Software firewall behind a router.

[Ponch]

I'm reinstalling my machine and that (good and) free firewall doesn't allow me to export/import any config. (Tall Emu Online Armor). Now, I'm behind an adsl-modem router which I wasn't before. It has "standard settings" firewall built in and the ISP crippled the config. Is there any need then to reinstall a software firewall or will it just consume resources ? Thanks for some (not too hign level) inputs. Note: I'm not the paranoïd type.

[herbalist]

A software firewall can be quite useful. You'll get differing opinions as to whether or not it's necessary. The modem/router is actually a software firewall. They're generally called hardware firewalls because they're installed in a separate piece of hardware which has its own operating system, usually Linux based. In order to keep this simple, I'll limit the comparison to the filtering/controlling of internet traffic and leave built-in HIPS and other "features" out of the comparison.

Each has their own strengths. I'll attempt to list some of them, then you can decide. A firewall installed on Windows is application aware. It can control traffic to/from individual applications and system components. Hardware firewalls control traffic on a system-wide level. Software firewalls can give you detailed control over outbound traffic. In addition to specifying which apps will have internet access, a software firewall can control what protocol those apps can use, what IP addresses they can connect to, and what ports they can use. A hardware firewall can also restrict outbound traffic, but it will apply those restrictions to everything on the system equally. A software firewall can alert you if something new tries to gain internet access. It can also alert you if an application that's allowed internet access changes. A hardware firewall won't.

Firewalls in routers and modems are not as vulnerable to attack by malicious code. It's not that the software firewalls installed in Windows are weak. It's the operating system they're running on that's vulnerable because it's also running all the users software. At times, a software firewall can conflict with something else that's running on the system. When that happens, it's usually another security app that it's conflicting with. The modem/routers firewall doesn't have to deal with a constantly changing environment and isn't subject to vulnerabilities introduced by the users software. There's very little attack surface on a router/modem and most of that is the firewall itself. On a typical PC, the potential attack surface is huge and almost always has unpatched vulnerabilities in something that's running on it.

Depending on your OS, there's a wide range of firewalls. Some of the combined firewall suites are heavy enough that they noticeably affect performance, even on the most powerful PCs. Others are so light there's virtually no impact, even on old systems. A few years ago, a firewall was an application that controlled internet traffic. Today, a firewall is usually a security suite containing an internet firewall bundled with several other components. Which is better depends on your needs. The trend is towards combined suites. I prefer separate, freestanding applications.

Hardware and software firewalls are not entirely comparable. The roles each is designed to fill are different. Hardware firewalls are at their best when they function as gateways to a network, even if that network is one PC. Blocking undesired inbound traffic is their strength. A software firewall is at its best when it's controlling traffic for individual applications. Some users consider that control unnecessary. Others insist on it. Myself, I consider a software firewall necessary for enforcing a default-deny security policy. It blocks all traffic except for what I specifically allow. Software firewalls also provide a means of controlling traffic between PCs on a network. A software firewall can prevent a PC from being compromised by an infected PC on the same network.

When it's all said and done, how necessary a software firewall is when using a router/modem will depend on how important it is to you to be aware of and be able to control the traffic that is entering/leaving your PC.

Rick

[Ponch]

Thanks for your answer. It was complete enough so apparently no one has anything to add . I'll reinstall that thing.

[Phenomic]

I like the idea of an application filter, you’d be surprised how many apps call home without your knowledge or approval. Windows Firewall has never notified me of apps making outbound connections!

The best one I’ve used is NVIDIA’s Active Armor firewall, it plays no favorites, it will even stop Windows’ own services if their behavior changes. But it’s harware-based and only works with NVIDIA chipsets -- Does anybody know of a good standalone firewall with app filter?

[herbalist]

Most software firewalls will control traffic for individual applications and executables. Most also check the MD5 of the file requesting internet access and will alert you if it's changed. Depending on what version of Windows you're running and what your requirements are, there's a large selection of firewalls to choose from, ranging from simple packet filters to multifunction security suites. Most of the modern firewalls are security suites. I've always liked Kerio 2.1.5, a simple rule based firewall which has been around for many years and is no longer supported. Most people prefer something a bit newer with more comprehensive coverage, aka a security suite. If you could tell us which version of Windows this is for and whether you prefer a simple firewall or security suite, we can narrow down the choices for you.

Rick

[Phenomic]

Most software firewalls will control traffic for individual applications and executables. Most also check the MD5 of the file requesting internet access and will alert you if it's changed. Depending on what version of Windows you're running and what your requirements are, there's a large selection of firewalls to choose from, ranging from simple packet filters to multifunction security suites. Most of the modern firewalls are security suites. I've always liked Kerio 2.1.5, a simple rule based firewall which has been around for many years and is no longer supported. Most people prefer something a bit newer with more comprehensive coverage, aka a security suite. If you could tell us which version of Windows this is for and whether you prefer a simple firewall or security suite, we can narrow down the choices for you.

Rick

Thanks. I have all versions of Windows, but mostly I use Windows 2000 and Linux..

//