active in this sector, although it only investigates eight different programs in the consumer sector.

High overall level

All Internet security suites are unrestrictedly reliable in terms of their anti-malware functionality. Even a comparatively poor rating of only four out of six points in the AV test means a malware detection rate of almost one hundred percent.

The programs in the area of safety are therefore a tight head-to-head race at a very high level. A little bit better than the rest and thus test winner in this category is Kaspersky. AV-Test gave the best marks for the Russian security software in both the Windows and Mac versions. The tests conducted by SE Labs and AV-Comparatives also confirm the best performance. AV-Test sees the Norton Internet Security software, which has been downgraded because the Mac version was weaker than Kaspersky’s, as being almost equivalent. The Romanian software Bitdefender Internet Security also performed well here. The program is even in first place when it comes to detecting malware, but a “Total Accuracy Rating” of 97 percent in SE Labs’ test results in a devaluation against Kaspersky and Norton.


In order to reliably protect the system against attacks of any kind, Internet security software is permanently active in the background. Therefore, it constantly consumes part of the system resources.

The test parameter Performance therefore tests to what extent the respective programs influence the performance of the PC as a whole. Is the usability impaired in case of a comprehensive system scan or can the user continue to work as usual without restrictions? Does the “personal firewall” perform its task unnoticed in the background or is there a delay? Does the virus guard work without speed loss and always with the latest updates? In this respect, we also take a critical look at the system requirements of the different software.

For this test we compare the boot time of the computer before and after installing the programs. Another test criterion is the question of how long the installation of the free software LibreOffice takes with and without an active security program. Also of interest to us was the storage space actually used by the software – in this case, the manufacturer’s information regularly deviates from the actual value.

The performance is convincing almost continuously

In the area of performance, too, we were convinced by the programs almost all of them. In the past, real-time scanners used to have a much greater impact on computers, the use of which felt like driving a car with the emergency brake applied. Nowadays, there are hardly any noticeable performance losses due to the use of Internet security suites. On the one hand, the software solutions are probably better and on the other hand, the computing power of the computers has increased significantly.

On our test computer, a full virus scan usually took about ten minutes. On a work computer on which the virus scanner has to scan more files and is equipped with a normal hard disk instead of a fast SSD, the scanning process obviously takes more time.

We found F-Secure’s software particularly conspicuous in a positive sense. The quick scan is done in a matter of moments and the full scan is also faster than the quick scan of many competitors. The fast scan of Bitdefender is just as convincing.

The complete scan of the program is also convincing, but still slower than that of F-Secure. If you don’t have enough hard disk space, you should take a closer look at Bullguard’s software. The software only requires 116 megabyte of storage space and is therefore a successful product with the lowest storage requirements.


If a program is equipped with a large variety of functions and settings, the user sees this as an advantage at first glance. However, satisfaction depends to a large extent on usability: Is it clearly structured, which tools bring which advantage? Does a non-technical user find his way through the program interface or is it unnecessarily complex? In this section of the test, we therefore check whether the developers have succeeded in developing an intuitive, practicable and clear program guidance system that can be intuitively grasped even by laymen.

For the developers it is always a balancing act to find a middle way between complexity and easy operation. There are examples of outliers in both directions. Panda shines with its clear and inviting user interface, but experienced users lack the possibilities of fine adjustment. Serious differences also exist with regard to the linguistic implementation. For example, some of the designations from the manufacturer Trend Micro appear to be inappropriately bumpy after the translation from Japanese. The opposite is true for the Finnish manufacturer F-Secure. This clearly shows that more time and care has been invested in developing suitable translations.

Trends in user interfaces

A few differences can be seen in the user interfaces: Bullguard and Bitdefender rely on compact design with small buttons that are very comfortable to use. This gives the user the impression of having all important functions under control without being overtaxed.

Bitdefender is still one step ahead in terms of user-friendliness. An autopilot mode is built in here. At the push of a button, all settings are reset to their default values and the program completes its tasks without any user interaction.

Most programs, such as Kaspersky and McAfee, rely on supporting the user with clear, uncluttered and easy-to-understand selection screens. Many buttons are explained with full sentences, small interactive tours guide you through the most important functions of the program. Experts are given the opportunity to make additional settings. However, these only become visible after explicit clicks and do not overwhelm the normal user. Norton Internet Security and Avast also belong to this category.