I've seen many recommendations for many of the free firewalls. I've used three, Sygate being the most recent. My comments about ZA and Tiny (it was still TPF while I used it) are based on a few years ago; I'm wondering how they've improved.

Zone Alarm was very easy to configure; I just configured it to allow programs, or disallow. It notified me non-stop; very frightening to a firewall newbie LOL, till I figured that a lot of them were supposed to be happening, and I configured the notifications. After more studying, I wondered how I could have certain programs to have access to only certain ports, and domains or IPs. I couldn't find how to do that with ZA. I asked at some forum/board, and was notified that ZA couldn't do that, to try Tiny.

*Has this changed with newer versions of ZA (allowing the user to make rules that X program may have in or out connections through xxx port to xxx domain/IP)? After seeing so many recommending the current version of ZA (free), I'm curious if they'd started to allow advanced rules. After checking their comparison page, it doesn't look like they allow advanced rules to be made. Is this correct?

That computer died after we flooded. On my new pc I tried Tiny, since the newest version of ZA wouldn't run on my new pc (that was at the time that ZA wouldn't work with some computers after they'd upgraded for XP).

I couldn't figure it out; I DL'd their help PDF, and still had troubles with it. I joined their egroup, lurking till I'd worked up the courage to ask what I should search so that I could learn to make the rules. They sent me to a TCP/IP online book that I was to read first, then a rule making tutorial. It was a lot of studying, but a great learning experience.

Tiny's makers upgraded to another version, and many members had problems with it, so I didn't DL it. Many recommended changing to Sygate. So I tried that one.

Since I'd learned rule making with Tiny's egroup's help, Sygate was kind of easy to figure out. But it had more options it seemed (unless I'd not found all of Tiny's options while I had it). I denied everything, then went into advanced and made rules so that x program would have in/out access with xxx ports to xxx IP range (when applicable), and placed those rules over the deny all rule.

I don't have it on this pc to look up the exact terms, (that's why I'm searching on what free firewalls might be better), but there were a few things I didn't care for with Sygate:

[list=3][*]Run as a client had to be UNchecked for every rule I made (if I remember that correctly, maybe it was "as a service"). I read about that in Langa's newsletter.
[*]It wouldn't take domain names. I'd never had a problem having to put in IP ranges/blocks (rusty and can't remember which one), I'd look it up with Sam Spade. But I installed ICQ to chat with a friend, and apparently their IP# changed quite frequently. I had a really tough time with Sam Spade on that one I looked up on ICQ's help page with firewalls, and they wrote to enter in the DOMAIN name. I could never find a way to do that with Sygate.

I'm assuming that since ICQ wrote to enter a domain name, that other firewalls might have that option. That would be MUCH easier than looking up the IP stuff, I think.
[*]The free version wouldn't allow running stealth, and I believe it wouldn't export rules either (or maybe I couldn't figure it out, but I did try *S*)[/list=3]

I've read about Outpost here a lot, and am going to give that one a try on this pc. But if I don't care for it, I'll get Sygate again. Even though it had a few things I didn't care for, I still preferred it over the others free firewalls I've tried. I'll try to rememeber to comment on Outpost (or ask questions LOL), after I've had it long enough to feel comfortable with the configuration.