Do I need a software based Firewall?

Noob question:

I recently set up a home network. The docs. that came with the router said that it has a firewall built in. I am also running the standard firewall from XP.

Do I still need a software based firewall such as Zone Alarm? Would it benefit me to have the additional software based firewall?

Thanks

 

You should run Zone Alarm and allow it to switch off Windows XP FW (which you do not need).

The router FW (like the XP FW) only protects you from incoming traffic; it will not stop outward communication - so you are vulnerable to trojans phoning home.

 

The prevailing view in internet security forums is that you need an application based software firewall even if you are behind a hardware firewall. The software firewall keeps track of which programs are allowed to acccess the internet so that if a new trojan or backdoor gets on your computer and it happens to get past your AV, it will be picked up by the firewall when it trys to phone home. Of course there are some very rare trojans that can impersonate an authorized program to call out. Some of the firewall vendors such as LooknStop, Outpost, Jetico and Zone Alarm (might be in the pro versiononly) have additional checks to prevent this. However, as the level of security goes up the number of times that the firewall asks you for permission to do something goes up as well. One weakness here is that the user may not understand what the firewall is asking him to do and give permanent permission to a trojan to communicate out. You might have noticed that this view does not involve the tarditional function of a firewall, which is to keep unwanted connections and worms out.

The alternative view, and the one that is practiced on enterprise networks, is to not let the malware get on the system in the first place. Their view is that once the system is compromised you are finding out about it too late, and you have no way of knowing how bad things are. Enterprise systems are run in non administrative mode to prevent many malware installations. Employees are not allowed to install any software that does not come from corporate IT, which eliminates trojan equipped P2P and screensaver programs along with other policy restrictions on what you can do. A variety of hardware and software firewalls are used at different levels of the network. These products do not keep track of authorized programs as do personal firewalls like ZA. However, these types of firewalls are far easier to set up and roll out to users who will never have to respond to the firewall asking them something.