Adam (aka @wvpv) recently commented on my Personal Firewalls post.

He said:

Personal firewalls are too confusing for non-technical people, in my experience. It’s the whole pop-up thing, I think. I don’t recommend them.

I recommend:
- OpenDNS set up on a DD-WRT router (for categorically blocking sites)
- Firefox as the primary browser and the Adblock Plus add-on (you can’t click on an evil ad if it isn’t there)
- NOD32 Anti-virus (running the Symantec complete uninstaller is one of my favorite things)
- Automatic Windows Updates turned on.

And by and large I do agree with him. What I failed to make clear, I guess, was my target market for personal firewalls (PF). In short, I believe those that are best served by PF are the un-skilled; the non-technical; or simply don’t of can’t learn about yet another thing market.

Call them newbies, call them techno phobes but whatever you lable them they all have one thing in common. They can’t be expected to setup Adam’s recommendation. Whereas with a PF they can probably do that in their sleep (more or less) and certainly there are plenty of forums and support sites willing to assist with any problems. For my part it comes down to time.

Whilst I’m prepared to help and and all with my knowledge it is finite.

With a PF I can talk someone through installing it over the phone. And on the whole whilst the PC reboots after the install (something I always recommend even if the software doesn’t) I can explain the mechanics of what they should and shouldn’t do with the PF. These are:

• Don’t blindly click Allow or Yes to all popups
• Equally don’t click No or Deny to every popup.
• Do consider the popup in the light of what you are doing.

So as an example – if you’ve just opened up a MS Word document it is likely you’ll get a popup warning that it wants to access the web. Is this a bad thing? No, not per se but ask yourself if you want MS Word talking out to the web every time? Consider also that if you say no, then you won’t be able to gran extra clipart from within MS Word until you undo the firewall restriction.

But let me take Adam’s points one at a time …

1. The popups – unfortunately this has been a major downfall of PFs. Folks either turn off the firewall or incorrectly click an alert and later wonder why something isn’t working. But the PF makers are addressing this. I know of BitDefender Internet 2010 that works extremely well in this respect. Also TallEmu utilise their own database called OASIS. What these two do is take known software and create rules ‘on the fly’ – with BitDefender you can even go so far as to tell it to not tell you it’s done that. Now that is cool.

Unfortunately not everyone has it sorted. Jetico for example was nicknamed by a friend as Jetico Personal FEARwall because of its array of popups. All I can suggest is trial and error, but do look here for details of which PFs are better than others but be warned that the list is slightly out of date now.

2. Install DD-WRT – absolutely but make very certain you know what you’re doing. Firstly it will invalidate any warranty on your router. Second, not every router manufacturer is supported and of those that are not every model. Third, be aware that DD-WRT’ing your router has the potential to “brick it“. Last, you generally have to configure it afterwards – and it isn’t for the faint hearted.

3. Setup OpenDNS – by all means. In fact I applaud Adam for reminding me of this one. One caveat though – if you have hosted services on an IP that isn’t from your home range then I have found that exceptions need to be added to the OpenDNS setup. With IP’s that don’t belong to you there are hurdles to cross as you have to open a support ticket. It can be done but not always quickly.

4. Install Firefox and the adblock plugin – as with OpenDNS, absolutely. My caveat for this, be aware that adblock will by default block lots of content that you may be used to seeing. It can be a confusing experience for unwary users who may wonder what’s going on and blame the outcome on a virus. I’m just saying!

5.  Finally – turn on automatic Windows Updates. Yes and No.  I am absolutely in favour of making sure your windows software is kept updated. However there are far too many occasions when the very update designed to protect you causes more problems than the update was intended.

For my money I manually update after a week (when the update has had time to cause its havoc and be fixed or workarounds found) or so and use a third party service that tells me of Windows Updates but also tells me about all the other software I have installed that is out of date. Personally I use Secunia’s PSI, but there are a number of such tools on the internets.

Do you agree with me or do you, like Adam, have other options?

Remember though I’m trying to target non-techies.