I was gonna IM you, but I thought there might be others interested in the answer.
Can you explain the difference between a firewall and an anti-virus program?
I finally got all my security software installed but I left the Firewall out because I already have the Windows Firewall and the CA Firewall I used REALLY slowed down my web surfing. Now I'm FLYING around the web.
But I'm curious if I'm at more risk not using the second firewall.
I've never totally understood what a firewall does that an anti-virus doesn't do.
Is it's only purpose to keep hackers from getting into your computer? And if so, then shouldn't the Windows one be good enough as long as I keep it up to date?
The main difference is that an Antivirus is looking at the CONTENT of files and traffic and trying to determine if it is safe. It does not look at were the information is coming from or where it is going, just the info itself.
A firewall does not look at the content, but it is watching the source and destination of the data as it comes and goes.
Basically, the way a good personal firewall works is this: When you want to go to a website, get your email, etc, your computer attempts to make a contact with another computer. As you make that request, your firewall says "Ok, JR is asking for Google.com". When Google knocks on your door to fufill that request, the firewall says "Hey, he asked for Google, Google is responding, I will let Google through to him", and JR is happy.
Meanwhile "Bad Worm 257" wants to get into your computer too. When it comes knocking, the firewall looks at it and says "Hmm, JR did not initiate a connection to Bad Worm 257, so I think I will just ignore that request".
Antivirus, on the other hand does not look at where things are coming from or going to. Lets say you request an email attachment. Because you requested it, your firewall will let it through. If that attachment contains "Bad Worm 257" within it, your antivirus will be looking at the content of that attachment and hopefully notice that it looks like the virus it is and delete it before it gets executed.
That is a basic firewall such as the Windows firewall.
More advanced firewalls will also look at outgoing requests as well, but they can be very annoying and obtrusive. When you add a firewall that also does outbound protection, the first time you use anything that needs access to the internet, it will ask you if you want to allow that from now on.
The real advantage to that is IF you do get infected with some kind of virus or trojan, most all of them need access to the internet themselves. Your firewall will pop up a message that says something like "BadDudeTrojan.exe wants access to the internet, Allow?" At that point, if you are paying attention, you might wonder "What is BadDudeTrojan.exe, and why is it on my system?" The problem is that by the time you get through allowing all the real things that need outgoing access, you are so used to clicking "Allow, Allow, Allow" that many people don't read the popup and just Allow it.
One final thing is that most all routers and modems are also basic firewalls now. They will block non-requested packets before it even gets to your computer. Most experts agree that if you are behind a router and have Windows firewall turned on, you are quite safe. The problem comes when you visit a bad or infected website. At that point, you requested the info so the firewall allows it through . . . this is when your antivirus should kick in and notice the virus AFTER it got through the firewall.
In ten years that's the clearest explanation I've read or heard. I GET IT NOW!
And indeed, when I ran the CA Firewall I did have to allow everything, and I did get to the point where I was just selecting "Allow all". Meanwhile it was slowing my internet down to a pace reminiscent of the old 56k modem days!
Without it I'm flying around at DSL speed again. I do have a router that has a firewall, in fact I had to designate the broadcast computer as the only computer on the network to NOT be blocked by it because in order to take requests and such it had to have open access.
So it sounds like I'm good to go with my router and Windows Firewall!
Talking about you personal firewall is mostly you making requests to servers. The server on the other end has to be configured to allow those initial requests through the firewall.
Let's use one of my web servers as an example.
Each of my web servers is one physical machine with several "software servers" running inside it. The most used are a "web server", an "email server", a "DNS server", an "FTP server" etc. They are all on the same physical machine (server), but are different "software servers" all running at the same time within that physical "server".
Let's say you want to request a web page from the server. When your request comes in, how does the server know what to do with it? Is it an FTP request? Is it an Email request? It is a DNS request? Without ports, the machine would first have to look at that request and then decide which "server" it should hand that request off to for processing. That would make extra work than needed and slow things down.
With ports, we put the "web server" on port 80. Or, it is listening for web page requests behind door #80. If you send all your web page requests to our door #80, they come in right where they need to be . . . at the "web server". The server doesn't have to decide what to do with it, because anything coming through door #80 is automatically routed to the web page serving software.
If you send an FTP request to the web port 80, that FTP request would end up at the "web server" and the web server would have no idea what to do with that request because it only handles web pages, not FTP commands. So, we put the FTP server on its own port of 21. When your computer sends FTP commands to that port they end up right where they need to be . . . at the "FTP server".
Now, you can start to see the connection between the firewall and the ports.
Lets say you have a server that you only want to serve web pages from and nothing else. You would then want to put a firewall in front of that server and ONLY open port 80 for the web server to accept incoming connections. You are only opening the door to allow web pages through. Traffic on any other ports will be blocked by the firewall which will keep the rest of the server safe.
Since ONLY the web server software is listening for commands on port 80, it will ONLY recognize web page requests and nothing else. If you send anything other than a web page request to port 80, the web page server will not know what to do with that request and ignore it.
So, by simply ONLY allowing traffic into ports that have "servers" waiting for specific kinds of traffic on them, there is a basic level of protection there. It becomes "either give us the type of data we want, through the door we specify, or we will ignore you".
Fortunately, there are standard ports used for the main internet services so we know what ports to put things on, and your computer knows what ports to use to access those services.
See, and I was dealing with all that port stuff when I was setting up the station request system three years ago! I thought my head was gonna explode. There's several different ports I had to open in order to accept requests, but I never understood exactly what I was doing.
I swear it's a miracle this station ever got on the air
Yup, but that is basically the deal. It takes a few different "services" to make all the request system happen. Each service runs on its own port so your firewall has to be set to allow traffic through on those certain ports.
Yes . . . kind of . . . the difference being, an open port is not restricted, but just specific. Ports by themselves are not really about security, but rather more about organization. The firewall helps keep us secure by blocking off access to unused ports. Either put something behind the port that will only respond to certain things, or block access to that port if nothing is there.
In the toy picture, lets say when the child puts the round block in the round hole, lights and happy sounds go off and the child is pleased. The right block in the right hole got a good result.
Now, lets say the holes are big enough that the square block can easily go through the round hole. The round hole is big and open enough to let the square block go in, but no lights and happy sounds. The toy is expecting a round block to come through that hole and it doesn't know what to do with the square one . . . so it just drops the square block out the bottom and continues to wait for the expected round block.
You must put the right block in the right hole to get success. The wrong type of block in the wrong hole and the toy will ignore it.
Let's say there's 3 doors. The first one leads to a hair salon, the second to a gynecologist's office, and the third to a bar. A bald guy could walk into the hair salon or the dr's office, but there really wouldn't be any point. He'd be allowed to walk in, but there's nothing that anyone there could really do for him. But how does he know which door leads to the bar?
He knows what door leads to the bar because because in every town that wants business from the general public, the bar is behind door #43. Its just the way it was set up at the first town, its just the way it is now, and he knows that the standard is to put the bar behind door #43 so that is where he looks first when he's thirsty.
That is a good analogy and brings up another point. If you want to serve drinks to only your friends and not every bald guy that walks in, you can put your bar in any of 65,000 other rooms. You could put your bar behind door #37,245 and tell your friends where your bar is. Yes, if someone rattled enough knobs and tried every door, they could find your bar, but you wouldn't have the majority of the general public walking in because they would look behind #43, assume your town had no bar, and move on.
Yes, there are software programs that will walk through your town and rattle every knob, peek inside every unlocked room and report back what was in there (if anything).
