Three misconceptions surrounding firewalls

Three misconceptions surrounding firewalls

Firewall

Everyone knows what a firewall is, right? Wrong…

Let’s take a real-life example; does your Mother actually know (or care) what a firewall is? Does your little sister really need a firewall to protect her from the world of online criminals? By clearing up three misconceptions about firewalls, we hope our less-experienced users will understand the place of firewalls in the modern arsenal of online protection options.

Firstly, for our more experienced Emsisoft users, we’ve written previously about the technical definitions and applications of firewalls. After all, firewalls used to be the main way people protected their PCs from nasty programs and spying.

However, things have changed. Nowadays, most online threats behave in a way that makes it impossible for a firewall to protect the majority of everyday Internet users.

3 Misconceptions about firewalls

Misconception 1: Firewall was a good movie(!)

Whilst your Mother may have enjoyed handsome Harrison Ford’s appearance on the 2008 movie Firewall, it’s likely she will admit the film had a rather predictable plot. Sure, Firewall highlighted some of the threats in the online world, but I think you’ll agree that Firewall wasn’t an Oscar-nominating moment for Harrison Ford. Enough said.

Misconception 2: Firewalls protect your computer by detecting malware

Firewalls can provide a false sense of security in the modern online world. Allow us to explain: The main purpose of a software firewall is to eliminate potential entry points attackers could use to get onto your computer. However, what if you put up the firewall when you already have malware active on your PC? You may think you’re protected, but you already have a malware infection and the firewall won’t make it go away.

This is because software firewalls are simply not designed to detect malware that is already active on your PC.

Even with a firewall, malware could be actively communicating your data with a hacker on the other side of the world.

Also, common malware infection methods don’t require using any sort of brute-force methods of breaking into your computer. They infect using methods that a firewall can’t block in the first place, such as convincing the user to run an application that is other than what they think they’re getting.

But, why don’t firewalls detect malware?

firewall malware
While a modern software firewall can stop some outgoing connections from malware, if the malware managed to get into your PC in the first place, it probably also managed to disable your entire firewall to allow the malware to communicate. It’s too late to simply add a firewall. Instead, you’ll need to consider anti-malware software which will actively detect malware hijacking your computer.

For the record, this is not because firewalls are incompetent – it is simply because they are not designed to block malware.

Blocking malware is the task of antivirus software such as Emsisoft Anti-Malware. A firewall instead ‘hides you’ from the outside, by denying communication with other programs through certain ‘channels’ or ports.

Misconception 3: Firewalls are always HIPS (host-based intrusion prevention systems)

Not so long ago, all software firewall products did exactly what users expected them to do: Filter network data. Today, that’s still the classic definition of the term ‘firewall’; however, firewall technology was soon ‘developed to death’ (= no more space for innovation -> all vendors offering a similar level of quality). Therefore, vendors started to add new and often overkill features to their firewall products, such as monitoring of all sorts of operating system changes and detecting thousands of other ‘suspect’ things.

The major problem with these technologies is that for all their monitoring and detection capability they are relatively clumsy. They tend to raise an alert for each and every action that could possibly lead to an attack, but the truth is that about 99.9% of all such alerted actions are not malicious.

As mentioned earlier, such alerts are annoying and even dangerous because they can train users to click ‘Allow’, day in, day out.

Eventually, the users’ well-intended and complacent clicking of ‘allow’ is likely to allow an intruder through the gate.

HIPS are therefore recommended for experts only, who can fully understand the large amount of alerts they produce and take advantage of the extra protection layer this can provide.

HIPS are the forebearers of modern anti-malware software

anti-malware
A lot of credit is due to HIPS: Firewall technology doesn’t make HIPS irrelevant to everyday users. In fact, the technology behind HIPS is what eventually evolved into behavior blocking, an essential component of modern anti-malware. Thanks to what behavior blocking borrows from HIPS, false alarms from antivirus software using the technology are now extremely rare. Behavior blocking isn’t HIPS though, and neither is the term freely interchangeable with ‘firewall’.

For our less experienced users (such as your Mother) nowadays, it’s sufficient to say that most PC users can be protected by high-quality security software which not only protects your computer, but also detects active malware.

What should most everyday computer users do?

In conclusion: if you are a computer user that frequently travels and connects your laptop to different networks such as public WiFi and Cafes, we recommend running Emsisoft Anti-Malware together with the built-in Windows firewall. Emsisoft’s Behavior Blocker technology will monitor the system firewall to protect it from malicious modification attempts, so you can focus on what matters.

Have a nice, well protected day!

  • Maidenhead_John

    I run Norton Internet Security, can I runemisoft internet security as well….? I am perfectly happy with Norton.

    • Flooter

      if you a happy with Norton – stay with it OR remove and try emsisoft.
      DO NOT mix two (or more) antivirus/antimalware solutions – you’ll get nothing but troubles.

      Sometimes exception to this rule could be made in regards to a pure antimalware + pure firewall – since they are intended to perform different tasks. The problem is that now many products have both components integrated so you need to choose carefully.

      • Emsisoft does work alongside many other antivirus/antimalware solutions without issue; however Norton (unnecessarily) uses so many system resources that it makes me wonder if there’ll be enough for anything else.

        I suggest try the Symantec Removal Tool, which should get rid of most if not all the Norton bloatware so that Emsisoft can work unhindered.

        • Enigma

          “Norton (unnecessarily) uses so many system resources “, I think this is not so but if you are talking about long old versions then it’s fine.
          Latest versions of Norton are improved and now they have very good resource usage and less ram consumption.

    • It’s better to say that Norton is better than Emsisoft no?…or so it’s a funny guy here… has, or does not understand the issue of have 2 security sistems …”I am perfectly happy with Norton”
      So keep whit that…and go read a book, sorry something!…im offff

  • Tony Cook

    I used to use Norton but removed it with difficulty when they started loading it with so much rubbish and it used up so much resources on my computer Now using Emisoft the best antivirus ever and the support is second to none

  • John_Sydney

    For what it’s worth, I’ve used several other mainstream antivirus/malware suites & found Malwarebytes very compatible, plus it occasionally pops up other (moderate) threats. Install to run, then delete fully. Means you’ll always run latest version.

  • Ibragim Khalilov

    Emsisoft showed high performance in combination c COMODO Professional Firewall and PCTOOLS TreatFire. For safe and reliable operation in addition you can also use Shadow Defender, or sandbox SanBoxie. The experience of these programs can be recommended sharing of the mentioned products to provide excellent security on the Internet and satisfactory performance.

    • Siniša Sinković

      ThreatFire is abandoned and was a behavior blocker. Emsisoft products use their own BB technology (ex Mamutu) with Anti-Malware Network cloud. My advice is to remove ThreatFire.

  • I’m using Emsisoft Anti-Malware paired with Comodo Firewall (Firewall on Custom, HIPS on Safe) and like the pairing. And in terms of what a firewall should do, Comodo mostly does what it should in this mode, because I want to be asked about connections that have no rule, though even it doesn’t have a way to be set to ask every time if I’m uncertain about something and may want to block once but then see what it’s about and allow, or the other way around (set alerts to very high and if you don’t create a rule it will ask once per reboot for every attempt that’s in some way different, but if a program will attempt the exact same connection more than once, it’ll create an invisible rule from your first answer until you reboot, which defeats the purpose of being able to not create rules), and there is an oddity in how it handles global vs. application rules for inbound vs. outbound connections (global rules usually apply for inbound, for outbound they’re overruled by application rules, so if for some reason you want to block access to a host or the use of a port for outbound connections, you have to set that rule for every single application, a global one won’t do anything).
    The HIPS, on the other hand, is something I use more for system control and monitoring and definitely want to have it there. Can at times cause a few problems, but with it set to create rules for trusted applications and trust applications signed by trusted vendors that’s quite rare. Behavioral analysis that does what it wants without user control and ability to monitor after the fact is what I want to stay away from, and why I ran away from BitDefender eventually, after over 10 years.
    And while I didn’t try Emsisoft’s IS to see how your firewall behaves, remember a post saying that you did away with HIPS and moved just towards what I’m running away from a while back, so didn’t even care to look into it for that reason.

  • WEBERMAN

    I have allready strange useraccounts in my PC and now I try if Ensisoft could remove them permanently. There is another C: in PC and it has backups so when you install Win7 again those all come back in the computer. So far any antivirus programs has not removed those programs.

    There is malwares in X: cmd.exe and I could not delete them out.