(Credit: Stacey Zhu; Hadira/Shutterstock.com)
The concept of a firewall—a hardware or software defense against network attack—goes back to the days of mighty mainframe computers. The idea of equipping a personal computer with firewall protection didn’t catch on immediately. The brash and colorful ZoneAlarm firewall was one of the first personal firewalls. In those days, more than 20 years ago, the company had the unenviable task of educating the populace as to what the heck a firewall is and why they should want one. Windows 98, then current, didn’t offer such protection, so ZoneAlarm and its competitors thrived. This heyday of the personal firewall didn’t last, though.
A few years later, Windows XP appeared with the beginnings of a proper firewall, and firewall protection in Windows has only improved since then. Third-party firewalls typically do no more than the built-in when fending off outside attacks. They distinguish themselves in areas like program control and exploit defense. But almost all security suites and even a few nominally standalone antivirus tools have a built-in firewall. Most contemporaries of the early ZoneAlarm have fallen by the wayside. Is the third-party personal firewall dead?
Safety in the Network
Back when having a personal firewall was new and exciting, most of us connected our single household computer to the cable modem, ISDN box, or screeching telephone line that brought us internet connectivity. In the modern world, everybody has a home network, and that network is a defense against online attacks.
The wireless router that connects all your devices also protects them. It uses Network Address Translation (NAT), to assign each device a local-only IP address. This type of address, most commonly of the form 192.168.x.x, is visible only within your local network, not anywhere else. That alone is enough to block many direct attacks.
Some routers have additional security layers baked in. For example, Netgear offers routers with Netgear Armor, which is a firmware-level security component based on the discontinued Bitdefender Box security device. Even without added security software, NAT does a lot to insulate your devices from outside attack.
Take a VPN on the Road
Of course, when you're away from home, you don't get any benefit from the router sitting back in your home or office. In fact, you're vulnerable to being attacked by other users on that insecure airport wireless. The café that offers free Wi-Fi? A shady café-meister could sift through all unencrypted internet traffic, potentially capturing sensitive items like passwords or credit card numbers. When you're on the road, you really need the protection of a virtual private network (VPN).
The VPN encrypts your web traffic all the way to a server operated by the VPN company. Ad sites and other trackers see the VPN's IP address, not your own. And you can also use a VPN to spoof your geographic location, perhaps to view region-locked content, or to protect yourself when traveling in a country with restrictive internet policies. You may not need a firewall, but you should consider a VPN.
Our Top VPN Picks
A Firewall Protects Your PC’s Ports
Your computer's internet connection grants you access to a limitless collection of baby hippo videos, social media posts, and streaming entertainment. It also opens your computer to access by others via the internet, though connecting through a router does limit the possibilities for damage. One major firewall task involves permitting all valid network traffic and blocking suspect or malicious traffic.
Your PC's ports, the entry points for network connections, can be open, closed, or stealthed. If a port is visibly closed, attacking hackers can seek ways to jimmy it open. When a port is stealthed, an outside attacker can’t even see it, which is ideal. Windows Firewall alone is completely capable of stealthing all your PC's ports, and any ports on a PC behind a router are effectively stealthed from outside the network. In fact, the only way to test a firewall’s ability to stealth the ports involves using a PC that’s connected through the router’s DMZ port, which effectively gives it a direct connection to the internet.
Most firewall apps allow for multiple configuration profiles, depending on your network connection. Traffic within your home network needs fewer restrictions than traffic going to and from the internet. If you're connected to a public network, the firewall cranks its security level to the max.
Firewalls Can Control Network Access for Apps
Early personal firewalls were notorious for bombarding users with a plethora of mystifying pop-up queries. IAmNotACrook.exe is attempting to connect to 54.230.21.23 on port 1972. Allow or Block? Once or Always? Plastic or Paper? Few people know how to make an informed response to such a query. Typically, you'll either always click Block or always click Allow. If you make Block your default response, you'll eventually disable something important, after which you'll probably switch to clicking Allow. Then, if you always click Allow, you risk letting in something you shouldn't.
Our Top Security Suites
High-end security suite firewall components like the one built into Norton 360 Deluxe get around this problem by completely internalizing program control. They configure permissions for known good programs, wipe out known bad programs, and monitor the behavior of unknowns. If an unknown process starts to abuse its network connection, the firewall smacks it down. The one thing it doesn’t do is rely on you, the user, to make all the important security decisions.
Other firewalls use their own techniques to reduce pop-up queries. For example, the firewall in ZoneAlarm Free Antivirus checks a massive online database and automatically configures permissions for known programs. In the rare event that it does display a pop-up query, you should pay careful attention, as a program not found in the database might be a zero-day malware attack.
Many firewalls also note when a trusted program changes in any way. The change might be a normal update, a virus infection, or even a malicious program using the name of a trusted program.
Our Top Antivirus Picks
Do note that program control is only relevant for programs that have gotten past all other layers of antivirus protection. If a program is a known bad actor, or if it reveals its malicious intent through dangerous behaviors, it'll never come to the firewall's attention. The best antivirus programs apprehend all common types of malware with rare misses. If you have antivirus protection installed, program control should hardly come into play.
Extending the Firewall to Foil Exploits
Top-of-the-line firewalls may include additional protection against network-based attacks, usually in the form of a Host Intrusion Prevention System (HIPS), Intrusion Detection System (IDS), or both. These components serve to protect against attacks that exploit security vulnerabilities in the operating system or popular programs. Between the time a vulnerability is discovered and the time the vendor patches that security hole, malefactors can launch attacks that gain control over victim systems.
The best HIPS and IDS systems catch exploit attacks at the network level before they even reach the target system. Other security suite components, particularly the antivirus, may eliminate the malicious payload dropped by an exploit attack before it can do any harm. In testing, we use the CORE Impact penetration testing tool to get a feel for each firewall's response to such exploit attacks.
Who Needs a Personal Firewall?
In the modern world, there's hardly ever a reason to consider installing a standalone personal firewall. The built-in Windows Firewall blocks outside attacks, and the firewall within your security suite does everything the built-in does plus handles program control and exploit detection. The era of the computer hobbyist who'd carefully and lovingly select each separate security component is long gone.
If you really want it, you can still get third-party firewall protection, and there's no need to pay. The venerable ZoneAlarm mentioned at the start is still available, and still free, for example. Add a top free antivirus and you’ve got the bare bones of a security system. But the average user just doesn’t have to think about firewall protection.
Like What You're Reading?
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
