Connection Protection - Reviews - Software - Security

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Australia.
--------------------------------------------------------------

Connection Protection

October 11, 2001
URL: http://www.zdnet.com.au/reviews/software/security/soa/Connection-Protection/0,139023452,120261088,00.htm

Protect your PC from intruders with one of these five firewalls.

• ZoneAlarm 2.6

• McAfee Firewall 3.0

• Tiny Personal Firewall 2.0.14

• Norton Personal Firewall 2002

• BlackIce Defender 2.5

When was the last time you parked your car in a busy lot but left the keys in the ignition and the motor running? How often do you leave your house with the doors and windows wide open?

Never, of course; we all lock up our property to prevent theft and malicious damage. But if you leave your computer connected to the Internet without any special security of its own, you're leaving it as open to intruders as a house with no locks. Although your PC may not contain information that can change the balance of world power, you'd be amazed at just how much sensitive personal data hackers can find in a Microsoft Money file or in your browser's cookie file.

The best way to protect your PC from Internet intruders is to install and set up a firewall. Corporations usually run expensive hardware-based firewalls to protect their networks, but for the individual's PC, we recommend personal firewall software. Firewall software monitors your Internet connection, alerts you when an outside connection tries to access your system, and blocks that attempt if you want it to. Some firewalls will also alert you when programs on your own PC attempt to access the Internet unexpectedly (possibly indicating the presence of spyware on your system).

We reviewed five popular personal firewalls. All of them shield your PC from unauthorised entry, but one does it better than the others and does it for free.

ZDNet recommends
Our favorite firewall turns your PC into a veritable lockbox. Plus, it's free.

Feature comparison
Not all firewalls are created equal. Find out what protection you get from each personal firewall.

ZDNet Labs tests personal firewalls
See how we put these five firewalls to the test.
ZDNet recommends

ZoneAlarm 2.6
For the second year running, ZoneAlarm walks away with CNET's Editors' Choice. This powerful personal firewall effectively blocks the ports that hackers can use to gain entry to your PC. It continually monitors your Internet activity and can notify you when an intruder attempts to connect to your computer or when a program on your hard drive tries to access the Internet. Best of all, ZoneAlarm is easy to configure and it's free. You can't beat that. ZoneAlarm 2.6

• ZDNet recommends • ZoneAlarm 2.6

• Norton Personal Firewall 2002 • McAfee Firewall 3.0

• BlackIce Defender 2.5 • Tiny Personal Firewall 2.0.14

• Feature comparison • ZDNet Labs tests personal firewalls

ZoneAlarm 2.6

ZDNet Rating: 9 out of 10
ZDNet Review
Special to ZDNet, Stephen Bigelow

In today's wired world, Internet access isn't just a convenience, it's a necessity. While Web browsing and downloading are faster than ever, your open connection to the Internet (especially those always-on connections such as DSL or broadband) also makes it easier for outsiders to access your computer, putting your sensitive files (such as passwords or financial data) in jeopardy. ZoneLabs ZoneAlarm 2.6 is a free firewall that protects your PC from unauthorised intrusion by blocking the TCP/IP ports most frequently used by hackers. Personal or business PC users, especially those with high-speed cable or DSL Internet access, will benefit from ZoneAlarm's solid protection. If you're not planning to use ZoneAlarm for work, download the free version right away. If you're not planning to use ZoneAlarm for work, download the free version. ZoneAlarm works so well that small-business owners should consider forking over US$39.95 for the license.

Setup's a breeze
To get started with ZoneAlarm, download the free 2.9MB file. The ZoneAlarm file extracts itself automatically and installs in less than a minute. After a series of brief introductory screens, where you simply click Next and accept the default values, you'll find the ZoneAlarm icon conveniently sitting in the system tray. By default, ZoneAlarm installs with high Internet security (as opposed to its medium or low settings), so there's no complicated configuration, and you get maximum protection right off the bat. Just install it and go.

Easy to use
The heart of ZoneAlarm is its main screen or control panel. Its straightforward, five-button layout allows you to set configuration and security options such as low, medium, or high; select which programs can and cannot access the Internet; lock or unlock the connection; and review the details of any alerts ZoneAlarm sounds. Two sets of gauges on the left side of the panel monitor upstream (incoming) and downstream (outgoing) Net activity. A padlock icon shows the status of your Internet connection and allows you to quickly lock the system so that no activity is allowed if you need to step away. Alternatively, you can set the lock to activate automatically whenever your screensaver turns on. When trouble strikes, simply click the Panic button from within the control panel to shut down Internet access immediately.

In our labs' official tests, ZoneAlarm, like most of the other firewalls we reviewed, both closed and stealthed, or hid, all of the ports on our test computer. So, not only will hackers be unable to access your closed ports, they won't even know you're online.

Service and support
Even though ZoneAlarm 2.6 is free to individuals, ZoneLabs maintains a support Web site that includes a comprehensive FAQ and access to an online form where a ZoneLabs technician answers your support questions within three to four business days. It's not speedy, but any support for a free product is certainly helpful.

ZoneAlarm offers proven Internet protection and event reporting that's tough enough for those interested in protecting their system from intrusion. In fact, it's so easy and thorough that, for the money, it's a much better deal than more expensive firewalls such as Norton Internet Security.

The good: Free; thorough protection against outside attacks; easy to set up and use.
The bad: Annoying nag screen at start-up.
The bottom line: ZoneAlarm provides excellent free protection for any individual who surfs the Net. If you can stomach the ads, it's well worth the download.

• ZDNet recommends • ZoneAlarm 2.6

• Norton Personal Firewall 2002 • McAfee Firewall 3.0

• BlackIce Defender 2.5 • Tiny Personal Firewall 2.0.14

• Feature comparison • ZDNet Labs tests personal firewalls

Norton Personal Firewall 2002

ZDNet Rating: 8 out of 10
ZDNet Review
Special to ZDNet, Stephen Bigelow

All firewalls can block incoming access to your computer, but not all provide the level of two-way protection that Norton Personal Firewall (NPF) 2002 can. This app offers relatively simple installation and setup and protects systems from both incoming and outgoing connection attempts. It not only keeps Web sites and hackers from accessing your system, it also won't allow viruses or any other programs to access the Internet without your knowledge.

Unfortunately, NPF is a bear to configure, so we recommend it primarily for technically savvy folks who know their way around a PC and need detailed security settings. Everyone else will benefit more from ZoneAlarm's simple interface and zero price tag.

Standard setup
Although Norton Personal Firewall (NPF) ships as part of the Norton Internet Security 2002 suite, you can also purchase it as a separate package or download it directly from Symantec. Installation is easy enough; even if it weren't, NPF dialogs walk you step-by-step through the entire process.

Sadly, configuring Norton Internet Security (NIS) takes much more effort. When you launch NIS 2002 for the first time, a wizard walks you through the initial setup process and helps you customise the firewall's default configuration. For example, you can change your privacy settings from Medium to High and decide which Internet applications you'll allow to penetrate the firewall. Unfortunately, we found it confusing to navigate the jumble of configuration dialogs without the manual and some practice.

Lots to tweak
If you want to tinker with these settings at a later date or check your Internet status (the number of alerts and alarms you've experienced) at any time, double-click the NPF System Tray icon. The resulting control panel looks like a well-decorated Windows dialog box. And, like the other programs we reviewed, NPF lets you retrieve program updates from the Web, view how many times outside people or programs have tried to access your system, configure firewall settings (including security levels, Internet access, and port blocking), access the firewall's help files, and adjust privacy settings to either Low, Medium, or High.

Norton Internet Security's default Medium security and privacy setting blocks any program from accessing the Internet. When a new program tries to access the Internet, a pop-up window asks if you want to permit access. If you choose to save these settings, NPF will remember them every time the same program tries to go online. Eventually, NPF learns which programs you want to access the Internet, and those annoying pop-ups trickle off. The Medium setting also warns you before you send personal information (including your name, address, or credit card number) over the Web, but it doesn't block sites from setting cookies on your hard drive. In many cases, this is just an inconvenience, but some cookies can pose a security threat. If you run NPF with security set to High, the program also prompts you before allowing active content (such as Java and ActiveX Controls, which can create potential entryways into your system) to run and alerts you whenever an outsider scans or tries to access your PC's ports. It also prevents you from sending any personal browsing information and alerts you each time a Web site creates or tries to access cookies. Also, the Reporting slider lets you decide just how much of this information you want to see. Set it on High, for example, and NPF alerts you to any and all access attempts. But all of these protection options come at a price: you'll need to learn to navigate your way through a maze of dialogs to find the settings you're looking for.

Tight security
In our casual tests, we let loose Port Detective (a small client that tests selected ports for possible security problems) on our NPF-protected system. Port Detective attempted to access computer ports 21, 23, 25, 80, 137, 138, 143, and 443. But NPF resisted Port Detective's probing better than any other product in the roundup. Even at Low security, on our machine, NPF blocked ports 21, 23, 25, 80, 137, 138, 139, 143, and 443 and prevented all unauthorised email and Web access. At Medium security, NPF asks permission before allowing any email and Web access. At High security, by contrast, NPF locks down all ports and doesn't allow any Internet access whatsoever.

In our labs' official tests, NPF, like most of the other firewalls we reviewed, closed all of the ports on our test computer and made them invisible to hackers. So, not only will hackers be unable to access your closed ports, they won't even know you're online. Limited support

If NPF gets too confusing for you, you can find free email support 24/7 at the Symantec Web site. The Web site offers patches, updates, downloadable manuals, FAQs, and a searchable knowledge base for particular questions. Replies to our email came a little faster from Symantec than from McAfee, but the answers were rather short and basic; don't expect lots of hand-holding. There is no free telephone support for NIS, but fee-based support is available.

Solid but pricey
All in all, NPF 2002 has what it takes to protect your PC from intruders without and digital traitors within. However, unless you want a program that, say, warns you before you send personal information, at AU$99 NPF costs too much for us to recommend it over equally effective and less expensive products such as ZoneAlarm.

The good: Provides solid privacy protection and two-way defense against unauthorised Internet connections.
The bad: Can't block or permit specific sites.
The bottom line: Norton Personal Firewall 2002 has everything you need to keep your computer safe and sound, but this AU$99 program costs too much to beat the free ZoneAlarm.

Norton Personal Firewall 2002
Company:Symantec Australia
Ph: 1800 680 026

• ZDNet recommends • ZoneAlarm 2.6

• Norton Personal Firewall 2002 • McAfee Firewall 3.0

• BlackIce Defender 2.5 • Tiny Personal Firewall 2.0.14

• Feature comparison • ZDNet Labs tests personal firewalls

McAfee Firewall 3.0

ZDNet Rating: 8 out of 10
ZDNet Review
Special to ZDNet, Stephen Bigelow

In theory, Internet security is simple: you need to keep intruders out of your PC and allow only authorized programs on your system to access the Internet. Fortunately, McAfee Firewall makes Internet security just as simple in practice. This firewall is easy to set up and protects your system from incoming and outgoing communications on dial-up and broadband services. McAfee Firewall also thoroughly logs and tracks security events, so you can keep detailed records of any threats. This update fixes many of the limitations found with previous versions. For example, you can now block or unblock specific IP addresses. In short, McAfee's attractive interface and feature set are on a par with the other firewalls we reviewed. But McAfee doesn't offer anything you can't get free from ZoneAlarm or Tiny Personal Firewall.

No surprises during setup
You can purchase McAfee Firewall in stores or online or download it directly from McAfee-at-home.com. Installation itself is easy; a wizard walks you through. To speed up the process, McAfee saves configuring firewall-related settings for later.

Once you reboot your system, McAfee Firewall is off and running. Unless you disable the program, it runs constantly in the background with minimal resource drain, monitoring your Internet connection. If you want to change any configurations or preferences at any time, simply double-click the McAfee Firewall icon in the System Tray to open the McAfee control panel. Version 3.0 uses a colourful, Windows XP-style interface which may confound newbies, but shouldn't be a problem for experienced Windows users.

By default, McAfee filters all data passing to and from your PC and lets you block or allow traffic as needed. If you set McAfee Firewall to filter traffic, anytime a program (such as AOL) tries to access the Internet, McAfee Firewall asks whether you want to permit it. McAfee also warns you when an outside program tries to access your PC. The firewall even lets you personalise alert preferences and sounds. One welcome improvement with version 3.0: McAfee now offers an Activity Log that lets you see an ongoing record of firewall activities; you can clear or print the log. With one or two clicks, you can set what level of access you want each program in the list to have, including block, filter, allow full access, or remove it from the list.

Access denied
In our casual testing, we sicced Port Detective on our McAfee-protected computer. The Port Detective application--a free utility provided by the Port Detective Web site--attempted to access a series of common ports on the test computer. When we set McAfee Firewall to Allow All or Filter, ports 21, 23, 25, 80, 143, and 443 remained closed, protecting the PC against potential email and Web attacks, while allowing normal Internet access. Allow All lets all programs access the Internet, but Filter causes a pop-up that lets you accept or deny the connection. Of course, when security was set to Block All, our applications couldn't even access the Internet, which is precisely what we expected. In our labs' official tests, McAfee Firewall managed to close and hide every port on our test PC. But although the program closed port 113, it failed to hide that port, meaning that hackers can see that your PC is online.

Standard Web support
McAfee Firewall 3.0 offers a convenient link to technical support directly from the main dialog. McAfee provides online documentation and tech support, available 24/7 through the McAfee Web site. There, you'll find instructions and online help, along with an online forum where you can discuss your problem with other users. You can also email questions and issues to technical support. There is no free telephone support for McAfee Firewall, but McAfee, similarly to Symantec, does offer several fee-based telephone support plans. In our tests, email support took more than a day to respond to our questions--a bit frustrating, since there is no other free way to get hold of a McAfee representative.

Pass on this one
McAfee Firewall's attractive interface and suite of features make it ideal for the home or small-office user looking for optimal protection with a minimal learning curve. At AU$60, the cost is also very competitive. But there are other excellent firewalls, including ZoneAlarm, available for free, so unless you're considering a larger McAfee security package that includes the firewall, pass on McAfee Firewall 3.0.

The good: Easy to learn; shows activity and filter settings in a main window.
The bad: XP-oriented UI may be a bit confusing for beginners.
The bottom line: This attractive, low-cost firewall offers you effective Internet protection, but we recommend ZoneAlarm for more intuitive Internet access controls.

McAfee Firewall 3.0
Company:Network Associates
Ph: 02 9761 4200

• ZDNet recommends • ZoneAlarm 2.6

• Norton Personal Firewall 2002 • McAfee Firewall 3.0

• BlackIce Defender 2.5 • Tiny Personal Firewall 2.0.14

• Feature comparison • ZDNet Labs tests personal firewalls

BlackIce Defender 2.5

ZDNet Rating: 6 out of 10
ZDNet Review
Special to ZDNet, Stephen Bigelow

If you really want to know who's trying to get into your system, enlist BlackIce Defender. Anytime someone attempts to access a port on your computer, BlackIce traces and identifies the intruder's domain name. But BlackIce is no picnic to use, so to get the most out of it, you'll need to know a bit about Internet security programs. What's more, BlackIce lacks some basic features that its competitors offer: it doesn't prevent programs on your PC from connecting to the Web, nor does it scan email for potentially harmful macros or VBS files. Unless you really need to know who's trying to access your computer, try ZoneAlarm. It's easy to configure, it provides thorough security, and it's free.

Painless installation
Whether you purchase a BlackIce Defender CD or download it directly from Network Ice, the program is a breeze to install. There's nothing to configure during installation. You just let the program run, and once the installation is completes, BlackIce sits in the system tray, ready to go. You don't even need to reboot your PC--how's that for convenience?

Plain-Jane interface
To open the BlackIce control panel, double-click the icon in the system tray. The control panel itself is visually uninspiring but organizes each function into easy-reference tabs: Attacks (which displays a list of attacks and their relative priorities), Intruders (which identifies prospective attackers by name and IP address), History (which keeps a record of past attacks), and Information (which lets you decide how to handle attacks and reports). The main menu also allows you to optimise, or filter, the reports by type (for example, so that you see only pings to your PC as opposed to port scans), edit BlackIce settings (such as security level), and download program updates from the Web.

Lots of features, lots of clutter
To configure BlackIce Defender's security levels, you'll need to access the Settings dialog box under the Tools menu. From the Protections tab, you can set BlackIce's security level. The default Cautious (low) security setting blocks only some inbound traffic. The Trusting setting allows all inbound traffic. If you're the twitchy type, you can select higher levels of security that will block most (Nervous) or all (Paranoid) unauthorised incoming connections. The Detection tab lets you set which addresses and conditions BlackIce allows or ignores. The two Log tabs let you enable and set up the logging features to record and classify each intrusion event, such as a multicast or a ping. From the Back Trace tab, you can set BlackIce to find and record the source of the intrusion--a feature that really sets BlackIce apart from its competitors. However, you won't use Back Trace unless you're trying to hunt down and prosecute intruders. That's why only network administrators and security pros who can take steps against intruders need this app. Unfortunately, all of these settings and tabs also make BlackIce's interface a tad confusing.

BlackIce lacks two important features that most of its competitors provide. First, there's no way to block outgoing applications from using the Internet; for example, you cannot opt to prevent an FTP client, such as FTP Voyager, from accessing the Internet, while allowing another program, for example, Internet Explorer, to make connections. Second, BlackIce lacks a feature that scans email messages for suspicious attachments, such as macros or VBS files. ZoneAlarm is the only firewall that scans email.

Abundant support
If you're having difficulty with BlackIce's myriad settings, help is readily available. From the Information tab, you can access comprehensive help files that give you one-click access to specific BlackIce topics, online support, and the Network Ice Support Knowledge Base. For interactive help, head over to the Network Ice Web site anytime and check out its searchable knowledge base, online documentation, FAQs, and message board. There's also an advice area that covers a range of security topics and alerts. For specific questions, there's no free phone support, but you can get email support, and free updates are available for one year (they require your license key). The company's responses to our email inquiries were terse but prompt. Performance-wise, BlackIce was more than a match for its competitors. For our unofficial tests, we used Port Detective to try to access a series of common ports on the test computer. At high security (called Paranoid), BlackIce successfully blocked ports 21, 23, 25, 80, 137, 138, 139, 143, and 443. The Paranoid security setting bars all inbound traffic and blocks all ports so that Internet access is impossible. When we changed the settings to Cautious (low) and Nervous (medium) security, the program blocked all but port 80.

In our labs' official tests, BlackIce managed to close all of the ports on our test computer. However, whereas the other products we reviewed also stealthed, or hid, the ports from hackers, BlackIce left one port visible.

Only pros need apply
Although BlackIce offers options and features similar to other firewalls in this class, it's missing a few key features, including the ability to block suspicious email. Of all the programs we reviewed, only BlackIce lets you identify anyone who tries to access your PC. However, it may overwhelm average Web surfers. Unless you're a network administrator, you'll get better value from a straightforward, free tool such as ZoneAlarm.

The good: Collects comprehensive data about intruders.
The bad: Can't block outgoing data or suspicious incoming email; no telephone support.
The bottom line: Because BlackIce lets you collect copious data on potential intruders, we think it's best for the high-end and SOHO markets, but for a simpler and more effective solution, look to ZoneAlarm.

BlackIce Defender
Price:US$39.95 plus US$40.05 International Delevery, Subscription 1yr Additional US$19.95
Company:Macmillansoftware
Purchase Online:BlackIce defender

• ZDNet recommends • ZoneAlarm 2.6

• Norton Personal Firewall 2002 • McAfee Firewall 3.0

• BlackIce Defender 2.5 • Tiny Personal Firewall 2.0.14

• Feature comparison • ZDNet Labs tests personal firewalls

Tiny Personal Firewall 2.0.14

ZDNet Rating: 8 out of 10
ZDNet Review
Special to ZDNet, Stephen Bigelow

When you have access to the Internet, especially over an always-on high-speed broadband connection, your valuable files and sensitive information may be at risk. Without special software to guard your PC, hackers can access your computer to steal files or use it for nefarious purposes--even when you're not around. Tiny Personal Firewall (TPF) 2.0 from Tiny Software protects your PC from unauthorised access by monitoring the TCP/IP ports hackers use to get into your system, then allowing you to permit or deny connections, either at that moment or at any future recurrence. Tiny Personal Firewall gives competitor ZoneAlarm a run for its money, since it doesn't host the same annoying ads. Still, ZoneAlarm's ease of use and thorough security features make it our top pick for home users.

Easy installation
To get started with TPF, just download the svelte 1.5MB file. The self-executing file automatically starts itself and begins the installation; the whole process takes less than a minute. After TPF's brief installation dialog, in which you enter basic information about your connection and reboot, TPF works in the background from the system tray while you work in other applications.

A breeze to use
To raise or lower TPF's security settings, simply right-click the TPF icon in the system tray and select Firewall Administration. By default, TPF is set to Ask Me First, a setting that tells TPF to ask you for your permission to allow all incoming and outgoing port probes, or attempts to send or receive data. With this setting, whenever your PC tries to connect to another machine or an outside machine tries to connect to your PC--say, when you're sending data to a Web site or downloading software--you'll have to approve the request.

In the Firewall Administration pane, you can also increase protection to stop your applications from sending out any data and stop outside applications from sending data to you (high security). Or, you can ease protection to allow all communication except those connections you've specifcally restricted in your settings (low security). The Advanced button in the Administration window lets you create and edit filter rules, which, for instance, instruct TPF to deny all future requests from a given IP address. The Advanced button also allows you to adjust the level of detail in alert logs--the history of intruder alert message--and decide how long to store them on your PC.

Another nice TPF feature: the app lets you view the status of all open connections by right-clicking the TPF icon in the system tray and selecting the Firewall Status window. The resulting dialog lists the status of all applications on your system that are sending or receiving data. Although this information may seem cryptic at first glance, it provides a comprehensive summary of which apps are making contact with the outside world. When an unauthorised application attempts to communicate with your system, an alert window pops up. You can then permit or deny the connection or choose to add filter rules so that TPF will know whether to permit or deny that connection in the future.

Comprehensive protection
To test TPF, we used Port Detective over Juno's ISP service. We tested TPF's high, medium, and low security settings and found that when TPF was at the highest security setting, Port Detective could not even access TPF. When we reset TPF to its medium setting, the tests ran without compromising any ports. We were able to compromise ports only on the lowest setting. Fortunately, TPF comes set with the medium level of protection by default, so if you leave it in default mode, you should be perfectly safe. The trade-off: you'll have to interact with TPF annoyingly often to accept or reject communication requests.

Numerous support options
Although TPF lacks a live online help option, it does offer plenty of support avenues. Tiny Software maintains an online manual and FAQ that can answer many common questions. You can also download a manual as a PDF file from Tiny Software's site. Tiny also offers email support, or you can call a toll-free number (it's a toll call for international users).

Tiny Personal Firewall is a simple and straightforward choice for anyone who needs a firewall on a home PC. Add in the fact that it's free, and it makes sense to download TPF to protect your system from unwanted intrusions.

The good: Free; solid protection against hacker attacks; easy to set up and use.
The bad: No live online help; intruder alerts are cryptic.
The bottom line: Tiny Personal Firewall offers comprehensive protection for any home Web surfer. Best of all, it's free and well worth the download.

Feature comparison
Not all firewalls are created equal. Some protect you only from incoming dangers and completely ignore potential enemies within your PC. Here's the lowdown on each of the five firewalls we examined.

Comparison chart

Product Incoming protection Outgoing protection E-mail protection Blocks specific IP addresses Security logs

ZoneAlarm 2.6 Yes Yes Yes No Yes

Norton Personal Firewall 2002 Yes Yes No No Yes

McAfee Firewall 3.0 Yes Yes No Yes Yes

Tiny Personal Firewall 2.0.14 Yes Yes No No Yes

BlackIce Defender 2.5 Yes No No Yes Yes

But how did ZDNet test these firewalls?

ZDNet Labs tests personal firewalls
ZDNet Labs used free dial-up ISP Juno and the Internet security testing site ShieldsUp to test the firewall protection capabilities of Norton Personal Firewall 2002, McAfee Firewall 3.0, ZoneAlarm 2.6, Tiny Personal Firewall 2.0.14 and BlackIce 2.5. All applications were tested at the highest security setting.

We began our testing with IP Agent, a free utility provided by ShieldsUp that determines the test machine's current IP address, then contacts the ShieldsUp Web site to begin testing.

Next, the Port Probe utility tested our test system's defense against Internet port scanners. The test originates from the ShieldsUp server and attempts to establish standard TCP/IP (Internet) connections on a handful of standard Internet service ports on the test computer.

The different ports we tested were:

Port 21-FTP
Port 23-Telnet
Port 25-SMTP
Port 79-Finger
Port 80-HTTP
Port 110-POP3
Port 113-IDENT
Port 130-NetBIOS
Port 143-IMAP
Port 443-HTTPS

Each port gives one of the three following test results.

Stealth: This result means that the probe was not able to find this particular port on your computer. This is the most secure result.

Closed: This shows that the probe was able to detect this particular port on your computer but the connection was refused.

Open: This result means that the port is actively advertising its presence on the Internet. Port scanners will have no trouble finding this port.

More information on these tests and what the results mean can be found at ShieldsUp.