Does a Firewall Give Extra Security?
A curious and perceptive AskBob reader says: “I understand why I need a firewall to protect my computer from inbound threats. But a friend is telling me I need another type of firewall, which blocks outbound traffic as well. If I have good anti-virus software, do I really need this outbound firewall?” Good question, here’s my take on outbound firewalls... |
What Kind of Firewall Do You Need?
Most people think of firewalls as barriers between their computers and bad things “out there” on the Internet. Inbound firewall protection blocks attempts by external entities (hackers, malware or denial or service bots) to connect to your computer. See the related article Do I Really Need a Firewall? for my advice on INBOUND firewall protection (and to find out what happens when you yell "MOVIE!" in a crowded firehouse).
But remember, the Internet is a two-way highway. Outbound firewall protection is just the opposite of inbound. It blocks attempts by software that resides on your computer to send data over the Internet. So if your computer is infected with a keylogger or some other data-stealing malware, an outbound firewall should prevent that rogue from transmitting your passwords, banking information, shoe size, and other sensitive information to its evil masters. If another type of malware is using your computer to spew spam or participate in a botnet, an outbound firewall should prevent that as well, in theory.
In practice, though, outbound firewalls provide little useful protection, consume computer resources, may interfere with legitimate programs, and are generally more trouble than they are worth. They can also give you a false sense of security.
By default, the firewall in Windows 7, 8, 10 and 11 provides only inbound protection. You can enable outbound protection as well, but then no program on your machine will be allowed to connect to the Internet! That means no browsing, no Windows Update, no email, no other updater programs, etc. It's effectively a self-imposed roadblock.
You'd have to manually configure permission for every single program or process that you want to have access to the Internet, and update that configuration regularly. I don’t know about you, but that doesn’t sound like my idea of fun on a Thursday afternoon.
Wolves, Shoplifters and Geniuses
Outbound firewalls tend to cry wolf; they spew too many false positives. That is, they warn you about programs that really are not a problem. After seeing many false positives and ignoring them, it’s all too easy to ignore a legitimate warning of malware. Imagine a security system in a retail store that flagged every customer leaving the store as a potential shoplifter.
There are legitimate reasons why some software on your computer may need to make an outbound connection. Some programs poll a remote server to see if there are any fixes or updates available, and install them automatically. Others send anonymous statistical data, or use collaborative feedback mechanisms. A weather or stock market widget on your desktop will need to poll for the latest data periodically. Multi-player online games send and receive reams of data. And then there are all the cloud-based apps that let you store, edit, and share files online.
Has Your Horse Left the Digital Barn?
It can be very hard for the average user to figure out whether a given program should be allowed to access the Internet. Most outbound firewalls give only cryptic descriptions of what is trying to access the Net, so only the most technically savvy users can decide what to do about it. The chances are pretty good that you’ll block a program you do need, and later wonder why something isn’t working.
You've heard the old saying about closing the barn door after the horses got out. Outbound firewalls don’t do anything to prevent your computer from becoming infected, which is the most effective line of defense. If an outbound firewall warns you that malware is trying to access the Net, it’s already too late; your inbound defenses have been compromised somehow. Better to focus on keeping your horses in the barn.
See my article PC Matic 4.0 – My Review if you need to beef up your malware protection. PC Matic has been my antivirus solution since 2018, and I happily recommend it. The whitelisting technology it uses is unique and works really well!
A router configured to use NAT (Network Address Translation) is my preferred alternative to software firewalls, inbound or outbound. Such a router effectively hides your computer from everyone “out there” so malware can’t even find it. It protects an entire network from a single point, instead of having to install firewall software on every device on the network. The router also does the heavy lifting, freeing resources on your local machine. The good news is that you probably already have a NAT router. See Do I Really Need a Firewall? for more information about routers and inbound firewall security.
Expert users may have to resort to outbound firewalls occasionally. If you know every legitimate program that should be allowed access to the Net, an outbound firewall may alert you to hidden malware. Large enterprises may employ outbound firewalls to make sure sensitive or confidential data isn’t leaking out. But some malware is clever enough to disable your anti-virus or firewall protection, or fool the outbound firewall into letting it slip past.
The bottom line: Outbound firewall protection is of very marginal benefit and can be an enormous irritation. See my advice and links above concerning INBOUND firewalls and malware protection, and you’ll be better off.
Your thoughts on this topic are welcome! Post your comment or question below…
This article was posted by Bob Rankin on 5 May 2025
| For Fun: Buy Bob a Snickers. |
 |
Prev Article: Does Your Computer Need an Oil Change? |
The Top Twenty |
Next Article: Update Your Drivers? Here's my advice... |
 |
Post your Comments, Questions or Suggestions
|
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- Does a Firewall Give Extra Security? (Posted: 5 May 2025)
Source: https://askbobrankin.com/does_a_firewall_give_extra_security.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Does a Firewall Give Extra Security?"
Posted by:
Mark Neville
05 May 2025
What about things like pi hole which filters junk being sent on the internet? I have thought about making one of those.
Posted by:
Neil in Dallas
05 May 2025
The process of including a "whitelisting" on PC Matic has me baffled.
I don't know how and their instructions are woefully inadequate.
I bailed on PC Matic for that reason alone!
Posted by:
Terry
06 May 2025
Will PC Matic solve my problems that at the moment i am unsure exist.
Posted by:
bud
06 May 2025
Years ago I had a program on my computer that would block and ask me to OK the sending of certain information before it was sent. The good thing about the program was I could SPECIFY which data/information that I wanted to protect. I listed my ssan, all banking data, etc. It really did a good job. If i was sending credit card numbers it would ask if I wanted this to be sent. I didn't have to enter the whole number or letters. For example I would list 5 consecutive numbers for bank or ssan and before these numbers were sent it a screen would pop up and ask if I agreed to send the information. It worked really great and I have been trying to find it, or another program that does this. Anyone know about such a program?