I recently came across a very interesting and rather controversial article on the benefits of personal firewalls. The author is obviously a pretty smart guy, but he does seem to me to be lacking a little foresight when he claims that "Firewall software for home use is not much more than a leaky dike".
I'd say that a computer without a firewall is a leaky box - the firewall guards the box against otherwise inevitable leaks. Of course it (the firewall) cannot solve all problems. No software or hardware, or anything else, is perfect. But it can provide that bit of extra protection to maintain the integrity of personal data stored on computers. Alongside the firewall, other security measures are also advisable, such as anti-virus, anti-spyware and patching your OS and applications with the latest security updates. On top of this comes the user's knowledge of security basics and the application of a little common sense to their computer use.
Below are some statements made in the article, which itself is based on German magazine PC Professionell’s analysis of six firewalls earlier this year. While the upcoming Outpost 4.0 wasn’t available for that article, I thought it would be helpful to identify how Outpost Firewall Pro 4.0 will counteract the author’s claims:
"Firewalls don’t defend against leaktests." The upcoming version 4 of Outpost Firewall Pro has been designed to protect against all known techniques to engineer information leaks, even those using a trusted program as a disguise – we’ve specifically tested the code against almost 20 available leaktest tools, and Outpost passed every single one. So I think Outpost users can be confident that firewalls *do* defend against leaktests.
"Malware can switch off security software before causing damage." Yes, this can happen – and it has happened to several anti-virus and anti-spyware programs I can think of. But Outpost Firewall Pro v4 has been equipped with extensive self-protection capabilities, so no malware will be able to temporary disable its operation before doing its dirty work.
"Anti-virus is more important than a firewall because Trojans can exploit vulnerabilities." A good firewall closes *all* unsafe ports to external networks so that, even if software using these ports is found to have a security vulnerability, the firewall will block hackers trying to inject a Trojan or other malware onto the computer. (But you should still use anti-virus as well).
"Anti-virus is the last resort, after every other security tool has failed." The last-gap defense is to my mind the firewall, not the anti-virus which needs to have the latest signatures to reliably identify – and thus be able to accurately remove – potential infections. If there’s no signature, the anti-virus won’t see the malware. But the firewall will see anomalous behavior and close the port the malware is trying to use. As of today, I don’t know of any anti-virus that can reliably isolate unknown viruses.
"Desktop firewalls are not needed if users follow the basic rules of safe surfing." There are a lot of wise and experienced people who would totally disagree with this statement. Most users are not aware of the basic rules of safe surfing and, even if they are, they often don’t follow them. This is human nature. The firewall is there to bridge the gap and help protect users when they don’t protect themselves – like an airbag in a car will help protect people in a car if they have an accident and aren’t wearing their seat belts.
"John Q Public doesn't need administrator rights and should log in as such only when installing software." Yes, that's true about the Admin rights, but WinXP by default adds users as administrators. Vista will correct this situation in due course.
"Users who still prefer a firewall should first check whether they are using a router with firewall functionality." If so, then no firewall is needed, not even the one built into Windows XP. Routers and devices with hardware firewall functionality don't have data monitoring on a per-application basis. They can only verify traffic according to general conditions, they can’t prevent a sophisticated keylogger from transmitting personal data off a machine – but a personal firewall can.
"The configuration of a personal firewall is usually more than most users can handle anyway." Yes, this is a significant problem with many firewalls - errors in configuration and users ignoring incomprehensible messaging from the firewall together are responsible for most firewall “failures”. Our engineers have worked hard to eliminate this issue, so Smart Advisor helps Outpost users to make a decision on allowing or blocking certain program activities. I’ll be interested to see how this author responds when he sees the much-improved ImproveNet in Outpost v4.
Well, this is my opinion about the value of firewalls. Hopefully at least some of the knowledgeable folks out there will share it. But whether you do or don’t, I’d like to hear your opinion – so please post a comment here and tell me what you think.
Product Marketing Manager, Agnitum