Use a personal firewall? You probably don't need it.

[antreas]

Outbound firewalls, or firewalls that only throw up alarms when a program on your machine tries to call out to the internet, are largely useless, according to our friends at How-To Geek. They don't offer real protection, ignore inbound threats, and give you a false sense of security. Here's why.


The assertion is a bit controversial, especially for those of us who like knowing when something on our computers is connecting to the internet. However, Chris Hoffman over at How-To Geek explains that outbound firewalls give their users a false sense of security, and security companies eager to get you to spend money on their products prey on your fear that you need someone watching all the time, alerting you whenever a program checks for a software update:

Outbound firewalls aren’t an effective defense against malware. You should focus on using an effective antivirus program, keeping your software up-to-date, and making sure you don’t have Java installed. That will keep your PC much more secure than using an antivirus program that won’t help much after the fact. If your computer is compromised, it’s compromised.

Many geeks say that they like using an outbound firewall to block apps that aren’t malware but aren’t too trustworthy from “phoning home.” You’d only know if such an app was phoning home if you were running an outbound firewall, after all.

Ultimately, you shouldn’t be running an application you don’t trust on your computer. If you’re using an application but you don’t trust it enough to let it access the Internet, you’re likely making a mistake — you’ve already trusted the application quite a bit by giving it full access to your system. In this day and age, almost every program will be connecting to the Internet for some reason, whether it’s to sync your personal data with an online service or just check for updates online.

He notes that for an outbound firewall to sound the alarm, the offending software must already be installed and well rooted on your machine. If it is malware, you've already lost and the app has full access to your system and data. Additionally, your firewall is probably late to the game: The app has likely opened its own holes in your firewall software or bypassed your security tools by piggybacking on existing apps or using ports that no firewall would ever block (port 80, for example, which is standard http traffic) to communicate.


Chris goes on to note that if you want an outbound firewall to alert you to outgoing connections or you just like customizing how each individual app on your system calls out to the internet, by all means install one. As long as you're aware that it's really more of an informative novelty than any real protection, it won't really hurt. However, your real security focus should be on keeping threats from getting onto your system in the first place, something I think most people can agree on.

 

[Svoll]

That is quite an old article, dated back Sept. 2013.

Nowadays, Besides security, most use the firewall for privacy, blocking telemetry, sandboxing if you use comodo.

 

[509322]

However, your real security focus should be on keeping threats from getting onto your system in the first place, something I think most people can agree on.

Default Deny

 

[Paul123]

Whilst I dont use a personal firewall I still use old Peerblock, and assume this is doing what they describe. The main reason I use it though is privacy, rather than malware protection. I just like to think I am reducing the amount of information my computer is giving out. I dont really see it as offering much protection against malware, though I would say it seems quite good at blocking a lot of redirects or popups, even though its lists are seriously out of date.

I dont think anything can offer you total privacy or protection, but I think someone once describing having Peerblock summed it up quite well. He said if you are being chased by an angry bear, you dont need to be able to outrun the bear, you just need to be able to run faster than the person behind you being chased by the same bear.

 

[tim one]

Outbound firewalls aren’t an effective defense against malware

Sure, but a firewall by its nature is not an AV, no objection.
His power is to alert the user if a strange or abnormal process are exchanging data on the internet and let me say, this is absolutely important.
How can we know if a malware is stealing our data if it is not detected by our AV?
Required the integration of user/security apps, otherwise, no automatic protection will defends you.

 

[Ana_Filiz]

I disagree with that article, as some firewall properly configured ask our permission before letting any kind of internet connection to be established. I remember that my Dr. Web firewall asked me everytime a single process wanted to establish an outbound connection or any kind of internet connection so it depends on the firewall first and then on the tweaking/configuration of that firewall.

 

[Zero Knowledge]

Somewhat agree with the article. Advanced malware will be near impossible to block through a firewall.

These days you really need IDS/IPS/URL REPUTATION/FILTERING and a good log management solution.

 

[przemo_one]

I stopped using 3rd party firewall since XP (no SP). You just had to tick box called "Pretect my connection from on-line threads" to enable the build in firewall.

 

[jamescv7]

All 3rd party firewall modules nowadays are packed with IDS and detection algorithm to provide accurate and sense of information.

But yes you need to watch the programs installed on the system cause that is the first main analysis.

 

[cruelsister]

Oh God, KMN! Seldom does one find an article that is as misguided as this one. Not even taking in to consideration nonsensical banalities such as "Ultimately, you shouldn’t be running an application you don’t trust on your computer" (which is as useful as telling people the best way to prevent drowning is never to go near water), the author is exhibiting his total lack of understanding malware by the comments in the article.

Not only are Outbound firewalls of value when used with other security applications, but they can give very good protection for the user by themselves. Let's consider a computer totally devoid of ANY security application but a dedicated firewall only app like Tinywall or Windows Firewall Control against 3 types of malware:

1). Ransomware- Some ransomware MUST contact the C&C server BEFORE any encryption can take place. So run the ransomware, get an Outbound alert, Block it, and nothing will happen because the badboy cannot connect.

2). Keyloggers- These can log all they want as far as I am concerned; what I want to avoid at all costs is that data to be transmitted to the BlackHats who will in turn exploit it. So, run the keylogger, it logs whatever info, it tries to send this data out. We now get an Outbound alert and stop the transmission. No damage.

3). RATs- Some RATs will operate by injecting directly into a legitimate Windows process like svchost, using this to connect out instead of some other executable that can be grossly apparent. Firewalls like TinyWall and WFC will not only block the hollowed process from connecting out, but they do it silently WITHOUT any user input. And a RAT without an active Outbound connection is just pointless.

Although I'm sure that you can come up with much more examples, I think that these are enough to prove:

1). Not everything you read on the Internet is true, and
2). The author needs a bit of education (I actually deleted what I wanted to say because I am a Kind and Gentle person).

 

[_CyberGhosT_]

2). (I actually deleted what I wanted to say because I am a Kind and Gentle person).