Way back in 2001, with the introduction of Windows XP, Microsoft built firewall protection into Windows itself. Over the years, Windows Firewall has evolved into an effective shield against many kinds of online attacks. The main feature third-party firewalls still bring to the table is control over the way applications use your network. Most security suite products include a firewall component that handles this kind of program control. Do you even need a personal firewall these days?
Before I start, there's something I should point out. Unless you're that rare individual who uses a single computer connected directly to the Internet, you've got another powerful layer of defense against online attack. The wireless router that doles out connections to all your devices also protects them. It uses Network Address Translation, or NAT, to assign each device an IP address in a range that's only visible within the local network. That alone is enough to block many direct attacks. Some routers have additional security layers baked in.
Port Protection
Your computer's Internet connection grants you access to a limitless collection of entertaining and informative websites and videos. It also opens your computer to access by others via the Internet, though connecting through a router does limit the possibilities for damage. One major firewall task involves permitting all valid network traffic and blocking suspect or malicious traffic.
Your PC's ports, the entry points for network connections, can be open, closed, or stealthed. When a port is stealthed, it's not visible at all to an outside attacker, which is ideal. Windows Firewall alone is completely capable of stealthing all your PC's ports, and any ports behind a router appear stealthed. In fact, to test firewalls, I have to use a PC that's connected through the router's DMZ port, which means it appears to have a direct Internet connection.
Most firewalls allow for multiple configuration profiles, depending on your network connection. Traffic within your home network needs fewer restrictions than traffic to and from the Internet. If you're connected with a public network, the firewall cranks up its security level.
Program Control
Early personal firewalls were notorious for bombarding users with a plethora of popup queries. They'd note that a program was attempting to access a particular IP address via a particular port, and ask the user whether to allow or block the connection. Few users have the knowledge to make an informed response to such a query. Typically, users either always click Block or always click Allow. Those who make Block the default response eventually wind up disabling something important, after which they switch to clicking Allow. Those who click allow risk letting in something they shouldn't.
High-end firewalls like the ones built into Kaspersky and Symantec Norton Security Premium get around this problem by completely internalizing program control. They configure permissions for known good programs, wipe out known bad programs, and monitor the behavior of unknowns.
Other firewalls use their own techniques for cutting down on popup queries. For example, Check Point ZoneAlarm Free Firewall 2017 checks a massive online database called SmartDefense Advisor and automatically configures permissions for known programs. In the rare event that it does display a popup query, you should pay careful attention, as a program not found in the database might be a zero-day malware attack.
Most firewalls take note when a trusted program changes in any way. The change might be an update, it might be a virus infection, or it might be a malicious program just using the name of a trusted program.
Sneakier malware attempts to connect to the Internet by manipulating or masquerading as a trusted program. I sometimes use utilities called "leak tests" to check whether firewalls detect these sneaky techniques. However, modern Windows versions have made life so tough for these techniques that leak tests are becoming less useful.
Beyond the Firewall
High-end firewalls such as you get with Norton and Kaspersky Internet Security include additional protection against network-based attacks, usually in the form of a Host Intrusion Prevention System (HIPS), Intrusion Detection System (IDS), or both. Among other things, these components serve to protect against attacks that exploit security vulnerabilities in the operating system or popular programs. In between the time a vulnerability is discovered and the time the vendor patches that security hole, malefactors can launch attacks that gain control over victim systems.
The best HIPS and IDS systems catch exploit attacks at the network level, before they even reach the target system. Other security suite components, particularly the antivirus, may eliminate the malicious payload dropped by an exploit attack before it can do any harm. In testing, I use the CORE Impact penetration tool to get a feel for each firewall's response to such exploit attacks.
Do You Need a Firewall?
In the modern world, there's hardly ever a reason to consider installing a standalone personal firewall. The built-in Windows Firewall does half the job, and the firewall within your security suite takes care of the rest. The era of the computer hobbyist who'd carefully and lovingly select each separate security component is long gone.
Sure, there could be a specific situation in which you want to install the absolute minimum of security. You can still get standalone firewall protection, though the number of available products has dwindled over the years. And there's no need to pay for a firewall. ZoneAlarm Free Firewall 2013 retains its title as Editors' Choice for free personal firewall protection. Pair it with a top free antivirus, or install its own built-in antivirus component, and you've got the bare bones of a security system.