A software firewall is only as reliable as your computer's operating system. For Windows users, this is bad news.
Al Fasoldt's reviews and commentaries, continuously available online since 1983

T e c h n o f i l e
For real protection, use the hardware firewall built into a router

March 4, 2007

By Al Fasoldt
Copyright © 2007, Al Fasoldt
Copyright © 2007, The Post-Standard

   A reader wrote to tell me I was wrong about the dangers of Windows. As if to prove his point, he told me his Windows XP computer wouldn't get any viruses because he used a good software firewall.
   This is a dangerous misconception. Firewalls, which try to block the bad guys from getting into your computer over the Internet, are very important, but they're not much help against computer viruses. That's because the most common route viruses use to get into your computer -- by piggybacking onto e-mail -- isn't blocked by firewalls. There are other ways to block viruses, but firewalls aren't among them.
   As the name indicates, a firewall is a way of walling off a conflagration. Cars have firewalls between the engine and the passenger compartment, but the term goes back before the invention of the automobile, to the earliest steam locomotives. A thick wall of iron protected the train's engineers from the flames and heat of the firebox, where coal was burned to heat water into steam for the engine.
   The "thick wall of iron" in modern personal computers is a software program that monitors network traffic -- and therefore Internet traffic -- and looks for suspicious behavior. These software firewalls work a lot like border agents, looking for signs of illegal entry.
   Software firewalls seem like good ideas, but they have a big weakness: Just as border agents are only human and might misjudge things now and then, software firewalls are imperfect, too. No software program is 100 percent reliable.
   Making matters worse is the plight of any program running under Windows. Despite Microsoft's best efforts, Windows is not yet as safe, reliable and stable as it should be. Computers running Linux and Unix, including Apple's Mac computers, which are Unix PCs, have a much better record.
   This means software firewalls on Windows PCs are only as reliable as Windows is. Think of it this way: If you hired a guard to watch over your house while you are away, you'd expect your house to be safe. But suppose you found out the guard's own supervisor was a softie who excused him from duty on rainy days?
   This is the situation Windows users find themselves in -- or should find themselves in, once they think about how important security is. Your firewall -- the guard at your door -- should be working all the time. You should be able to trust it without a second thought.
   That's why I recommend a different kind of firewall. The kind I prefer is built into most inexpensive network routers. Because it's part of a device that attaches to your computer, it's called a hardware firewall. (Hardware is something you can touch; software is code.)
   Hardware firewalls are active all the time. They're at work whether your computer is running or not. They're oblivious to problems your computer might have.
   Network routers are typically used in homes, offices and businesses that have broadband Internet connections (cable, DSL or FIOS, for example). Wired routers let you connect four or more computers to the Internet using one incoming connection. Wireless routers do the same thing using wi-fi signals.
   Routers don't cost much -- $50 or less in most cases -- and are easy to install. Windows users have to follow a few steps and install special software, a procedure that takes only a few minutes. Mac users simply plug in the router and turn everything back on.
   If you add a router or if you already use one in a multi-computer setup, make sure none of the computers in your home, office or business bypasses the router. The Internet connection cable should go from the modem directly to the router. All computers then connect to the router. This makes sure the router's firewall stands guard over all the comings and goings of your Internet connections.