This question is once again making the rounds. We are again seeing claims being made that never seem to get backed up by those that are saying a software firewall can be disabled easily. I’d agree that the threat exist for any form of security to be disabled given the right situation. What I don’t agree with is the fact that in most cases this can be easily done. There is no solid evidence to back this up. Even though this claim has been running around the internet like folklore for years now. Yet we haven’t seen any wide spread reports of users being infected do to their protection being disabled. That fact is solid – no hype – no hysteria – no paranoid delusion or scare tactic – the fact is machines aren’t being exploited do to security software being disabled. If this was occurring as easily as some claim. You would see a massive uproar from security product customers and the security community in general. I’ll provide the text from my replies in several forum threads below. This will hopefully shed further light on why I feel the way I do.
“A software firewall installs on your system using undocumented interfaces, generally slows everything down, is within easy reach of malware that wants to disable it, and protects a single system.” quote from dave
Someone wanted this comment to be shown wrong. I recently in this forum and at other times have covered this. It’s sad that at times we don’t see real honesty in this forum. What we do see are very large biases displayed on a daily basis. Some consider my opinion extremely bias.
I’ve never seen any evidence that a software firewall slows down your system. Many people have made this claim in regards to antivirus as well. I’d say if either product is slowing your machine down there is a problem needing resolved with the software. Especially if your running a fairly modern system.
Time and time again we see the malware will disable your software firewall claim. When in fact reality has shown that we don’t see large instances of this occurring. While this is possible. Software firewall haters forget to point out the same could theoretically be done with a router.
More of my thoughts on that can be found here
Forums » Security » Re Just a quck mention about SW Firewalls
Everyone seems to forget that routers are run by software called firmware. We have seen many cases where this firmware has contained flaws that can be exploited. Meaning a well crafted exploit could allow access to your machine. It also seems to skip peoples minds that for a software firewall to be disabled in most cases a user would have to download then activate a piece of malware of their own free will. Before the malware could do it’s dirty work. You would hope that an updated antivirus would be in play and stop a user from activating this exploit.
Your not going to visit a website and your software firewall will magically shut down. At least at this time there is no way of this occurring that I am aware of.
It could be argued that antivirus and software firewalls have been show at times to affect broadband speeds. Then again a router that isn’t properly configured ( which most aren’t ) can cause a nightmare of problems as well. Such as slower broadband speeds. Lets also keep in mind that a misconfigured router can leave holes open for bad people to gain access to your machine.
This is why most people have always advocated a layered approach. In case one wall of protection fails the other will cover your backside. Also keep in mind that a router doesn’t offer outbound protection and other features to keep your operating system safe from exploit. Although the Nvidia firewall that is chipset based does include some levels of protection that are similar or exact to a software firewall.
It should also be kept in mind that over the years software firewall and antivirus vendors have strengthened their products against exploit. Everyone seems to forget to make the claim that antivirus can be disabled easily for some reason. But they sure make it left and right in regards to software firewalls.
If it was so easy to disable these products. We would be seeing mass reports daily of this. This doesn’t occur. So this would lead me to believe it’s not as easy to pull this off as many braggarts and paranoid souls would like to claim.
“In the absence of rogue code – they both offer the same protection.” quote from qrkx
I wouldn’t agree 100% on that. Do to most routers not offering outbound protection. I do agree that an injection of some sort of malware is needed. Which with both products has the possibility of creating a bad day for the end user.