Three misconceptions surrounding firewalls
Everyone knows what a firewall is, right? Wrong…
Let’s take a real-life example; does your Mother actually know (or care) what a firewall is? Does your little sister really need a firewall to protect her from the world of online criminals? By clearing up three misconceptions about firewalls, we hope our less-experienced users will understand the place of firewalls in the modern arsenal of online protection options.
Firstly, for our more experienced Emsisoft users, we’ve written previously about the technical definitions and applications of firewalls. After all, firewalls used to be the main way people protected their PCs from nasty programs and spying.
However, things have changed. Nowadays, most online threats behave in a way that makes it impossible for a firewall to protect the majority of everyday Internet users.
3 Misconceptions about firewalls
Misconception 1: Firewall was a good movie(!)
Whilst your Mother may have enjoyed handsome Harrison Ford’s appearance on the 2008 movie Firewall, it’s likely she will admit the film had a rather predictable plot. Sure, Firewall highlighted some of the threats in the online world, but I think you’ll agree that Firewall wasn’t an Oscar-nominating moment for Harrison Ford. Enough said.
Misconception 2: Firewalls protect your computer by detecting malware
Firewalls can provide a false sense of security in the modern online world. Allow us to explain: The main purpose of a software firewall is to eliminate potential entry points attackers could use to get onto your computer. However, what if you put up the firewall when you already have malware active on your PC? You may think you’re protected, but you already have a malware infection and the firewall won’t make it go away.
This is because software firewalls are simply not designed to detect malware that is already active on your PC.
Even with a firewall, malware could be actively communicating your data with a hacker on the other side of the world.
Also, common malware infection methods don’t require using any sort of brute-force methods of breaking into your computer. They infect using methods that a firewall can’t block in the first place, such as convincing the user to run an application that is other than what they think they’re getting.
But, why don’t firewalls detect malware?
While a modern software firewall can stop some outgoing connections from malware, if the malware managed to get into your PC in the first place, it probably also managed to disable your entire firewall to allow the malware to communicate. It’s too late to simply add a firewall. Instead, you’ll need to consider anti-malware software which will actively detect malware hijacking your computer.
For the record, this is not because firewalls are incompetent – it is simply because they are not designed to block malware.
Blocking malware is the task of antivirus software such as Emsisoft Anti-Malware. A firewall instead ‘hides you’ from the outside, by denying communication with other programs through certain ‘channels’ or ports.
Misconception 3: Firewalls are always HIPS (host-based intrusion prevention systems)
Not so long ago, all software firewall products did exactly what users expected them to do: Filter network data. Today, that’s still the classic definition of the term ‘firewall’; however, firewall technology was soon ‘developed to death’ (= no more space for innovation -> all vendors offering a similar level of quality). Therefore, vendors started to add new and often overkill features to their firewall products, such as monitoring of all sorts of operating system changes and detecting thousands of other ‘suspect’ things.
The major problem with these technologies is that for all their monitoring and detection capability they are relatively clumsy. They tend to raise an alert for each and every action that could possibly lead to an attack, but the truth is that about 99.9% of all such alerted actions are not malicious.
As mentioned earlier, such alerts are annoying and even dangerous because they can train users to click ‘Allow’, day in, day out.
Eventually, the users’ well-intended and complacent clicking of ‘allow’ is likely to allow an intruder through the gate.
HIPS are therefore recommended for experts only, who can fully understand the large amount of alerts they produce and take advantage of the extra protection layer this can provide.
HIPS are the forebearers of modern anti-malware software
A lot of credit is due to HIPS: Firewall technology doesn’t make HIPS irrelevant to everyday users. In fact, the technology behind HIPS is what eventually evolved into behavior blocking, an essential component of modern anti-malware. Thanks to what behavior blocking borrows from HIPS, false alarms from antivirus software using the technology are now extremely rare. Behavior blocking isn’t HIPS though, and neither is the term freely interchangeable with ‘firewall’.
For our less experienced users (such as your Mother) nowadays, it’s sufficient to say that most PC users can be protected by high-quality security software which not only protects your computer, but also detects active malware.
What should most everyday computer users do?
In conclusion: if you are a computer user that frequently travels and connects your laptop to different networks such as public WiFi and Cafes, we recommend running Emsisoft Anti-Malware together with the built-in Windows firewall. Emsisoft’s Behavior Blocker technology will monitor the system firewall to protect it from malicious modification attempts, so you can focus on what matters.
Have a nice, well protected day!5 reasons many seniors are afraid of the internet (and what you can do to help)