Do I really need a firewall?

Solution 1:

Let's think outside the box for a moment.

Sure, you can give in to the culture of fear and install all sorts of software on your computer to create an illusion of security. The IT security industry loves that, that's actually how their protection racket works ... or you can play it really safe by sticking to a simple set of rules:

  1. do not keep personal and/or sensitive data on a computer connected to the Internet. Use encrypted external storage (Pen Drive, SDHC card, USB hard drive, etc.) where applicable.

  2. if you have a home network to protect, use a virtual private network (VPN) connection as an additional layer of security.

  3. use virtualization for ALL your Internet activities, "disposable" virtual machines are free (and so is Sandboxie). Destroy the virtual machine (or sandbox) immediately after each online banking session or financial transaction (redeployment of a VHD backup is only a matter of seconds).

Although this sounds a bit of an inconvenience, you certainly will not have to worry whether (enter the name of your favorite antivirus software, firewall, malware scanner and other popular time and resource wasters here) may have been protecting you sufficently or not. Don't buy into their promises, think and take matters in your own hands.

Solution 2:

Dependent on your firewall, having one may help. If you have a inbound firewall only - it stops things from hitting your ports. If you have outbound firewalling as well, if a program resides on your machine, it can't go out without triggering an alarm. The Microsoft firewall is inbound only. The program you are using is in/out - that's why when the program tries to go out, you get a notification.

I will note that if you have something smart enough get in, one of the first things it will do is disable your firewall and antivirus.

Solution 3:

Does not having a firewall open up any dangerous vulnerabilities that an antivirus cannot cover?

Don't rely on software to keep you secure, because it won't. Today's anti-virus software won't ‘cover’ any likely infection scenario: it is almost completely helpless in the face of an overwhelming quantity of generally-web-exploit-installed malware.

A firewall serves two purposes:

1: Denying access to sensitive ports to incoming traffic. This function is unfortunately necessary because Windows cannot be configured to just close the damn ports (139-145, 445 etc) in the first place.

The built-in Windows Firewall in XP and later is fine for this purpose; you'll also be OK if you're behind a NAT router and there's nothing else untrusted on your LAN.

2: Denying outgoing access to the network to particular applications. This is the ‘egress filtering’ feature that the firewall vendors trumpet as being an essential feature that the Windows Firewall lacks.

However I would strongly dispute its efficacy as a security measure: once malware is installed on the local machine, you've already lost. It can (and indeed many do) disable the rules of popular firewall software to let itself out.

Egress filtering can be a useful way to keep an eye on what otherwise-trusted software is doing on the network, and it can often catch network access from a naïve exploit-downloader that doesn't attempt to circumvent firewall rules. (But at that point, the only safe course of action would be, as always, to re-install the OS.) But essential for security? No, not really.

Solution 4:

If you are not concerned about the damage that a rogue program could do on your computer with an unfettered internet connection, then just set your firewall options to grant all outbound traffic automatically.

What is the harm you ask?

In the event that a rogue program does make it onto your system it will most likely be an organized crime product that arrives behind a worm, a browser exploit, or many other vectors. It can then be used to add your computer to a botnet, serve-up unsavory content, send your keylogged passwords and financial data back to the bad guys, serve as relay for targeted attacks (resulting in your computer getting confiscated as evidence.)

That annoying prompt may give you a chance to see it.

Edit:

Antivirus software will most likely help you avoid the above scenario. But the bad guys keep working. A year and half ago, there was a vulnerability in a certain major security vendor's product (starts with "S") which was exploited with a worm. If a firewall wasn't blocking that port, the host got infected.

Although with a host-based firewall you most likely would have granted your Symantec antivirus all the netwrok access it needed to do its thing, and been vulnerable anyway.

It's up to you. Some people don't lock their doors when they are home. Some people put bars on the windows, etc. Evaluate the risk probability, the cost of the risk if it happens to you, and the cost and effectiveness of prevention. A host firewall isn't that much cost or trouble. In fact slowing down the risky behavior of installing lots of stuff on your machine is a benefit.

Remember how there used to be giant worm outbreaks like code red every few months? What finally put a stop to that is XP SP2 came out with Windows firewall turned on by default. That should tell you something.

Solution 5:

This is a comment on the answer by emgee and its discussion (I don't have enough points to comment):

1) One important point from emgee's answer which I think you missed is about the physical setup of your wired-conneciton at home: If your modem is acting as a router, ie usually in this case your computer is connected to the modem though ethernet rather than USB or internal etc, and you modem is not in bridging mode it will most likely automatically block all incoming traffic which makes you very save. If your modem is not acting as a router and exposing you computer directly to the internet you are much more vulnerable.

2) One major feature of a firewall is to prevent mal-ware getting onto your compuer. If it's already there, as you suspect, or even installed "intentionally" by you, the fire-wall is probably not the most important of your concerns right now. Also in this case the router scenario does not protext you; it only protects your computer from the outside, not the outside from your computer.