Tuesday, October 5, 2010

Do I Need a Firewall?

"I've heard conflicting reports on whether or not I should be using a firewall. Some people say they are only needed for dialup users. Others say you MUST have a firewall if you have a highspeed DSL or cable connection. Can you give me some advice on this?"
What Happens When You Yell "MOVIE!" in a Crowded Firehouse?
Well all the firemen go running into the streets, of course. Okay, it's a bad joke. But it illustrates the point that even people who are supposed to be experts in computer safety are often confused about firewalls. Here's the scoop on WHO needs a firewall, WHAT they do, and WHY you might be wasting your money on firewall software.
First, let's look at what a firewall is supposed to do. A firewall is hardware or software that limits access to a computer from an outside source. If your computer will ever be connected to the Internet, a firewall is an essential tool needed to prevent malware and hackers from accessing or damaging your computer.
So YES... you do need a firewall. Without a firewall, your computer can be compromised within SECONDS after connecting to the Internet. If you're a dialup user, it might take a little longer, but it will happen. The reason for this is the automated hacking drones that are constantly scanning Internet-connected computers, looking for any vulnerability.
What Kind of Firewall Do I Need?
The real question is "Do I need a software-based firewall or a hardware-based firewall?" If you have a highspeed Internet connection such as DSL or cable, and you have a router between your DSL/cable modem and your computer, most likely you already have a hardware-based firewall, and that's all you need. If your router has NAT (network address translation), or your modem has a built-in router with NAT, you have a hardware firewall which effectively makes your PC invisible to the attacking hordes. If you're not sure if you have a NAT router, do a web search for your router's make and model and you should be able to find the manufacturer's specs or a review that answers the question.
If you have a highspeed modem that is connected directly to your computer (no router in between), chances are you do NOT have a hardware firewall in place. And if you have a dialup connection, you definitely don't have a hardware firewall. So in the absence of a hardware firewall, you absolutely need a software-based firewall.
What About the Windows XP Firewall?
If you have Windows XP, and the SP2 security updates have been applied, then you probably have a software firewall in place. Not sure if you have the essential SP2 updates? Click on Help/About in Internet Explorer and look for "Update Versions: SP2" on the info popup. If you don't have SP2, drop everything, click on Tools/Windows Update in Internet Explorer and get the latest fixes from Microsoft. Yes, it's that important.
To verify that the Windows XP firewall is turned on, click on Start / My Network Places / View Network Connections, then click on Change Windows Firewall Settings. On the next screen, you can turn the firewall ON or OFF. If you have a hardware firewall, there is no need to run a software firewall in addition. If you do turn off the Windows firewall, you should tell Windows that you have your own firewall solution, or it will nag you about the firewall every time you start up your computer. To do so, click Start / Control Panel / Security Center. Then under Firewall, click the Recommendations box. On the next screen, check the box labeled "I have a firewall solution that I'll monitor myself."
Other Software Firewalls
I know there is heated debated on this topic. Some people claim that you MUST have a software firewall to protect you from malware that might be trying to make an OUTBOUND connection for nefarious purposes. My position is that anti-virus and anti-spyware programs should be installed to remove and prevent the malware in the first place. Sure, you can install ZoneAlarm, Black Ice, or Norton Internet Security, but my experience shows that many users are confused and unnecessarily alarmed by the constant stream of "warnings" that these programs present. Lots of good programs DO need to make outbound connections (ie: your browser, email client, FTP, media players, etc.) so if you're not very careful you'll end up blocking them, and then they don't work correctly. I've also seen cases where software firewalls malfunction and either interfere with certain programs or end up blocking ALL connections. And don't get me going about all the times when my software firewall prevented me from using a shared folder or a networked printer... arrgh!
A Word About Laptops
If you have a laptop that's connected to the Internet through your home network, thre's no difference in terms of the firewall setup. But if you take that laptop on the road and make a wired connection (as in a hotel room with a network cable) or go wireless (in the airport or a coffee shop), you are no longer protected, so it's a very good idea to turn on the software firewall.
To summarize, YES you need a firewall. My personal opinion is that if you have a hardware firewall, don't bother with a software firewall. Can you run both? Yes, but the "benefits" may be outweighed by the problems.
BOB RANKIN... is a tech writer and computer programmer who enjoys exploring the Internet and sharing the fruit of his experience with others. His work has appeared in ComputerWorld, NetGuide, and NY Newsday. Bob is publisher of the Internet TOURBUS newsletter, author of several computer books, and creator of the http://LowfatLinux.com website. Visit Bob Rankin's website for more helpful articles and free tech support.

No comments:

Post a Comment