Sunbelt Software renamed their Sunbelt Kerio Personal Firewall to be Sunbelt Personal Firewall. As the name indicates, it is their personal computer firewall software package. SPF is available in full-function mode (paid license) and in a reduced-function free (licensed free for personal non-commercial use) versions. Actually, it is the same program — at any time during the full-function 30-day trial, you can purchase a license key to activate the additional functions or if you don’t qualify for the free license.
Sunbelt purchased the existing, respected firewall program Personal Firewall from Kerio in December 2005. Most importantly for consumers, Sunbelt reduced the price significantly when they released the firewall.
Sunbelt Personal Firewall is only $19.95, which includes 1 year of upgrades. Sunbelt’s web site shows that annual upgrade subscriptions are priced at $9.95 per year. They also have discounts for multiple computers and/or multiple years, and even have a Home Unlimited Site License for $39.95 that lets you run it on all your home non-business computers.
Since I registered my copy immediately when I downloaded it, I know that the License and the Upgrade Subscriptions are two different things. My license expires "Never," while my upgrade subscription expires next year.
First, what do you miss with the “free” version?
- It is licensed for personal and/or non-commercial use only.
- Web content filtering is not available in the free version
- The powerful Host Intrusion and Prevention System (HIPS) is not available in the free version
- It can not be used on a computer that is providing the “Internet Connection Sharing” functions for your local network (the "Internet gateway" computer). It will block the ICS data packets, since they are not destined for this computer.
- Logs can not be sent to the Windows "Syslog" server.
- You can not password-protect your firewall configuration, and
- You can not access and administer the firewall remotely.
I am currently using Sunbelt Personal Firewall on all my family’s computers as well as on my notebook (my primary computer) and I am impressed. When you install SPF, you can choose between the "simple" and "advanced user" installations. Even if you’re an advanced user, pick the “simple” installation — you’ll read more about this below.
I like SPF, I have purchased my licenses for it and am using it on my primary computer (as well as for my family’s computers). I prefer SPF to ZoneAlarm, which was my previous choice. However, there are some features I do not like, which I also will discuss below.
The first thing I like is speed. SPF starts up quickly and even its user interface (with the icon in the Windows status bar) starts up quickly — much more quickly than my previous firewall did.
Speed in handling data is also good. The user interface is very straight-forward, especially the screen that shows the firewall settings (permit, deny or ask) for each program that wants to access the network and/or Internet.
Price is excellent, whether you choose the paid license or qualify for the reduced-function free license.
Performance: I have the Application Blocking function turned on (more about this later), so I have learned a lot more about the huge numbers of programs that trigger communications with the ‘Net. I like this feature, especially the ability to set “remember my answer” rules for the future.
Let’s Look at the Program
Overview – Connections: This is the first screen you’ll see when you open the program. On this screen, you will see the applications and services which are currently accessing the network and/or Internet, or which have recently done so.
(click on the image for a larger version)
Overview – Preferences: The most important items on this screen are the "automatically check for updates" checkbox, the "Check Now" button, and the "Import" and "Export" buttons for restoring or saving your SPF configuration.
(click on the image for a larger version)
Network – Applications: This screen shows you — and allows you to control — the applications on an individual basis. You can choose ask, permit or deny for each application that tries to use the network or Internet, and you can control it inbound and outbound, to and from your Trusted network and to and from the Internet.
(click on the image for a larger version)
Be sure to set "Any other Application" to "Ask".
Network – Predefined: Here, you can control those specific programs and services that Sunbelt chose to permit or deny by default.
(click on the image for a larger version)
Network – Trusted: This is the screen where you can see and control the networks to which you have connected. The networks are identified by IP address/subnet-mask or telephone number and by interface (wireless, wired, phone).
Trusting other networks is an issue, whether you use the Sunbelt firewall or any other firewall. If you haven’t changed your Workgroup from the default, anyone on that network to which you just connected with the same MSHOME workgroup will be able to share your files!
So, you pull out your notebook in a coffee shop or other wireless venue (hotel, airport, etc), SPF’s current version (4.6.1839.0), you’ll automatically share any shared files with those other computers that similarly are using the default Workgroup name.
The other problem with default “Trust” is more insidious and potentially more dangerous — firewalls will allow responses from any other computer, but they block communication requests from other computers that are not trusted. If a computer is trusted, the communication request is allowed. Scenario: you hook up via wireless at the local coffee shop. One of the other computers there has a worm that attacks newly-discovered Windows flaws — and you haven’t run your Windows Updates recently and the hole is not patched. You’ve just been "had."
So, what do you do? Use non-standard IP addresses for your home network and a workgroup other than the Windows default. Then, immediately after you connect to a wireless or wired network away from home, check the IP address you are assigned — to make sure it’s not in the same range as you use at home.
(click on the image for a larger version)
All firewall software (not just SPF) works by watching IP addresses. Be sure that you change the IP address range for your home network from the default. If you use the default, you’re more likely to accidentally trust computers on another network, just because the other network uses the same set of IP addresses.
This particular issue is common to all firewall programs.
YOU have to pay attention to “trust” whenever you connect to another network. If you don’t check, you are just rolling the "loaded" dice.
Network – Advanced: This screen gives you some extra control of specific situations, such as blocking incoming communications while you are booting or shutting down and whether this specific computer is acting as a gateway to the Internet for other computers (Internet Connection Sharing). You might be doing the latter if you use dialup and have multiple home machines. If you use cable or DSL, you should have a cable/DSL router to provide this service and additional protection for your Windows machines.
(click on the image for a larger version)
Intrusion – Main: This is where you can enable or disable the Network Intrusion Prevention System, the Host Intrusion Prevention System (not available with the free version), and Application Behavior Blocking.
If you pick the "advanced user install," Application Behavior Blocking is turned on by default. You’ll quickly get hammered by every program that triggers another program to run — and you’ll be amazed at how often that happens. Don’t even think of leaving your computer while doing Windows Updates…
When you combine this application blocking (which I really do like!) with the typical smarts of a firewall that recognizes "changed/updated" programs as “different” programs (as it should!), you’ll see this block a lot of items — even if you make a “rule” to accept an action. If you did the advanced user install, now you know where and what to turn off to stop those interruptions, if you want to stop them.
This function is so powerful and disruptive that I recommend that you do the Simple Install, and then manually turn on Application Behavior Blocking later.
(click on the image for a larger version)
Web – Ad blocking: I have hated ad blocking even before I ever started putting advertising on my web site. Now that I have ads on my web site, I really don’t like users having the ability to view my content if they do not have the courtesy to view my ads also.
On the "Web – Ad blocking" control page, you can turn on or turn off "block advertisements." Independently of blocking web page ads, you can block pop-ups and pop-unders (I _do_ like to block those!). SPF wraps the whole web page (in your browser) with a big JavaScript. I found this by searching to figure out why web pages were now loading more slowly than before SPF. Result, I turned off SPF’s pop-up blocker — anyway, Firefox and IE (as of XP Service Pack 2) have pop-up blockers.
You can also use SPF to block JavaScript, VBScript and ActiveX. Since I don’t use IE for anything but Windows Updates, VBScript and ActiveX don’t bother me. I will not turn off JavaScript, as too many web sites need JavaScript to function properly.
(click on the image for a larger version)
Web – Privacy: Let me just say that the checkboxes you see unchecked on this screen (all of checkboxes) are the ones I have unchecked for normal web surfing. There are legitimate reasons for cookies, whether they are for maintaining your shopping cart within a web site, for letting you "log in automatically" at a web site, or for enabling a web site owner to receive a commission when you purchase something from an ad on his site.
Cookies got a really bad rap a few years ago, when a couple companies announced they were going to track users all over the Internet and merge surfing habits with other personal databases. The public uproar was so great that these companies (Doubleclick was one) quickly announced that they were dropping those plans. Doubleclick went so far as to put a “Doubleclick.net ignore me” cookie generator on their web site for use by the public.
(click on the image for a larger version)
Web – Site Exceptions: This section is pre-populated with the Microsoft Update sites. You can add, remove or edit site listings here.
(click on the image for a larger version)
Summary
That’s the Sunbelt Personal Firewall in a nutshell. Extensive controls, easy-to-use controls, and very reasonable pricing.
In my review of an early version of Sunbelt Personal Firewall (at the time, it was being transitioned from Kerio and was known as the Sunbelt Kerio Personal Firewall), I had a significant issue with the default "trusting" of newly connected wired and wireless networks. Even though I had the issue, even though my notebook is my primary computer, I registered SKPF and continued to use it. I reported the issue. Based on my subsequent testing, I’m satisfied that the issue is was resolved long ago.
/*
How can you improve the security of your wireless computer and your wireless network?
Read more on my Wireless Networking Security web page.
How can Sunbelt get ahead of the competition?
I’d like to see Sunbelt or any firewall company implement an automatic profiling of a wireless network — and warn me when I connect to a different wireless network than the last one to which I connected, even if the network uses the same IP addresses.
Right now, identifies different networks even with the same IP address, if they are wireless versus wired versus dialup. I’d like another finesse — to the network checking (it wasn’t there when I wrote the review but it might be there now)…
I imagine that 90% of the wireless networks use the typical default IP address settings on a router (192.168.1.x/255.255.255.0). However, firewalls choose to “trust” computers based on their IP addresses or the network’s IP addresses.
Therefore, no matter which firewall you choose, if you “trust” the computers on a wired or wireless network with those IP addresses, you’re going to trust the same IP addresses elsewhere.
Example: you trust computers on your home network with 192.168.1.x/255.255.255.0; now you go to the coffee shop, who has the same IP address range. You just trusted every computer in the coffee shop!
Wouldn’t it be nice if you got a message that said “Warning – this is a different wireless network than you have used in the past. Do you want to trust all the other computers on this network?”
The test is as easy as checking the MAC address of the wireless router against a MAC address of the wireless router previously connected, and warning the user if they’re different. Since MAC addresses are supposed to be unique for each piece of network hardware, this idea is for the program to keep a table of wireless router MAC addresses and whether the user wants to trust their respective networks. Keeping more information, like does about dialup vs wired vs wireless, would make the comparison even better.
The Bottom Line
Sunbelt Personal Firewall offers a free 30-day full-function free trial and a free reduced-function mode for personal, non-commercial use.
I tried it, I like it, I use it, and I registered it. I went back and bought three more licenses for my other computers. I have continued to renew my licenses since then. Sunbelt Personal Firewall is my #1 firewall recommendation.
I recommend that you install in “Simple” mode, not “Advanced” mode. Then, enable other tests manually, especially the "Ask" for Any Other Applications on the Network/Applications tabs — so you’ll know what you changed if you want to turn those settings off.
During June 2006, they’re offering a Web-only coupon code special.
Use Coupon Code KERQ206 for $5.00 off ($14.95 instead of $19.95)!
They’ve also got a 2-fer Special — 2 licenses for $24.96 instead of $39.95!
*/ ?>
and
How about an update on the current SPF I too have used SPF since the Kerio days, and also have some issues. When the computer starts, it tries to connect with my IP server. If it can not, it locks up. since I often use the computer off line, this is a significant problem. Right now I am looking for a windows conflict solution. I suspected a keylogger, do activated the diagnostic logging feature of XPsp3. What I did not know was that Windows would try to notify Moma (windows home server) first thing during the boot. SPF would not let it out and so my computer is locked up. The only way out is to power down. The next time Windows decided the computer had changed since installation and that I had 3 days to register. Since it locks up before Windows completely boots there is no way to boot or register. Is there a way to disable SPF in dos with the disable commant
Sunbelt/GFI appears to have retired Sunbelt Personal Firewall in favor of VIPRE Antivirus Premium.
If you’re a “paid” user, contact their free tech support to see if they can solve the problem for you.
You can always start up in Safe Mode and disable it.