It's not a secret that I have a strong dislike towards personal firewalls. It's not because I don't know how to use them and hate them because they don't behave like I expect. On the contrary, I don't like them because they work exactly how I expect them to work.

So, what's wrong with personal firewalls? There are 3 major reasons: Too complex to use, they are part of the problem and they are pointless anyway.

Window clutter is one of the biggest reason why personal firewalls should never be installed for any beginner. The amount of alerts, which are mostly false, that are displayed to the user is huge. If even one alert is too much for a novice, what will the novice think when the computer shows 10-20 alerts. Most of the alerts are completely pointless and use terms that are hard to understand. The dialogs usually have multiple options which have the power to scare away even the more experienced users. I understand why the makers of personal firewalls made the choice of including the excess alerts. If the user paid money for the product and it never told the user that "Hey, I'm doing some real work here and caught this bad guy!" the user would thing that the product was poor and would feel bad about the product.

Many personal firewall products bring in a new step for the regular upgrades. Like any other product out there, personal firewalls suffer from security flaws too. So users of personal firewalls are brought to believe that they are more secure if they install the product, while they are actually exposed to one more product that needs the be kept up to date. A product that listens to all incoming traffic, a product that is always in the open. And if you think about the general user who never upgrades unless given a strong reason to, the product will not be upgraded. To be fair, many personal firewalls already come with auto-update tools. The problem with these tools is that they need user interaction or worse, need to be initiated by the user. This is another decision made by the people behind these products. Since most personal firewalls are aimed towards the bit more experienced users, those people want to be in control. The problem is that personal firewalls end up more often on the novice desktop.

In the end, personal firewalls are a smoke screen. Personal firewalls are doing a job that someone else should be doing in the first place. I never run personal firewalls on my computer. Instead I go through the trouble of removing applications that listen to the network, that are not needed anyway. There are a lot of those. Disabling services that are not in use is a good idea in any case. Only additional value that personal firewall brings is that it is able to block applications that listen to the network even and you can't manually stop them from doing that. Usually there aren't too many of those.

Just to be clear, I don't have any problems with firewalls in general. Even if they are embedded inside an OS, there are good uses for a firewall in every computer. I have a network firewall and it's configured to be strict, but still not worried even if I'm outside of my own network.

Personal firewalls are here to fix a problem that is going away already. Most modern operating systems are already closing excess ports. Various Linux distributions are already heading this way. Microsoft is heading that way, with Vista they made a huge leap forwards on this front.

Comments on this page are closed.