Three misconceptions surrounding firewalls

Everyone knows what a firewall is, right? Wrong…

Let’s take a real-life example; does your Mother actually know (or care) what a firewall is? Does your little sister really need a firewall to protect her from the world of online criminals? By clearing up three misconceptions about firewalls, we hope our less-experienced users will understand the place of firewalls in the modern arsenal of online protection options.

Firstly, for our more experienced Emsisoft users, we’ve written previously about the technical definitions and applications of firewalls. After all, firewalls used to be the main way people protected their PCs from nasty programs and spying.

However, things have changed. Nowadays, most online threats behave in a way that makes it impossible for a firewall to protect the majority of everyday Internet users.

3 Misconceptions about firewalls

Misconception 1: Firewall was a good movie(!)

Whilst your Mother may have enjoyed handsome Harrison Ford’s appearance on the 2008 movie Firewall, it’s likely she will admit the film had a rather predictable plot. Sure, Firewall highlighted some of the threats in the online world, but I think you’ll agree that Firewall wasn’t an Oscar-nominating moment for Harrison Ford. Enough said.

Misconception 2: Firewalls protect your computer by detecting malware

Firewalls can provide a false sense of security in the modern online world. Allow us to explain: The main purpose of a software firewall is to eliminate potential entry points attackers could use to get onto your computer. However, what if you put up the firewall when you already have malware active on your PC? You may think you’re protected, but you already have a malware infection and the firewall won’t make it go away.

This is because software firewalls are simply not designed to detect malware that is already active on your PC.

Even with a firewall, malware could be actively communicating your data with a hacker on the other side of the world.

Also, common malware infection methods don’t require using any sort of brute-force methods of breaking into your computer. They infect using methods that a firewall can’t block in the first place, such as convincing the user to run an application that is other than what they think they’re getting.

But, why don’t firewalls detect malware?

firewall malware
While a modern software firewall can stop some outgoing connections from malware, if the malware managed to get into your PC in the first place, it probably also managed to disable your entire firewall to allow the malware to communicate. It’s too late to simply add a firewall. Instead, you’ll need to consider anti-malware software which will actively detect malware hijacking your computer.

For the record, this is not because firewalls are incompetent – it is simply because they are not designed to block malware.

Blocking malware is the task of anti-malware software such as Emsisoft Anti-Malware. A firewall instead ‘hides you’ from the outside, by denying communication with other programs through certain ‘channels’ or ports.

Misconception 3: Firewalls are always HIPS (host-based intrusion prevention systems)

Not so long ago, all software firewall products did exactly what users expected them to do: Filter network data. Today, that’s still the classic definition of the term ‘firewall’; however, firewall technology was soon ‘developed to death’ (= no more space for innovation -> all vendors offering a similar level of quality). Therefore, vendors started to add new and often overkill features to their firewall products, such as monitoring of all sorts of operating system changes and detecting thousands of other ‘suspect’ things.

The major problem with these technologies is that for all their monitoring and detection capability they are relatively clumsy. They tend to raise an alert for each and every action that could possibly lead to an attack, but the truth is that about 99.9% of all such alerted actions are not malicious.

As mentioned earlier, such alerts are annoying and even dangerous because they can train users to click ‘Allow’, day in, day out.

Eventually, the users’ well-intended and complacent clicking of ‘allow’ is likely to allow an intruder through the gate.

HIPS are therefore recommended for experts only, who can fully understand the large amount of alerts they produce and take advantage of the extra protection layer this can provide.

HIPS are the forebearers of modern anti-malware software

anti-malware
A lot of credit is due to HIPS: Firewall technology doesn’t make HIPS irrelevant to everyday users. In fact, the technology behind HIPS is what eventually evolved into behavior blocking, an essential component of modern anti-malware. Thanks to what behavior blocking borrows from HIPS, false alarms from antivirus software using the technology are now extremely rare. Behavior blocking isn’t HIPS though, and neither is the term freely interchangeable with ‘firewall’.

For our less experienced users (such as your Mother) nowadays, it’s sufficient to say that most PC users can be protected by high-quality Internet security software which not only protects your computer, but also detects active malware.

What should most everyday computer users do?

In conclusion; if you are a computer user that frequently travels and connects your laptop to different networks such as public WiFi and Cafes, we recommend running Emsisoft Internet Security (which has a built-in software firewall). If you mostly run your computer on the same Internet connection, you can simply run Emsisoft Anti-Malware (Windows 7 and above has a built-in software firewall).

With either Emsisoft product, you will be protected, and you can be sure both versions will detect any malware active on your computer: Firewall or no firewall.

A reminder to our existing customers: Should you wish to upgrade from Emsisoft Anti-Malware to Emsisoft Internet Security at any stage, you can do this at any time via the ‘renewal’ button. On the other hand, should you ever wish to ‘downgrade’ from Emsisoft Internet Security to Emsisoft Anti-Malware, our customer service team would be happy to assist you.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

In the meantime, have a nice, well protected day!

Senan Conrad

Senan Conrad

Senan specializes in giving readers insight into the constantly and rapidly changing world of cybersecurity. When he’s not tapping away at his keyboard, he enjoys drinking a good coffee or tinkering in his workshop.

What to read next