Basic software firewall introduction for home users


Unless you have a very old computer, it probably has a "firewall" built into it. That may be the Windows firewall provided with XP and on up or the "Sharing" control on a Mac, or a firewall included with your antivirus software.

What is it for? It's to help keep bad things out of your computer and also (with some firewalls) to keep your computer from doing bad things to someone else.

But wait, you say: I thought that was what virus software does? Well, yes, but it's a little different. Virus software examines things you bring into your computer (web pages, email) and tries to make sure they are safe. It's like a parent checking the bag of Halloween candy their child brought home. A firewall is a lock on the door: it stops things you don't want coming in at all.

Take a very simple case: your printer. You want to be able to print to it, of course, but you don't want me to be able to use it from here, right? I could waste a lot of your paper and ink, couldn't I? A firewall is part of what protects you from that - and of course much worse. If, for example, you just "hook up" to the Internet without any protection at all, your computer could possibly be "owned" within hours - sometimes minutes. That is, someone could have hacked into it, taken control, and would probably use it as part of a vast network of such hijacked computers that are used for sending spam emails and other criminal purposes. That's not a joke, not an exaggeration: it's real. You won't even know that your computer is doing this, though it may run more slowly and "act up" more.

So a firewall is a good thing. But - particularly with the third party firewalls like those that come with Norton AntiVirus, McAfee and others, a firewall can also be the source of computer problems, glitches, and mysterious behavior. When I am working at customers sites, I often find that misbehaving firewalls are the source of the problem I was called to fix.

If something is odd, if your computer is suddenly acting strangely, the first thing you might try is turning off the firewall if you have one. How you do that varies, but third party firewalls often show up in your System Tray or at the top of your Mac screen; if you right click on them, a menu usually comes up that will let you temporarily or permanently disable them.

Windows Firewall can be disabled in Control Panel. Often shutting off these firewalls fixes your problem instantly.

Windows firewall

Can you leave the software firewall off?

Well, that's a hard question to answer. Let's say that you turned on your computer this morning and found you could not send email. Following my suggestion, you disabled the firewall and you CAN send email! Wonderful - it's fixed!

Well, no, not quite. Something is wrong because your firewall should let you send mail. You should fix that or get someone else to do it. If it's going to be someone else, turn the firewall back on and tell that person the whole story: mail works with the firewall shut off, but doesn't when it is on. They'll fix the firewall and you'll be fine again. They'll appreciate you saving them some time, too.

But shouldn't you be worried while it is shut off? Again, a hard question, but it's usually fine, because most of you also have a hardware firewall: that router that your computer plugs in to. That device is a firewall itself; you really absolutely, positively need a software firewall at home if you have a hardware firewall.

Not sure what you have? Here's how to tell: do Start->Run and then type "cmd" (on older systems type "command"). That opens up a "DOS box", or "command window" as we old geeks call it. In that box, type "ipconfig". You'll get back something like this:

Windows IP Configuration

Ethernet Adapter Local Area Connection:
       Connection-specific DNS Suffix:
       IP Address....................:

(and more, but it's the IP Address we want)

On a Mac, you could open Terminal and type "ifconfig" or just look at the Network panel in Prefrences.

Mac network configuration

If that number ( here) doesn't begin with 192, 172 or 10, you don't have a hardware firewall, and you need to shut your computer off, get up, and run to the store to buy one. I'm not kidding: it's that important.

I've really glossed over this subject - hardware firewalls are a very important part of Internet security - so important that the one I use costs over $900.00. But I have special needs; all you need for typical home use costs $50.00 or so. It's a small price to pay for what you get. Installation is simple and they come with full instructions.

Now, back to whether it's ok to leave the software firewall off. It can be helping protect you, so if someone else put it on your machine, I'd say leave it. That said, I only have the hardware firewall protecting my machines. Admittedly, that is probably a much more sophisticated piece of equipment than what you got from Verizon or Comcast or whomever.

If the software firewall isn't interfering with your use of your computer, I'd say keep it. If it IS giving you grief, ditch it or replace it.

I do want to explain one likely difference. Most low end hardware firewalls (like what you probably got from your ISP) only protect you from INCOMING threats. Most do NOT stop your computer from doing OUTGOING things it should not be doing. The software firewalls usually do protect that also. That's possibly a good reason not to leave it disabled for very long. If your computer became infected by a virus, those outbound controls might (I said *might*) help stop it from sending out information or attacking other computers.

The more geeky readers might enjoy The value of firewalls, whicch goes into this a bit more deeply.

Got something to add? Send me email.

(OLDER) <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Basic software firewall introduction

Increase ad revenue 50-250% with Ezoic

More Articles by

Find me on Google+

© Tony Lawrence

Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Everyone knows that debugging is twice as hard as writing a program in the first place. So if you're as clever as you can be when you write it, how will you ever debug it? (Brian Kernighan)

This post tagged: