Personal firewall

Firewall: conceptual illustration of function

A personal firewall is software installed on an end-user's PC which controls communications to and from the user's PC, permitting or denying communications based on a security policy.

A personal firewall differs from a conventional firewall in that there is no hardware separation between the firewall software on the user's PC and the user's application software. A personal firewall will not usually protect any more than the PC that the software is installed on, unless other PCs are sharing Internet connectivity via the protected PC.

Another distinction from conventional firewall software/devices is that personal firewalls are able to control communications using methods such as prompting the user each time a connection is attempted, and 'learning' from the responses, to determine what Internet traffic a user would like to permit to/from their PC.

This software may also provide some level of intrusion detection, allowing the software to terminate or block connectivity where it suspects an intrusion is being attempted.

Features

A personal firewall can:

• Prevent programs that are useful for non-network purposes, like Windows Media Player, from accessing the network.
• Prevent nuisance accesses.
• Prevent applications providing local network services like X Window from being accessed by other computers.

Problems and weaknesses

• For private users, shutting down all unnecessary network-aware services and installing up-to-date patches is often enough to secure the system against (nearly) all outside threats
• Because they are installed on the system they protect, attacks on the firewall also affect that system and vice versa:
  • Instead of reducing the number of network-aware services, a personal firewall is an additional service that consumes system resources and can also be the target of an attack, as the Worm Witty [1] has already shown.
  • If the system has been compromised by Malware, Spyware or similar software, these programs can also manipulate the firewall, because both are running on the same system. In the past, security experts have found numerous ways to bypass or even completely shut down software firewalls.
• They will often alarm the user about attacks on harmless occasions, for example connection attempts to closed ports, or misinterpret normal network traffic as an attack.

While many people claim that the uses outweigh the negative aspects of personal firewalls, others claim that personal firewalls are snake oil, because they do not offer any real advantages but try to make the user believe that they are effective with constant alerts about "hacker attacks".

See also

• Windows XP Service Pack 2 has a limited integrated personal firewall, called the Windows Firewall. While considered to be better than no firewall at all, the Windows XP firewall offers no outbound connection protection; this lack of protection allows installed spyware and malware packages to create the outbound connections they need to communicate with the authors of such software. Microsoft has addressed this by adding outbound traffic blocking into the firewall for Windows Vista, the next version of Windows which is due to be released in late 2006. It has been suggested that outbound blocking may be added in a future service pack for Windows XP, but Microsoft has not confirmed this as of January, 2006.
• Linux also has a built-in firewall, Netfilter/iptables. It is very powerful and extensible, supporting a system of plugin modules (for example, to enable autonomous handing of application layer protocols such as FTP). Supporting advanced networking concepts such as NAT, Netfilter/iptables is widely used as a very strong and flexible firewall both on individual systems or on perimeter devices for a whole network. It is, however, more focused on network filtering (inbound and outbound, for the computer as a whole) than on per-application filtering (controlling at a finely-grained level what connections applications may make).

External links

Personal firewall vendors

• http://force.coresecurity.com - Core Force - A free firewall released under the Apache 2.0 License. It uses the Windows' port of the OpenBSD Packet Filter.
• http://www.zonelabs.com/ - Zone Labs - ZoneAlarm - free firewall
• http://smb.sygate.com/firewall/free-personal-firewall-ww.htm - Sygate Technologies (Free version available at Sygate link above) - "Not Available"
• http://www.symantec.com/ - Symantec - Norton Personal Firewall
• http://www.kerio.com/ - Kerio -- Kerio Personal Firewall 4.0 Light is freeware
  • This has now been acquired by Sunbelt software, still offered in free or full version
• http://www.mcafee.com/ - McAfee
• http://www.agnitum.com/ - Agnitum -- Outpost Firewall
• http://www.tinysoftware.com/ - Tiny Software
• http://www.iss.net/ - Internet Security Systems
• http://www.deerfield.com/ - Deerfield
• http://www.norman.com/ - Norman (anti virus)
• http://www.data-recovery-reviews.com/sygate-personal-firewall-reviews.htm - Sygate personal firewall reviews
• http://www.personalfirewall.comodo.com/ - Comodo personal firewall (free)

Other

• Samspade - a different view of personal firewalls
• Software Firewalls: Made of Straw? Part 1 and Part 2 - personal firewall design and inherent shortcomings
• Home PC Firewall Guide - links to several personal firewall vendors and independent third party reviews.