Not having a firewall currently (there, your free TRWTF) I decided to grab ZoneAlarm. It served me decently in the past, I guessed it could do no harm.

1. I go to their website. I see the enterprisey flash on main page. Good sign. +0.5 WTF
2. I click "Download and buy". Yay.
3. I click "Free 15 day trial". Suure.
4. A comparative table of the products opens up. I obviously pick the version with just the firewall, because that's all I need.
5. Needless to say, it's free (reread step 2: +0.5 WTF) and thus well-buried. "The best freeware firewall", woot. Well, I now must say I wish it was buried a little more. I click "Download".
6. I have to go through another of Check Point's attempt to get me to buy their software. Download I said.
7. It downloads... the downloader. Because, you know, who can trust those pesky download managers!  Who needs downloads resuming! I mean! +1 WTF
8. I fire up the downloader. It asks me whether I want to download the Win2000/WinXP version or the WinVista version. I mean, once you want me to run an executable, you could also check the Windows version while you're at it! +1 WTF
9. It asks me whether I want to download and install right now or install later. Sure, that's a level of flexibility your day-to-day browser doesn't offer, huh! +1 WTF
10. The downloader finally downloads. Sheesh!
11. It asks me for my name and email! Otherwise, I won't get to have updates. Why, yeah. I do want more spam in my inbox. You're welcome. +0.5 WTF
12. The EULA is there. I scroll through it then proceed. (Ahr, ahr, ahr. Another free TRWTF.)
13. It installs.
14. The firewall loads.
15. The firewall phails. It requires admin rights. Duh. +1 WTF
16. More ads. Am I really sure I don't want to buy the full bundle? Third time lucky, huh? +0.5 WTF
17. It asks me to reboot. Fair enough. I reboot.
18. i = -1;
19. Windows reboots.
20. 0x00000050 (0x94B661F8, 0x00000001, 0x86B3F039, 0x00000000) +2 WTF
21. I reboot again.
22. 0x00000073 (I'll spare you the rest) +2 WTF
23. i++;
24. if(!i) goto 19;
25. I unplug the USB Wireless adaptor.
26. I can finally login.
27. Am I really really really sure I do not want the full Internet Protection Privacy Suite? +2 WTF
28. It asks me if I want to allow basic Windows networking servers to work. Why, yes. I want to fuck up my computer some more. +0.25 WTF
29. I plug in the USB Wireless adaptor. No bluescreen.
30. I fire up Opera. I enable it.
31. I want to vent. I try and connect to IRC. (Ahr, Ahr, Again.)
32. Could not connect to host. Gah.
33. I twiddle around the settings, but realise there's only very basic control available. Port blocking is nowhere to be listed. And anyway it's a kind of knowledge much higher than you'd expect from the average user. Remember: "The best freeware firewall."
34. I fire up mIRC. Maybe it's configuration. 
35. Could not connect to host.
36. Start > All application > Zone Alarm > Uninstall
37. Could not find file. Do you want to delete the link? +1 WTF
38. Start > Control Panel > Add/Remove software > Zone Alarm > Uninstall
39. The classic uninstall questionnaire fires up. I close it in rage.
40. I uninstall it.
41. I reboot.
42. The worst chkdsk in the last six months starts. It has to delete a lot of damaged folders (mostly ZA's). Notice that, had the ZA files themselves been damanged, I couldn't have uninstalled them.
43. I log in.
44. I reinstall Opera due to chkdsk. +0.25 WTF
45. I finally vent on IRC.
46. I write this post.
47. I click Post.

Luckily, I only chose the firewall. I don't want to start imaging what would have happened if I decided to try the full suite.

Calculating the WTF score is left as an exercise to the reader.

badpazzword:

Not having a firewall currently (there, your free TRWTF) I decided to grab ZoneAlarm. It served me decently in the past, I guessed it could do no harm.

1. I go to their website. I see the enterprisey flash on main page. Good sign. +0.5 WTF
2. I click "Download and buy". Yay.
3. I click "Free 15 day trial". Suure.
4. A comparative table of the products opens up. I obviously pick the version with just the firewall, because that's all I need.
5. Needless to say, it's free (reread step 2: +0.5 WTF) and thus well-buried. "The best freeware firewall", woot. Well, I now must say I wish it was buried a little more. I click "Download".
6. I have to go through another of Check Point's attempt to get me to buy their software. Download I said.
7. It downloads... the downloader. Because, you know, who can trust those pesky download managers! Who needs downloads resuming! I mean! +1 WTF
8. I fire up the downloader. It asks me whether I want to download the Win2000/WinXP version or the WinVista version. I mean, once you want me to run an executable, you could also check the Windows version while you're at it! +1 WTF
9. It asks me whether I want to download and install right now or install later. Sure, that's a level of flexibility your day-to-day browser doesn't offer, huh! +1 WTF
10. The downloader finally downloads. Sheesh!
11. It asks me for my name and email! Otherwise, I won't get to have updates. Why, yeah. I do want more spam in my inbox. You're welcome. +0.5 WTF
12. The EULA is there. I scroll through it then proceed. (Ahr, ahr, ahr. Another free TRWTF.)
13. It installs.
14. The firewall loads.
15. The firewall phails. It requires admin rights. Duh. +1 WTF
16. More ads. Am I really sure I don't want to buy the full bundle? Third time lucky, huh? +0.5 WTF
17. It asks me to reboot. Fair enough. I reboot.
18. i = -1;
19. Windows reboots.
20. 0x00000050 (0x94B661F8, 0x00000001, 0x86B3F039, 0x00000000) +2 WTF
21. I reboot again.
22. 0x00000073 (I'll spare you the rest) +2 WTF
23. i++;
24. if(!i) goto 19;
25. I unplug the USB Wireless adaptor.
26. I can finally login.
27. Am I really really really sure I do not want the full Internet Protection Privacy Suite? +2 WTF
28. It asks me if I want to allow basic Windows networking servers to work. Why, yes. I want to fuck up my computer some more. +0.25 WTF
29. I plug in the USB Wireless adaptor. No bluescreen.
30. I fire up Opera. I enable it.
31. I want to vent. I try and connect to IRC. (Ahr, Ahr, Again.)
32. Could not connect to host. Gah.
33. I twiddle around the settings, but realise there's only very basic control available. Port blocking is nowhere to be listed. And anyway it's a kind of knowledge much higher than you'd expect from the average user. Remember: "The best freeware firewall."
34. I fire up mIRC. Maybe it's configuration.
35. Could not connect to host.
36. Start > All application > Zone Alarm > Uninstall
37. Could not find file. Do you want to delete the link? +1 WTF
38. Start > Control Panel > Add/Remove software > Zone Alarm > Uninstall
39. The classic uninstall questionnaire fires up. I close it in rage.
40. I uninstall it.
41. I reboot.
42. The worst chkdsk in the last six months starts. It has to delete a lot of damaged folders (mostly ZA's). Notice that, had the ZA files themselves been damanged, I couldn't have uninstalled them.
43. I log in.
44. I reinstall Opera due to chkdsk. +0.25 WTF
45. I finally vent on IRC.
46. I write this post.
47. I click Post.

Luckily, I only chose the firewall. I don't want to start imaging what would have happened if I decided to try the full suite.

Calculating the WTF score is left as an exercise to the reader.

 

TRWTF is your choice of ZoneAlarm.  I gave up on it years ago.  I personally use an _old_ version of kerio personal firewall (the new version has been enhanced past the point of useability IMO).

 

15. Not a WTF.  Installing security software and/or software with system hooks _should_ require admin rights.

 

#8 is not a WTF either.  Just because you're downloading it from a specific machine doesn't mean you're going to be using it on that machine.  Maybe they could detect and select your machine by default, but giving the most common option also makes sense.

In my personal experience, ZoneAlarm is a very effective firewall. If you can't connect to the internet, and the internet can't connect to you, you're clearly immune to all the nasties out there, right?

Morbii:

#8 is not a WTF either.  Just because you're downloading it from a specific machine doesn't mean you're going to be using it on that machine.  Maybe they could detect and select your machine by default, but giving the most common option also makes sense.

There is a system call that will tell the program which version of windows you're using, asking the user something the computer already knows is stupid.

Does IPTables or any derivatives run on windows? I personally don't use firewalls on windows boxes because the're usually behind a linux/hardware firewall in my setup, having a software one one seems redundant.

Morbii:

#8 is not a WTF either.  Just because you're downloading it from a specific machine doesn't mean you're going to be using it on that machine.  Maybe they could detect and select your machine by default, but giving the most common option also makes sense.

 

I'd say there's a good chance that the downloader actually downloads and installs the programme to the current computer.

In that case, it's just stupid not to use the detected version of the OS. 

Rodyland:

 

15. Not a WTF.  Installing security software and/or software with system hooks _should_ require admin rights.

The WTF, as far as I can see, was more that the firewall software failed rather than dealing properly with the admin rights situation.
 

drinkingbird:

The WTF, as far as I can see, was more that the firewall software failed rather than dealing properly with the admin rights situation.

 What?? Should it have scanned the system for known privilege-escalation vulnerabilities instead so the installation could continue?
 

Lingerance:

Morbii:

#8 is not a WTF either.  Just because you're downloading it from a specific machine doesn't mean you're going to be using it on that machine.  Maybe they could detect and select your machine by default, but giving the most common option also makes sense.

There is a system call that will tell the program which version of windows you're using, asking the user something the computer already knows is stupid.

I don't think you actually read what Morbii wrote. 

I thought I'd give Zone Alarm a go recently. Had the exact same issue you did. I'd reboot, blue screen. Reboot, blue screen. So I went into Ubuntu and deleted the Zone Alarm directory (thank you for NTFS read/write Gutsy!) in the hope that'd fix it. Nope, still died. Wound up having to go in in safe mode, fire up the services manager and disable the service. A reboot worked. Then I had to REINSTALL Zone Alarm simply to uninstall it again. Guess is secures your system. Can't hack a blue screened system.

The software is horrendous, it really is. I've also had similar problems with other software (Kerio for example) on other systems where it'd blue screen immediately.

I now don't bother with a firewall. (I'm behind a router, though I do miss being able to stop certain programs accessing the net.)
 

Vista ... firewalls ... clumps of hair all over the table and floor ...

No idea. Horrible mess. Trying to print from one neighbour's PC to another. At one stage the Symantec firewall on the one PC seemed to knock the other one completely off the Net, and Symantec seemed to be mistaking printer sharing for hack attempts. Goodness knows.

I have BitDefender 10 Free anti-virus on my PC, just for occasional checks. One BitDefender service is taking too long to start, and another one is being started too early and then bails out due to depedency problems. They told me to use their uninstall tool to remove it, and reinstall the program (nothing to do with it of course, although this bug was reportedly fixed months ago, long before I installed it).

I run the uninstaller. Reboot. Run the installer ... "Modify/Repair/Remove".

WTF? I've already removed it ... haven't I?

Add/Remove Programs reports 35 MB of it still install, but I review every folder it could possibly be and it's all cleared away and gone. I try Remove in the installer, and summarily receive error 2753. I try to remove it via Add/Remove Programs ... error 2753.

I suppose Repair might work, although I have no idea how it would deal with the entire program not being there any more. I'll see what BitDefender say.

I might not even put it back. I have 512 MB RAM and something related to BitDefender was using 120 MB of the nonpaged pool, which is nasty: it's back to only 14 MB now. It was .NET that seemed to trigger the huge RAM drop, but I only identified it as nonpaged usage last Friday night. Seems BitDefender and .NET 2 don't get along, as right before I put .NET 2 on, the nonpaged pool was at still only at 16 MB according to a screenshot I'd taken. I don't like my PC being effectively reduced to 400 MB physical RAM.

bobday:

drinkingbird:

The WTF, as far as I can see, was more that the firewall software failed rather than dealing properly with the admin rights situation.

 What?? Should it have scanned the system for known privilege-escalation vulnerabilities instead so the installation could continue?
 

Yes, please, since the grandma forgot the admin login and I forgot to bring my SAM editing disc.

Lingerance:

Does IPTables or any derivatives run on windows?

iptables is just the userspace configuration widget for netfilter, part of linux itself. I suppose you could use colinux, but that's about it.

 

I personally don't use firewalls on windows boxes because the're usually behind a linux/hardware firewall in my setup, having a software one one seems redundant.

These so-called "personal" firewalls, running on desktop Windows boxes, are braindamaged and wrong. They are also worthless. If you do not have a separate box, connected to the internet on one side and your local network on the other, then you have not made an appreciable improvement to the security of your network - even if the buzzword "firewall" appeared somewhere in the product.

A firewall is not a toaster. You don't just shove it somewhere in your kitchen and ignore it and then expect it to do anything useful.
 

I think personal firewalls are most useful for preventing outbound connections.  Even with no viruses, it's sometimes nice to forbid a program from accessing the Internet.

Rodyland:

15. Not a WTF.  Installing security software and/or software with system hooks _should_ require admin rights.

The WTF is, of course, that I had admin rights -- it would have failed to install the program otherwhise, would it not? The No-Admin-Rights error came after the install was completed successfully...

Morbii:

#8 is not a WTF either.  Just because you're downloading it from a specific machine doesn't mean you're going to be using it on that machine.  Maybe they could detect and select your machine by default, but giving the most common option also makes sense.

So why the need for a downloader again? See point 9.

I would have given up at number 5.

Realplayer, WinAmp, DivX, and many others had this problem of pointing you to the paid for version. They all are now all virtually dead, or have changed their strategy (offering Google Toolbar). If they don't offer you the free version up front, it says a lot about their business practices, and that says a lot about how they build their software.

yet another Matt:

Realplayer, WinAmp, DivX, and many others had this problem of pointing you to the paid for version.

*shrug* I'm registered. I don't even need any of the Pro features (Audiograbber + LAME do me fine).

Don't you have a router for your internet. most modern routers have firewall functions, and if you'r lucky they even sport ipchains/iptablesm which in some cases can be fully tweaked by connecting to the router via telnet.

Sure it won't ask you "Should this application be able to connect?", but it's like actually secure, instead of just giving you that warm fuzzy feeling while trojans and other kinds of nasties simply work around your desktop firewall me-thingy.

The only benefit of a personal firewall is as said by someone already to let you know what applications are using the network ad offering an option to prevent them doing so. I wish i had that kind of free tool... Something that simply lists network using programs/processes and if I could somehow get the bandwidth they are using, that would absolutely ROCK, plus it could use  an option to prevent specific items on list form connecting, but thats not mandatory, you can always kill the offending process.

... + I wish someone would write something like that for linux... 

death:

The only benefit of a personal firewall is as said by someone already to let you know what applications are using the network ad offering an option to prevent them doing so. I wish i had that kind of free tool... Something that simply lists network using programs/processes and if I could somehow get the bandwidth they are using, that would absolutely ROCK, plus it could use  an option to prevent specific items on list form connecting, but thats not mandatory, you can always kill the offending process.

... + I wish someone would write something like that for linux... 

I know what you mean, and i agree, it would be nice to have some small graphical widget/program to do that.

But like most things, it already exists (CLI though) and can do what you say and a bunch more. (not the bandwith use though (for as far as i know))

netstat -tp

yet another Matt:

I would have given up at number 5.

Realplayer, WinAmp, DivX, and many others had this problem of pointing you to the paid for version. They all are now all virtually dead, or have changed their strategy (offering Google Toolbar). If they don't offer you the free version up front, it says a lot about their business practices, and that says a lot about how they build their software.

Winamp's site has never hidden the free version in any way, and it's not exactly dead.

death:

... + I wish someone would write something like that for linux... 

It's been part of the standard tool set for longer than I can remember. I could not do my job without using these tools every day.

It's still not a "firewall".

death:

The only benefit of a personal firewall is as said by someone already to let you know what applications are using the network ad offering an option to prevent them doing so. I wish i had that kind of free tool... Something that simply lists network using programs/processes and if I could somehow get the bandwidth they are using, that would absolutely ROCK, plus it could use  an option to prevent specific items on list form connecting, but thats not mandatory, you can always kill the offending process.

... + I wish someone would write something like that for linux... 

 

old version of kerio personal firewall (windows) does all of that u mentioned