6/3/05 Is a firewall absolutely necessary?
by Lee Koo (ADMIN) - 6/2/05 1:00 PM
A sincerely thank you to all of you who contributed to this past week's Q&A topic on Firewalls.
Grandpa Stanley, I hope these members' awesome explanations and recommendations to your question give you a solid understand of how firewalls work and why it is important to utilize one. I wish you nothing, but good luck in finding what works best for you and if you have a moment please swing by and give these members a good pat on the back for their time and incredible efforts for sharing the knowledge they possess.
Members, if you have additional advice for Grandpa, please feel free to post them in this thread below. Have a great weekend!
Hi, I'm really new to computers and the Internet. I keep
hearing people say I should use a firewall on my computer to
prevent Web nasties, but I'm confused as to what a firewall
is and if it's absolutely necessary. If you say I need
one, which one would you recommend? I want one that I can use
and easily understand without pulling out what's left of my
hair. Understanding my antivirus app was difficult enough,
but I'm always willing to learn new things given a chance.
Any advice to a grandpa who's just starting to explore the
computer world is sincerely appreciated.
Submitted by: Stanley M.
Stanley, a firewall acts as a gatekeeper between your computer and all the other machines that make up the Internet. Why do we need such a gatekeeper? It's because the nature of communication across computer networks allows for a loophole that can be exploited by malicious hackers. I'll use a telephone analogy to make the aforementioned points clearer, then make a recommendation...
If you call your telephone service provider, you will inevitably be greeted by an automated voice and a menu of options, and your call will be forwarded to the appropriate extension line based on selections you make. But imagine if that customer service number was a single, direct line to a single representative instead of to any number of extension lines connecting you with different departments and many employees. Disparate calls to report problems, pay bills, upgrade and downgrade services, and general inquiries would all go to the exact same phone line, so that thousands of customers would be simultaneously competing to get through at any given time. Such heavy traffic would not only tax the phone line and the employee at the end of the line, it would eventually overload the circuit to the point that it might cease to work altogether. Not exactly a model of efficiency, and the reason multiple lines and extensions, and even those dastardly automated menus, exist.
Communication across a computer network works in a similar fashion. Your computer is identified by an unique number - known as its Internet Protocol (IP) number or address - that allows it to transfer information across the Internet. Think of the IP number as your computer's telephone number. But as we just saw in the example above, if every instance of communication involved a single "line," competition among different processes or programs would slow things to a crawl, and essential processes like your antivirus updater might never get through!
To avoid this nightmarish logjam, computers use what are known as Internet ports. These ports are not physical entities like those used to connect hardware such as your mouse or a scanner, but rather "numerical addresses" that act like multiple lines or extensions necessary to keep things running in an orderly fashion. When a remote computer "dials" your IP number, it also specifies a port. This is like dialing a known party's extension at the main automated menu. To keep your system running smoothly, different processes in your computer listen for "calls" coming through specific "extensions lines" or ports. When a call comes through the appropriate port, your computer responds by providing whatever information is being requested, usually in the background, without your knowledge. And therein lies the importance of having a firewall.
A port is considered to be "open" when it can be detected by remote computers, which then are able to exchange information with your computer. While many ports must remain open to permit legitimate processes to access the Internet, most don't, and their exposure merely provides an invitation for trouble. Hackers can easily scan for available open ports, and when a computer answers, they have found a machine they might be able to break into. They can request all sorts of sensitive information, and your computer will gladly send it over.
A firewall "closes" ports by preventing unauthorized "calls" from getting through. Because your computer doesn't answer, a hacker will assume no computer exists at the particular IP address, and move on. A good firewall practically makes your computer invisible to hackers, while allowing for legitimate programs to access the ports needed for flawless performance.
By now you might be thinking "But there's nothing worth stealing in my computer!" Perhaps, but a hacker might break into a computer with intentions other than to steal sensitive files like financial information or Social Security numbers. (And don't fool yourself, your computer might already have far more personal information than you might suspect!) Malicious hackers can act as vandals and delete information from your hard drive and corrupt system files, essentially rendering your computer useless. They can also remotely control your computer, turning it into a zombie machine used to send viruses or spam, or even launch denial of services attacks to companies like Microsoft, Google, CNET, and Amazon.com - severely slowing down Internet traffic. So, you see, an unprotected computer represents a potential risk to all of us!
Fortunately, a firewall can prevent these and other headaches. The choice between installing one, and trying to explain to the FBI why your computer is disseminating child pornography over the Internet, is no choice at all.
Firewalls come in two flavors, so to speak: Hardware varieties, which are installed between your computer and your Internet gateway, and software firewalls. Hardware firewalls monitor access to your computer, but do not prevent programs already in it from accessing the Internet. In contrast, software firewalls monitor both incoming and outgoing traffic. Thus, if you accidentally download adware or a Trojan, your software firewall would keep these programs from "calling home" and carrying out many of their devilish tasks. Keep in mind, a firewall by itself won't protect you from all "web nasties." While a vital component of PC security, a firewall needs to be complemented with antivirus and antispyware software.
While it would be ideal to have both a hardware and a software firewall protecting your computer - you'd be having an extra line of defense - a quality software firewall is arguably more than enough for most of us. If you are running Windows XP, you already have a basic firewall installed in your computer. If you installed Service Pack 2, this Windows Firewall was turned on by default, and should be protecting your computer right now, unless you opted to disable it. The Windows Firewall acts like a hardware firewall, that is, it controls inbound traffic but not outgoing communications. Thus, you are better off upgrading to a better firewall, one that monitors both incoming and outgoing traffic.
Fortunately, there is an outstanding software firewall that happens to be extremely simple to install, configure and run - ZoneAlarm. Best of all, the personal version of ZoneAlarm is free! I encourage you to visit the Zone Labs website (http://www.zonealarm.com/) and download a copy. A ZoneAlarm User's Manual is also available for download in the website's Support section.
After you install and configure it - a process that is very quick and user-friendly - please go to the excellent Shields Up! website (https://www.grc.com/x/ne.dll?bh0bkyd2) to test the newly-installed firewall. This website features very clear and thorough information on how firewalls works, why they are necessary, which ones are worth getting, etc., so you might want to bookmark it and explore it at your leisure. (It is also a good idea to go back and retest your firewall from time to time, especially after software upgrades.)
After you install ZoneAlarm, you will have access to all of the features of the premium version for 30 days, including technical support. Take advantage of this trial period to determine whether the extra features might be worthwhile for you, and to have Zone Labs' support answer any questions you might have.
I am certain that you will find ZoneAlarm extremely easy to use. Don't let the fact that it is a free download make you wonder about the quality of the software. ZoneAlarm is a very powerful firewall, and it can be made even more so if the need arises. But chances are, you will not have to tweak much (if anything) after the initial setup.
There are other firewall choices, many of them packaged as part of "Security Suites." Symantec's Norton Internet Security (http://www.symantec.com/sabu/nis/nis_pe/), Trend Micro's PC-cillin Internet Security (http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm), and ZoneAlarm's Security Suite (http://www.zonelabs.com/store/content/home.jsp) are among the best. The advantage of these suites is that they integrate antivirus, firewall, antispyware, privacy and other utilities in one place, which not only is convenient, but tends to simplify things and prevent conflicts between software from different manufacturers. The three products just mentioned offer free trials, so if you think one of them might be the right solution for you, by all means check it out.
Submitted by: Miguel K. of Columbus, Ohio