"steve h." wrote in news: snipped-for-privacy@g9sbk21.scmhc.local:
What if you DO want to run some servers on your desktop for your own use but don't want anyone outside that host to use those servers? You might want a web server running so you can design and test your web pages before uploading them to your public server, but you do NOT want anyone else using your web server, so just use the firewall to make sure any
*external* connections to port 80 are not allowed. A stateful firewall should reject any inbound connection attempts that were not the result of a prior outbound connection to that inbound source. You get to run your own servers which will be using the standard ports (or non-standard ones) without fear of some hacker finding them and misusing them. You might want to leave the Messenger NT service running but only allow IP addresses in the range of your subnet to make inbound connects using that service. Rather than kill off a possibly useful service that could be utilized on your own intranetwork, just block it from being misused from inbound connections from outside your intranetwork.Also, many of the features of a firewall go beyond the simplistic inbound-protect (with or without stateful packet inspection). Some include URL filtering so you could, for example, make sure that any images, links or redirects through Doubclick get blocked. They include parental controls based on categorization (which admittedly requires the web site owner to actually categorize their site, or you could include blocking of any site that doesn't categorize themself, assuming they would voluntarily correctly categorize themself). You might want to generate accounts within the firewall based on the Windows login account so that you can control where users of those accounts can navigate to, like letting your kid when logging under their own account only get to Disney sites and lockout the e-mail ports so they can only visit whatever site provides them with protected and regulated webmail. While I configure my firewall not to bother me with intrusion alerts, there are times when I'd like to check if there have been any to see if there is enough info to find out from where the attack originated. Some firewalls include privacy protection, like blocking Referrer unless you define exception rules for a domain (for those that you trust that demand they know from where you came to ensure you came from one of their web pages to get to another of their web pages). Ad Blocking is nice but, again, you need the ability to define an exception for those where the block on the URL was not for an advertisement but something legit and non-spammy. Some include spam detection but I've pretty much settled on using SpamPal and its plug-ins.
The outbound protection (i.e., prompting to authorize) for applications is a bit over hyped. You run a program, you get a prompt, you authorize that program to allow it thereafter to make Internet connections, and you forget about it thereafter because you don't get prompted anymore. However, some programs can be called by other programs to make a connection on their behalf. Programs can use IE, for example. So unless you configure your firewall to alert you to an unauthorized program calling another previously authorized program, you really cannot be sure what program is really attempting to get a connection. My firewall has the option to alert me to other programs trying to use a previously allowed program when making a connection, but I suppose not all firewalls have that option. The other handy function of alerting on outbound connection attempts is simply to know when there is something trying to make a connection. Do you know if a newly installed application will try to phone home? Even if you know, might you not want to ensure that it can only visit specific hosts for those updates and didn't get hacked or imitated to connect anywhere? Many times there are applications that I find will attempt outbound connections for which I haven't a clue nor was there any documentation telling me about that covert function. It's a way of keeping the application maker honest about what their software will do.
So, yeah, if your definition of a personal firewall is what was available pre-1996 and without stateful packet inspection then there isn't much point in running one. However, with firewalls evolving into security suites then they do have definite value. If you do severe security maintenance and management of your system then you don't need a firewall but this only works if you are the wizard, you are the only one using your computer(s), you are 100% diligent in your actions, and you know well all your applications even beyond their included documentation. While such a scenario does exist, you don't base community need on a rarity.