logo

Practical Computing Advice and Tutorials

Sun: 26 May 2019


Site Content

Programming
&
Development


Technical Knowhow


Command Line Interface


Security

Do we need a P.C based Firewall?

Your NAT Router should block all unsolicited inbound internet traffic. This may give rise to the question of PC based, or Personal Firewalls and the value of them.

I've heard it said that there's no point in having a P.C based Firewall, because they are trivial to bypass and offer no additional protection. That may have been true in the past, but I'm not so sure in this day and age (this day and age being 2017). Also, as with hiding your Wi-Fi SSID or MAC Address Filtering, sure, it can be circumvented, but why make it easy for an attacker by NOT having to do so? The higher you make the bar, the less likely it is that an attacker will be able to clear that bar.

The only connections that a personal firewall should make you aware of are outbound connections that are trying to connect to a service to which that connection has not already been established. E.g. You've just installed an app, and that app is phoning home to check that you've got the up-to-date version. If, and only if, you trust the app that you've installed, should you grant the permission needed for it to establish a connection. If you're installing Pirated Software, all bets are off! You have know idea about what that software is going to do with your system and the information contained therein.

If you're busy doing something and your Firewall pops up a message that you were not expecting, you may be able to simply ignore it, if your Firewall blocks by default, in which case simply ignore it and come back to it when you've time to consider and investigate what's going on; just like a ringing phone, a text message or a knock at the door, it can be ignored and you're under no obligation to respond one way or the other. There are some VERY RARE corner cases, but in general, if you're not expecting an outbound connection from an app on your system, deny the connection.

Some Firewalls are better (that is they're more paranoid) than others, while some are simply an over-bloated extension of a software package on which a sales person has been paid commission to sell to you, when you purchased your PC. These days, the Virus and Firewall protection that is supplied with a Windows OS should be all that you need.

My gripe with the Firewall that comes with the Win7 OS, is that it doesn't report activity about apps that establish an outbound connection. Also, it's not particularly accessible: I'd prefer to have the option to access it via the system tray, plus I can't simply disabled it, if I need to.

I've tried many different 3rd party Firewalls over the years, but right now, I'm using GlassWire's firewall [https://www.glasswire.com/]. It seems to give a very good balance between being informative, while not being intrusive. It's very easy to see which apps have an established connection and block the ones that don't need a connection, although, it'll let an app connect by default, it does pop-up an alert so that you're aware of the fact. You can then assess the situation and block the app if you feel that the connection is not justified. The features I need are available without having to buy the Firewall, but the paid for version has features that could be of use the those that don't have alternative network tools.

As I've previously said, most systems are compromised by permission of the user, so if you don't grant that permission, you're better protected from the threat.


Update:~ 17 Feb 2018

I've redacted some of the above text because as of today, much of it is no longer true. As the features I commented on have been removed from the free-to-use version, I can't say for sure what is correct and what is no longer correct. You do still get to evaluate the full product for a limited time period, after which, either buy it or remove it as the free-to-use version is useless as a Firewall after the trail period expires.

I'll be posting my recommendation on a replacement as and when, so please callback if you'd like to discover what that will be. In the mean time, if you've any recommendations on the topic, please contact me via my (secure) feedback form.

Thanks.