Do I Need a Firewall?
"I've heard conflicting reports on whether or not I should be using a firewall. Some people say they are only needed for dialup users. Others say you MUST have a firewall if you have a highspeed DSL or cable connection. Can you give me some advice on this?"
| Check out this week's most popular articles. |
Check out theseFREE trial downloads 
RoboForm memorizes and securely stores all your passwords. Enjoy one-click logins, complete checkout forms with one click. This is one program I use all day, every day! 
Slow computer? Diskeeper 2010 means a clean disk, unprecedented speed and reliable efficiency! Download the free trial and see what a difference it makes for you. |
What Happens When You Yell "MOVIE!" in a Crowded Firehouse?
Well all the firemen go running into the streets, of course. Okay, it's a bad joke. But it illustrates the point that even people who are supposed to be experts in computer safety are often confused about firewalls. Here's the scoop on WHO needs a firewall, WHAT they do, and WHY you might be wasting your money on firewall software.
First, let's look at what a firewall is supposed to do. A firewall is hardware or software that limits access to a computer from an outside source. If your computer will ever be connected to the Internet, a firewall is an essential tool needed to prevent malware and hackers from accessing or damaging your computer.
So YES... you do need a firewall. Without a firewall, your computer can be compromised within SECONDS after connecting to the Internet. If you're a dialup user, it might take a little longer, but it will happen. The reason for this is the automated hacking drones that are constantly scanning Internet-connected computers, looking for any vulnerability.
What Kind of Firewall Do I Need?
The real question is "Do I need a software-based firewall or a hardware-based firewall?" If you have a highspeed Internet connection such as DSL or cable, and you have a router between your DSL/cable modem and your computer, most likely you already have a hardware-based firewall, and that's all you need. If your router has NAT (network address translation), or your modem has a built-in router with NAT, you have a hardware firewall which effectively makes your PC invisible to the attacking hordes. If you're not sure if you have a NAT router, do a web search for your router's make and model and you should be able to find the manufacturer's specs or a review that answers the question.
If you have a highspeed modem that is connected directly to your computer (no router in between), chances are you do NOT have a hardware firewall in place. And if you have a dialup connection, you definitely don't have a hardware firewall. So in the absence of a hardware firewall, you absolutely need a software-based firewall.
What About the Windows XP Firewall?
If you have Windows XP, and the SP2 security updates have been applied, then you probably have a software firewall in place. Not sure if you have the essential SP2 updates? Click on Help/About in Internet Explorer and look for "Update Versions: SP2" on the info popup. If you don't have SP2, drop everything, click on Tools/Windows Update in Internet Explorer and get the latest fixes from Microsoft. Yes, it's that important.
To verify that the Windows XP firewall is turned on, click on Start / My Network Places / View Network Connections, then click on Change Windows Firewall Settings. On the next screen, you can turn the firewall ON or OFF. If you have a hardware firewall, there is no need to run a software firewall in addition. If you do turn off the Windows firewall, you should tell Windows that you have your own firewall solution, or it will nag you about the firewall every time you start up your computer. To do so, click Start / Control Panel / Security Center. Then under Firewall, click the Recommendations box. On the next screen, check the box labeled "I have a firewall solution that I'll monitor myself."
Other Software Firewalls
I know there is heated debated on this topic. Some people claim that you MUST have a software firewall to protect you from malware that might be trying to make an OUTBOUND connection for nefarious purposes. My position is that anti-virus and anti-spyware programs should be installed to remove and prevent the malware in the first place. Sure, you can install ZoneAlarm, Black Ice, or Norton Internet Security, but my experience shows that many users are confused and unnecessarily alarmed by the constant stream of "warnings" that these programs present. Lots of good programs DO need to make outbound connections (ie: your browser, email client, FTP, media players, etc.) so if you're not very careful you'll end up blocking them, and then they don't work correctly. I've also seen cases where software firewalls malfunction and either interfere with certain programs or end up blocking ALL connections. And don't get me going about all the times when my software firewall prevented me from using a shared folder or a networked printer... arrgh!
A Word About Laptops
If you have a laptop that's connected to the Internet through your home network, thre's no difference in terms of the firewall setup. But if you take that laptop on the road and make a wired connection (as in a hotel room with a network cable) or go wireless (in the airport or a coffee shop), you are no longer protected, so it's a very good idea to turn on the software firewall.
To summarize, YES you need a firewall. My personal opinion is that if you have a hardware firewall, don't bother with a software firewall. Can you run both? Yes, but the "benefits" may be outweighed by the problems.
|
|
Need more tech support?
|
Check out other articles in this category:
Posted by Bob Rankin on October 20, 2005 02:56 PM
| Need More Help? Try the AskBobRankin Updates Newsletter. It's Free! |
 |
Prev Article: Internet Connection Fails |
|
Next Article: Is Your Printer Spying on You? |
 |
|
Link to this article from your site or blog. Just copy and paste from this box: Related Keywords: Security firewall security cable dsl dialup software firewall hardware firewall router NAT router Windows XP firewall |
There's more reader feedback... See all 19 comments for this article.
Post your Comments, Questions or Suggestions
|
Ask Bob Rankin Home Page
Subscribe to AskBobRankin Updates: Free Newsletter |
|
| Copyright © 2005 - Bob Rankin - All Rights Reserved | ||
Article information: AskBobRankin -- Do I Need a Firewall? (Posted: October 20, 2005 02:56 PM)
Printed from: http://askbobrankin.com/do_i_need_a_firewall.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Do I Need a Firewall?"
(See all 19 comments for this article.)Posted by:
Walter
25 May 2006
I agree with both sides. Saying that a common router is a firewall is somewhat untrue though. They do perform some firewall tasks, but it's not really the same level of protection. The problem is that anything that runs on your computer pretty much has free reign internet access. And if anything bad did manage to run on your computer, you'd be none the wiser. A software firewall will give you a little more control and a little more of a heads up. A true hardware firewall properly configured wouldn't allow any communication to the internet that you or you're company didn't know about, but this often gets in the way of free sprits. So yes you're pretty safe behind a router, but if you do stupid things and install everything under the sun that router won't protect you at all. Think before you click.
Posted by:
Robert
07 Sep 2006
If you have a spare computer lying around, you can turn it into a hardware firewall using BrazilFW. Just plug in the information your ISP gave you, it makes a boot disk, and you're all set. It's what I use.
Posted by:
Randall Granaas
09 Sep 2006
Thank you for this excellent write-up. I am currently once again struggling with the CA firewall I have been using for many years. This time, it's blocking net access after waking the PC, generating a log entry for svchost.exe outgoing blocked. Closing and restarting the firewall program (or rebooting) restores normal access. CA tech support has not been able to help correct the problem (sending me on wild goose chases).
I have a NAT router, and will be disabling the software firewall permanently (except for my laptop). With CA's firewall off, I tested my connection at "Shields Up!," and my computer is just as stealth as when the software is running. Thanks!
Posted by:
David
10 Sep 2006
I'd have to agree with Walter. Any discussion about firewalls/routers should come with the caveat that a firewall really is best suited to protecting you from outside attacks. Once you click on that bad link and allow a keyboard logger (or some other spyware/virus) get installed on your pc, there's not too much a firewall can do.
So let the users beware! A firewall is no substitute for safe web browsing/email habits!
Posted by:
Jim Fisher
16 Sep 2006
I just stumbled across your article while doing some reaserch for my own article on the sunject. Your thoughts on firewalls mirror my own.
There is much "agreeing to disagree" going on in this series of posts but there is one fact that I find interesting: You will rarely find a computer technician that uses a software firewall on his personal computer. A technician knows that it is not necessary as long as you take some very basic precations.
If you keep Windows updated, run updated antivirus, peform ther occaisional antispyware scan and have service pack 2 enabled, then a firewall is completely unnessary. Yes, completely.
On the other hand, if you have either a pervert in the house or any teenagers using the computer, then a software firewall may be your last line of defense.
Posted by:
John Howard Oxley
26 Sep 2007
Well, I am a belt-and-suspenders kind of guy, so I have no problem in principle using hardware and software firewalls. From my point of view they do slightly different things [and for all the remarks about the requirements of user control, one typing error in a URL can expose you to a drive-by downloading -- less prevalent now with browser security add-ons like NoScript, but still possible].
On the other appendage, I find sofware firewalls increasingly fragile -- I used ZoneAlarm for many years, and have just started using Comodo Firewall. In both cases, after being installed, configured, and working correctly for some time, they would stop working [blocking permitted access, for example], and there seemed to be no way to repair them.
Posted by:
Bern
27 Sep 2007
I am surprised that more people are not using, or advising the use of, the great little program "Email Remover". This little gem allows you to look at what email you have, and who it is from, while it is still out on the server. You can then delete all the trash mail and other unwanted mail before it is downloaded to your PC.
Saves a lot of your time as well as protecting you from possibly damaging downloads.
Posted by:
Marika
07 Oct 2007
Get a Mac... In addition to OS X being safer over all, its built-in firewall is outstanding!
Posted by:
gme19940@hotmail.com
13 Oct 2007
Hi Bob, Thank you so much for your," Tour Bus," I am and have learnt a lot. Please give more info on Bern's comments re: "Email Remover", the process to access and use it. Thanks again, keep up the good work.
EDITOR'S NOTE: See www.email-remover.com
Posted by:
JP
26 Aug 2009
Hi,
I'm really a novice when it comes to security issues. I have a Sony Vaio laptop with Vista Home Premium 32 bit and service pack 2. I recently reinstalled Vista on several techs' advice because my computer had almost slowed to a halt.
I am using Verizon FIOS with their Actiontec router or modem or whatever it is. I am connected wirelessly from the laptop to the Actiontec. I have Norton 360 and Webroot SpySweeper with Antivirus. I have about 6 months left in each subscription. After reading your article above, I checked to see if I had Windows Firewall turned on. It was off.
When I clicked to turn it on, I received a warning from Norton 360 that Norton is the best defense against online threats, and that I should leave Windows Firewall off. Should I leave it off as Norton 360 recommends? How protected am I with all of my above setup?
EDITOR'S NOTE: You don't need BOTH the Norton and the Windows firewall. If you're going to stay with Norton, turn off the Windows firewall.