That is a question many people are asking these days, though no one wants to be open to attack. The answer is not very easy, as there are so many different ways of attacking a Windows PC from a network connection.

[slashdot]

“Should you be running firewalls on your desktop and server machines? PC Pro’s Jon Honeyball argues the case for switching off Windows firewalls and handing over responsibility for security to server-based solutions. "I’d rather have security baked right into my network design than scattered willy-nilly around my desktops and servers," Honeyball argues. "It seems to me that there’s much sense in concentrating your security into a small number of trusty gatekeepers rather than relying on a fog of barely managed faux security devices. Of course, it puts your eggs into fewer baskets, but it does mean these gatekeepers are easier to control and manage: monitoring them in real-time becomes routine.""

For the average PC user, with a single machine, and not using a router, I’d say that the desktop firewall is indispensable. And though I am convinced that the later versions of the Windows firewall are acceptable, and probably fine in the hands of someone who has taken the time to learn the software – who has? Windows started with a crappy firewall, that was not easy to manage, and by the time that Microsoft got around to fixing the problems, no one cared.

With the likes of Comodo and Online Armor, firewalls that give extraordinary protection, and are so easily setup, why mess with something from Microsoft? Just turn off the Windows firewall, set up Comodo (my overall first choice) and you’re golden.

For the user behind a router that is doing NAT (network address translation) a software firewall is like gilding the lily, and a bit more protection than is really needed – yet I always do it. Better safe than sorry, I say.

For users that have many machines behind the router, I’d suggest a model that has stateful packet inspection, though to get a good one, it is going to be more than those $35 jobs you find on sale that also have wireless access points built in. In case you want a good one, go with a name like D-Link, Linksys, or Netgear, and expect to pay, though that does not mean you won’t find a deal.

For the overall best protection, I’d use an older or extra PC and set up Smoothwall.  A PC using Smoothwall software, properly configured means that your network will likely be a bit faster most of the time, a lot faster when there are many PCs accessing it at peak times, and very, very safe. By the way, the Smoothwall software is free, and all you’ll need is another NIC and a wireless NIC if you want to let wireless things, like game consoles, smartphones, and laptops access your connection. Smoothwall also has the ability to let you have a DMZ for a gamer, or perhaps for the home that has a full-on server, that needs outside access (though if you need this, you most likely will know this already, and won’t need much time looking at the Smoothwall docs). Smoothwall is free, administered through a web-like interface, and has enough help in several forms to get the most green novice up and running.

If you’re running Smoothwall, properly set up, you can turn off the firewall on individual machines, and regain some speed. Then all you need worry about is the antivirus and antimalware you run.

A quick trip to the Smoothwall site will let you know what kind of computer you can use for your Smoothwall machine – keep in mind that more computers accessing the firewall simultaneously will require a faster CPU for the firewall computer.

§

Opera, the fastest and most secure web browser

®