Once again this question has become a hot topic. It all started because a certain technology celebrity is once again telling users that they only need a router to stay protected on the internet. I’ve always disagreed with this for several reasons that I have written about in the past. It’s not as if Leo Laporte doesn’t advocate software firewall use. He actually does promote the usage of this type of product on Call For Help. This is something he did when the show was on TechTV as well. Yet when viewers hear him state a router is all you need. They get inquisitive and seem to forget his previous advice. Many times this advice is given to people who already own routers and are asking if they need further protection. For some odd reason Leo seems to always forget about outbound protection and OS lockdown when answering this commonly asked question.
Leo Laporte isn’t alone in this regard. And in the past many technology celebrities have flip flopped on the issue. The ones I’m aware of are all previous TechTV host. Chris Pirillo was known for making this statement in the past. That a router is all you need – when he hosted Call For Help. Kevin Rose and Patrick Norton come to mind in this regard as well. I can’t count how many times I’ve wanted to reach into my TV screen and make a few solid points against going router only.
It’s not that a router won’t keep you safe. In fact this device does a very good job of protecting against incoming attack. I didn’t buy my Linksys WRT54G for this reason. But it does serve this purpose and I do use it. That doesn’t mean I’ve thrown my software firewall away.
Now many would ask me well why haven’t you? Because I believe in having outbound protection. I think it is good to have a layer of protection ( to a point ). Meaning if the router fails to do it’s job do to a firmware flaw or for some other reason. I will have the software firewall as a fail safe to keep me protected. Firmware flaws for router products have been out in the wild. So this is something that is a true threat. It’s just as important to know what is leaving your machine as it is to know what is trying to come in. If your antivirus or other trojan protection fails to detect this malware. Your software firewall will almost certainly alert you to outgoing activity from this infection trying to communicate out while trying to phone home or infect others. At least one software firewall vendor has updated their software to further protect the core of your operating system from attack or hijack. Knowing when programs are trying to contact out to the internet is a valuable piece of information. This can alert you to spyware or to when legitimate software may be trying to contact update servers etc. Many firewall products now also include email, Spam and instant messaging protections along with other features. Although some would call these added features bloat instead of worthwhile additions to the firewall product. In many cases the new features do in fact provide the benefit of better security.
Some would say that the added system resource usage is a reason to stay away from using a software firewall. Although I personally feel my choice has low overhead in this regard. Others would state there have been issues in regards to software firewalls slowing down broadband connections. This in fact has been an ongoing issue with ZoneAlarm from time to time. Although routers have been known to cause connection issues as well.
Many people out there would ask. If the bad stuff is blocked from getting into my machine why do I need outbound protection? One reason is because users still allow stuff to infect them through programs they allow. Such as peer to peer usage ( P2P ). Email is still a very big source for malware infections. And some software that may seem legitimate can turn out to be a spyware hornets nest. A firewall can help to protect and alert you to these things. Yes some other software can help in this regard. But not always in the same way as a software firewall would.
There is also the argument that software can be disabled easier than hardware. With recent news in regards to firmware flaws in regards to routers. I’m not sure this statement holds much weight. Firmware exploits are nothing new. And most software firewall products have been hardened against attacks that would try and disable the product. With any product there will always be a risk that the protection can be circumvented if the right person is doing the attacking. At this time I don’t feel either the software or hardware option is more likely to be taken down. I feel the risk is about equal.