Network Security Basics (cont.)
On top of hardware firewalls, there are software firewalls. A software firewall is quite different from a hardware firewall, but it can provide all the same functionality and more. On top of preventing incoming connections which you haven't prepared for (which is the important part of a firewall), it can also prevent outgoing connections. This is very significant as it can help prevent spyware and viruses from functioning properly, especially trojans. However, the downside is that even the best software firewalls are resource hogs - that is, it'll slow your system down. The only ones that don't use too many system resources are usually lacking in some aspect.
Whether or not you should use a software firewall depends on several things. If you are fairly inexperienced, it will probably create as many problems as it prevents. If you are fairly experienced, you probably don't need it. If you have an older system that has little RAM or a slow processor, a software firewall can be a major performance killer. If you already have a hardware firewall and any of this applies to you, it's probably best you don't use a software firewall. However, if you don't have a hardware firewall and you don't wish to spend the money to get one, then you absolutely must use a software firewall. There are several great options.
My personal favorite is ZoneAlarm. It's not a huge resource hog, though it can get bad at times. It has lots of options and a simple user interface that will accommodate users with little experience. It can, like any other software firewall, prevent some needed things like file and print sharing or LAN gaming capabilities. For this reason I recommend users with these types of needs either use a different software firewall, use none at all, or shut off ZA when they need the functionality. ZoneAlarm comes in both free and pay versions, and there are no compelling reasons to get the pay versions.
Use a router for improved security - How much?
Sygate is very similar to ZoneAlarm and is another one of my favorites. I don't like it as much as ZA, but it will get the job done well. It is also known to have fewer problems with LAN functionality, but that also means it might be more vulnerable to certain things. In any case, if you don't like ZoneAlarm, Sygate is a perfectly suitable alternative. It's also just as free.
The firewall I recommend for inexperienced users who don't do much with their PC aside from email, web browsing, and word processing is the built-in Windows XP firewall. It should already be on (unless you disabled it) if you're running Windows XP with Service Pack 2. It can easily be turned on in older versions by going to Start > Settings > Control Panel > Network Connections > Local Area Network/Wireless Local area Network/Internet > Security tab.
The one important thing I've found with firewalls even more than with anti-virus software is that they're not worth paying a dime for. The free ones do as good or better than the pay ones.
As with anti-virus programs, there are some particularly bad software firewalls. And like with anti-virus, the two I've found most problematic are McAfee and Norton. Because I've the massive amounts of negative experience I've had with them, I recommend against using either.