Third-Party Firewall Still Important?

D

Daddy

I recognize the need for anti-malware software
(anti-virus, -spyware, -trojan, -adware, etc.) and I also appreciate the
necessity of safe surfing. What I'm less sure about is the need for a
third-party firewall vs. Windows Firewall.

If I understand correctly, the advantage of a third-party firewall is that
it gives you a chance to stop malware from connecting to the internet, or to
another device on your network. I can see the value of that, but if your
anti-malware software (and surfing behavior) protect your computer from
becoming infected...and your anti-malware software warns you when malware
infects your computer despite all your efforts to stop it...outbound
protection doesn't tell you anything you don't already know, right?

I also recognize that PC security should be applied in layers, so maybe
outbound protection is more like a backstop, to prevent malware from
connecting to the internet while you are busy dealing with it. On the other
hand, you pay for this protection in terms of somewhat reduced performance
and possibly other interference with your day-to-day web surfing.

So, is a third-party firewall still important...or does Windows Firewall do
enough on its own? I'd be interested to hear from both sides.

Daddy
 
J

JS

You will find opinions on both sides of the fence.
My preference is to have a firewall that notifies
me of both inbound and outbound traffic.
 
K

Ken Blake, MVP

I recognize the need for anti-malware software
(anti-virus, -spyware, -trojan, -adware, etc.) and I also appreciate the
necessity of safe surfing.


Good and good.

What I'm less sure about is the need for a
third-party firewall vs. Windows Firewall.

If I understand correctly, the advantage of a third-party firewall is that
it gives you a chance to stop malware from connecting to the internet, or to
another device on your network. I can see the value of that, but if your
anti-malware software (and surfing behavior) protect your computer from
becoming infected...and your anti-malware software warns you when malware
infects your computer despite all your efforts to stop it...outbound
protection doesn't tell you anything you don't already know, right?


Right!

I used to recommend third-party firewalls over the Windows one
because they were two-way, and the Windows firewall only monitored
incoming traffic.

I've become convinced, however, that outbound protection is
meaningless. Once one of the nasties gets into your computer, it can
essentially do whatever it wants, including circumventing the
firewall. So the extra protection provided by a firewall that monitors
outbound traffic is more apparent than real.
 
N

Nil

So, is a third-party firewall still important...or does Windows
Firewall do enough on its own? I'd be interested to hear from both
sides.

I think so. A fuller-featured firewall than XPs can notify you which
programs are trying to contact the outside world. That can include
malware, and also "legitimate" programs that surreptitiously try to
phone home.

Vista's firewall can monitor both incoming and outgoing traffic, but
XP's will only watch incoming, so it's not useful to me.
 
B

Bruce Chambers

Daddy said:
I recognize the need for anti-malware software
(anti-virus, -spyware, -trojan, -adware, etc.) and I also appreciate the
necessity of safe surfing. What I'm less sure about is the need for a
third-party firewall vs. Windows Firewall.

If I understand correctly, the advantage of a third-party firewall is that
it gives you a chance to stop malware from connecting to the internet, or to
another device on your network. I can see the value of that, but if your
anti-malware software (and surfing behavior) protect your computer from
becoming infected...and your anti-malware software warns you when malware
infects your computer despite all your efforts to stop it...outbound
protection doesn't tell you anything you don't already know, right?

I also recognize that PC security should be applied in layers, so maybe
outbound protection is more like a backstop, to prevent malware from
connecting to the internet while you are busy dealing with it. On the other
hand, you pay for this protection in terms of somewhat reduced performance
and possibly other interference with your day-to-day web surfing.

So, is a third-party firewall still important...or does Windows Firewall do
enough on its own? I'd be interested to hear from both sides.

Daddy


Personal firewalls are still recommended by IT security professionals
(and in certification courses, such as CompTIA's Security+), pretty much
for the reasons you've mentioned: a layered defense and a warning in
case something gets by your other precautions.

WinXP's built-in firewall is usually adequate at stopping incoming
attacks, and hiding your ports from probes. What WinXP SP2's firewall
does not do, is protect you from any Trojans or spyware that you (or
someone else using your computer) might download and install
inadvertently. It doesn't monitor out-going traffic at all, other than
to check for IP-spoofing, much less block (or at even ask you about) the
bad or the questionable out-going signals. It assumes that any
application you have on your hard drive is there because you want it
there, and therefore has your "permission" to access the Internet.
Further, because the Windows Firewall is a "stateful" firewall, it will
also assume that any incoming traffic that's a direct response to a
Trojan's or spyware's out-going signal is also authorized.

ZoneAlarm, Kerio, or Sygate are all much better than WinXP's
built-in firewall, and are much more easily configured, and there are
free versions of each readily available. Even the commercially
available Symantec's Norton Personal Firewall is superior by far,
although it does take a heavier toll of system performance then do
ZoneAlarm or Sygate.

Having said that, it's important to remember that firewalls and
anti-virus applications, which should always be used and should always
be running, while important components of "safe hex," cannot, and should
not be expected to, protect the computer user from him/herself.
Ultimately, it is incumbent upon each and every computer user to learn
how to secure his/her own computer.



--

Bruce Chambers

Help us help you:


http://support.microsoft.com/default.aspx/kb/555375

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. ~Benjamin Franklin

Many people would rather die than think; in fact, most do. ~Bertrand Russell

The philosopher has never killed any priests, whereas the priest has
killed a great many philosophers.
~ Denis Diderot
 
O

Old Rookie

Security is all about managing risk and the trade off you are willing to
make between being more secure at the possible cost of loss of performance,
convenience, and productivity.

I best like the type of firewall that is built into XP and Vista that blocks
inbound access only which can help stop attacks that work by exploiting OS
weaknesses. Keeping your computer current with critical updates is also
extremely important part of securing your computer as is keeping Java, etc
updated.

The big problem with firewalls that manage traffic both ways is that they
often confuse the end user and once they experience loss of internet access
because of selecting no when they should have selecyed yes to a prompt from
then on they select yes to every prompt making the hst firewall less secure
than just your plain old Windows Firewall.


Steve.
 
D

db

based on many years
of trials and use with
a variety of anti virals,

my suggestion is to
set windows firewall
to "no exceptions" and
you will get excellent
protection.

---------------

in regards to the hybrid
firewalls that prevent
infections from being
transmitted outbound,

I wouldn't get paranoid
about the fear tactic.

firstly, the fear that you
may transmit an infection
out bound from a system
that has an anti virus
installed is ludicrous.

this is due to the fact that
anti virus programs scan
data being transferred to
and from the disk and
in memory for malicious,
suspicious and infectious
processes.

further, many of the internet
service providers also scan
for infections.

secondly, the hybrid firewalls
require updates to be
downloaded from the
servers.

in return, the data that has
been scanned and aggregated
by "their" program will be
uploaded to home base in
exchange for the updates
you request.

thus they are hybrid
spywares.

so using microsoft's firewall
is far better to have.

also, be mindful with having
several programs installed
and all trying to scan, monitor,
aggregate and transfer data
between your system and
the providers of the free
wares.

so read their privacy
clauses before installing.

--

db·´¯`·...¸><)))º>
DatabaseBen, Retired Professional
- Systems Analyst
- Database Developer
- Accountancy
- Veteran of the Armed Forces
- Microsoft Partner
- @hotmail.com
~~~~~~~~~~"share the nirvana" - dbZen
 
D

Daddy

Great opinions from both sides and a good discussion. Thanks very much. More opinions welcome!

Daddy
 
J

John A

I agree with Old Rookie. I use nice simple XP firewall with good antimalware
software. I safe-surf and am quite happy with my security.

I have tried some of the free and paid third party two-way firewalls and
found that it is all to easy to "allow" or "block" something thereby either
disabling some valid operation or reducing the firewall's security
unknowingly.
 
U

Unknown

No opinion, however my experience. I have used the Windows firewall
exclusively since the beginning
of XP. Have not had a single problem.
Great opinions from both sides and a good discussion. Thanks very much. More
opinions welcome!

Daddy
 
D

Daddy

Thanks again to all who responded.

By way of bringing some closure to this discussion: I think we all understand that software by itself is only a partial solution for internet security. Our commitment to safe computing is equally important and probably more important. When choosing software solutions, we need to honestly evaluate not only our surfing habits, but also our knowledge of the threats out there and how to avoid them.

In addition, security software has to be considered in the wider context of smart computing, which includes regular backups and keeping up-to-date with software patches, among other things.

Daddy
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top