Okay, so a basic 1-way firewall, like Windows Firewall filters websites from being able to access your network. Basically you have to open up a hole for them to crawl through and they're supposed to be locked out otherwise.
A two-way firewall gives a second level of protection. If a rogue program were to squirrel its way onto your machine, their typical behavior is to call home and say "installed and ready for instructions." A two-way firewall only lets those programs you authorize have Internet access. Unless you specifically give them clearance, the bad guy can get on your machine, but because it can't call home for instructions it's just frozen in place, unable to hurt you. This would shut down keyloggers, data scrapers, botnets, etc.
The theory behind the 1-way firewall is that these leeches can't get on your machine because they're locked out. The theory behind the 2-way firewall is that you're the most feared virus on your machine, and if the bad guy gets on your machine they're locked IN.
Zone Alarm is a well-known 2-way firewall and it's good enough for most. Comodo used to be good but this firewall is a piece of spyware and adware itself nowdays. If you're behind a router you already have a hardware two-way firewall in place.
So it's really your choice how far you feel you need to go. I ran for over a year with no software firewall at all and had no infestations because of my hardware firewall. But now I run Zone Alarm on my Windows installation and no firewall on my Linux installation.
|