A firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy.

A personal firewall differs from a conventional firewall in terms of scale. Personal firewalls are typically designed for use by end-users. As a result, a personal firewall will usually protect only the computer on which it is installed.

Many personal firewalls are able to control network traffic by prompting the user each time a connection is attempted and adapting security policy accordingly. Personal firewalls may also provide some level of intrusion detection, allowing the software to terminate or block connectivity where it suspects an intrusion is being attempted.

Features

Common Personal Firewall Features:

  • Alert the user about outgoing connection attempts
  • Allows the user to control which programs can and cannot access the local network and/or Internet
  • Hide the computer from port scans by not responding to unsolicited network traffic
  • Monitor applications that are listening for incoming connections
  • Monitor and regulate all incoming and outgoing Internet users
  • Prevent unwanted network traffic from locally installed applications
  • Provide the user with information about an application that makes a connection attempt
  • Provide information about the destination server with which an application is attempting to communicate

Criticisms

  • Instead of reducing the number of network-aware services, a personal firewall is an additional service that consumes system resources and can also be the target of an attack, as exemplified by the Witty worm.
  • If the system has been compromised by Malware, Spyware or similar software, these programs can also manipulate the firewall, because both are running on the same system. It may be possible to bypass or even completely shut down software firewalls in such a manner.
  • The high number of alerts generated by such applications can possibly desensitize users to alerts by warning the user of actions that may not be malicious (e.g. ICMP requests).
  • Software firewalls that interface with the operating system at the kernel mode level may potentially cause instability and/or introduce security flaws and other software bugs.