Software Firewall

Component of the

Home Computer Security Baseline

"If given the choice, assign the task to hardware not software firewall" - The Free Computer Consultant

The above quote aptly fits the topic of firewalls. Hardware that's designed to accomplish a task will always do the work more efficiently than software trying to emulate hardware designed for the task.

So, does that mean I never use a software firewall? Short answer, no. I do use them.

Long answer? A highly configurable firewall can be confusing to a novice PC user. Few that I have worked with can do both a good job of protecting and be easy to use.

"So do I need one or not?"

I'm going to go out on a limb here, and draw lot's of fire besides. If you have a true hardware firewall and follow the rest of the guidelines in the Home Computer Security Baseline, no. That's if you have a desktop PC that never leaves the house. If you have a laptop, and heaven forbid you hook up to the internet at a public location, then YES, YES, YES and YES again!

On my own laptop, I disable the firewall functionality of Trend Micro Security software while in the office behind our Fortinet 60. But when I leave and connect to the internet elsewhere, on it goes!

Let's look at two categories of software firewall:

1) Windows XP built-in firewall
2) Third party firewall Windows XP SP2 has a built-in firewall, which is of course software, but it does not get high marks. It's really only a one way firewall, protects from the outside in but not from the inside out. This is a concern if the machine is infected and you would prefer it not infect other machines of yours or someone else's! Most, if not all, third party software firewalls will ask during installation if it's ok to disable the built-in one. I always answer yes.

The Windows XP firewall does what it does, you can't really tweak it. Microsoft promises a much more robust two way firewall in its next version of Windows, Windows Vista. Early reviews give it good marks.

But how much "tweaking" do you want to have to do?

My guess is that your answer is "not much", if any at all. A good third party application will do that. Occasionally you will get a pop up message asking if you want to allow certain traffic. Problem is, you don't know! That's why I look for a software firewall that, for the most part, will do it's job without you helping.

In fact, your only real clue is to look at what you are doing. If you just fired up your email program and the software firewall asks if Outlook.exe can access the internet on port 110 (the standard port for "popping" email), then you want to answer "yes" and "remember this response" for future identical events.

If, on the other hand, you are typing away in a Word document and get a prompt for SrvHost.exe, you might want to answer "no". Who knows what program might be trying to do what with that kind of prompt.

Software firewalls do the same kind of work as hardware firewalls.

The software firewall essentially works on the same principle as the hardware firewall. Certain predefined types of activity or traffic are allowed via "rules" that define whether a "port" is open for outbound data, inbound data, or both. Different types of internet traffic are assigned different "ports" to help properly route traffic to servers.

These rules allow activities such as:

• web surfing (port 80 bidirectional)
• secure sites web surfing (like banking)(port 443 bidirectional)
• receiving "POP" email (port 110 inbound)
• sending email - smtp (port 25 outbound)
• ftp or file transfer (port 21 inbound)

Bottom Line for a software firewall:

One key difference between hardware and software firewalls is this: Software firewalls can be disabled or corrupted by malware; rarely will this happen to a hardware firewall.

The other key difference: Software firewalls diminish the performance of your PC; hardware firewalls do not. Put the load on an external device when possible.

And remember this: Following proper home computer User Behavior will greatly diminish the risks that a software firewall are there to counter!