Summary: A firewall is critical to keeping your internet connected computer safe. We'll review what a firewall is and the two different types of firewalls.
I keep hearing the term "firewall" and how I need one when I connect my computer to the internet. What's a firewall, why do I need one and how do I set one up?
•
The bottom line is that a large class of viruses and other types of malware can be prevented simply by using a good firewall.
What's a firewall? Well, in your car it's the "wall" of metal behind the dashboard that sits between you and the engine. Its purpose is to prevent engine fires from roasting you and your passengers.
A firewall for your computer is much the same - its purpose is to keep you from getting burned.
•
A firewall is at its core very simple: it blocks or filters certain types of network traffic from reaching your computer.
What do I mean by "certain types"? There's network traffic you do want to reach your computer: like the pages of web sites you visit or the software you might download. And then there's other traffic you might not want like malicious people or computers trying to access your computer remotely or viruses and worms trying to infect your machine.
A firewall knows the difference. It lets the good stuff in and keeps the bad stuff out.
Firewalls can also usually be configured; they can allow you to say "this kind of connection from the outside is OK". A good example is remote desktop. A firewall may by default block any attempt to connect via remote desktop. But you can also configure the firewall to allow that type of connection to come through. Doing so you would be able to access your computer from another computer, be it across the room or across the internet. But even though you've allowed one type of traffic - remote desktop - other types of traffic like certain types of viruses are still blocked.
Some firewalls will also monitor outgoing traffic for suspicious behavior.
One characteristic of many viruses is that once you're infected they attempt to establish connections to other computers in order to spread. Many software firewalls will detect and either warn you or simply prevent those attempts.
And that leads to a very important distinction. There are two types of firewalls: hardware and software.
A hardware firewall is just that - a separate box that sits between you and the internet that performs the filtering function. Traffic that is filtered out never even reaches your computer. Even the least expensive broadband router can perform the function of a firewall quite nicely. The downside for a hardware device is that most will not filter outgoing traffic.
A software firewall is a program that runs on your computer. It operates at the very lowest level, as close to the network interface as possible, and monitors all your network traffic. While all network traffic still reaches your machine, the firewall prevents malicious traffic from getting past it and on to the operating system. The firewall prevents your system from actually noticing or doing anything with malicious traffic.
The good news is that all versions of Windows after XP have a software firewall built in, and all versions after Windows XP SP2 have it turned on by default. In fact, the security center will take steps - perhaps even annoying you in the process - to ensure that the firewall is either turned on or that you're aware of the risks in not having it turned on.
The bad news is that a firewall can't protect you from everything. A firewall is focused on protecting you from threats that arrive via malicious connection attempts over the internet. A firewall will not protect you from things you invite onto your machine yourself such as email, attachments, software downloads and removable hard drives.
But even so, protecting from those network threats is important.
In general, I recommend a hardware firewall such as a broadband router and leaving the Windows firewall turned off. However, regardless of your approach, be it a router, be it the Windows firewall, or be it some other software or hardware solution, some kind of firewall is always a necessary part of keeping your computer safe when connected to the internet.
(This is an update to an article originally published May 14, 2004.)
Related:
Do I need a firewall, and if so, what kind? Firewalls are a critical component of keeping your machine safe on the internet. There are two basic types, but which is right for you?
How do I turn off the Windows firewall warning? If the Windows firewall is not enabled, Windows will warn you. You can tell Windows that you know what you're doing and don't need the Windows firewall.
Windows Firewall is restricting access to something I want ... what do I do? If Windows Firewall is restricting access to a program you want, there are a few steps to take to allow them access to the internet once more.
What's the difference between a Hub, a Switch and a Router? Hubs, switches and routers are all computer networking devices with varying capabilities. Unfortunately the terms are also often misused.
Internet Safety: How do I keep my computer safe on the internet? Internet Safety is difficult and yet critical. Here are the seven key steps to internet safety - steps to keep your computer safe on the internet.
Article C1941 - September 26, 2009
if i tries to sign in to my Windows Live Messenger, it displays : Several Attempts to sign in, you firewall may be blocking you to connect to the service.
Posted by: Rezwan at December 14, 2008 12:55 PMLeo Please help me.
Thank you
My computer wont let me download anything.Is my firewall doing this?If not what can I do so I can download things again?
21-Feb-2009
i'm having the same problem like others. pop out showing "windows live messenger has made several failed attempts to sign you in.your firewall may be blocking windows live messenger from connecting to the service.please review your firewall settings.see the retailer's instructions for more information" when signing in. pls help..
Posted by: Augustine at April 18, 2009 10:53 PMWindows Live Messenger Has made several attempts to sign you in. Your firewall may be blocking Messenger from connecting it to it's service. See the retailers instructions for more info"
I get this error while signing to WLM... please help me....
Posted by: ANoop at May 3, 2009 10:33 PMWhere I work we all have the same lap tops and/or computers. All settings are to be the same. Some people can access a particular web site but I cannot. I have searched for something that is set differently than the others but I am frustrated. Please help.
Posted by: Lydia Grant at September 4, 2009 10:08 AMummm, Leo, stick to computers. The Dash Panel (not the metal and plastic construction you can see and touch and which is correctly named Instrument Panel in the automotive industry) or Floor Panel which are steel panels under your feet and between the interior of the car and the engine compartment, are NOT there primarily to "prevent fires from roasting the driver and passengers". Yes, it may have that benefit in certain rare circumstances but its sole purpose is as a structural component of the body and to mount 'things' on. And rest your feet :P. If you call that part of a car a firewall, it's poorly considered slang and quite misleading in its literal sense. Yes, I know people use the term but they're not using industry terminology.
The original firewall was a functional element of adjoining houses to prevent a fire in one from spreading to the other. In that context, a computer firewall is a perfect analogy.
Sorry to be picky but in a previous life I was an IP (Instrument Panel) engineering specialist in the auto industry - I couldn't let your example go unchecked.
Apart from that; great article.
Posted by: David at September 29, 2009 6:58 AMWhile I understand a broadband router could be an effective hardware firewall for PCs, I am not clear if it is functionally any different between a modem connected to a router vs a single unit with both modem and router.
30-Sep-2009
Posted by: Ramesh at September 29, 2009 9:09 AM
Reading the article on Firewalls reminded me of a personal experience I would like to share with your readers. I Signed up for magicJack service for making free phone calls through your computer.[$40 first year, $20 yearly after.] For five weeks I could not make the thing work. Finally a company engineer shut off my Verizon Firewall and allowed only my Windows one. I began making my calls right away. The voice may fade a little sometimes but I am happy with it. Just watch out for two firewalls causing problems.
Posted by: Jack Murphy at September 29, 2009 11:02 AMI'd agree with only a hardware firewall if only one computer is being protected and it is a desktop computer and not a laptop that goes on the road.
The hardware firewall only approach fails to detect other computer(s) intranet access on the same subnet, say a home based LAN. If one of the other computers takes in a virus, e.g., via a USB flash drive, it could be spread to the other computers via rouge network access.
Posted by: Mike Noonan at September 29, 2009 3:35 PMTherefore, I recommend always using a software firewall except for as noted above.
Hi Leo,
Posted by: Jennifer at October 2, 2009 6:44 PMAT&T came out yesterday to install internet service at my home. It's wireless and my desktop is working great. However, when I tried to access the internet from my laptop, it doesn't seem to work. Under "Network Connections", I right clicked on the "Wireless Network Connection" icon and when I click on "Enable" it says "Not connected, Firewalled" Is it possible to change the firewall settings so that I'm able to access the internet? I don't want to remove the firewall completely, for the reasons you stated in your article. Thanks!