Today, users no longer question whether they should have a personal firewall on their PCs, but rather which one they should use. The choice is enormous but it can be simplified by classifying the products into two categories: firewall software to be installed separately (either for a fee or free-of-charge) and firewalls which are already part of the operating system.
The advantage of the firewalls that are supplied along with the majority of the major operating systems is ease-of-use: they are already present, and are activated by default under Windows XP Service Pack 2 (with previous versions of Windows, including XP SP1, and under Mac OS X or Linux, however, firewalls have to be activated manually). Once activated, the firewall blocks all exterior connections with the PC (the Internet or local network) that you have not authorized beforehand. This is the most user-friendly solution for Internet users as this method is so simple that you just activate the firewall and then forget about it….and it is fairly effective. It protects the computer against attempted attacks (for example, if you host a vulnerable web server or FTP) and, most importantly, against worms. Indeed, in order for a worm to infect your computer, it has to be able to set up a connection to a specific port on your PC, and the firewall is specifically designed to prevent anyone from freely establishing this connection. Of course, an integrated firewall is sufficiently flexible to be configured to accept incoming connections for certain specific services (e.g. a personal web server). But, this is mostly reserved for more experienced users.
However, this type of firewall does have a serious drawback: it has no control over outgoing traffic. This means that it cannot block a program that attempts to connect with the Internet. This is, in fact, absolutely essential today as it prevents certain advertising or infected software on your machine from connecting with its author’s server in an attempt to pass along information about your computer. It also stops Trojan Horses installed on your PC from connecting with their management console and therefore from opening your computer’s port.
This is the feature that really makes a difference when comparing integrated firewalls and software products that are installed separately. The latter inform you when a program attempts to connect with the Internet. You can then either authorize it to do so, or block its path. The firewall will memorise your choice and will not need to ask you again. In practice, after having installed such a firewall, you will quickly discover a whole range of unknown software attempting to connect to your computer! These are either legitimate programs, which are checking to see whether updates are available on an editor’s site, or unsolicited advertising software. Whatever the case, the firewall software reveals the secret life of your computer! The downside to this functionality is that, at least in the beginning, the software is constantly asking you all sorts of questions to which you may not necessarily know the answers ("such-and-such a program is attempting to connect to …….. should I allow this?", or "such-and-such a program has changed, is this normal?"). However, over time, and after having made a few mistakes, everything generally irons itself out.
Firewall software is offered either free-of-charge or for sale. In both cases, the software satisfactorily controls the outgoing traffic and is perfectly effective. However, free products usually have less advanced functionalities than commercial products, such as intrusion detection (identification of known attack attempts so as to block them) or, as with the Norton Personal Firewall, the protection of personal data where additional filtering enables certain information (such as your name, credit card number and so on) to be blocked, by preventing it from leaving your computer without your authorisation. Finally, commercial firewalls are usually integrated into security software suites and are easier to configure and administer. They offer advanced functionalities such as attack detection by denial of service.
Lastly, a third group is currently on offer along with the two others: physical firewalls that are usually integrated into ADSL router-modems, for example. In the majority of cases, these are used as operating system firewalls (they do not control outgoing traffic for each application) but they do protect incoming flows for the whole home area network: all the computers connected to the router are protected by a firewall able to block incoming traffic. This is a good first line of defence, provided you do not forget to install firewall software on each workstation!
FTP (File Transfer Protocol): this defines the way in which data should be transferred to a TCP/IP network. Generally, an FTP file server enables very large files, which traditional message systems would have difficulty in handling, to be downloaded.
