Do I really need a firewall?

I've been using the Nod32 security suite for some time now, and out of all the others that I've tried, it's great (low memory footprint, fast, fairly cheap). However, I've been installing a lot of software lately, and the thing that's been annoying me is having to allow each program access to the internet. Yes, I know it's a one-time thing, but I would rather not even have to do it in the first place. (It's also a pain when I have to reformat/reinstall.) Thus, I am considering removing the firewall entirely, and just sticking to the antivirus.¹

So my question is: Is not having a firewall unsafe, even with an antivirus? Obviously I'll never be 100% safe (not even an antivirus can completely protect me, and I realize that), but I don't do stupid things, I back up my data, etc. Does not having a firewall open up any dangerous vulnerabilities that an antivirus cannot cover? If I somehow get some malware on my hard drive, will not having a firewall keep me from being able to remove it? Or will it, for the most part, not make a difference? And if I do need a firewall, is the one that comes with Windows sufficient?

Note that I'm not really interested in those 0.1% corner cases, I'm talking about the general majority of malware, and what implications not having a firewall may pose for me. Oh, and I'm using Windows, obviously. :)

^{1. I am definitely going to keep the antivirus just in case, mostly as a last resort. Please don't tell me that I don't need one.}

Sasha Chedygov

Posted 2009-10-30T02:26:10.897

Reputation: 6 616

Answers

Let's think outside the box for a moment.

Sure, you can give in to the culture of fear and install all sorts of software on your computer to create an illusion of security. The IT security industry loves that, that's actually how their protection racket works ... or you can play it really safe by sticking to a simple set of rules:

do not keep personal and/or sensitive data on a computer connected to the Internet. Use encrypted external storage (Pen Drive, SDHC card, USB hard drive, etc.) where applicable.
if you have a home network to protect, use a virtual private network (VPN) connection as an additional layer of security.
use virtualization for ALL your Internet activities, "disposable" virtual machines are free (and so is Sandboxie). Destroy the virtual machine (or sandbox) immediately after each online banking session or financial transaction (redeployment of a VHD backup is only a matter of seconds).

Although this sounds a bit of an inconvenience, you certainly will not have to worry whether (enter the name of your favorite antivirus software, firewall, malware scanner and other popular time and resource wasters here) may have been protecting you sufficently or not. Don't buy into their promises, think and take matters in your own hands.

Molly7244

Posted 2009-10-30T02:26:10.897

Reputation:

"Let's think outside the box for a moment." And also type out of the box and send all kinds of telemetry out of the box and right into MS data harvesting servers, especially out of a windows 10 box. – sunny moon – 2019-09-06T14:01:32.100

Yes, I'm actually considering just saying "screw it" to all of this and using virtual machines for testing. Thanks. :) – Sasha Chedygov – 2009-10-31T03:20:43.437

you're quite welcome :) there's nothing wrong with virtual machines, unless you need the full potential of your graphics power. – None – 2009-10-31T12:04:48.793

Actually, now that you mention it, I used to use virtual machines for testing out software, but there were a couple programs that required graphics hardware acceleration that would not run in the VM, so starting at that point I slowly stopped using the virtual machine. I guess it's time to fire it back up. :) I would use Sandboxie (great program), but I'm running a 64-bit Windows, unfortunately. :( I accepted this answer because it's the most realistic, thanks again. – Sasha Chedygov – 2009-10-31T21:12:51.820

Dependent on your firewall, having one may help. If you have a inbound firewall only - it stops things from hitting your ports. If you have outbound firewalling as well, if a program resides on your machine, it can't go out without triggering an alarm. The Microsoft firewall is inbound only. The program you are using is in/out - that's why when the program tries to go out, you get a notification.

I will note that if you have something smart enough get in, one of the first things it will do is disable your firewall and antivirus.

Blackbeagle

Posted 2009-10-30T02:26:10.897

Reputation: 6 424

Ah, I see. So if I stuck with an inbound-only firewall (Windows Firewall), I'd be fine? I trust all the software on my computer so that's not an issue. – Sasha Chedygov – 2009-10-30T03:09:10.387

As long as you are SURE that all the software on your machine is fine, then a inbound only firewall will stop outside attackers from hitting you and be quiet when your programs are trying to go out. On your comment to emgee - you noted that you may be installing questionable software. – Blackbeagle – 2009-10-30T03:32:38.130

Yes, some of it is questionable, but the chance of it actually being malware is very low. I just want to be able to still have that layer of security just in case it does turn out to be malware, and I wasn't sure if a firewall gave me something an antivirus didn't for this situation. From the other comments, it doesn't seem like it, except for things like botnets (which my antivirus should theoretically catch). – Sasha Chedygov – 2009-10-30T05:42:31.673

+1 This is how we roll, up-to-date AV makes sure the PC is clean on the inside, and bounce any unknown incoming requests from the outside. You sacrifice marginal security for ease of use; as long as you use sensibility, you'll be fine. – invert – 2009-10-30T09:04:08.287

Does not having a firewall open up any dangerous vulnerabilities that an antivirus cannot cover?

Don't rely on software to keep you secure, because it won't. Today's anti-virus software won't ‘cover’ any likely infection scenario: it is almost completely helpless in the face of an overwhelming quantity of generally-web-exploit-installed malware.

A firewall serves two purposes:

1: Denying access to sensitive ports to incoming traffic. This function is unfortunately necessary because Windows cannot be configured to just close the damn ports (139-145, 445 etc) in the first place.

The built-in Windows Firewall in XP and later is fine for this purpose; you'll also be OK if you're behind a NAT router and there's nothing else untrusted on your LAN.

2: Denying outgoing access to the network to particular applications. This is the ‘egress filtering’ feature that the firewall vendors trumpet as being an essential feature that the Windows Firewall lacks.

However I would strongly dispute its efficacy as a security measure: once malware is installed on the local machine, you've already lost. It can (and indeed many do) disable the rules of popular firewall software to let itself out.

Egress filtering can be a useful way to keep an eye on what otherwise-trusted software is doing on the network, and it can often catch network access from a naïve exploit-downloader that doesn't attempt to circumvent firewall rules. (But at that point, the only safe course of action would be, as always, to re-install the OS.) But essential for security? No, not really.

bobince

Posted 2009-10-30T02:26:10.897

Reputation: 8 816

I'm not relying on software to keep me secure, I'm using it as a last resort. – Sasha Chedygov – 2009-10-31T06:58:31.437

If you are not concerned about the damage that a rogue program could do on your computer with an unfettered internet connection, then just set your firewall options to grant all outbound traffic automatically.

What is the harm you ask?

In the event that a rogue program does make it onto your system it will most likely be an organized crime product that arrives behind a worm, a browser exploit, or many other vectors. It can then be used to add your computer to a botnet, serve-up unsavory content, send your keylogged passwords and financial data back to the bad guys, serve as relay for targeted attacks (resulting in your computer getting confiscated as evidence.)

That annoying prompt may give you a chance to see it.

Edit:

Antivirus software will most likely help you avoid the above scenario. But the bad guys keep working. A year and half ago, there was a vulnerability in a certain major security vendor's product (starts with "S") which was exploited with a worm. If a firewall wasn't blocking that port, the host got infected.

Although with a host-based firewall you most likely would have granted your Symantec antivirus all the netwrok access it needed to do its thing, and been vulnerable anyway.

It's up to you. Some people don't lock their doors when they are home. Some people put bars on the windows, etc. Evaluate the risk probability, the cost of the risk if it happens to you, and the cost and effectiveness of prevention. A host firewall isn't that much cost or trouble. In fact slowing down the risky behavior of installing lots of stuff on your machine is a benefit.

Remember how there used to be giant worm outbreaks like code red every few months? What finally put a stop to that is XP SP2 came out with Windows firewall turned on by default. That should tell you something.

DanO

Posted 2009-10-30T02:26:10.897

Reputation: 2 494

"Infact slowing down the risky behavior of installing lots of stuff on you machine, is a benefit." Installing software on my machine is not risky in any way. 95% of the software I install, I completely trust, and would be willing to put on a whitelist if I had to. I just want to protect myself from that other 5%, and I don't see how a firewall can give me any more security than an antivirus already provides. – Sasha Chedygov – 2009-10-30T05:44:39.873

It's another layer of protection and it is easy. Antivirus companies try to keep up with the bad guys, but they are attempting the impossible task of cataloging all the evil in the world. They are always at least one step behind. It just takes one new exploit that your machine encounters before they do, or before you get their updates. You may still get infected, but the firwall mitigates the damage, and may help alert you. It also mitigates the chance of infection.

Are you at least behind a NAT router? did you miss the part above about the Antivirus itself being exploited. – DanO – 2009-10-30T06:58:51.707

Still, if you forced a choice between not applying windows updates for a month, or turning off the firewall for a month, I'd turn off the firewall. There are more important security practices than a firewall, but a firewall is so easy and low-impact. If it prompts you more than you care for, just change the settings. – DanO – 2009-10-30T07:02:30.873

Particularly on Windows, apply all security updates ASAP. Whatever your opinion of Microsoft Windows security is, the updates will close off attack vectors. A lot of malware thrives only on Windows machines that don't have recent updates. – David Thornley – 2009-10-30T14:27:57.457

This is a comment on the answer by emgee and its discussion (I don't have enough points to comment):

1) One important point from emgee's answer which I think you missed is about the physical setup of your wired-conneciton at home: If your modem is acting as a router, ie usually in this case your computer is connected to the modem though ethernet rather than USB or internal etc, and you modem is not in bridging mode it will most likely automatically block all incoming traffic which makes you very save. If your modem is not acting as a router and exposing you computer directly to the internet you are much more vulnerable.

2) One major feature of a firewall is to prevent mal-ware getting onto your compuer. If it's already there, as you suspect, or even installed "intentionally" by you, the fire-wall is probably not the most important of your concerns right now. Also in this case the router scenario does not protext you; it only protects your computer from the outside, not the outside from your computer.

user12889

Posted 2009-10-30T02:26:10.897

Reputation: 1 743

Thanks for the comments. Yes, I am protected by a hardware firewall, but I wasn't sure if a software firewall would give me any additional protection, thanks for clarifying. – Sasha Chedygov – 2009-10-30T05:35:25.587

It's much easier for incoming malware to deal with a software firewall than a hardware one. I try to keep perimeter security at home with the DSL router set to bounce most incoming connections and the wireless configured with WPA and a good password. There's other security on the machines proper, of course, since I don't believe in the gooey caramel center under the hard chocolate shell school of security. – David Thornley – 2009-10-30T14:25:38.803

musicfreak - am I right in thinking that a hardware firewall is just a software firewall running on a dedicated box?

Surely this is just as true for a ADSL/Cable modem/router as it is for a PC running a firewall system like Smoothwall or some such – Rob Cowell – 2009-10-30T15:00:40.103

Yes, many physical firewalls are actually based on off-the-shelf hardware with a slimed down version of Linux. However due to the fact they only run the minimum set of porgrams necessary to do the firewall and routing (which is usually quite hardened) they expose much less attack points. Normal machines run much more services and programs which accept network traffic and are potentially vulnerable. So the saftey comes from not doing anything else but fire-wall & routing. – user12889 – 2009-10-31T01:53:20.540

Though tagged for Windows, a few words on the built-in application firewall in Mac OS X:

This type of firewall allows you to control connections on a per-application basis, rather than a per-port basis.
It only controls incoming connections. All outbound connections are allowed.
All applications [..] that have been digitally signed by a Certificate Authority trusted by the system (for the purpose of code signing) are allowed to receive incoming connections. (source)

I wonder how this really makes things any more secure. In other words: the type of firewall might matter a lot.

Arjan

Posted 2009-10-30T02:26:10.897

Reputation: 29 084