If my anti-virus is working properly, do I still need a firewall?

//

I’m second year computer science student in college. Some of my peers and other IT professionals keep telling me that in order to work well on your computer without anything coming into your way (like having some important pop-ups denied or having some authenticate downloads denied) you need to turn off the firewall. They say as long as you have an up-to-date anti-virus software you’re safe. How true is this and can I really be safe with my firewall off? Again, considering that I have a perfectly working anti-virus software.

Basically, I disagree with what people have been telling you. I actually disagree fairly strongly.

Yes, you need a firewall. And no, a firewall isn’t going to prevent some kind of pop-up or authentic download that you initiate.

Become a Patron of Ask Leo! and go ad-free!

A firewall’s job

The single most important job of a firewall is to prevent incoming connections to your computer. That’s why I recommend using a NAT router as a firewall. The protection the NAT router provides comes as a side effect of the way it handles sharing the internet between multiple machines. That same kind of protection can come from software firewalls as well.

So if you’re not behind a router, or you’re connected to a network where there is perhaps questionable security (in other words, it’s open or there are other people who have less than good or safe practices on their own security), then it’s a good idea to turn the software firewall on as well. These days, to be honest, I actually don’t see a reason not to leave the Windows firewall on all the time.

Firewall

Clearing up misconceptions

There are two misconceptions in what your friends are telling you: One is that firewalls block pop-ups, and the other is that they prevent downloads. In reality, firewalls do neither of these things; those are things that your anti-malware and other security software might attempt to do.

Firewalls block what’s coming into your machine unannounced or un-requested.

Even though we think of a pop-up as something that’s coming in unrequested, it actually appears because you visited a webpage that has asked for it. It’s the same with downloads. A download doesn’t come at your machine uninvited; it’s something that you request. A properly configured firewall just isn’t going to get in the way of that. It’s going to allow the pop-ups you need to see and the downloads you’ve requested.

Combination software

Increasingly, the concept of a firewall is getting blurry. Many anti-malware tools actually try to do, well, everything. They’re anti-viruses, they’re anti-spyware, and some of them actually do provide a firewall. So it’s possible that some of your peers are confusing the two. But if anything is going to get in the way of your pop-ups and your downloads, it’s in fact your anti-malware software and not the firewall.

The bottom line is that yes, you need a firewall, be it a NAT router or a software firewall on your machine. A firewall shouldn’t block legitimate traffic that you request.

And for the record: there’s no such thing as perfect anti-virus or anti-malware software. A firewall is an additional layer of protection that just makes sense.

7 comments on “If my anti-virus is working properly, do I still need a firewall?”

  1. I can’t believe that second-year CS students and “IT professionals” would be harboring delusions like this. What other misinformation are these people disseminating? I never took a computer course in my life and even I know that antivirus software and firewalls perform completely different functions. The question strikes me as beyond naive, akin to “If my car runs well, do I really need windshield wipers?”

    • Some anti-viruses think they are firewalls. I don’t know if I am allowed to use names but I will.
      Both Comodo and Bittorrrent absolutely would not let me install software even after I disabled them.
      AVG 2014, wouldn’t allow me to do much and it refused to be uninstalled. Had to delete it bit by bit from the Registry.
      mmy firewall at least asks me if I would like to proceed.
      I’m using Avast now and everything has calmed down.
      Mind you the above mentioned 2 programs were great at preventing viruses.

    • You’d be surprised at the misinformation IT students subscribe to. I teach English for IT at the top technical university in Germany, and I’m shocked that the things my students don’t know and the misconceptions they have. If you reread the questions, it says “Some of my peers and other IT professionals” The IT “professionals” are probably sources on the web and their peers probably are quoting the same or similar sources.

  2. This sounds like a trap. Misguide gullible people away from using firewall and then hack into their machines. The new batch of hackers need targets to practice on, don’t they?

    The questioner did the right thing asking a pro instead of falling for such a naive manipulative trick.

    Thanks Leo for your excellent advice as always.

  3. Perhaps your student is right for the wrong reason, Leo: you did say that you only need the firewall if you are not “behind a router”, and isn’t almost everyone “behind a router” these days, as simple modems are rarely supplied any more? That being the case, leaving the firewall on would be a waste of resources for most users, wouldn’t it?

    • They’re actually not the waste that they once were (and they certainly wouldn’t cause the problems that the student was told they would). Remember that a router protects you only from things on the other side of it. If you have questionable computers on the “inside” or local side of the router, you may still want that software firewall up and running. I have no idea if this is a school environment, but if it is … I’m not sure I’d trust every one else on the local side of that router :-).

  4. My HP Officejet Pro 8600 wireless scanner worked well for the last two years. Suddenly the scanner was unable to connect to the computer. Nothing I tried worked until I turned off Microsoft Firewall. Now the scanner works fine. I looked, and the box that says the scanner is allowed to communicate with the computer is checked. The Firewall should not have been blocking the scanner, but it was. My guess is that one of Microsoft’s recent updates turned the firewall into a renegade concerning the scanner. I will just leave the firewall turned off, thank you very much, forever. I have a router and Malwarebytes antivirus.

Leave a reply: