I'd like to know what protection a NAT router doesn't offer that a software firewall connected directly to the world does?
A PC running behind NAT is immune to attack from the outside. As far as the rest of the world goes, it just DOESN'T EXIST. The only ports that are open are the ones YOU open.
A software firewall, it's true, provides you with protection against processes running ON YOUR MACHINE, keeps them from making outbound connections. But honestly - do you NOT know what's installed on your machine? I suppose for the average user who needs to clean the spyware off their machine weekly, Zone Alarm or one of these horrid pieces of trashware might be a good idea.
But for those of us who KNOW what runs on their machine, who check the process list regularly, and who have a perfectly good antivirus program and antispyware program... why add ANOTHER layer of software complexity?
Not to mention the irritation factor. "IEXPLORE.EXE IS TRYING TO ACCESS THE INTERNET. IS THAT OK?" Get that message, or one similar, about 100 times and see how much you like your software firewall THEN.
I've never seen a software firewall actually stop a virus, a piece of spyware, or a trojan from monkeying up someone's PC. They just keep those pieces of software from phoning home.
And if your firewall DOES detect viruses, then it's doing too damn much. Jack of all trades, master of none - that's how the saying goes. You have an antivirus program. USE IT. Don't let some piece of software that's SUPPOSED to be a TCP/IP filter also check for viruses. How good a filter can it POSSIBLY be if it's also a virus scanner?
And don't get me STARTED on how anything that filters TCP/IP is just a gigantic CPU hog. Because it is. I run Peer Guardian when necessary, and that's the ONLY piece of TCP/IP filter software that I've EVER SEEN that doesn't use up 20% of my CPU all the dang time.
So please, enlighten me - since I'm invisible to the outside world, and even if they DID try to hack my machine they can't find it or get to it... and since I police my own software... what does a software firewall have to offer in terms of protection that NAT doesn't? Please - clue me in! "NAT doesn't offer very much protection"... against what?
