Without a firewall, your computer is operating under an "open door" policy. Bank account information. Passwords. Credit card numbers. Documents and photos that you don't want to share with the world. They are all available to anyone with bad intentions and basic computer skills. Hackers can get in, take what they want, and even leave open a "back door" so they can turn your computer into a "zombie" and use it to attack other computers.
Every minute that your computer is connected to the Internet, either through a dial-up (modem) connection or through a broadband (DSL or cable) service, it is at risk.
The people who want to break into your computer don't care who you are or where you live. They may be "script kiddies" using malicious code they find on the Internet to wreak havoc on others' computers, or they may be computer criminals with cutting edge technology to sniff out unprotected computers anywhere in the world and exploit their vulnerabilities. An attack can come at any hour of the day or night.
When your computer is connected to the Internet, it receives traffic from a wide range of sources, most of it benign. Your instant messaging client alerts you that a friend has signed on; your mail client finds new mail waiting for you and downloads it; a weather site refreshes its rainfall map by telling your web browser to reload a page. All of this traffic is handled invisibly by your computer, which is listening to a large number of "ports." A port is a specific connection point through which applications on your computer connect to the Internet. And a hacker only needs one open port through which to mount an attack.
Your computer is just one machine among the millions connected to the Internet at any given moment. And a moment is all it takes for a hacker to get in.
Antivirus software comes installed on most new PCs, and most people think that it protects them completely from Internet-borne threats. But virus protection is only as good as the latest virus definitions, which are created in response to the latest viruses. It's a game on one-upsmanship that the hackers always win, in a sense; someone (potentially many thousands of people) must be infected before the makers of antivirus software can create a defense. And antivirus software does nothing to secure your computer against direct hacker attacks.
A firewall is a piece of software that monitors all incoming network traffic and allows in only the connections that are known and trusted. Port 80 is open so that you can browse web pages; port 1863 allows you to engage in instant messaging with friends; port 443 gives access to secure web pages used by online merchants to encrypt purchases.
You could manually grant or restrict access to each of the 65,535 ports available under the Internet Protocol. Every time you add a new program that requires Internet access, you would need to determine which port(s) it uses, and reconfigure your computer accordingly. You've likely got better ways to spend your time.
Firewall software takes on this burden for you, allowing access to the ports you need open, and closing off those you don't. It also makes your computer "invisible" on the Internet; if hackers can't find you, they will have a hard time attacking you.
More advanced firewall software also monitors outgoing traffic. This is crucial since malicious code spreads by accessing the Internet and pushing copies of itself to other computers (often those of your friends and family!). Outbound protection can keep even brand-new Trojan horses and spyware from doing their damaging work. The ultimate protection is program-level control, so that only those applications that you trust are allowed to access the Internet.
(5.0)
