pcnelson.com

In one of my previous postings I mentioned the importance of having a physical firewall between your computer(s) and the modem provided by your cable or phone provider. In addition to this front-line protection, I also believe that it is important to have a software firewall on your system. I have made this recommendation to several people in the past and they have asked why they need two. The answer is fairly simple, if one is good, then two is even better.

The hardware router or firewall that sits at your modem is good but a software firewall can be more specific and targeted in what it blocks and looks for. Many of them are also updated by the manufacturer with patches that protect against the latest threats. But, the greatest asset to having a software firewall on your personal computer is the outbound protection that it provides. Hardware firewalls only block or protect your network from incoming traffic. By design, they allow all traffic to flow out. This means that if your computer has been taken over by a virus or by malware then any traffic generated by that critter will be allowed out. Software firewalls prevent this and alert the user to any suspicious outgoing traffic. This could prevent your system from becoming a zombie bot on the Internet and sending thousands of spam messages for some teenager in Montana.

The annoying thing about software firewalls is that they do alert you to all kind of things that your computer is doing. The alerts will pop up from time to time making sure that you are meaning for certain traffic to leave your computer. The temptation is to not read them carefully and to always approve them, but by doing this you would be defeating the purpose of having the software in the first place. Always make sure to read them carefully and if you are not sure about allowing the traffic, just say no.

So which software firewall should I use? First, turn on the one that comes with your computer. If you are using Windows XP service pack 2 then there is one built into Windows. If you are on Windows XP and have not upgraded to SP2 then Lord help you (read this post). Windows 2000 and Windows 98 users are out of luck as far as a built in firewall is concerened. To activate the firewall, go to the Control Panel / Security, and make sure that it is turned on. Like hardware firewalls, it only blocks incoming traffic but again, with security, more is better. Apple also has a built in firewall in OS X; turn it on. As for 3rd party firewalls, I used to like Zone Alarm, however recent versions have become quite bloated and heavy. It takes up a lot of system resources and it just a little too much these days. Today, I really like Kerio which was recently acquired by Sunbelt Software. The purchase price is only $19.95 and is worth every penny. Kerio is well written an will suffice for all your firewall needs.

If you look at the last three postings about the Internet you will start to see a pattern; defend yourself! There is a lot of code out on the Internet just waiting to attack your computer - make sure you do all you can to stop it.