Hoo boy, now there's a quick question with a long answer.

There are two basic types of firewalls, hardware and software. Hardware firewalls are a physical device that sits between your connecting computer and your modem, while a software firewall is a program installed onto your computer. They both do the same thing, which is to restrict connections that may be a threat to your computer.

Hardware firewalls are the most potent, because the threat gets stopped before it ever reaches the machine. Most hardware firewalls work the same way, so there is little difference. The easiest way to have a hardware firewall is to buy a router, as most (if not all) routers have firewall firmware installed. This is not always true with hubs or switches(where it's a rarity), so make sure you know what you have. If you have a spare machine around, a couple NICs to put in and feeling a little geeky, you can even convert a computer into a firewall, though that has a tendency to take up space. Hardware firewalls are also sold standalone, but I personally say to get a router instead so you have a little more functionality for the space being used.

Software firewalls are not always a sure fire prevention, but they are effective. Like hardware firewalls, they essentially all do the same basic job in roughly the same way, with the differences depending on the OS, the user interface, and extra functionality. Most do run in a "fire and forget" mode, meaning it will automatically learn from your use and modify it's settings to compensate, which means configuration is pretty easy.

Like Anti-virus programs, you can have too much of a good thing. In this case, you should only run a maximum of one hardware firewall and one software firewall, anything else is either redundant or problematic. Personally, I run with the firewall on my router and the windows default, though if I feel it's insufficient, I run Zonealarm's firewall. It's still one of the best out there, and best of all, it's free. (takes some effort to get to though, just click the link to go right to the free one)

Now to explain what a firewall is not. It is not an antivirus, so if a virus gets by it (usually as an infected file) and you have no antivirus, you are hosed. It is also not an anonomyzer. It will not provide you with security when you go websites you would prefer to remain unknown. It is also not an encrypter. So you cannot rely on the firewall for extra security while banking or other such things. To summarize this, the firewall is there to block threats to your computer. Anything beyond it, and you have to find another means.

LL is right so far.

Hardware firewalls are external to the machine.
Pros?
Less CPU / RAM usage on machine
Easy to configure

Cons?
Point of failure
More wires


Software firewalls
Pros
On the machine
Can be simple, easy to configure
Cheap/built in to XP

Cons
Takes CPU/RAM
Can be a PITA when troubleshooting
not as intuitive as the firmware on router (IMO)


Personally, I'll use a dual approach.

When I have a home network, with my own Router / DHCP machine, I have that setup to only give out 5 or less addresses. I also do some port forwarding and MAC address filtering. I have it setup to not accept incoming pings or such, and keep a log.

On the PC itself I use a software firewall that is configurable. (Hey, I'm paranoid).

You have to know what you're doing, because if you have internal set for letting X app out, but not the External, you have a fail. It can be annoying at times.

But, that's how I do it, along with Anti - virus too.

Cutenoob

okies... pretty much as I was thinking, but I question "Point of failure"..?? huh?

I'm also using ZoneAlarm, but with a recent virus, it got taken out, and I was having massive issues with net connection (still no idea exactly where from... had to delete partitions and format apparently, my 500G HDD had a 1TB partition..cool!!! ... well, ok, not... I lost about 100G).

So, LL pretty much answered the one vital question I had.. ZA is ok. And no need to go hunting for anything else.

But, I now have another question that has just arisen... I dl'ed FreeDownloadmanager, and it wants access to the router (10.1.1.2)... is this good, or a seriously bad idea?


AV - hmmm... I'm undecided now, since Avast got busted wide open by beagles and bagels and stuff...

"Point of Failure." Another thing to break or be misconfigured and needing to be replaced or troubleshot when issues arise.

Personally, I wouldn't trust it. Most programs only need access to a port. The only thing that should be accessing the router is me manually. If you run FireFox, you can use the DownThemAll addon and it works just as well.

To start of with, no AV program is 100%. It's just not possible. Anyone that tells you different is full of crap. That said, the variant that nailed Avast is known as a "protection killer", where it's designed to directly eliminate the AV program. There are others that will attack Avast and any other AV program.

Now, if you are smart about your net travels, the odds of getting nailed by this are slim, and should it happen, there's removal tools available. Avast is still a good choice, so don't get panicky about a lowball chance of it being compromised.

I would bet that FDM is trying to call back to it's HQ or some centralized database.
Like, if you installed FDM, and put 3 files on there for sharing, how does the rest of the world know you have 3 versions of Red Hat?

Personally, I don't use accelerators. Just never have.

Make sure you have a working AV, and keep it up to date. Keep the firewall up to date too.

Don't be paranoid, but don't be someone who says, "Meh, I don't need no stinkin AV"

Cutenoob