Don’t Firewall Yourself Into a Corner

Firewall software can break your system.

Is that a pretty strong statement?

I will explain how and why.

Windows XP and Vista firewalls are entirely capable of putting your computer in complete stealth mode, meaning that even though your computer is connected to the Internet, it is completely invisible. Look for the ShieldsUp test at www.grc.com. You will likely find that you are completely invisible.

Yet, many people go ahead and install 3rd party firewall software, not knowing that the default XP firewall, and especially the lastest Vista firewall, are entirely adequate in protecting them, plus, not knowing in many cases that they also have a broadband or router firewall additionally between them and the Internet. But unknowingly they install a firewall that can cause more trouble compared to any gains.

But what about outbound packets? From my understanding, Vista does a better job at blocking outbound packets. But regardless, the concern with outbound packets would be if you had some type of trojan, virus, or spyware on your computer. It could then send outbound packets to other computers through your Internet connection. And that is NOT a good thing!

But, for that to happen, you have to have a trojan, virus, or spyware application on your system in the first place. And if it got there, it is likely because you let it get there by installing untrusted or unchecked software, or have highly neglected updating your operating system (e.g. using Windows Update).

If you know how to properly use your virus scanner and update your system, you should never really be at risk. So, if you have nothing bad on your system, then why cause many potential headaches by installing a 3rd party firewall program?

Windows connects to the Internet through some standard protocols. This is controlled by your system through DLL’s and other system executables. 3rd party firewalls affect the communication process by putting a filter into this “subsystem” of your computer. And this is done differently by the various vendors out there. And some vendors are responsible and let you control these filters easily, and some do not give you control, or some say they give you control and then do not. You may think it is disabled, but it is not! In this latter case, you now have a “broken” computer!

We have seen cases here at Flight1 where users said they disabled their 3rd party firewall, only to still have problems connecting to the Internet with our e-commerce application (which uses standard Windows API’s for network communications). They then had to uninstall the software to get things working because disabling the firewall did not work. In a few worst cases, some customers had to do a system rollback to get things working.

This is not to say that all firewalls do not work! If a good firewall properly detects the new application trying to connect to the Internet, and then prompts you about it, and gives you the ability to allow the application to connect unhindered, then you are likely using a well thought out and properly designed firewall, and there is no harm.

So the firewall rule is… as long as you get proper firewall prompts that accept the settings that you set, and if it remembers your adding the application to it’s “allow” list, then if you want a firewall, then no problem.

But so often we have to support customers that have trouble because of a firewall. They installed it because they saw that it won many awards at this or that site, and now things are broken.

All firewalls MUST allow you to simply add any program to an allow list, and make it work each time.

It is so frustrating to go through a 15 message length thread in our forum or ticket system, with possible 2 or 3 administrators trying to help, only to find the customer say “I uninstalled my xx_brand firewall, and it worked right away.”

My suggestion is aways to know how to use your computer and related security applications, and use caution on what you decide to install.

I am a strong advocate of NOD32, which is a very good virus scanner, and it is easily configurable. But that is not to say that some others are good also… and I am sure there are some other very good ones.

So get to know your security tool, become friends with it, and the both of you can work as a team to keep you protected. But putting yourself behind a firewall that is poorly designed or not understood could put you more than behind a wall… it could put you into a corner!