At first glance, not much appears to have changed from version 3. A closer look, however, reveals that the engine in version 4 has been tweaked and optimised towards a more powerfully specified product.
The installer does an acceptable job of second-guessing application privileges, so you don't have to get involved with port and protocol configuration. Another setup Wizard takes care of things if you have a simple Internet connection-sharing network up and running.
However, the Configuration Assistant is a persistent devil that you must complete on first use before you can activate the product. A word of caution: don't expect the same hand-holding offered by ZoneAlarm or Outpost Pro when you try and customise the access rules for individual applications – the process can be confusing unless you know what you're doing.
New to this release are features that allow you to trace the source of any identified attacks, using the bundled Visual Trace utility. Unfortunately, while this provides plenty of ammunition to make an abuse complaint to the ISP from where the attack was launched, it provides no tools or help for you to actually do this. Automation of this part of the process would have been a productive addition.
The updated intrusion detection pattern checks all inbound and outbound packets for matches to known worms. However, it sets a default connection blocking time of zero minutes, so unless you go and change this the application fingerprinting is pointless.
The firewall settings' security-check function is neat, though. This examines the security settings and makes suggestions to rectify any obvious weak spots if you're not 100 percent sure what you're fiddling with. An application scans for programs capable of Internet communication, and lets you configure which ones you want to allow such access from a list at the outset. This saves having to reply to dialog boxes repeatedly during use.
McAfee Firewall 4 is a worthwhile upgrade over its predecessor, but it can't compete with Norton's approach to reporting and configuration (see below). As with both these products, though, I strongly recommend using a hardware firewall instead for corporate use.