Troubleshooting Q&A - August 18, 2005
A Second Look at Software Firewalls
A few weeks ago, we explained why having software firewalls may not make sense when you have multiple PCs sharing resources on your network. Some readers objected. While we understand the concern, here's why we're sticking with our advice.
By Ron Pacchiano
Firewalls revisited It would appear a few people were a bit unhappy with the advice I offered a reader in last month's column entitled "Two Firewalls Too Much of a Good Thing." Here's a quick overview:
Last month a reader was having a problem trying to share files between multiple computers on a home network. Each PC on his network was running a software firewall. When the firewall was enabled, the PCs couldn't share files with each other. With the firewall disabled, everything worked fine.
Since the firewall was obvisously the cause of the problem, one of the solutions I had suggested was and I quote, "Get rid of the ZoneAlarm firewall on each PC and just rely on your router's hardware based firewall to protect you (which is fine, by the way)."
Apparently, a number of readers didn't share my opinion on this. Here is an example of one of the comments I received:
"I read your article recommending the disabling of ZoneAlarm's Firewall and think that is terrible message to send for users of any firewall software. One of ZA's strengths is alerting users to outgoing requests made by software and processes. Your article wrongly supposes the only malicious traffic can be initiated from outside your LAN. Since most home users aren't networking and firewall savvy, suggesting that a home user 'just disable' firewall software is irresponsible."
After rereading my response, I realized that this reader did, in fact, have a valid point and I can understand how my suggestion might have been misunderstood. Let me explain why I answered this question the way I did.
You see, my answer to the question shouldn't have been construed to mean that software firewalls are generally unnecessary, but only that in some situations they may be not be the best solution. An example of such a situation is when you have multiple PCs sharing resources on a LAN.
When trying to share files and printers among multiple computers on a LAN, having a software firewall on any or all of those machines will almost certainly interfere with that sharing, because resource sharing uses ports and processes that firewalls will identify as suspicious and block. While it's possible to modify the software firewalls to allow this sharing, the process can be complex and doing so will result in bypassing much of the protection that a software firewall is intended to provide in the first place.
In short, when a network has one or more PCs that require access to the Internet and not to each other, software firewalls are an excellent supplement to a hardware firewall. When file or printer sharing is necessary, however, putting a software firewall on every machine may not make sense due to the expense of multiple copies of the software, the complexity of configuring rules and the limited protection they will inevitably provide in such an environment.
I hope this helps to clarify my position and I just want to thank everyone who took the time to contact me about it.
Q. My wife and I share a home office and, as a result, we have Ethernet cables running across the room. She's constantly tripping over them and complaining about how they're always in the way. So I was considering installing a wireless network. I was discussing this with a friend and he suggested that wireless networking was good only for laptop computers and not desktop PCs. Is this true?
A. In all honesty, that's nonsense. While it's true that laptop computer users spend the majority of their time moving among multiple locations, they are unquestionably the group that will benefit the most from a wireless network. However, there are numerous situations in which a desktop PC would also benefit from a wireless network. Your own office situation is a perfect example.
My girlfriend, for example, uses a wireless USB adapter to connect her Media-Center PC to her home LAN. With her router located in the office, there was no way she was going to run an Ethernet cable through the middle of her livingroom. Going wireless was the most efficient solution.
In fact, her situation is not unique. Many homes, and even some offices, have unsuitable building layouts or walls that for one reason or another cannot be easily wired. In these circumstances, a wireless networking is a cost-effective alternative.
In addition, a wireless network is great for getting auditoriums or conference rooms online quickly particularly if the location that needs to be online is going to be used only temporarily. Why waste the time or expense running cable when a wireless network would work just as well.
Bottom line: I would suggest never asking this person for technical advice again. Good luck!
Use our feedback form to submit your questions on home or SOHO networking issues. Please be as specific as possible. We cannot guarantee to answer every question we get, but we’ll consider them all.
|Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums|