You Don’t Need a Firewall
We started debating this issue a long time ago — and we told our readers then not to waste money or 3rd-party firewalls or buying security software that had a firewall.
We became more and more suspicious as companies who make anti-virus suites started making outrageous claims as to what the firewall contained in their particular suite could protect you from – things like:
Identity Theft
Hackers
Man-in-the-middle attacks
Phishing
We knew then, and we told you then, that these claims were unfounded and ridiculous. A firewall does not protect you from any of these things and some firewalls actually negatively affect your computer and browser performance.
Once upon a time… a long time ago, firewalls had their place. Back in the day when buffer overflow attacks were common firewalls could protect some computers from some of these attacks – but they never could, even back then, protect all computers from all of these kinds of attacks.
Firewalls today a vestigial – that is they are a very small and unnecessary part of basic computer protection. Firewalls today are leftovers from an era long past, but they still remain a powerful marketing tool used by the likes of Norton, Avast, McAfee, AVG, Trend Micro and others to confuse and ensnare customers who don’t know any better.
Do you want proof firewalls don’t work? Do you think any of the recent hacks of major Web sites – one of the most recent being Sony Pictures – would have happened or could have happened if firewalls prevented anything? Do you think that the major companies that had significant data stolen couldn’t afford the world’s best and strongest software and hardware firewalls. Of course they could – they could afford firewalls of any price and you can bet that all these sites that were attacked were operating behind strong professional-grade firewalls. So do you really think the firewalls contained in Avast or AVG or Norton or McAfee security suites are going to as good as or better than the firewalls that Sony Pictures, for example, was operating behind?
All software and hardware firewalls today are remnants of firewalls made during a time when attacks were overflow type attacks. Very few, if any, of the attacks we face today are those types of attacks.
And being a home user, far from the madding crowd of big corporate web sites, your chances of being targeted by a hacker or group of hackers are less then one in a billion. If hackers are going to spend time hacking into something – it is going to be something worth hacking into. Hackers are not stupid – they’re going to spend the time and take the risks where the rewards are great, not were the rewards are likely to be small. So if some money-hungry security suite manufacturer tells you that it can prevent you from losing your identity, from being hacked, from man-in-the-middle attacks or from phishing – they’re not be honest with you.
Security expert and InfoWorld columnist Roger A. Grimes agrees…
“Once, firewalls were useful for certain types of attacks. Now they’re more trouble than they’re worth — and create a false sense of security into the bargain.”
We couldn’t have said it better. A false sense of security is much more dangerous than a user who is wary and alert. Most attacks today come from something users have downloaded. And after it gets on the system, malware can wreak havoc with their privacy and their computer. And most of the time people are tricked into download the very programs and toolbars that violate their privacy and potentially cause great monetary or personal information losses.
Firewalls, at one time, worked some of the time against certain kinds of attacks – but even back in their day they didn’t work on all kinds of attacks. Hackers, if determined, have proven beyond a doubt that they’re able to get around firewalls very easily.
Firewalls protect you from very little and as Roger Grimes says — they’re most often more trouble than they’re worth.
Are we telling you that you should even turn off your Windows firewall? It wouldn’t hurt much if you did. But since Windows firewall is one of the least intrusive and one of the least troublesome firewalls, and since it’s turned on by default in Windows, we’d just leave it on. Just don’t expect it or any firewall to protect you from much.
If you doubt anything we are saying here just ask yourself – if firewalls protected computers why have there been so many data breeches and security hacks happening to companies with mulit-million-dollar IT budgets, the best and the brightest computer techs, and the resources to secure the best firewall software and hardware available.
We think it’s time to put the firewall ruse to rest.
I would agree with this article. PING responses are worse with or without a firewall. I only use Windows firewall but I do run anti-virus suites. I guess it gives people a sense or false sense of security.
Never think a bout third party firewalls . and wonder about the one Microsoft provides. It seems to me there should be a simple approach that would stop these miscreants from coming inside . Should we start looking at a simple approach, now would be a good time for the techies to come up with something that really works .
Please don’t tell people that a firewall is useless, it is one of the main monitors, internet traffic controlling, warning systems that is ESSENTIAL for some OS ‘s and Virus products to function properly. What if someone’s virus protection runs out? At least they will have SOME FORM of a monitoring system. Also, it is a systems first base line of defence from intruders hacking your system in a public place. Without a firewall, even a novice can steal someones PICTURES and Media just buy using their media player.(Which AV doesn’t monitor) How are you going to even control sharing without a firewall? You can’t even control telling your computer what kind of network you’re on! IE: Public, Home, Biz…….
Hi Jeff. It’s easy to see why so many people think firewalls protect them from many things, including the things you mention. There is so much misinformation on the Internet, some of it propagated by security companies themselves who claim (falsely) that a firewall can protect you from hackers and keep your identity safe. Neither of those are true. Companies selling firewalls and those who make commissions from selling make wild claims as to what firewalls do and what they protect you from to scare you into buying.
As far as a firewall being necessary for some operating systems to function properly – this is not true.
As far as being a first line of defense from “hackers” that is very much not true. The first line of defense against someone stealing your data is YOU; the second line of defense is using strong difficult to crack passwords. Then using a good antivirus and antimalware would be number 3. Firewalls don’t even make the list.
As far as novice stealing pictures? I will turn my firewall off and let you try to get pictures off my computer. I don’t there is a novice out there who could steal anything from my computer or yours. Most of the time when pictures or files are stolen its because people have been tricked into installing a malicious file that allows someone in another location to control that computer – I highly doubt that those would be novices. And a firewall wouldn’t protect you from that either. Some government computers, corporate computers, online retailers computer have had a lot of data stolen from them and it’s hard to believe that none of them had firewalls. They all had firewalls and far better ones than we could afford. If firewalls protected your computer from this sort of thing, then you then there would be no such thing as data breaches.
As far as controlling “file sharing” with a firewall…anyone who uses fire sharing to transfer files to and from unknown sources is engaging in risky behavior to begin with – and a firewall is going to do about as much good at preventing you from receiving a malicious file from a file sharing site as that cup of coffee sitting next to your computer.
Think of it this way: If firewalls protected computers from all the things you think they do, then there would be no data breaches – and yet there are many of them. Target, Sony Pictures and many others have had data stolen and you can bet all of those companies were using far better software and hardware firewalls than any of us could ever afford.
As far as controlling the network you’re on – a firewall isn’t going to change the network type. Almost every router sold comes with a built-in hard firewall – and if that was all you needed to protect your network then you wouldn’t need WPA2 password protected AES security – and you do need to password protect your network. No one access my network without my password (128 bit encryption) whether I was using a firewall or not.
There is a ton of misinformation on the Internet. We’re sure that firewall developers and security suite manufacturers would love it if everyone believed the false claims they make – it’s good for sales.
Our advice remains. You don’t need a 3rd-party firewall, or a security suite with firewall . Just use the Windows firewall – it runs by default. Use a good antivirus/antimalware like Emsisoft. Protect your network with at least WPA2 encryption. And remember that the first line of defense when it comes to protecting your data is YOU.