Although I have learned now how to answer ZoneAlarm in 99% of the time,
there were times when i was a new user, that i did not know how to answer.
Especially in response to the question "Do you want to allow Generic Host
Process to access the internet ?', because i had no clue what "Generic Host
Process" was or does.
Later on, i got a feel for server permissions in ZoneAlarm, and grew to
appreciate ZoneAlarm stopping to ask me, "Do you want to allow IIS to accept
a connection from 123.345.567.789 ?" Then i would say Yes, if i had just
invited my brother to access my FTP site, and knew his IP address matched
the one requesting access. I presume a router could do that too, but would
take much longer to do and later undo, than simply clicking a button in a
ZoneAlarm dialog box labeled "Yes".
Since a combination of superb anti-virus software and a superb router would
still allow unauthorized outbound communication to go on unimpeded, and
since a superb router would also allow undesirable inbound communication if
it is in direct response to any unauthorized outbound communication
originating from within the network (which the router would think the user
really authorized), i would think that a software firewall that stops
unauthorized outbound communication would be an essential element of a home
network.
Yes, there is the possibility of human error, but while some new users might
be clueless at first, maybe 90-99% of us deserve the benefit of the doubt,
that when asked by ZoneAlarm "Do you want XYZ program to access the
internet ?", then we will actually say No, if we neither launched XYZ
program just now, nor have ever of XYZ program. If a virus/Trojan
introduced to the network internally (e.g. on a USB flash drive, bypassing
the router) were to use even a familiar program (e.g. Explorer) to access
the internet, at least ZoneAlarm would stop it and ask me "Do you want to
allow Explorer to access the internet ?" A router would probably not even
ask, and just assume i authorized it.
I certainly don't presume to know it all. Obviously the presumption i am
making now is that there are no routers that stop long enough to ask "Do you
want to allow XYZ program to access the internet ?"
Ahh,k .
Even worms, trojans and the like will pass through the routers, because
their traffic came from within the protected network. In this case, a
software firewall would pick up a signature of suspicious activity and
alert
the user. OK.
In your explanation, I'll assume that you're talking about outbound from
an internal computer. And you are 100% correct in that they will pass
outbound without the router/NAT stopping them - that's the nature of
these simple NAT devices.
The idea that your personal firewall will stop this is a hope at best,
since many viruses are able to disable a personal firewall. You also
have to consider that the users are also 99% of the threat issue and may
just blindly click ALLOW or PERMIT and never even consider what their
action is doing.
In most cases, for home users, if they are running good antivirus
software, Norton AV or Symantec AV (and there is a difference) along
with a router that provides NAT, then they are better protected than
using a personal firewall solution.