Webroot offering me a firewall ? I thought I had one ?

Email received today from Webroot "Act now to renew Webroot® SecureAnywhere™ Antivirus—your ultimate safeguard against viruses and other malware, without the performance hit caused by other security software.
Why consider anything else—unless of course you want to upgrade to Webroot® SecureAnywhere™ Internet Security Plus, and add a firewall to your other protection! "
It's the add a firewall to your protection that puzzled me ? I understood Webroot made use of Windows firewall ?

 

Yes, the marketing people are often disconnected from the reality and confuse very easily novice users. Just ignore it

 

......are you sure ? I'm not.

 

Yes, I am. Why bothering posting here if you think you know already the answer?
All versions of WSA includes a "firewall": http://www.webroot.com/En_US/consumer-compare.html

Its time you relax, sit back and enjoy the protection of WSA. Do not look desperate around to find issues or products to add, use your PC.

 

Who knows, a much improved firewall may be available if I upgrade ? I'll wait for an explanation from the guy who matters, PrevxHelp. Your input however has as always been much appreciated.

 

WSA does not have a "firewall".Its just an outbound filtering add on for the windows firewall.

 

Yes, that's why the " ... "
And anyway Webroot info,not me, defines it as "Firewall and network connection monitor".

 

Here is some info from the Online Help file: https://detail.webrootanywhere.com/agenthelp.asp?n=Managing_the_Firewall and fax is right it's in all versions already.

TH

 

... XD

Okay, so, something that a lot of people may not remember, but "firewall" in and of itself means something that is meant to prevent the spread of a destructive thing. A long, long time ago in the world of computing, "firewall" was shorthand for "network firewall", which was the term for a network packet filter. It was, literally, something that would inspect packets on the network stack and make a decision whether to pass them or drop them, occasionally with other functionality such as mangling them, redirecting them, replacing them, responding to them, etc.

Then, like many terms, the meaning started getting muddied. Imagine my surprise when I went to get a "firewall" when my favorite deep-stack firewall program went out of support life and suddenly found my options doing things like tracking DLL loads/injections and process execution and such. "But, but where is the network firewall? Stop blocking my mouse software from loading its DLL into stuff!" Oh, it was in there, with the most horribly wide set of configuration settings ever.

If I wanted to allow something as simple as a ping reply to reach my computer, I had to effectively turn off the firewall completely. This was bad because, at the time especially, pings were harmless and useful, but certain malformed packets sent to other places from the internet at large could happily instigate a buffer overflow in the handler and inject malicious code. As long as the firewall was closer to the hardware in the stack than the broken handler, things were fine, but some firewalls at the time (*cough* ZA *cough*) were not as deep as the exploitable handlers and were completely useless for blocking that kind of attack.

Nowadays, the term has been so completely muddied that anybody who uses the term with its original technology meaning gets flak for it. Firewall: Makes decisions about network packets and takes action based on those decisions, said actions generally being to drop or pass the packet, or optionally engage other activities based on evaluation of the packet. Therefore does WSA contain a firewall? Yes. Does it contain a firewall in the sense that many people think of a firewall as? No. People have been told that firewalls -must- act on all packets, inbound and outbound. People have been told that firewalls -must- make your computer invisible to other things on the network (despite the fact that this obsolete and ancient concept breaks LAN communications very effectively). Some people even think that firewalls -must- block DLL injection, despite the fact that people finally got smart enough to break that portion off as a HIPS function rather than a firewall function.

Now with the history lesson done, Webroot has had a problem for quite some time with marketing efforts not being wholly accurate or up to date. Old trigger-based emails, old landing pages, misspoken words and phrases... They have been the bane of the support crew for years as they generate call volume increases and lots of confused (and sometimes upset) customers. Information from prior versions occasionally (frequently) ends up sticking around and the only metric marketing is normally judged on is "Did you get us more money?".

So yes, it has a firewall. No, it's not an "outbound filtering addon for Windows firewall", since it will operate regardless of whether the Windows firewall is on or not, and with any other firewall. "Other firewalls" try to look at all packets in both directions, as well as attempts to open local network sockets, etc. Because of this, and the network chain operations, two "other firewalls" together can create havoc on the network system. WSA's firewall only cares about, inspects, and takes action based on outbound packets and established connections but does not monitor or take action based on listening ports or inbound connections. But it's still a firewall. It still monitors and acts based on network packets. It communicates with its AV section thoroughly to include network packet information in the decision-making for AV and AV information in the decision-making for packet handling. They even had to call it a "firewall extender" for the camp that say "OMG, no two firewalls at once, it's bad!"

Is it a firewall? - Yes
Is it a firewall extender? - Yes
Is it a bidirectional firewall? - No
Is the information they sent you wrong, most likely because it's an outdated trigger email/landing page? - Yes.

 

Thanks Techfox1976 for the very informative post!

TH

 

Thank you Techfox for your marvellous post.

 

Could you forward the message you received to my username at gmail.com? This is indeed some disconnect on the marketing side which we should correct!

 

Great post, Techfox

 

HI PrevxHelp, copy on its way.

 

Yes, but Techfox1976 do you think my switching back to NIS which does have a proper firewall was the way to go ?

 

I'm curious, why did you switch?

 

Could you give a meaning to your term "proper firewall" and why the norton firewall fits your description please.

Thank You.

 

Hi SweX , hi AMIGA500 , I panicked when I saw the length of Techfox1976's post, and just jumped, sorry

 

Hi sturgess.
please dont apologise.
I do the same often...lol

 

Excellent Post Techfox!

 

Received - thanks!

 

And the result? Did marketing get a slap with a trout?

Seriously though, what is the outcome of this?

 

XD

You guys make me laugh sometimes.

Hmmm... So if my posts can make you drop a good AV, I wonder what other unintelligent things I can get you to do with long posts...

 

calling it an "Outbound Connection Monitor" (as i describe it) wil be more accurate and less confusing.

 

It does a lot more than just monitor outbound connections.