No doubt, you've heard the term “firewall” in regard to computing, but do you know what it is? When it comes to security, we should all be educated consumers, so this is an introduction to the basic concepts in protecting yourself with firewalls.

Although the name may invoke a physical thing, a firewall is just a computer program. Simply put, it controls all information/data traveling into and out of a computer via a network.

Firewalls are not involved in data coming or going to the hard drive, a CD or DVD, or a directly attached USB flash drive. The domain of a firewall is the Ethernet network.


When data wants to get into your computer from elsewhere on the network, a firewall program on your computer decides whether it gets in or not. When a program on your computer wants to send data out over the network, a good firewall program will also determine whether to allow it or not.

I say “good” firewall, because not all firewall programs provide control over outbound data – some only watch the incoming lane for traffic. Keeping with the traffic analogy (data traveling over a network is often referred to as “traffic”), a firewall program is, in effect, a traffic cop.

As a rule of thumb, all computers should be running a firewall program all the time. This includes machines running Windows, any Mac OS, Linux and other operating systems too.

One exception to this is the rare computer whose only connection to the outside world is a power cord. An off-line existence is appropriate for certain high value machines, a topic I wrote about back in April (see Some computers should not be connected to the Internet).

Another exception are computers without broadband. If you get onto the Internet via dial-up, you only need a firewall program while the computer is connected to the Internet. In the interest of convenience though, it doesn't hurt dial-up users to have a firewall program constantly running.

There are two types of firewalls and the terminology used to differentiate them is poor. Firewall programs that run on a personal computer (regardless of the host OS) are referred to as software firewalls. Those that run in a box outside your computer are referred to as hardware firewalls.

This, despite the fact that all firewalls are software.

Home users and small businesses encounter “hardware firewalls” in their routers. Large organizations may run a dedicated firewall device. Another term for a firewall program running on your computer is a personal firewall (I prefer this term and will use it from now on).

Typically the firewall in a router only offers inbound protection. Outbound protection is a feature of some personal firewalls, but not all.

While inbound protection is preventative, outbound protection serves more as a warning about existing malware. It's one thing for a computer to be infected with spyware or other malicious software. But it's another thing entirely to have the malicious software make an outbound connection and send data gleaned from your computer to bad guys somewhere out on the Internet.

A firewall with outbound protection will, hopefully, warn you when a new program (one it hasn't seen before) tries to make an outbound connection to another computer. This way, if you don't recognize the program and you didn't initiate the connection, you can have the firewall block it. When in doubt, don't let it out.

Awareness of the need for firewalls can be seen in the history of Windows. Windows 98, Me and 2000 did not include a firewall. Windows XP does but it provides inbound protection only. For the first three years of its existence, the built-in XP firewall was disabled by default. With the release of Service Pack 2 in 2004, the XP firewall was enabled by default.

Windows Vista introduced outbound protection to the built-in firewall, but it was, in large part, a sham.

Writing in Computerworld, this is what Preston Gralla had to say about this:

“ ... as shipped, the Windows Firewall offers little outbound protection, and it's not clear how outbound protection can be configured to protect against spyware, Trojans and bots ... by default, most outbound filtering in the Windows Vista firewall is turned off. In addition, there may be no practical way to use outbound filtering to stop all unwanted outbound connections.”

Regardless of the personal firewall included in your favorite Operating System, you can install another one if you prefer.

The Internet Runs Both Ways

When your computer is connected to the Internet, you can go anywhere. The same infrastructure, however, that allows you to contact other computers on the Internet, also permits them to contact you. The Internet is a two-way street.

There is rarely a reason for another computer on the Internet to contact you first. Normally, you initiate the contact with other computers. However, if you can contact others, they can contact you.

Bad guys exploit the open, two-way communication on the Internet to probe your computer for vulnerabilities (typically bugs in the Operating System) and/or mis-configurations that allow them to install software, crash your computer, and access your files. Or, in the worst case, take hidden control of your computer.

If your computer suddenly runs much slower than it used to, one possibility is that a bad guy is using it, in the background, to do his bidding. There are many ways for a computer to get infected with malicious software, a firewall is a necessary part of your defensive stance.

How do the bad guys find you? After all, they don’t know you and the Internet is really big. Typically they use software that scans the Internet looking for a response to an opening handshake (hailing frequencies if you will).

Once they get a nibble, so to speak, then they are likely to probe the newly discovered computer in more depth. These scanning programs run 24x7.

The prime mission of a firewall is to deny all unsolicited incoming attempts at communication. As a parent warns a child not to talk to strangers, so too should your computer be configured not to respond to unsolicited attempts at communication.. At least by default, at least initially (there may be some necessary exceptions).

Note the word “unsolicited.” If you go to a web site and request a page, when that web page comes back to you, that was solicited. Firewalls do not interfere with incoming data that was specifically requested (solicited).

A firewall should not inhibit you from going anywhere on the Internet. That said, mis-configurations happen, so when you can't connect to something somewhere, the firewall is always a top suspect.

Next Page: How many times per hour is your PC attacked?