Firewalls
With routers becoming so popular on home computers nowadays, with built in NAT, is a software firewall really necessary?
Somebody asked me this question awhile back, and I wanted to post my response to this.
On a Windows PC, a hardware firewall blocks incoming attacks, software firewall blocks outgoing attacks. I know your probably wondering, whats an outgoing attack? Well, thats basically when you visit a website with some kind of tracking cookie. That Tracking cookies do more then just follow your internet tracks. Tracking cookies also run small programs on your computer that basically use your computer as a virus server to send out viruses to other people, and can also hijack your address bar to make your address bar think its going to google.com, but may actually be going to some hackers site. This is the reason why Windows Computers have to run a software firewall, as well as be behind a router for security purposes. There are other important reasons for broadband customers to be behind a router, but thats the most important reason. I don’t know how many times I’ve told customers this and they don’t believe me, everybody who has an “always-on” connection to the internet MUST be behind a router, Even if you only have 1 computer in the house. I can’t stress the importance of that. A software firewall, is not enough, its just how it is.
The purpose of a router, is not to be confused with a switch. A router is designed to block open ports on your computer from intrusion, but can also be used to forward ports to specific machines connected to your routers switch. Some ports have to remain open, such as port 80 for http communication, 21 for FTP, 113 for POP3. Other ports are used for servers, such as 25 for SMTP communication (which most ISP’s block from your use) , and 22 for SSH communication. Those ports have to be open, but like 23 for telnet should be closed, because there are security issues involved if you don’t. One thing alot of users do not understand, even some Security professionals I’ve noticed, is ANY open port on your computer, not just port 22 like was once believed by some, can be connected to via SSH. Try it for yourself. If you don’t have a firewall on your computer, you should be able to use putty to SSH into your own computer, from both the outside, and from another computer inside your network, this is how hackers gain access to your computer alot of times, any open port, even port 80 that has to remain open. This is why routers are so important, because they block unused ports, and hide your IP from the outside, so to speak, so hackers cannot gain exclusive access to it from the outside using putty or some other command-line tool. In simpler terms, when your behind a router, a hacker cannot SSH into your computer. because your computer is hidden from the outside world and instead assigned an internal IP (192.168.xx.xx for example, there is a range of IP’s specifically assigned for private use) which means hackers can’t run a program to perform random port scans on you.. Worse case senerio, they’d be able to SSH into the router, if they could break the password set by the router. The routers default password, and SSID if its a wireless connection, must be changed for this very reason, but either way, they would not be able to break into your computer, which is the important thing.
Now linux and Mac computers, on the other hand, don’t have the spyware problem, so on those platforms, a software firewall is not necessary. Now, a Mac and a Linux PC can still get viruses, but when was the last time you ever saw spyware on a Linux, or a Mac, PC? exactally, thats why when your running Windows, you have to use Zonealarm, or Panda’s Firewall (which I personally prefer) or Mcafee Firewall, or some other software firewall, because its spyware that causes these problems. There are two very excellent spyware removers, one is called Ad-Aware 2007 by Lavasoft. Now, I don’t recommend purchasing the Plus or Professional versions of Ad-Aware no more, I do recommend the Free version.. The reason I don’t recommend buying the Plus or Professional versions, is because they only work on 1 PC in your home, not like previous versions where you could install on up to 3 computers in your home, like most companies allow nowadays. A home PC, a Laptop PC, and a Work PC. Only 1 PC, and when that PC’s hard drive is formatted, you can kiss your pro or plus license goodbye! so I do not recommend their newest 2007 pro or plus version for that very reason, but their free version is still better then anything else on the market today. Windows defender is crap, spybot search &destroy comes at a close second, but those are the only 2 I recommend anymore. I also recommend running disk cleanup, and disk defragmenter on your weekly schedule. Fortunately, Mac and Linux users don’t have to worry about all that, but as long as the mainstream forces us to support the Windows platform, we’ll still have to shell out thsoe bucks for antivirus, firewall, and spyware removal, and if you want all that automated you’ll have to shell out even more money on Lavasoft’s Plus or Pro version, $20-40 per computer, and per hard drive format. Its rediculus, their licensing is worse the Microsoft’s activation.
At least with Zoomtext, EditPad pro, and and my Panda Antivirus/Firewall, I can run those programs on all the PC’s in my home, and don’t have to spend extra money for additional license, or steal it off BitTorrent or emule or something, because their single user licenses allow use of their software on up to 3 computers in the home. A home PC, a Laptop PC, and a work PC, which I think is very much fair. This single user 1 pc per hd format per year bullcrap that Lavasoft has going on with their licenses now, is a bunch of crap if you ask me. Like I said on a board the other day, they can program the activation server to allow more single user activations, they can always do what iTunes does, and make you send the activation hardware hash back to the server before reformatting, heck iTunes allows up to 5 Computers, not just 1, so there’s no reason why Lavasoft can’t, they just choose not to, which I think was a poor decision on their part. They’ll end up going out of business if they keep that kind of policy up.
liked this post? buy me a cup and lets drink on it
Current mood:
nerdy and 
thirsty. 
Thanks for detailed info about firewall’s working. By the way, I guess the evolution of firewalls are security suites. It’s easy to install, configure and maintain all the security applications in one place. I use this one - Agnitum Outpost Security Suite. It includes firewall, anti-virus, anti-spam, anti-spyware. Effective protection by one application. Agree?
agreed, that suite looks promising. I wouldn’t know without having a chance to play with it, but I do like the “family license” option. Can be installed on up to 5 computers in the home, thats definitely promising. Just depends on how well it works, We at this house, are big fans of <a href=’http://www.pandasecurity.com/usa/homeusers/solutions/antivirus-firewall/’ target=’_new’ rel=”nofollow”>Panda Titanium 2007</a> They have a new product out now called Panda Antivirus + Firewall 2008, which I’ve been meaning to try, but haven’t gotten around to it yet. They also have Panda Internet Security 2008, which looks a bit like overkill to me. The only thing I don’t like about these ‘all in one’ solutions, is like with Panda for instance, does a great job of protecting against viruses, but its spyware protection isn’t as good as ad-aware free or spybot, misses alot of stuff. Plus, its ‘protection against unknown threats’ prevents Zoomtext from functioning properly. Prevents menus from opening, control panel apps from opening, and accessories from opening, so I have to disable unknown threats, but otherwise, Panda has always worked great for us. daily updates, daily virus signature updates, noone else has that, so we like it.
I think, a software firewall isn’t all that important, whats most important is having that hardware firewall in place, because without that hardware firewall, router, in front of your machine, you’ll get attacked constantly, no matter what software firewall your running. They have single port routers, so there’s no excuse not to get one. Think about it from a hackers point of view, if your a hacker and running a port scanner on ranges of users over the internet, and you come across one that has an odvious software firewall installed, your going to take every effort possible to run a port scan on that particular machine, to see what all open ports are avilable, and grab the first one open. With a hardware firewall, your safe from port scans completely, because the router protects your machine from being seen by the outside world entirely, your LAN may be seen by its external IP, but your specific machine is hidden from the outside world, so there is no way a hacker can attack you. With a software firewall, however, no matter how many ports you’ve closed, your still seen by the whole world. So I can’t stress enough the importance of a router.