Hmm.. I use ZAP (Zone Alarm Pro) mainly. Tho if ur a linux user, your BEST chance of having a decent and good firewall that you would know inside out, is by learning how to set ur IP Tables and Routing Tables. which are basic functions of a *nix machine. Win2K and am not really sure but i think NT has the routing tables function too. Im not sure about XP either. anyway, its not the firewall that makes your box secure, it is how the owner takes care of it. In my current job, i have seen many systems plagued with viruses and trojans. but guess what? the systems were armed with a minimum of 2 Anti-Viruses and 2 firewalls. But it was plagued by viruses and trojans and dialers. Just another proof that the security is not always based on what you use, it is based on how you use it.

mainly, try to avoid using default values. coz most vulnerabilities are found from default settings. I have used Kerio and it is good. I tried black ice, never liked it. Sygate pissed me off so bad coz it edited my MBR for some odd reason and my system wont load windows. i had to use a boot disk and uninstall the bastard. so now im using ZAP.

i have my system secured tight enough that u cant even ping me, but loose enough that we can even play P2P games hehehe..

and oh, if any of you wonder if ZAP has IDS, the answer is YES. download VisualZone, its ZoneAlarm's IDS Add-On. which i really dont think you NEED if ur a ZAP user. but for ZA user, yeah it would be handy. because you can back trace the attack and get MORE details about the attack which basic ZA cant offer but ZAP can.