A Second Look at Software Firewalls

Friday Aug 26th 2005 by Ronald Pacchiano

A few weeks ago, we explained why having software firewalls might not make sense when you have multiple PCs sharing resources on your network. Some readers objected. While we understand the concern, we're sticking with our advice; here's why.

Firewalls revisited    It would appear a few people were a bit unhappy with the advice I offered a reader in a recent column entitled "Two Firewalls Too Much of a Good Thing." Here's a quick overview:

A reader was having a problem trying to share files between multiple computers on a home network. Each PC on his network was running a software firewall. When the firewall was turned on, the PCs couldn't share files with each other. With the firewall disabled, everything worked fine.

Since the firewall was obviously the cause of the problem, one of the solutions I suggested was:"Get rid of the ZoneAlarm firewall on each PC and just rely on your router's hardware based firewall to protect you (which is fine, by the way)."

Apparently, a number of readers didn't share my opinion on this. Here is an example of one of the comments I received:

"I read your article recommending the disabling of ZoneAlarm's Firewall and think that is terrible message to send for users of any firewall software. One of ZA's strengths is alerting users to outgoing requests made by software and processes. Your article wrongly supposes the only malicious traffic can be initiated from outside your LAN. Since most home users aren't networking and firewall savvy, suggesting that a home user 'just disable' firewall software is irresponsible."

After rereading my response, I realized that this reader did, in fact, have a valid point, and I can understand how my suggestion might have been misunderstood. Let me explain why I answered this question the way I did.

You see, my answer to the question shouldn't have been construed to mean that software firewalls are generally unnecessary, but only that in some situations they may be not be the best solution. An example of such a situation is when you have multiple PCs sharing resources on a LAN.

When trying to share files and printers among multiple computers on a LAN, having a software firewall on any or all of those machines will almost certainly interfere with that sharing, because resource sharing uses ports and processes that firewalls will identify as suspicious and subsequently block. While it's possible to modify the software firewalls to allow this sharing, the process can be complex and doing so will result in bypassing much of the protection that a software firewall is intended to provide in the first place.

In short, when a network has one or more PCs that require access to the Internet and not to each other, software firewalls are an excellent supplement to a hardware firewall. When file or printer sharing is necessary, however, putting a software firewall on every machine may not make sense due to the expense of multiple copies of the software, the complexity of configuring rules and the limited protection they will inevitably provide in such an environment.

I hope this helps to clarify my position, and I just want to thank everyone who took the time to contact me about it.

My wife and I share a home office and, as a result, we have Ethernet cables running across the room. She's constantly tripping over them, and complaining about how they're always in the way. I was considering installing a wireless network, but a friend suggested that wireless networking was good only for laptop computers and not desktop PCs. Is this true?

In all honesty, that's nonsense. It's true that laptop computer users spend the majority of their time moving among multiple locations, and they are unquestionably the group that will benefit the most from a wireless network. However, there are numerous situations in which a desktop PC would also benefit from a wireless network. Your own office situation is a perfect example.

My girlfriend, for example, uses a wireless USB adapter to connect her Media-Center PC to her home LAN. With her router located in the office, there was no way she was going to run an Ethernet cable through the middle of her living room. Going wireless was the most efficient solution.

In fact, her situation is not unique. Many homes, and even some offices, have unsuitable building layouts or walls that, for one reason or another, cannot be easily wired. In these circumstances, a wireless networking is a cost-effective alternative.

In addition, a wireless network is great for getting auditoriums or conference rooms online quickly — particularly if the location that needs to be online is going to be used only temporarily. Why waste the time or expense running cable when a wireless network would work just as well.

Bottom line: Don't ever ask that particular friend for technical advice again. Good luck.

Adapted from PracticallyNetworked.com, part of the EarthWeb.com Network.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved