A firewall program is designed to protect your computer and its files from hackers. Without proper protection, your system and your data files can fall into the hands of those who are up to no good. A firewall program filters both inbound and outbound network traffic and gives you control over who and what accesses your computer and its files. However, there are many entrances into and out of an Internet connection, and not all firewall programs can sufficiently protect every one of those entrances. CNET Labs uses Insecure.org's Nmap ("Network Mapper") application--an open-source, industry-accepted Internet security testing standard--to gauge how well a firewall application protects a system by testing how well the Internet entrances are guarded.

Test environment

Firewall software is tested on a Dell Dimension 3100 desktop system with a 3GHz Intel Pentium 4, 512MB of DDR2 SDRAM running at 533MHz, a 160GB Western Digital WD1600JS hard drive, and Windows XP Professional SP2 with the latest security updates installed. We test with Windows XP SP2's built-in firewall disabled. Once the firewall software being tested is installed, it is configured with the highest-available protection settings. The Dell is connected to a closed network (with no Internet access), with the only other system on the network being the one we use to send the port-attacking commands to the Dell.

Performance testing

We use Nmap's nine most popular port-attacking commands to probe all 65,535 ports of a system. A detailed report is generated for each command, which reveals the status of each port as Open, Closed, Filtered, Unfiltered, or Stealth. Stealth is the best possible status and indicates that a firewall is working well. We analyze the reports and use them to provide an overall performance evaluation of the effectiveness of the firewall software.