Personal Firewall Protection

explained simply

How do you connect to the internet?

What kind of firewall protection you need can depend on how you connect to the internet.

If you have a dial-up connection:
(I.e. your PC uses a modem to dial your internet service provider.)

In this case you really do need a firewall. It needs to be running on your computer all the time that you are using the internet. Hackers scan for open ports on computers with dial-up connections because there is nothing between the computer and the web. They are like burglers lookng for a window that has been left open. A firewall enables you to close those ports and block attempts to probe your machine.

If you have an ADSL, DSL, or cable connection:

In this case you also need a firewall because your PC is most likely connected to the internet always, unless it is actually turned off.

However, some hardware, e.g. DSL modems or router/modems, might already provide protection against intruders. You already have some firewall protection if your hardware uses 'NAT', Network Address Translation.
See more information about NAT just below.

Note: this protection is against incoming attacks only, not outgoing communications.

What is NAT?

NAT has to do with how hardware like your PC gets an internet address, or IP address.

Every computer connected to the internet has to have an address, in the accepted number format. For example an address (in the form of numbers) for google.com is 72.14.207.99. When you are connected to the internet, your computer has a number like that too. For most home users, this number is given by the ISP they are using, i.e. the company providing the internet connection.

NAT provides (some) firewall protection.

If your modem or router uses NAT, there is a 2-stage arrangement with IP addresses: the router appears on the internet with its own IP address but then gives your computer a different address.
This effectively hides your PC from the internet and from any hackers out there. They can only see the router.

A hacker scanning for undefended computers would find not your computer, but just your modem. Your modem/router might appear to the hacker as an open computer. But (dissappointing to the hacker) it looks like a computer with nothing in it.

In short, modem/routers like this will generally not let communications into your computer unless you ask for them, for example by opening your browser and going to visit a web site.

Not all routers and modems use NAT: to know whether NAT is is present and enabled on your system you need to look into it. You could start by reading the manual for your modem.

Is NAT enough?

If we have a modem with NAT working it's nice to know we have a layer of firewall protection.

Is it enough?

Probably not.
Note again: this protection is against incoming communications only, not outgoing.

Your computer could still get infected by a trojan horse or piece of spyware that wants to send information out from your machine.

If you don't understand what all the network services are on your computer, and know how to turn them on and off, you can get a personal firewall able to block suspicious communications.

Fortunately a personal firewall is a low-cost piece of software, and there are some free ones too.

Of course if you have been infected with a trojan you must assume that your computer and all your private data is already compromised, and you should act accordingly.

Windows already has a firewall.

Newer Windows systems, e.g. XP and Vista, do come with a basic firewall already installed.

So why would you want to get another one?

The Windows firewall has relatively basic features and it is mainly concerned about incoming communications only.

It affords you some security and is friendly for most users. It doesn't pop up messages, doesn't ask you to adjust its settings.

You can configure the Windows firewall with more specific security settings if you learn how to do it. However it is not regarded as a real defence against hackers or any malware already inside your computer (which will possibly attempt to turn it off).

Personal note about the Windows firewall.

I found the drawbacks of the Windows firewall emerged (years ago) as I began connecting more computers to my home/office network.

Some of the computers were for business and some were used by the children, for playing games and using the internet.

I was new to networking. I didn't understand how to make any adjustments to the Windows firewalls. Also, on my network I was mixing computers with different operating systems, e.g. Windows ME and XP. I found it dificult to get them all to network together. I had to turn off the firewalls in XP just to get the computers to talk to each other.

From a security perspective it is good that, by default, with the firewalls enabled, the Windows computers refused to talk to each other. They are just protecting themselves after all.

But having them all turned off was risky and a bad idea.

However, with different firewall software it was easier for me to see what to do to get both home networking and firewall protection operating.

• Reminder: The basic requirements to staying secure online:
• Making your browser more secure (or maybe using a different browser).
• Using anti-spyware tools. (A few. Some good ones are free.)
• Using antivirus tools. (One good one that runs all the time.)
• Using a firewall. (Just one.)
• Using email safely.

One more important point about firewalls.

Software Compatibility.

A good software firewall needs to be more than just a basic data filter.

Some of the free firewalls are only this: a filter.
More sophisticated firewalls intend to provide much more security than that.

Vendors offering fully-fledged firewalls and security tools (like Kaspersky, Panda, BitDefender and ZoneAlarm) find themselves creating a tool that you could think of as half a security suite.

Remember, you can only run one firewall, and one anti-virus tool at the same time.

But this can create compatibility problems. If your firewall is also half an anti-virus tool and busy protecting your system registry as well, you might not be able to operate a separate, dedicated anti-virus tool at the same time.

Combined tools and security suites.

This is one of the reasons for the development of combined security tools and security suites. People do need an anti-virus tool and a firewall. And people also want protection from spyware, fraud and other online crime.

So the advantage of a security suite is that all these functions are brought together harmoniously.

Among the vendors that are security specialists the trend is to NOT offer a stand-alone firewall at all. Instead, firewalls are combined with anti-virus tools or integrated in a security suite.

For example Kaspersky formerly offered a stand-alone firewall, 'AntiHacker'. But now the firewall is integrated into the Kaspersky Internet Security Suite.

Likewise, BitDefender do not offer a stand-alone firewall. Firewall protection is integrated into both the enhanced anti-virus tool, BitDefender Antivirus Plus and also in BitDefender Internet Security

Also, Panda have a firewall, but only in conjunction with their antivirus tool, Panda Antivirus + Firewall, or with their complete security suite.

Advanced Heuristics or Sandbox

Many of the firewall and virus related security tools listed here include some version of 'advanced heuristics' or 'sandboxing'.

This aspect of security software relates mainly to the detection of malware such as a virus or trojan horse. That is, we might not think of it as the central function of a firewall.

What is Advanced Heuristics?

What does 'heuristics' mean?

'Heuristics', in computer related contexts, refers to a method of investigation. It normally indicates that a method is being used that goes beyond using a simple formula: it would be a method that uses some kind of experimentation or trial and error approach.

Consider the main ways that malware can be detected. We will just use the example of a virus, for simplicity.

1. Using a list of known viruses.

Your security tool can look up known viruses on a list. The list will have the names or defining features of know viruses and threats. (Getting the latest details for this database is why security tools need to update frequently.)

2. Heuristics: It looks like a virus.

(Although it's not on a list.) Quality security tools should be able to detect whether a piece of code that gets onto your computer has the characteristics of a virus.

3. Behaviour: It behaves like a virus.

This is heuristics 'plus', or advanced heuristics.
If the suspicious code is encrypted or good at concealing its true nature, there is another way to identify whether it is malicious: experiment! – let it run. Let it do whatever it wants to do.

But of course we don't drink poison to test whether it's deadly: we cannot really let the program run on your actual operating system.

This is what the sandbox idea is about.

With a sandbox approach the anti-virus tool does not need to know the name of a virus from a list. It does not need even need to know whether it 'looks like' a virus. Instead, the system will let the virus run in a confined space, the sandbox or 'virtual environment', to see what it would try to do to your PC (if it was really allowed to).

Why should a firewall do this sort of anti-virus operation?

As we have stressed elsewhere, a firewall might work very well, pass all the leak tests and so on when it is running. But it is no use if it can be turned off without your knowledge.

Remember, a lot of virus, trojan and other malware pests will try to turn off or disable your security tools.

So when vendors make a firewall and think about giving it real security features they know it must do more than just filter network traffic.

So you can see why vendors often supply a product that offers anti-virus + firewall.