Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Softwware Firewalls Completely Unnecessary and simply waste resources

Posted on 2006-06-07
Medium Priority
Last Modified: 2013-11-16
I am told by a pretty well respected person in the computer/video industry that HARDWARE firewalls are absolutely essential, however SOFTWARE firewalls are a COMPLETE waste of money, resources and time. They do nothing, have never done anything to justify their existance.

He travels the world 3 weeks out of the month and when asked who is his ISP when staying at hotels and such he rattled off a list I've never heard of, but he adamently says that hands down nothing beats Norton to completely protect a machine no matter when, how, where, why is it connecteced to the Net. He travels without a Hardware firewall and maintains the same thoughts whether plugged into the company network directly at the offices or when in South Korea at a hotel.

He also insists that Norton barely touches system resources (I'm told Norton uses up to 30% when it gets busy).

Anyone have any comments to resolve this? Should I get rid of my software firewall? Should I switch to Norton?  I have been using EOD32.

Question by:jamroc2000

Expert Comment

ID: 16859031
I'm sorry but I greatly disagree with your friend. THe one thing I do agree on is that Hardware firewalls are better than software firewalls but software firewalls arent a complete waste of money. I have been using zone alarm for 4 years before I got my first router (and I turned that hardware firewall off because it was causing problems) and have never been hacked. Norton is by far the worst program I would reccomend anyone because of the resources it takes up. It can take up-to 50% of the resources at the time. I'd stick with the program you use, although, i ve never heard of EOD,do you mean NOD32? One good firewall, I would also reccomend Zone alarm because of my expierience with it. However, the decision is decided all upon personal preference.

Expert Comment

ID: 16859092
I absolutley agree with the information you received that a Software firewall is a waste of money. The False sense of security that comes from most of these preloaded "security" software suites is a joke. I can not begin to tell you how many computers I have repaired from clients who said "but I was using my security software..."

The only true security is that which comes from a Hardware Firewall that provides true D.O.S.

buying the software, downloading the free ones, waste of time and money.

Besides you can purchase a very good firewall+router+multiport switch+wireless access point(all one unit) for under 200 bucks
LVL 32

Expert Comment

ID: 16859110
Like most things in life, there is no one good solution for everyone :)

Norton works well most of the time, but I have seen it go haywire on some systems and bog them down completely. If it works for you and your friend, no need to change, but if you have problems.... try a different product.

HW vs SW firewalls - they can both be equally effective. Hardware firewalls don't use any system resources, but software firewalls use hardly any, and cpu time is almost free. Hardware firewalls are not as likely to be turned off by malware, but again, if it works for you, both are OK. Software firewalls travel with you and your laptop. The difference is mostly in the details.

If you keep your system patched and use safe computing pratices, the fact is that you'll barely need either a firewall or an AV program.

To each his own...
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.


Author Comment

ID: 16859960
Yes - I meant NOD32, not EOD32...onethiong I like about is practically daily updates. My friend says Norton releases virus updates EVERY DAY but I sure can't seem to find them. Updates to me are one of the most important defenses we have, no?

Author Comment

ID: 16860532
OC2Vegas:   By security software I assume you include Norton and McAfee and all of thise, correct?

Assisted Solution

Okigire earned 600 total points
ID: 16862556
Okay... a firewall ends up being software somewhere.  Whether you buy a $200 box or download something, it ends up being software.  A Cisco hardware firewall is a bunch of networking hardware, controlled by software and chips.  How those chips are programmed is software, just at a lower level.


Software firewalls are good, easily upgradable/downloadable, and great for home use.

For high-traffic applications, software firewalls can be great as well... I've seen custom Linux boxes that are firewalls for large companies that work well -- again, SOFTWARE based.

ZoneAlarm is good for home users.  It has serious problems in itself, but not so much security/firewall related.  Any software running on your computer will use up resources.


Hardware firewalls are generally a good, very high-performing, and turnkey solutions.  Since they come as a dedicated firewall, there's little processing overhead and initial setup you need to do, though configuration can be extensive!  (Note that setup vs configuration isn't the same thing.)

They can be upgraded via firmware updates, but usually not as flexible as "just download the new version."

Have you seen hardware firewalls crash?  It becomes a disaster... software solutions can be more flexible in what ways you can implement a quick contingent solution.

Overall, many good and bad points.  If you can afford a hardware firewall, great... if not, don't worry about it, software will be fine.  Those NORTON/etc packages aren't great though, so beware of those.  Look around, and don't just buy the "big name" because they try and make a simple/easy product, not necessarily a good one.

Here's a wrench... why use a firewall at all?  ;)  Firewalls are not necessary, despite proven use of them.  Firewalls are only one effective strategy:

Some interesting articles (among many more you could find via Google)...

Turn your $60 router into a $600 router

Build your own firewall

Expert Comment

ID: 16862708
It depends on what you mean by software firewall.  Hardware firewalls are a must but application firewalls are another great tool to have.  Dont know if you are reffering to application firewalls but I can tell you that app firewalls will also let you know when an application attempts to run or make connections.  This is important because if you are infected with Trojan viruses, the app firewall will detect the process attempting to run and you can prevent data leaks.  Most definitely hardware firewalls are you first line of defense to the outside.  Maybe add a desktop or app firewall in addition to stengthen your security.

Expert Comment

ID: 16862769
The man hasn't a clue as to what he is talking about.  

Software firewalls do one major task that most limited function router/slash so-called firewalls do not do - control what goes out of a computer.  Some software firewalls can also lock down a machine so application changes can be detected and blocked.  Software firewalls also do port blocking and without this function alone you are bound, sooner or later, to get nailed by malware.  

I'm not impressed by Symantec's AV/Firewall product line.  Too bloated with old code, too cpu intensive, and too dificult to administer for most users.  And their AV product is not that great for spyware/adware. I don't think there is a good product out there right now, quite frankly.  If I had to pick one for my personal use I'd say BlackICE in combination with Zone Alarm.  And I use a packet sniffer when installing any new applications to see who and what they talk too.

LVL 38

Accepted Solution

Rich Rumble earned 400 total points
ID: 16864234
I think believing one app can secure you is totally false and utterly uneducated. As mentioned above, even hardware firewalls are actually software firewalls... the distinction is that a hardware firewall is dedicated to it's task, firewalling and maintaining sessions. A software firewall uses your pc's system resources, to be certain, but the right one can protect you even more than an anti-virus solution. ZoneAlarm for instance, it is a very capable firewall, blocking ports incomming and even outgoing if configured (ingress and egress firewalling) in addtion it can block/allow programs access to the NIC and or to register themselves as a service. Norton doesn't do that, McAfee doesn't do that.

Security isn't a Program, it is a Process. Best practices can mitigate against more threats than most people think. best practices are basically, operate day to day with the lowest privileged account possible, use admin accounts for admin purposes only, run regular updates for all software.

XP and 2003's firewall is very good at ingress firewalling, blocking incomming data.

Running multiple firewalls is also a bad idea, there are too many cooks in the kitchen, your robbing your system of resources twice over, and run the possibility of overlaping, one is blocking this this and this, and another is blocking this this and that... It's no fun for you to manage, and even worse on your resources. Your also inviting disaster with two or more programs acting on the same data, increasing chances for BSOD's to be certain.

Software firewalls are often reffered to as "personal" firewalls, an apt name. They aren't meant to protect you from a DDoS, or some other onslaught that even a hardware firewall has a hard time dealing with. They offer simple, effective protection from outsiders trying to get into your PC, zonealarm and others I'm told, also provide outbound program protection. Let's say Mr. Smarty pant's get's a zero-day virus, and it starts to scan other pc's, norton doesn't have a definition for it, it can't detect it, 0-day viri are often able to turn off the popular AV's anyway. ZoneAlarm will prompt you that xyz.exe want's to access the nic, do you want to allow/deny this? It won't tell you what the exe wants to do, or will do, just it's name and it's intention to use the NIC.

Software firewalls have their place, and I think ZA's is one of the best. A hardware firewall protects much larger connections than DSl/Cable circuits better than a software firewall, but even hardware can't detect scanning activities, and viri being sent out of them... so AV also has it's place. There is no end-all-be-all, it's a process.

A 0-day virus may not even be able do anything if you follow best practices, not to mention spy-ware being affected the same way:

I use McAfee over and over, I personally love it. It has a good firewall, good AV and Spy-ware detection as well as a good heuristics "bevaiour" engine that can block an exe from doing port scanning, downloading TFTP, sending SMTP as well as allowing you to dictate the amount of resources it can use.
LVL 20

Expert Comment

ID: 16871187
Q:  Which is better an airplane or an automobile?
A:  Depends on where you are going.

"Better" is so subjective and application specific.  Most IT security pros will recommend DiD (defense in depth - from wikipedia "Likewise, in information security defence in depth represents the use of multiple computer security techniques to help mitigate the risk of a one defence being compromised or circumvented. An example could be anti-virus software installed on individual workstations when there is already virus protection on the firewalls and servers within the same environment. Different security products from multiple vendors may be on different vectors within the network, helping prevent a shortfall in any one defence leading to a wider failure.")

So it comes down to cost-benefit analysis.  Can you afford a hardware firewall + a software firewall?  Good do both.  Is it worth the hassle of lugging around a hardware firewall?  No?  Use a software firewall.  Can't afford a professional software firewall, use XP built in.

The most secure computer in the world is locked in a vault and never turned on.  Not very useable though... ;-)

Add as much security as you can but remember that the computer is a tool; if you can't use it, not much good.


Expert Comment

ID: 16906055
Prioritising risks to access is useful when assigning machines to connections and end users where a limiting budget may not get you the latest bug free architecture. Data content and flow with, most definitely, a need to know requirement is time honoured as is continued computer security education with well meaning end users. However, some secrets are better left to D.O.S. rather than published.

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
With more and more companies allowing their employees to work remotely, it begs the question: What are some of the security risks involved with remote employees and what actions should we take to secure them?
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question