Choosing a Firewall

Choosing between an external hardare firewall, or a software firewall on each PC can seem complicated, so we will guide you through the pros and cons giving you the information you need to make the right choice.

Hardware or Software Firewall

By a hardware firewall, we mean a separate appliance running a firewall, such as a DSL/Cable router or Cisco router. A software firewall, refers to software running on the PC. Whilst the definition for a hardware firewall is not strictly true as most are infact just small boxes running a software firewall internally.

There are advantages and disadvantages with both camps, and for the really paranoid, we'd recommend running both a hardware and software firewall. A hardware firewall usually sits between your pc and the internet, and can act as a firewall for more than one PC. It can protect your entire network from the internet. If you are running more than one computer on your network, then a hardware firewall allows you to just have one firewall protecting every machine, rather then needing a firewall installed on each individual computer.

However, the default settings of a hardware firewall do not protect the internet from you. This may seem an odd point as why should the internet need protecting from you. To the hardware firewall there is no difference between you surfing the internet, and a virus on your computer surfing the internet. Both appear the same, and will be allowed. This means that any viruses or spyware on your computer have the same access to the internet as you do.

A software firewall (such as zone alarm ) however because it is running on your pc, can tell the difference between you surfing the internet, and some spyware trying to access the internet. By default a software firewall will prevent any application from accessing the internet that you haven't given explicit permission to. So the first time you try to check your email, the software firewall will ask you if your email application is allowed to access the internet or not. This allows a higher degree of protection from spyware and viruses as controlling what goes out as well as what comes in.

Not all software firewalls offer these features however. Some, such as the default firewall in Windows XP by default just attacks from the internet, and do not control what applications can access the internet.

Whats Best For You

If you connect to the internet though a modem attached to your computer (or inside it), then a software firewall is the probably the best option, as you are just using one computer to access the internet.

If you are connecting more than one computer to the internet via a DSL or Cable connection, or perhaps a leased line/wireless connection then a single hardware firewall will probably serve you best, as it allows access to and from the internet to be controlled from one place, without worrying about installing firewalls on every PC. Also the cost of buying a DSL/Cable modem with a built in firewall is only a little more than the cost for a plain modem.

You still need to ensure that all of your computers are running antivirus software, and if you are worried that one computer may become infected, then running a software firewall on the computers as well is probably a good idea. However you will need to configure the software firewalls more so that you can still access the other computers on the network, but are protected from spyware trying to access the internet.

For more information read our guide to configuring a software firewall.

Related Links
Windows XP Firewall
Sygate Personal Firewall
Kerio Personal Firewall
Zone Alarm Firewall
Firewall Guide

© 2004-2005 All rights reserved.

  Internet Safety
  Reducing Spam
  Removing Spyware
  Tips and Tricks
  History of Windows
Support Diary