I’m second year computer science student in college. Some of my peers and other IT professionals keep telling me that in order to work well on your computer without anything coming into your way (like having some important pop-ups denied or having some authenticate downloads denied) you need to turn off the firewall. They say as long as you have an up-to-date anti-virus software you’re safe. How true is this and can I really be safe with my firewall off? Again, considering that I have a perfectly working anti-virus software.
Basically, I disagree with what people have been telling you. I actually disagree fairly strongly.
Become a Patron of Ask Leo! and go ad-free!
A firewall’s job
The single most important job of a firewall is to prevent incoming connections to your computer. That’s why I recommend using a NAT router as a firewall. The protection the NAT router provides comes as a side effect of the way it handles sharing the internet between multiple machines. That same kind of protection can come from software firewalls as well.
So if you’re not behind a router, or you’re connected to a network where there is perhaps questionable security (in other words, it’s open or there are other people who have less than good or safe practices on their own security), then it’s a good idea to turn the software firewall on as well. These days, to be honest, I actually don’t see a reason not to leave the Windows firewall on all the time.
Clearing up misconceptions
There are two misconceptions in what your friends are telling you: One is that firewalls block pop-ups, and the other is that they prevent downloads. In reality, firewalls do neither of these things; those are things that your anti-malware and other security software might attempt to do.
Firewalls block what’s coming into your machine unannounced or un-requested.
Even though we think of a pop-up as something that’s coming in unrequested, it actually appears because you visited a webpage that has asked for it. It’s the same with downloads. A download doesn’t come at your machine uninvited; it’s something that you request. A properly configured firewall just isn’t going to get in the way of that. It’s going to allow the pop-ups you need to see and the downloads you’ve requested.
Increasingly, the concept of a firewall is getting blurry. Many anti-malware tools actually try to do, well, everything. They’re anti-viruses, they’re anti-spyware, and some of them actually do provide a firewall. So it’s possible that some of your peers are confusing the two. But if anything is going to get in the way of your pop-ups and your downloads, it’s in fact your anti-malware software and not the firewall.
The bottom line is that yes, you need a firewall, be it a NAT router or a software firewall on your machine. A firewall shouldn’t block legitimate traffic that you request.
And for the record: there’s no such thing as perfect anti-virus or anti-malware software. A firewall is an additional layer of protection that just makes sense.