Originally published at: http://www.howtogeek.com/165203/why-you-dont-need-to-install-a-third-party-firewall-and-when-you-do/
Firewalls are an important piece of security software, and someone is always trying to sell you a new one. However, Windows has come with its own solid firewall since Windows XP SP2, and it’s more than good enough.
One important note about alerting to and blocking outbound connections is missing here: It also may help with early malware detection, and prevent the malware's spread.
If a piece of malware slips by your antivirus and lands on your system, then tries to phone home (for any number of reasons - none good), Windows Firewall will likely let it. The malware will continue to run silently in the background, getting updates and instructions from its controller, trying to spread itself, downloading more malware, and sending off your personal info, until it does something in particular that makes you take notice or your antivirus program is updated to detect it.
A more aggressive firewall that alerts you to and will by default block both incoming and outgoing connections would help you catch these sort of infections more quickly, before any of your data is lost or other systems on your network are attacked. The article is right to say that these are more noisy, and most end-users probably don't have the patience or technical knowledge to use them right. But they do still serve as a very important enhancement to security for those who can and do use them.
There is also compromise between the “simple” built-in Firewall and overly complex third party tools. Programs like SphinxSoftware’s “Windows 7 Firewall Control” are based on the internal Windows Firewall but extend the control and offer more functions. This means the original OS component still runs in the background and can even be controlled via the usual (extended) firewall interface but you also get some really useful additional functions. There’s a free version available which is totally sufficient and has done a great job on my system so far. I think there is a lot of similar programs out there though I have only given this one a try.
You can also try Windows Firewall Control. It's some kind of "gui" to Windows' Firewall. It's actually quite good and free! You should try it. I use it for quite some time now in my netbook and i'm very satisfied.
Outbound firewalling is certainly a plus, and while it is annoying to train it is very useful for catching malware. This wouldn't be the sort of malware that slips by av this'd be the hidden features of some application you downloaded.
The Windows firewall should be called the Windows Opendoor. It has never blocked anything from getting on your computer, and any port scan will show every port wide open and unprotected.
I use ZoneAlarm, never have any problems with it and it asks me if I want something connecting to the net. Stick to third party firewalls and turn off the Windows open door.
The OP of this article obviously doesn't know what he's talking about. Windows Firewall doesn't have HIPS or Keylogging, and yea Malware, and as jowolf359a said, the Windows Firewall leak test is the worst Period!! It doesn't matter what addons you use it will not make the Windows Firewall any stronger.
I've used Comodo Firewall for the last year with no complaints. It's by far more capable than the firewall that ships with Windows.
Try not to use multiple DIFFERENT firewalls, as they can conflict with each other.
For example: One firewall might let something through where as another firewall might not and the connection then goes mad as it doesn't know what to do. The same goes for outbound traffic too.
Completely agree with Iszi.
+1 to Zonealarm
It even notifies when a program is trying to make changes to system files, which might change your mind about installing certain piece of software if the installer tries to get too much freedom.
If people could know beforehand which programs to trust and which not, antivirus programs wouldn't be necessary in the first place. It is the reporting of these unusual behavior which raises the flag in many cases, and there are well documented cases of trustworthy programs that turn to the dark side.
It is important to keep in mind that some of these changes reported could be legitimate in order to provide certain features or registering some components needed by the program, but it is always better to know what is going on when you install a new piece of software.
It is ok not to have a third party firewall if you have some power user in your group of friends that can fix your PC for free when it gets infected or if you can do it yourself.
Another important point is that I don't feel comfortable putting my privacy in the hands of Microsoft or any single company for that matter, but that is more of a personal choice. I prefer programs to watch each other rather than blindly trusting one vendor.
Yes Comodo is good. I used it for years. I use Private Firewall now.
Using multiple firewalls is not the topic here. The OP stated single not plural. And besides Comodo automatically deactivates Windows Firewall as does most 98% of 3rd party firewalls.
Firewall and Antivirus are two completely different subjects. Trusting programs will not protect you from viruses. Trusting or Knowing programs or the so called Practice Safe Browsing is with-out-a-doubt a JOKE so other-wards Antivirus, Malware, and Firewall are Mandatory if you want to have a clean computer and privacy. Also use WOT.
@Dan1: I fail to see who is suggesting that firewalls and antivirus software are the same thing, or that trusting a program can prevent virus infections. Agreement seems to be that a competent firewall (outbound traffic control + detailed logging), is a must-have complement to any antivirus program because they can help you detect malware that manages to bypass AV protection.
As for cookies, they are nothing but chunks of data used to identify you, and can not to under any circumstance, install a program of any kind.
All the best,
This is not meant to instigate or as a personal assault, but based on your comment, I can surmise you do not have the knowledge or experience with the windows firewall much less an enterprise level one.
For the average home user the windows firewall is sufficient. Even for a power user, if you configure it using the advanced settings you can certainly secure a home pc robustly against intrusion, without turning to a third party application.
All of the Windows OS devices on my network (11 in total) use the native firewall locally. As a disclaimer I do have a firewall/antivirus device on the network, but even before I had that installed, just the native firewall was configured. I have never had an unauthorized intrusion.
Fair enough Dan.
It is you who have instigated the personal assault/insult in this. I have far more knowledge and experience with Windows than you know. I use Windows, but I do not trust any of the so-called security programs that come built in to Windows, I replace them with programs that are well trusted and user friendly as soon as I either get the OS cleaned or newly installed. Window Defender, Windows Firewall, Internet Explorer all are replaced by Avast, ZoneAlarm, and Comodo IceDragon. Then I install SuperAntiSpyware, Spybot Search and Destroy, SpywareBlaster, SpywareGuard, and Ad-Aware.
None of my personal systems have anymore problems and none of the systems that I clean and build for people give them any problems. I hope your devices continue to have no problems and that all of your systems stay problem free, but when you trust any one vendor too much, you are in for a rude awakening, I know because I did trust the Windows firewall and Defender and still had to reformat once a month, not recover but reformat the computer. After trashing Defender and Windows Firewall and Internet Explorer, first for AVG, Sygate Firewall, and Netscape. I have tried all the programs that I use in the cleaning, or new install, of the computers that I work on.
Microsoft has ruined too many programs that it has bought up over the years for anyone to actually trust it. My job that pays the bills is to run, and fix the county that I live in school, library, and court house LAN's and WAN's, so I do know what I am saying in this.
Well, this is odd. I read the article, Why You Don’t Need to Install a Third-Party Firewall (And When You Do), today. But found all the comments are dated in June of 2013 and I get a popup asking if I want to revive this old conversation.
However, I still have something to say about Windows Firewall. It showed up on my system with SP2. I set it to block everything and notify me when it did. In all these years, it's never made a sound, or shown me a pop-up. Piece of crap, if you ask me.
-Never- trust Micro$oft, it's same as trusting Nazis.
I've used COMODO for years. Before COMODO, ZoneAlarm. ZA was nice and powerful, but you can't conf it much, and the commercial versions kill Internet connection eventually, and even I couldn't make it work. Instead, COMODO has everything, simply works and ain't that difficult. If it happens to break, uninstall, erase all tracks regarding it, and install back.
next page →