I think the best defence against getting a PC ‘zombied’ is to install as little software as possible on it (only trusted software from trusted sources), keep it up-to-date and to avoid accessing anything you don’t trust. Once some bad software is on your machine, it’s essentially game over. Yes, a software firewall at that point might be able to prevent other machines getting infected, but it really is too late.

But having said that, I accept that this is an ‘ideal world’ sort of scenario I’m asking for. In the real world, with non-technical users, it might be difficult to enforce those conditions.

I personally tend to rely on the built-in Windows Firewall on the Windows machines that I run and are responsible for, in combination with a firewall at the router level. Again, though, I make sure those machines don’t do anything ‘dodgy’, so I trust the software installed there.

So to actually answer your question – I’m not really looking at that type of product for the stuff I do, so I’m not sure what to recommend. This list of recommended firewalls at Lifehacker might be something to look at, though. Again, as I say, I haven’t looked at this type of product, so I can’t personally vouch for any of them.

I recently installed Zone Alarm and ran into problems with some apps not working unless I turned off Zone Alarm, but also not logging anything in ZA’s log! I started a couple of threads on their discussion forum that turned real geeky, real fast! Unless I’m willing to talk ports and filtering that’s a no-starter!

But non-geeks can’t talk ports and filtering.

The biggest problem in PC’s today is that security software like malware-/virus- checkers and firewalls STILL require too much geekiness for Aunt Martha and Uncle Ned, so they don’t do them, and thus there are vast armies of zombied PC’s speading trouble!