Is an outbound firewall needed?

Read the article that everyone's commenting on.
Subscribe to the RSS Feed for comments on this article.

Where I have found the outbound firewall helpful is with "bloatware". Several useful applications came on my system from the manufacturer. The problem is, of course, that they want me to sign up and pay for upgrades that I don't need or want. About every third time I bring them up they want to go to the internet and give me a pitch on how I really need more than what was provided with my system. By blocking them with my internal firewall I don't have the hassle.

Wow that was quick. I see your point: if computer is infected you can't trust it and that includes firewall on it. Focus on prevention instead.

Btw, I installed the keylogger just to check what would happen if someone else did it on my machine. Paid version of the keylogger does have the option to hide it. Free version hides it temporarily. Name of keylogger was in the mail. I suppose some keyloggers are legitimate commercial software and are specifically left out, because another keylogger with similar functionality my anti virus didn't even let me install.

I believe that a software firewall is necessary layered security is a must in this day in age a hardware firewall is not enough. search for a blog called Melih and read his article on this point of view.

I have McAfee Desktop Firewall Enterprise edition. Everytime a program in my computer tries to call his mother ship via port 6660 to 6669, McAfee Desktop Firewall will prompt if to allow or deny outbound connection. The McAfee Antivirus Enterprise edition didn't block IRC both ways, I think outbound firewall is essential if you're concerned about privacy.

I got infected with Virtualmonde or Trojan Vundo before. The McAfee antivirus couldn't even totally get rid of this trojan. The McAfee Desktop Firewall came in handyuntil I got Malwarebytes Anti-Spyware that totally got rid of all sort of parasites in my destop.

I have to agree that by the time an out going firewall alerts you of a problem , you already have one.
But in some cases, that is the first ,and possibly, the only indication that you have the problem. As well they are very handy at stopping malware downloaders.

Keep in mind that a software (in/outbound) firewall has to go thru the header of EVERY SINGLE packet being sent AND received. This means it will require a variable amount of resources, depending on how you use your connection.

If you download/upload a lot of information (even if you unblocked the program), your software firewall must still spend CPU resources to read all those packet headers.
If you're playing a game, downloading a movie, or even using your instant messenger, it will have to read EVERY SINGLE packet, going both in and out. You can expect at least 15-20% of your CPU to be used AT ALL TIMES for a heavy user.

Not to mention the fact that a user behind a NAT router (which provides inbound protection already), also running a software firewall, (which provides inbound protection again, but this time using your computer's resources), simply makes no sense.

A NAT router alone though, takes care of the problem at it's source, does it only 1 time, and saves you all the resources you so very need from being wasted.

Leo's philosophy is true: If it's already on your computer, it should be assumed that it should be, and should be left just as that.

An alternative to this, if you are somewhere with an unmanaged network, or if you are connecting to a place you don't trust, Windows Firewall (which also only does inbound protection) will do, pretty much the same job as your NAT Router, on the road. And, since it's inbound only, it will use less than 1/2 of the resources, your in/outbound firewall would require (5% CPU).

does it read every packet or just only every program connecting internet?

One Exception! At the time this occurred I was 70 years old with no interest in pirating DVD's. I had purchased and installed DVD X Copy because in the advertising it sounded as if it could be used to make multiple copies of MY HOME RECORDED videos for family members. I was given a prercorded DVD for Christmas and made the mistake of watching it on that computer. A program included on that DVD that was ostensibly a DVD player asked for permission to go out to the web. Innocently I gave it that permission. It returned immediately with a trojan That deactivated X Copy which I intended for a perfectly lawful purpose. Further it destroyed all of my personal photo files on that computer. Without the out going firewall the damage would have been done and the cause would have been a complete mystery. Obviously considering these vigilante tactics I now have no sympathy for the DVD industry and there supposed problem with piracy. D.D.

I'm with Fred on this one.
Snip: "In some cases, that is the first, and possibly the only indication, that you have a problem."

Too right mate. If something does happen to get past your defences, what Leo is suggesting would let it do what ever the hell it likes without you ever knowing. Well, at lest till the day you find that you've taken out a $250k loan in another country and some debt collectors want you to pay it back!

Leo:
SNIP: "Frequently, they'll simply report a connection attempt to or from an IP address with little or no additional information."

Google is your friend. (-: They usually tell you the process/program name, and which folder it's in. A legitimate process name in the wrong folder is a virus. IP lookup/whois can also give you some good clues as to the status of any outgoing connection request. It pays to be vigilant.

But there's an even better solution to this whole problem. Use Linux! (-: No need for FWs or AVs. End of story.

Thanks for all the great newsletters and articles Leo.

Well, an advanced user may find the software firewall helpful. Suppose you have set up your PC to be accessed via VNC through the Internet via your Home NAT Router by opening specific ports. The software firewall detects numerous connection attempts per minute on those open ports giving you an oppurtunity to block them. Had it not been there & you would not have supplied a good password to VNC, you can imagine the consequences.

It becomes necessary in such cases but for the average user, yes being behind a NAT router with good browsing habits is sufficient.

Ravi.

To post a comment on "Is an outbound firewall needed?", please return to that article's main page.