A personal firewall is software installed on an end-user's PC which controls communications to and from the user's PC, permitting or denying communications based on a security policy.
A personal firewall differs from a conventional firewall in that there is no hardware separation between the firewall software on the user's PC and the user's application software. A personal firewall will not usually protect any more than the PC that the software is installed on, unless other PCs are sharing Internet connectivity via the protected PC.
Another distinction from conventional firewall software/devices is that personal firewalls are able to control communications using methods such as prompting the user each time a connection is attempted, and 'learning' from the responses, to determine what Internet traffic a user would like to permit to/from their PC.
This software may also provide some level of intrusion detection, allowing the software to terminate or block connectivity where it suspects an intrusion is being attempted.
A personal firewall can:
- Prevent programs that are useful for non-network purposes, like Windows Media Player, from accessing the network.
- Prevent nuisance accesses.
- Prevent applications providing local network services like X Window from being accessed by other computers.
- Alert the user about outgoing connections and the process (program) making the connection attempt
Problems and weaknesses
- For private users, shutting down all unnecessary network-aware services and installing up-to-date patches is often enough to secure the system against (nearly) all outside threats
- Because they are installed on the system they protect, attacks on the firewall also affect that system and vice versa:
- Instead of reducing the number of network-aware services, a personal firewall is an additional service that consumes system resources and can also be the target of an attack, as the Worm Witty has already shown.
- If the system has been compromised by Malware, Spyware or similar software, these programs can also manipulate the firewall, because both are running on the same system. In the past, security experts have found numerous ways to bypass or even completely shut down software firewalls.
- They will often alarm the user about attacks on harmless occasions, for example connection attempts to closed ports, or misinterpret normal network traffic as an attack.
- They can interfere with the operation of peer-to-peer programs, though sometimes the firewall can be made to grant permission to the program.
- The high number of 'alerts' generated by such applications will inevitably result in the user simply clicking 'Accept' without checking the content of the alert, leading to complacency on the user's part.
While many people claim that the uses outweigh the negative aspects of personal firewalls, others claim that personal firewalls are snake oil, because they do not offer any real advantages but try to make the user believe that they are effective with constant alerts about "hacker attacks".