Is a software firewall necessary?

[Calum]

The title says it all really.
I have a hardware firewall active on my modem/router.
Do I also need a software firewall such as ZoneAlarm, Comodo or Sygate?
Or should I just leave the Windows XP firewall active instead?
Or, should I just rely on my hardware firewall?
I stay pretty safe on the internet - latest updates, Firefox with Noscript and manual cookie control, Spyware Blaster and Spybot immunization kept up to date, AVG antivirus kept up to date.
Just debating whether or not to bother with a firewall as well when my laptop is returned.
Thanks for your opinions.
Calum.

[wefr0]

YES ANY FIREWALL WORKS

[Calum]

YES ANY FIREWALL WORKS

Care to clarify that point?
I don't understand you.

[kuszmania9999]

Your "firewalling" should be in layers.

First, use an ISP or email client service that offers online (server side) virus, spam and content filters.
Second, use a hardware router with a built in firewall between your modem and your computer or network.
Third, install personal firewall, anti-(spyware, virus, trojan, spam etc) software on your computer.

Lastly ensure you have the latest definition updates for the softwares listed above as well as windows, avoid the use of two software firewalls or anti-virus programs at the same time. Completely uninstall one before installing another, and remember to audit your system for an accurate security evaluation once you get everything in place.

Below is a list of sites for that:

0. http://www.auditmypc.com/
1. http://www.dslreports.com/secureme_go
2. https://grc.com/
3. http://hackerwhacker.com/
4. http://www.pcflank.com/about.htm
5. http://scan.sygatetech.com/probe.html
firewall is a MUST...understand here
http://www.howstuffworks.com/firewall.htm

[Calum]

So you're saying that I absolutely need a software firewall as well as a hardware firewall?

"Check" to all three of your layers, except no anti-spam software (other than the spam filters on Thunderbird and Gmail) because I don't need it.
I was just hoping to drop my software firewall - looking around I see a lot of people saying you don't need a software firewall if you have a hardware one.

[kuszmania9999]

The following information is from:
http://steadfast.net/forum/archive/index.php/t-306.html

They are some differences, though, and they can be used together to give you an even greater degree of protection.

Hardware firewalls are important because they provide a strong degree of protection from most forms of attack coming from the outside world. Additionally, in most cases, they can be effective with little or no configuration, and they can protect every machine on a local network.

A hardware firewall in a typical broadband router employs a technique called packet filtering, which examines the header of a packet to determine its source and destination addresses. This information is compared to a set of predefined and/or user-created rules that determine whether the packet is to be forwarded or dropped. A more advanced technique called Stateful Packet Inspection (SPI), looks at additional characteristics such as a packet's actual origin (i.e. did it come from the Internet or from the local network) and whether incoming traffic is a response to existing outgoing connections, like a request for a Web page.

But most hardware residential firewalls have an Achilles' heel in that they typically treat any kind of traffic traveling from the local network out to the Internet as safe, which can sometimes be a problem.

Consider this scenario: What would happen if you received an e-mail message or visited a website that contained a concealed program? Let's say this program was designed to install itself on your machine and then surreptitiously communicate with someone via the Internet — a distributed denial of service (DDoS) attack zombie or a keystroke logger, for example? And trust me, this is by no means an unlikely scenario.

To most broadband hardware firewalls, the traffic generated by such programs would appear legitimate since it originated inside your network and would most likely be let through. This malevolent traffic might be blocked if the hardware firewall was configured to block outgoing traffic on the specific Transmission Control Protocol/Internet Protocol (TCP/IP) port(s) the program was using, but given that there are over 65,000 possible ports and there's no way to know which ports a program of this nature might use, the odds of the right ones being blocked are slim.

Moreover, blocking too many ports would almost certainly adversely affect your ability to use some programs (many games, for instance). Also, some broadband router firewalls don't even provide the ability to restrict outgoing traffic, only incoming traffic.

Advantages of Software Firewalls
Now consider what a software firewall might do in the aforementioned scenario. When you first set up a software firewall, you can specify which applications are allowed to communicate over the Internet from that PC. Programs that aren't explicitly allowed to do so are either blocked or else the user is prompted for confirmation before the traffic is allowed to pass. Therefore, it would likely intercept this kind of traffic before it left your computer.

Another potential scenario where a software firewall would be useful is in the case of an e-mail worm with its own e-mail sever, like the recent "SoBig" worm. Its built-in mail server could attempt to send mail on the valid Simple Mail Transfer Protocol (SMTP) port (25), which would probably pass through the router because of its trusted origin.

On the other hand, a software firewall could be configured to only allow Microsoft Outlook to use port 25 (assuming Outlook is your e-mail client). Any attempt by another application to use the port would be dropped, or blocked pending user confirmation. For that matter, the application's attempt to use any port would be blocked if the firewall was configured that way.

By comparison, a hardware firewall that had the ability to filter outgoing traffic might allow you to block most kinds of traffic from a particular PC, but it wouldn't be able to flag you and alert you to repeated attempts to infiltrate your computer.

One obvious downside to software firewalls is that they can only protect the machine they're installed on, so if you have multiple computers (which many small offices do), you need to buy, install, and configure a software firewall separately on each machine. This can get expensive and can be difficult to manage if you have a lot of computers.

But the fact of the matter is that software firewalls generally offer the best measure of protection against certain types of situations like Trojan programs or e-mail worms. Speaking of which, a firewall isn't the only protection method available to you. Whether you end up using a software firewall or a hardware firewall, you should always supplement it with anti-virus software.

A good anti-virus package is just as important as a firewall, and I would seriously suggest that you invest in a good one (I'm partial to both Norton and McAfee myself). However, keeping your virus definitions updated is far more important than which program you use. I cannot stress the importance of this enough. Making sure your definitions are current is absolutely critical to maintaining your protection. Many Anti-virus programs today can be configured to automatically update themselves, so you have no excuse for not maintaining them.

The bottom line is that with any home-office broadband connection, a hardware firewall should be considered a bare minimum, and supplementing it with a software firewall on one or more computers (and don't forget anti-virus software) is almost always a good idea. huh...long explanation....isn't it?

- http://steadfast.net/forum/archive/index.php/t-306.html "Software vs. Hardware Firewalls" Steadfast Community Forums

Edited by Zylstra to CITE the information

[The Saviour]

Calum...

To put it as simply as possible...routers do have their own hardware firewall.  They act like a computer would (basically).  If someone were looking to get to your computer, they would see the router, first.  They'd need to get through it in order to gain access to your computer...the threat is there, but the router's firewall should stop them.

Personally, I've tried several different firewall programs...they all promise the same thing.  I've ended up just un-installing them and using the Windows firewall.  This seems to be sufficient for me.  I've also found that uninstalling the others and just using the Windows firewall has increased the PC's performance.

I've also tested my security...here...just scroll to the bottom of that page.

I guess it all depends on who you ask...

Though the router's firewall is sufficient...you should also look at it like this:

1)  Your router has its own firewall and IP...acting like a computer...the firewall should block malicious attempts...but doesn't notify you of the attack.

2)  An installed firewall software program on your computer acts as a backup, when using a router, to further protect you from malicious attacks.  The reason we install firewall software (other than using the Windows Firewall) is due to the opinions received from others recommending this and that...making us second guess ourselves as to what is best for our computer system.  The Windows Firewall alerts you if a known program is accessing the Internet or if there is an unknown program trying to gain access to the Internet.  That's good enough for me.

3)  If one is not using a router, then it would be in their best interest to use one...whether it be the Windows Firewall...or one from a third party.

I hope you found this useful...

[Calum]

I ran the Symantec security check, with no firewall active other than the hardware firewall, and passed every test.
I'll run the other checks too to make sure - if I pass those too, then I'll be happy with the hardware firewall and won't bother with a software one.

The reasons for using a software firewall as well as a hardware one are many, for example to prevent Trojans downloading more malware.  However, if they can't get on my PC in the first place, it doesn't matter so a software firewall wouldn't help me there.

[patio]

Another Strong Test Site...

[WillyW]

The title says it all really.

"a" firewall,  as in any at all?   
or did you mean just hardware or just software, or both?

I have a hardware firewall active on my modem/router.
Do I also need a software firewall such as ZoneAlarm, Comodo or Sygate?

Here, you've used the word "also",  so you're asking if you should use both your hardware firewall and a software firewall at the same time.
Good question - it will be interesting to see the answers you get.

As I understand it,  hardware firewalls do an excellent job of what they do.
and that to is block ports one way - inbound.     
They don't block outbound traffic.
Software firewalls can do that.    So -   would you feel comfortable without outbound monitoring?    How close an eye do you keep on your computer?
Are you apt to install lots of programs,  some perhaps a bit shady,  that might start sending out data without your intending it?

See what I mean?

If you are comfortable with just inbound protection, then you can do away with your software firewall.

Or should I just leave the Windows XP firewall active instead?

Almost always, I read that the WinXP firewall is better than nothing,  but better would be to shut it off and use another, such as you listed.

Or, should I just rely on my hardware firewall?
...

That's what I do now.
After a while of using both hardware and software firewalls at the same time,   I decided to stop loading and using the software firewall.    I didn't see the need for it here.   
That's just me.     Again,  I'm looking forward to following this thread,  -  I might learn something too.

[Calum]

Another Strong Test Site...

kuszmania9999 already linked me to that one.
Incidentally, with no firewall but the hardware one active, I passed all the tests linked to - every port tested is shown as "Stealthed".

"a" firewall,  as in any at all?   
or did you mean just hardware or just software, or both?

I meant "is a software firewall necessary", perhaps I should have chosen that title instead.  I'll edit it now.

Here, you've used the word "also",  so you're asking if you should use both your hardware firewall and a software firewall at the same time.

Exactly.

So -   would you feel comfortable without outbound monitoring?    How close an eye do you keep on your computer?

After reading the responses and some more research, that seems exactly the question.  The answer is, a very close eye.  I have excellent protection (as far as I am aware).

Are you apt to install lots of programs,  some perhaps a bit shady,  that might start sending out data without your intending it?

Not any more.  I used to, but I stopped that when I became concerned about computer security (say, 2 years ago).

Almost always, I read that the WinXP firewall is better than nothing,  but better would be to shut it off and use another, such as you listed.

Hmm.  So the question now becomes, do I need the Windows firewall active?
I'm happy to go without a software firewall, such as Comodo or Sygate, but as I understand it the Windows firewall does the same as a hardware one - it monitors incoming traffic and not outbound traffic.  So in that case, it wouldn't be necessary.

Edit: by the way, this makes interesting reading --> http://www.grc.com/dos/grcdos.htm

[patio]

kuszmania9999 already linked me to that one.
Incidentally, with no firewall but the hardware one active, I passed all the tests linked to - every port tested is shown as "Stealthed".

I would say you are adequately protected then...if you want to leave Windows firewall on there should be no problem...
It does not monitor outgoing traffic however.

I am currently not running a firewall and have no problems.
I do however try out the latest offerings out there on my testbench machine.
I found jetico to be the most effective lately out of all but as with any Firewall app there is a learning curve involved.

I would say though with a bit of common sense in browsing habits and if you're not a heavy torrent user or anarchist you should be good to go...

[Zylstra]

kuszmania9999, if you are going to copy information directly from another website, you need to cite your information (Quote it, tell the name of the article/topic it came from, and give a link).

Your post has been edited to cite the information.

A tool that will make citations for you:
http://citationcenter.net/ctool.php5?style=MLA&vers=6&type_gen=Web-Exclusive
(the method described above is fine)

[Calum]

Well, thanks for the advice all.
I think I'll stick with just my hardware firewall then, and turn the Windows firewall off too if it just does the same as the hardware one (ie only monitoring inbound).