Why use a software firewall

I've heard alot of rumours that software FW's are really not necesarry if your using a hardware firewall. But is this true ?

So is using a software firewall beneficial and if so why would adding or using a software FW in conjunction to your hardware FW better for you. What protection does a software FW give that a hardware wont.

 

who needs them?


Oh yeah... cause you know... Ive been hacked so many times, I have like, 50,000 viruses (yes, I do check every once in a while), and tons of spyware (I check that too).

Oh wait, Ive never been hacked, and ive never had a virus or any spyware... nevermind.

In fact, we had a thread going on earlier about how long an unprotected computer lasts on the internet. I stuck a Win XP (SP 2, but otherwise unpatched) computer on a DMZ through my router, and even turned off the firewall. I ran etherreal to see what happens. I was fully expecting the computer to go down within minutes. Ran it for 2 days straight. Not a damn thing happened. Not one virus, not one spyware. All I got was a few connections to Microsoft (didn't send any information like I was expecting), and a few attempts to exploit sql, which wasn't installed.

Now, maybe I got lucky, maybe its because Comcast is doing some firewalling themselves, but I would imagine the XP firewall works pretty well.

I'm not saying outbound protection isn't really needed, but something thats not really a big deal (to users). Most people wouldn't be able to tell that was their pin number or whatever.

Microsoft is probably working on a way to make it to where default their firewall only filters incoming like it does now. Its great that they are making it with outbound protection next, but I would be willing to bet that it won't be enabled by default. They have to think of the lowest common denominator when they design an OS.

Other "walls"
I mean, do you honestly trust some application that integrates into your system at such a level (read: security issue). Are you monitoring that application? Is it blocked from the Internet? Why do I need some 3rd party application to protect me? You know what a user is going to do with that app? Nothing, because they don't know what its saying. So what good is it? Why do you need an app that intercepts everything in the system, when you should be educated enough to not need that kind of protection (because you know what it is saying)? Whats to keep it from collecting information about your system and phoning home without telling you? And honestly, I havn't seen a virus or spyware I couldn't get rid of without reformatting (and I doubt I ever will).

That is the fundamental problem, you can have all the protection in the world, but as soon as it asks a user what to do, all that protection is useless unless they just happen (or know) to click on the right button. I would be willing to bet this is one reason why the XP firewall is transparent to the user.

Anyway, to summarize, the Windows XP firewall works just fine for users. No, the current one doesn't filter outgoing, but until the user installs something they shouldn't have (therefore wouldn't know what to press if a firewall came up and asked them to allow it or not), it is fine.