Spyware, Viruses, & Security forum

General discussion

Are two firewalls better than one or can it cause conflicts?

by Lee Koo (ADMIN) CNET staff/forum admin / May 11, 2012 8:18 AM PDT
Question:

Are two firewalls better than one or can it cause conflicts?


Hello. On the Internet many firewalls can be found, some free
and for payment. But with Windows OS a firewall is already present on
a PC. If another firewall is installed, can this be a conflicting
situation? Is it better to have one firewall only, or on the contrary,
can another firewall eventually supply a more complete defense and
cover the holes left by the first one? Also, is the Windows firewall
supplied with the OS good enough or would you recommend something else
that is better? Excuse me for my bad English and thank you very much.

- Submitted by Giuseppe F.
Post a reply
Discussion is locked
You are posting a reply to: Are two firewalls better than one or can it cause conflicts?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Are two firewalls better than one or can it cause conflicts?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Don't run more than one at the same time
by 4Denise / May 11, 2012 10:58 AM PDT

The Windows firewall is fine. It will do the job. If you prefer a different firewall, then you can turn off the Windows firewall.

It is not a good idea to run multiple firewalls, unless one is a hardware firewall (with a router) and one is a software firewall (which is what you are talking about). If you are not having difficulty with the Windows firewall, and you don't know enough to select one that is better, then you can just leave it running. It will do the job. If you later change your mind, you can always alter it in the future.

Collapse -
Nesting firewalls
by Zolar_1 / May 11, 2012 11:59 AM PDT

While you can in concept run nested firewalls, most of the firewalls you use will either not install or force the uninstallation of existing firewall.

Firewall routers like the one's the typical home computer user buys will only block incoming connections that fit a profile unless the homeowner is adept enough to set restrictions for outgoing connections.

I remember one firewall years ago that would let you block certain parts of a program's internet connection. It was awesome. You could run a spam filled program like weatherbug and block all the advertisements while still gleaning the benefits of the program itself.

But alas, nearly all the 'modern' firewalls for consumers won't let you do this, or if they did you have to go through an extreme effort to do so.

Instead of running nested software firewalls, do this:

1) get a firewall router and leave the settings alone.
2) get a good software firewall and use the presets that come with it.
3) use a program like vmware and run a desired operating system from within that.

There was another program called sandboxie. It used to sandbox Internet Explorer thus increasing your computer's defenses.

Personally I use Linux and a hardware firewall/router.
Sometimes if I will be surfing sites that could be bad I will use virtualbox.ose

I have not had to reinstall the operating system due to attacks or malware - ever.

Collapse -
The short version is - 'NO'
by Zivtu / May 29, 2012 7:29 PM PDT
In reply to: Nesting firewalls

Two firewalls will sometimes (not allways) collide, thus stopping (or crashing) your system.

The longer version is - Two software packages - NO. A hardware firewall (like a router) and a software package - YES YES YES!!!

If you're running a software package (AVast, ZoneAlarm etc.) than you MUST tirn the windows firewall off. Most of them will ask you if you want them to make the move for you, so tell them yes, and they will take care of that.

Personally, I used to work with AVG Free for the antivirus and ZoneAlarm for a firewall. As it turns out, AVG grew so bug and luckily for me ZoneAlarm came out with a free firewall combined with a free antivirus, so I let AVG go and stayed with combined ZoneAlarm free package, which I'm very happy with. On top of that I have a router running it's hardware firewall, and everything works nicely together.

Since most of us use the Windows systems, I wouldn't concern myself with all those Mac or Linux users. They don't know anything about security or securing their systems and let me tell you - they are about to slapped in their faces - HARD!! (We're already seeing it with Mac users and computer viruses...)

In my opinion, which is based on over 35 years of industry experience, I tell you that the best way to go about it is not lying about and waiting, bur rather taking the proactive approach and getting ready for the assult - because it will come, mark my words!

Is what's going on in Iran a surprize? NO! It was expected!!! So be prepared. Always.

Collapse -
more than one firewall
by vhawk1951 / May 18, 2012 11:01 AM PDT

the windows firewall consistently fail the leak test test which means i have no faith it it.
if leal test can get through surely anyone can?

Collapse -
Software Realities
by JohnCPR / May 18, 2012 5:52 PM PDT
In reply to: more than one firewall

It is not a good idea to criticize a security software product because this shows a bias and complete lack of understanding for the limitation of software. Also, to give a person the idea that another one is better is not entirely correct.

All software, Firewall or otherwise, is not totally foolproof. In my years of experience, including talks on forensics (detection and protection), two offers more security than one. However, not on the same PC. What this means is that one follows the other where the first is a gateway PC (simply first line of protection like a gate keeper) and the next is the working PC. Because different software programs are programmed differently, if one misses the problem, the other is likely to detect it. Also, it has been shown that the same virus protection software when run a second time will sometimes find the problelm when missed the first time.

Now, many of us do not have this setup so running a different program that is designed to protect against the same problem is a good idea as long as the second does not conflict with the first so it is a good idea to disable the first before running the second then reversing the procedure to keep one active. As far as firewalls are concerned, a router is a next best thing many of us can afford, or are not experts in this field, to act as a type of gateway. I believe it is a good idea to have a router, even if not used for any other reason.

On the subject of protection, while I am at it, run a full detection from time to time, because when a quick one does not find the problem, I have found the full one does, even confirming a second run is a good idea.

Collapse -
True...
by JCitizen / May 19, 2012 3:53 AM PDT
In reply to: Software Realities

but the free Comodo Personal Firewall comes about as good as you can get for a software firewall. It has passed every leak test I've given it. The Defense+ application that is installed with it is very hard for malware to manipulate because it installs near the kernel layer, and it will not only keep malware from changing its own protection, but also all system processes.

It use to be pretty noisy, but has greatly improved in the last few years. For anyone who hasn't tried it for a while, I encourage them to try it again. I can't recommend too many of the other free programs at Comodo, but their Dragon browser is the bomb on Vista x64!!!

Collapse -
Windows Firewall
by michaelnet27 / May 22, 2012 6:09 AM PDT

I have to disagree: having Windows Firewall is not "fine". Sure, it blocks (most) INCOMING threats, but still does nothing to block unwanted outgoing communication.

Collapse -
I still agree with you but....
by JCitizen / May 22, 2012 11:40 AM PDT
In reply to: Windows Firewall

My Vista firewall has blocked plenty of outgoing communications, and also let me know that because of that, I had an infection somewhere.

I still say you need a good free third party software firewall AND a hardware firewall, as well.

While I'm at it - the last time I tried ZoneAlarm, it was the worst thing I had every tested, but I really like their UTM appliances - just too bad they dropped the very fine Z100G UTM appliance - it was the best in the industry for SMBs everywhere!

Collapse -
There Can Be Only One...
by crewfan69 / May 11, 2012 12:39 PM PDT

firewall in software form. Mentioned elsewhere, a router has firewall properties base on NAT addressing but that is beyond the scope of your question. Do a search on the interwebs if you want to learn more about a network router. I do recommend a router even in a case of only one computer connected to high-speed internet for the added security of a hardware firewall. When configuring the router, look for firewall settings and enable if not already. Most software firewall installers will disable the Window's version. Look in Control Panel for Windows Firewall, click on the icon to launch program settings and disable if it is on.

On the software side, Window's version is okay but other options are available. The key feature to look for in a firewall is its out-bound data blocking ability. Blocking traffic from your system to the internet is vital in the event sneaky malware got on your computer it will attempt to call the mother ship for instructions. Blocking such communication is very important. There are many free products available so when you choose look for HIPS (Host Intrusion Protection System) as an added measure of security. HIPS works by monitoring normal system operation and tosses up bells and whistles when key areas of the OS are being manipulated by malware or a hacker.

Collapse -
The new NT6..
by JCitizen / May 19, 2012 4:02 AM PDT

based Windows firewall has outbound detection and blocking; it has saved my bacon many times. I feel Comodo is the best free software firewall, but I had to stop using it temporarily, because it also blocks my DRM for my media content. They have nearly fixed all those problems, so I will probably re-install it soon.

I'm not too worried about this temporary vulnerability, because my UTM appliance is quite vigilant at stopping any spy from making off with any data.

Collapse -
Short and Simple - No
by mijcar / May 11, 2012 2:46 PM PDT

No.

The same is true for active (launched and operating in the background) anti-virus programs.

I have tested enough systems, and watched what happens when a new program bumps into an old -- even the artifacts of that old Firewall you had thought you'd removed -- and it always spells disaster.

Most current anti-malware software uses heuristics rather than signatures to analyze behavior (firewall programs almost always used to do this and AV programs are starting to). There are too much malware out there, and mutating evey second as well as being replaced, to defend a machine by signature or signature-like detection only. The problem is that frequently the files that detect malware store up signatures of the malware that trigger other AV program where signatures are a factor; and heuristic detection can result in a behavior similar to what is being detected. The point is, you don't want your two defense systems each bringing your computer to a crashing halt and pointing fingers at each other.

Finally, Windows Firewall programs have been generally faulted as weak in some important areas, namely outgoing behavior. I'm not going to enter that debate -- I am merely reporting it.

Myself, I prefer third party software for the time being.

Collapse -
The simple answer is not so... simple :-)
by sunny6565 / May 18, 2012 12:41 PM PDT
In reply to: Short and Simple - No

Using multiple firewalls solution depends on what you want to protect. If you are looking at only your home computer you have to think one way. If you are trying to protect assets in an enterprise network then you might want to look at using multiple firewalls from different manufacturers. The reason being that every manufacturer has their own backdoor implemented in their product and being a closed source it is very hard to discover them. By using different manufacturers you try to make it as hard as it can be for anyone to break through your defenses.
To understand more you might want to read the following article from Microsoft:
http://technet.microsoft.com/en-us/library/cc722918.aspx

Security is not a simple task and is always a layered approach and not one solution covers all risks. If it would be everyone would be secure.

Collapse -
Many Types of Firewalls
by Hforman / May 11, 2012 4:41 PM PDT

We see that there are two classifications so far: Hardware and Software. Actually, all firewalls are really software but people mean the kind that runs on your PC or the kind that runs on "some box". If you think about it, the firewall running on a "box" is, technically, software. When you just turn on your Windows firewall, you expect and receive some protection but not a lot. If you add another firewall on your PC, let's say, Symantec, you are getting something that you can control much better. Fortunately, the Symantec one "turns off" the Windows one so there is generally no conflict. Some software just manipulates the Windows Firewall.\

Now, what about the appliances (better than trying to argue if they are harware or software)? Thos usually let you make a lot of adjustments. In business (and in a few homes), the idea is to control what goes out to the internet from a private (LAN/WAN) network and to block things from coming into your network from the outside. Therefore, many businesses use TWO firewalls. Why? Because in between the two we have what is called the DMZ. Servers/computers in here are capable of going out to the internet and capable to working on the LAN/WAN. More important, the public can access a website on a computer in your DMZ in a safe manner (for you and the public) and the server in the DMZ will be able to access data and post data to a server on the local network safely because all packets will go through at least one of the firewalls.

The impotance is being able to look at and evaluate how the firewall works and how to configure it so that it will protect you while allowing you access to do what you need to do.

Collapse -
Many Types of Firewalls
by mal_aus / May 18, 2012 10:52 AM PDT

Correct me if I'm wrong but in the waffle above I think you are saying -
use only one firewall on your PC to avoid conflicts but
there may be another firewall on any network or modem you may be using which won't cause conflict and
preferably use a third party firewall rather than Windows built in one for best results ????.

Collapse -
Firewall
by GDK1965UK / May 12, 2012 6:34 AM PDT

Dear Sir/Madam,
I actually have to firewalls and have no problem because the firewall is actually built into the motherboard of my PC which is a HP machine which uses the MCP61P chipset which is made by Nvidia and to access it you have to have the Nvidia NAM software installed to actually access the controls of the hardware firewall but I have tried to install this software but it always says wrong version but I don't use the softare so don't know if it conflicts with Windows Firewall or not but it is know to currupt downloads so I don't use it and there rely of the Firewall built into Windows XP.

Collapse -
firewall
by manmur / May 13, 2012 1:03 AM PDT

Two software based firewalls will case conflicts. I did it by mistake when I installed comodo Firewall ( I am now using Comodo Internet security) back in "08. After I disable the windows firewall my Internet (& PC) speed was back to normal.

It depends on your Windows OS. If you have XP (SP3) then get a third party firewall. On Windows Vista and 7 You should be fine with the windows firewall.

I use Comodo as I can 'stealth' my ports. I am not sure that you can do it with the windows firewall.

Collapse -
There are many advantages to third party firewalls...
by 4Denise / May 13, 2012 8:24 AM PDT
In reply to: firewall

including having access to settings that the Windows firewall just doesn't have. Many third party firewalls are more versatile, and they can do a better job than the Windows version does, but they are also often not user-friendly. A person who does not know anything about firewalls could easily become overwhelmed and just leave it at the defaults.

The only advantage of the Windows firewall is that it is carefree. You don't have to make any decisions or check out any settings. In spite of this, it does a decent job (at least in Windows 7). The best way is to learn about firewalls and select one based on what you learn, then set it up the way you need it. Unfortunately, not everyone is willing to do this.

Collapse -
It is possible...
by JCitizen / May 19, 2012 4:14 AM PDT

now to make the built in Windows firewall almost as good as third party firewalls; by downloading templates for configuration from Microsoft or other enthusiast web sites. However, this is pretty much geek territory, and this still doesn't solve the fact that malware can mess with your new setting and defeat the firewall.

So back to Comodo with Defense + I go!

Online Armor is another good free firewall, but I've tried the paid version and it isn't as smart about harmless programs as Comodo is, and Comodo is free. The premium OnLine Armor is not. They are both kernel based and not as subject to malware manipulation, but I feel the premium Emisoft product is too noisy and too dumb to listen to my settings. They are three years behind Comodo, I'm afraid.

Collapse -
Firewall Conflicts
by swattz101 / May 13, 2012 5:40 PM PDT

Like many others in this thread have said, running Windows Firewall and another software firewall can cause conflicts. Luckily, most commercial firewall software will shut off Windows Firewall and you should be fine. Windows Firewall acts as a basic firewall and will do most of anything you need unless you think you need special control of the firewall or better logging. Personally, I use the Windows Firewall and the router connected to my Cable modem has a built in firewall (the 'hardware' firewall some have mentioned). Between these, Microsoft Security Essentials, Using Open DNS and being careful what links I click on, I think I'm pretty well protected.

If you do want to use a different Antivirus/Firewall check with some of the companies you do business with and see if they offer a discount. For example, my ISP offers free A/V, my bank offers free another, my insurance offers a third, and my work even offers access to a couple of different ones. There are also plenty of free A/V and firewall software out there, so lots to choose from.

Collapse -
Firewalls are like everlasting gobstoppers...

If you remember the line in Charlie and the Chocolate Factory when he's giving out everlasting gobstoppers - "I have given you one, and one is more than enough for anybody".

Well that should also apply to firewalls.

You should never really have more than one firewall on your computer, having more than one can lead to all sorts of conflicts, and trying to trace down which firewall is blocking what can be a real nightmare.

Obviously paid for firewalls do offer slightly better protection than free ones (at the end of the day you get what you pay for).

I use ESET Smart Security for my firewall.

In addition to this you shoud find that if your connecting to the internet via a router either via a wi-fi router or ethernet cable, most routers have their own built in hardware firewall as well to offer additional protection. The hardware firewall within a router is different to the software firewall in PC's and that plugs most of the little holes that your software firewall can miss. These two firewalls can both run safely together, but you should always try and evade running two software firewalls on one machine as you could end up killing your internet.

Collapse -
Dual firewall conflict.
by javed_naser / May 19, 2012 1:16 AM PDT

So no more Internet security suite expense. Please advise.

Collapse -
Comodo free firewall...
by JCitizen / May 19, 2012 4:53 AM PDT

is all the software firewall you will need. With Defense+ enabled it is about the most bullet proof firewall for newbies that there is. Some folks think it is too noisy, but Comodo continually improves this and makes it smarter to harmless processes.
(software type)

You could become a geek and configure monowall or some other really good firewall to do just as good a job, but why bust your chops when something like this is available?

I've tested Comodo in my honey pot lab for years and it is as bullet proof as it gets.

If you have a small enterprise or SMB, I used to recommend the very economical Z100G by CheckPoint, but they dropped this very cheap product unfortunately. If you can find one on ebay for cheap, jump on it, because they still support it. My sister gets full anti-spam and anti-virus steaming protection, and firmware support for around $70 a year(so far). Otherwise you may have to search the plethora of good alternatives by Barracuda, SonicWALL, Safe@Office(CheckPoint), ZyXEL, etc, etc,
(hardware type)

Collapse -
Multiple Firewalls
by coastie65 / May 18, 2012 11:01 AM PDT

Hi, It would seem that there are a lot of good answers here. As has been stated, Windows Firewall & a hardware firewall ( in the router ) is sufficient . From experience, I had tried two Firewalls in additon to the one in the router. More is not Better, as I could not even get on the internet until I uninstalled the additional Firewall I had installed. Again the Windows Firewall and whatever hardware Firewall is fine, just be sure to also use some Good A/V and Antispyware apps as well.

Collapse -
Yes IF...
by JCitizen / May 19, 2012 4:56 AM PDT
In reply to: Multiple Firewalls

and that is a BIG if; you don't do banking and/or shopping online. Then it gets stickier if you want the best solutions. But then that is outside this discussion, and involves a very long list of blended defenses! No?

Collapse -
thank you for asking
by j_matura / May 18, 2012 11:18 AM PDT

Hi Giuseppe, thank you for asking the same question that's been bugging me for over 2 weeks now. I received an alert from avast! free antivirus warning me that my computer is at risk unless i switch the avast firewall on. Im finding it very frustrating to follow the instructions they send me on email as to how install the firewall. Microsoft firewall is running and protecting me but my friends say it is not good enough and i have to use the avast firewall. I shall be following everyone's advice and opinion on this rather tricky subject. Thanks to everybody who has contributed thus far.
June

Collapse -
avast! free antivirus does not include the firewall
by Gordon_Hay / May 18, 2012 7:01 PM PDT
In reply to: thank you for asking

you have to buy the full version for that, so I think the email you received may be instructions for upgrading (is it asking you to find a license key file?).

Incidently, I have the full avast internet security program running in tandem with Windows Defender and Firewall (Win 7 Home Premium) and have experienced no problems, other than the occasional slowing of a download.

Collapse -
Just FYI...
by JCitizen / May 19, 2012 5:08 AM PDT

I liked the paid version of Avast, and especially the firewall. However, when I downloaded the update for my blu-ray player in my PC. Cyberlink blew up the Avast firewall. It didn't like it one bit, apparently. I have had problems in the past with Comodo blocking my MPAA DRM spyware, but that would only result in denial of my entertainment products.(this was the PowerDVD 10 update)

I had a really bad time fixing Avast after that - I had to uninstall with Revo and start over. This did fix it, but I'm back to free Avast, and I think I'll go back to Comodo for a software firewall.

Some folks may not realize that in Vista and Win7 systems with IAA endowed technology, the system is riddled with both hardware and software DRM, that is VERY unforgiving of mistakes. When you have something embedded in the hardware like that on your PC, it controls the whole ball game, and it don't like to be trifled with!(DRM=Digital Rights Management for you newbies)

Otherwise, this just goes to show what happens when two Juggernauts run into each other head to head!

Collapse -
bought the full version
by j_matura / May 19, 2012 12:07 PM PDT

Thank you, Gordon. Yes, i did purchase the full version of it. I finally did get the license key file after requesting it from them over 2 email requests. It worries me, though, that the records and files of receipts they sent me all had the wrong dates in them altho they were glad to rectify them soon as I pointed out the discrepancies. And now this other 'drama' of having to install the firewall separately. All these hastle has made me think twice about renewing next year's contract with them. It's just been too much of a bother.

Collapse -
If you have nothing to protect...
by JCitizen / May 19, 2012 4:02 PM PDT

I suppose it is too much bother. And then, of course, you could simply boot to a Live CD of Puppy Linux and happily compute with out any bother at all. Happy

Collapse -
AVAST Free
by jrap30 / May 20, 2012 11:10 PM PDT
In reply to: thank you for asking

I have AVAST Free running on an XP laptop....by some error messages it provides, I would say It has some firewall capabilities....it blocks some pages that it stated was infected with a virus.

As for is the Windows Firewall good enough, I know some CNET users have stated such with the firewwall with Vista and W7. And you can download an appluication from CNET to configure outbound connections for the Windows firewall.

But you can get almost any PAID version FREE by checking ads and rebates. Check Staples, Office max and Fry's on-line. Right Now I used Norten, and Norten is great (free with my Job). Also good is Kaspersky, PCTools (free) and Commondo. Unfortunately I forgot the ratings of AVAST. PC Computing and Consumers have rated firewalls do a search on Firewall test.

Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

Tech explained

Do you know what an OLED TV is?

CNET explains how OLED technology differs from regular TVs, and what you need to know to make the right shopping decision.