Do I really need to install a software firewall and if so which one do I need? This was the question I was asking myself after I stumbled across an article showing how well (or not in the case of many) certain virus, spyware and malware protection packages where performing. Of course with a bit of doomsday marketing everyone may presume they do. And if I do need some extra protection which product should I use and would I need to pay for it?
I will try and answer the question to do I (you) need a software firewall first. Then take a look at a specific package - in this case Comodo Firewall.
First off a very quick explanation of what a firewall is and does. Perhaps the best way to describe it is to let you know where the term originally came from. A firewall was a brick wall built between two buildings to stop fire spreading from one to the other. Take this analogy as one house been your home computer and network and the other house the Internet or other outside network. Anything you don't want is blocked by the firewall.
So do you actually need one? Obviously different circumstances exist and I will try and explain these. Firstly let me explain my current configuration and compare that to another example. On my laptop at home I run a well known anti-virus package that I keep updated, a well known spyware/malware protection package and I keep my Windows updates pretty much up to date. As well as this I do regular backups of both my system and my data. On top of this I run this behind a NetGear router that also includes a built in firewall (see my other review). The Windows firewall built into Windows XP is also switched on.
Now lets look at another example - someone who may well be running all of the above but has a broadband "modem" (i.e. has no built in firewall) and travels regularly connecting to WIFI in various locations and cable connections in different offices. In the modem instance they are literally attached to the internet directly and when at other locations may well trust the connection but they cannot be guaranteed to be safe.
In my case I have to say I am not convinced that I would need an extra software firewall. In the second example I think there is certainly a case of installing a 3rd party firewall. You may well ask why not install one anyway - it wont harm so put it on even if you don't think you need it? Well firstly you may well have to pay for the firewall (although in the case of my review you can get this version free). Secondly system performance. Any extra software makes the system more cumbersome and slow - just try a machine without any anti-virus, spyware protection installed to see how fast it can actually go. And finally software firewalls have generally been intrusive - its very much down to often inexperienced users to decide if something is valid to be allowed to connect to or not. Its out of the scope of this review to really help you decide if you do need a software firewall or not - a true security expert would be able to give you plenty of reasons to have one, arguing for instance that a hardware firewall could fail leaving you unprotected, telling you not to rely on the built in Windows XP firewall because it doesn't protect outbound connections etc. What I would say is try this product if in doubt. If you do find it hard to understand, intrusive or whatever you can easily uninstall it. What I would also recommend is trying an online service such as Security Space to see how vulnerable you currently are to help you decide.
After checking a number of other reviews for free firewall software and trying a couple of options I decided to fully test out Comodo Firewall. First of all you may ask if this application is any good why would it be free, there must be a catch? Basically Comodo make security certificates and so are trying to build brand awareness. One of the ways of doing this is putting out good quality free security software such as this firewall and anti-virus software.
The software is just under 80MB to download and comes bundled as part of the Comodo Internet Security package - you can also install the anti-virus module if you wish. As part of this review I didn't as I already have a virus solution I am happy with.
During the install you are asked a few questions. Firstly whether you want -
Firewall only
Firewall with optimum proactive defense
Firewall with maximum proactive defense+
This is quite an important question and one that I don't think is well explained during the installation. What it boils down to however is really how intrusive you want the system to be - i.e. how much do you want to be asked about. The default is Firewall with Optimum Proactive Defense. This can be changed once you have the software up and running.
Next you are asked if you would like to join the "Threatcast community". The default is yes and I will explain this option later. Again you can change this within the application if you decide to later.
You are then asked if you want to use the Comodo secure DNS servers or the your current DNS server (the default). DNS is the mechanism of resolving a host name such as www.yourcompany.com to a computer understandable address on the Internet. Using the Comodo DNS server in theory this has a number of advantages over normal DNS servers that may suffer from poisoning attacks (that is sending you to the wrong address). It also resolves some well known misspelled domain names to the correct location. However unless you are confident of the implications of not using your normal DNS it's probably better to stick with the default. Interestingly I did read on a some forums that the Comodo DNS feature did cause problems for some people.
Finally by default the installation will scan for already present malware. This is a good idea - no point trying to run any sort of security on an already infected computer.
So after installation what happens when you want to install something or make your first connection to the Internet with the likes of Skype, Spotify, instant messaging etc.? Well one of two things can kick in - either the Firewall or Defense+.
The firewall is the actual protection of inbound and outbound network connections. For example should you be able to receive music from Spotify or a make a call on Skype. Defense+ is something different. What Defense+ is protecting against is not the inbound/outbound network connections but what is getting written to your file system (i.e. hard disk), windows registry or memory. For instance when something like Firefox (a well known web browser) gets updated it needs to write to the hard disk to install new files.
As an example I started Skype - a valid application - that I do wanted to access the Internet to make a phone call. The Firewall popped up asking me what I wanted to do with this connection. One useful early indicator is the colour coded warning of yellow, orange or red dependent on potential risk factor. I was prompted with two pieces of information. Firstly potential "Secutiry Considerations" and because I had installed it a "ThreatCast Rating". The "Security Considerations" try and give an as un-technical explanation as they can about the implications of allowing this connection. However I have to say as with all software firewalls this is one of the major problems - it is very hard to explain to a non technical person what is actually going on. In theory then the "ThreatCast Rating" is a really good idea. It basically tells you what other people have decided to do when prompted with this information - in the example of Skype 95% of users thought it was OK. However I do have slight doubts on this too - I think of it as a bit like "Ask the audience" in "Who wants to be a millionaire" - will they always be right? At this point you basically have to choose whether to Allow or Block the request.
The Defense+ follows along the same lines exactly. The "Security Consideration" is slightly different in that it will tell exactly what resource - files on your hard disk, the registry or memory is being accessed. Again you can either Allow or Block the request. You may think what is the point of this anyway if I have virus or spyware protection? What you have to remember is that most anti-virus packages are only as good as the updates they get because somebody has had a new virus, reported it and new protection has been added to the update. With this you can block any suspicious activity.
Needless to say the product can be a lot more complicated than this. Within the application you can see what connections you have open, create special network zones and as I said within the set-up routine decide how intrusive (that is how often you want to be informed) that "something is happening on my system". The system has a good summary section which is pretty easy to understand - telling you how many potential intrusion events have been blocked and what sort of traffic has been running between yourself and the Internet.
I hope you have found this review useful. It's hard to strike a balance between something people would read and getting even more technical. I tried to write the review somewhere in the middle. I have to say I have been pretty impressed with the Comodo Firewall. It scores highly in tests trying to break through software firewalls and does its best to try and explain in plain English what it is defending you against. That said it certainly doesn't lend itself to very non technical users but this is just the nature the complications of software firewalls do bring. And finally as I said initially - not everybody needs or wants this extra protection.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment