With centrally managed firewalls, the kind we tested for this review, a centralized server dictates the security policy. Each client queries the server to download its policy file and upload status reports--then enforces the server's policy mandates.
We tested desktop firewalls from Internet Security Systems, Securitae, Sygate Technologies, Symantec and Zone Labs. We also invited InfoExpress, whose product won our Editor's Choice awards in previous desktop firewall reviews, but the company declined to participate because a new version of its product was in beta during our tests.
With these firewall products, the central management server and end-user desktop clients are directly and completely intertwined, though the client software usually has one name and the server another--for example, ISS's ICECap manager and RealSecure Desktop.
We tested only Microsoft Windows systems in this review. Although all OSs contain vulnerabilities, there are comparatively few malicious programs on non-Windows/Intel platforms. That is to be expected: Windows sits on more than 90 percent of desktops in the United States and is therefore a more enticing target.
Our test bed used 600-MHz Pentium-based computers running Windows 2000 as management server and client stations. When necessary, we installed Microsoft SQL 2000 on the management server.