Personal Firewall Security FAQ

(Note: This is from 2001 and has not been touched since 2005)

Executive Summary

Do Personal Firewalls improve security?

No.

Why do so many people install them, then?

Because those people are all idiots.

Details

Why don't they improve security?

You can't improve security of an untrusted system by installing another untrustworthy piece of software. You don't have the source code for the operating system or for the new piece of software, so it is impossible to verify that it does anything at all, let alone improve security. In the contrary, adding software increases the system's complexity, increasing the probabilty for undetected bugs and possible new security problems.

A firewall is a computer security concept, not a piece of software. Vendors selling you a piece of software (or even a piece of hardware) under the label "firewall" are defrauding you.

If you seriously want to improve security on your machine, you have to reduce the code size, not increase it! And no matter how much software you remove, as long as you don't have the source code for the rest, you are still not even remotely secure. Consider dropping Windows and switching to a more secure operating system.

See also

de.comp.security.firewall FAQ (German)

Why is this FAQ needed?

Because security forums in Usenet and elsewhere are rendered unusable by a unendling flood of Windows users who installed a "personal firewall" and ask for tech support. In the German usenet, de.comp.security was even split into de.comp.security.misc and de.comp.security.firewall to isolate those questions into ...firewall, with the result that there is almost no discussion other than whining Windows lusers there who complain that they aren't treated friendly and courteously.

See also