Stupid Firewall questions

I was thinking about getting DSL and heard you need a firewall.
What is a firewall?
Where can I get one, preferably for free?

ZoneAlarm is an excellent choice. You can get a free version at:

(get the basic one. you don’t need any of the other stuff)

Essentially, a peice of hardware or software that filters network traffic so bad guys don’t get in. Some, such as ZoneAlarm, also ensure bad guys don’t get out, either.

If you have Windows XP you have one already.

Just go to Network Connections, click on your connection and enable Firewall. And uncheck all everything except TCP/IP unless you are networking.

Yeah, and it’s worth just as much as you paid for it!

Forget it. Get ZoneAlarm. It costs you nothing, except your time to download & install it, and is a very good firewall for the average home user.

Why is the XP firewall worthless? At least it’s better than nothing before you can get Zone Alarm.

Are hardware firewalls better than software ones?

Generally speaking, yes. But any firewall - hardware or software - can be misconfigured making its security features moot. XP’s built-in firewall isn’t bad, but blocks incoming packets only, not outgoing ones. So if you were to get a virus or trojan it wouldn’t stop anything from leaving your system.

Zone Alarm is OK - hardly the end-all-be-all most people think it is - but to me it’s just one more thing in the system tray wasting resources. If you’re going to have more than 1 PC accessing the 'Net, then a hardware firewall will cut down on administration, as the appliance will be a “single point of vulnerability” instead of two individual PCs.

How does hardware firewall work?

Calling something a “hardware” filewall is somewhat of a misnomer that tends to confuse people. A hardware firewall is simply firewall software running on a dedicated device. It’s still implemented in software, but it runs on a box that isn’t a general-purpose computer. A so-called software firewall is an application you run on a more typical computer. If it helps, you might think of them as external and internal rather than hardware and software. An external firewall is a firewall running somewhere upstream of the computer you’re trying to protect. An internal or client firewall is running on the machine you’re trying to protect.

As an example of this distinction, I’ve got a bare-bones linux box running iptables at my gateway (a software firewall). I’ve also got a router with packet filtering built-in (a so-called hardware firewall). From the standpoint of protecting a workstation downstream, making a distinction between the function of these two devices is pointless. They’re both upstream of my LAN, they’re both doing rule-based packet filtering. The fact that one is running on dedicated hardware and the other is running as an app on a computer isn’t relevant.

These two types of firewalls are not mutually exclusive or completely redundant. An external firewall, whether it’s on a dedicated device or not, may be more efficient at protecting your computer from inbound traffic because it doesn’t have to share resources with other things you’re running on your computer. In many cases, the software used for external firewalls is much more configurable for packet filtering, session support, etc. so it may provide more fine-grained control over what you want to permit (though this is a function of the software whether it’s run on a dedicated device or not, not a function of where it’s run). Typically external firewalls are used at a gateway so you can have a single well-designed firewall protect a large number of clients on a LAN.

An internal firewall is firewall software running on the machine you want to protect. This could be the exact same software you run on an external device (e.g. you could run linux iptables on a workstation) but in many cases a client-side firewall will have additional features. For example, ZoneAlarm allows you to filter outgoing traffic based on the application sending the packets, not just the port/protocol. This allows you to permit your browser to send/receive HTTP but disallow all other apps like spyware from sending identical traffic. An external firewall can’t identify the application generating the traffic, so it can’t distinguish between legit HTTP from your browser and a malware’s phone-home message.

IMO, asking which one is better or which one you need is like asking the same about air and water. They serve complementary functions and you’re best off with both. People who dismiss either are naive.

The guy’s asking what a hardware firewall is and you’re bringing up iptables?

Every time ZoneAlarm is mentioned, someone talks about it wasting resources. My experience is that ZoneAlarm uses almost no resources. I am now looking at the ZoneAlarm process usage and it is typically 0%, jumping to a huge 2% for a fraction of a second. I also saw a few peaks to 4% and once to 6% while accessing the internet (again for a fraction of a second).

How do people expect software to run without using a few CPU cycles occasionally? :confused:

It’s not like I launched into a dissertation on how or why to use iptables. I think the context made it clear what iptables is (and I explicitly said it’s a software firewall in the parenthetical) so even if he’s never heard of it, I thought it provided a useful example. My point was that iptables is a piece of software that implements a firewall, but if it runs on a dedicated computer it is indistinguishable from a so-called hardware firewall. I was trying to clear up his confusion with the hardware/software terminology by pointing out that his confusion is justified because the hardware/software distinction is irrelevant. I think if you actually read my post you’ll see that I directly answered his question before going further (hint: see the second sentence). Sheesh…

BTW, my virus scanner just started up and seems to be averaging 50% CPU usage. Obviously totally unacceptable!

I think that I will just turn my computer off so I can be sure that the CPU usage is 0%.