This content is part of the Essential Guide: The complete guide to Windows 10 security tools

Essential Guide

Browse Sections

Are third-party firewalls worth the investment?

It might be effective, but Windows Firewall is not the be-all and end-all of security. In some cases, third-party firewalls add the extra layer of protection IT needs.

Microsoft has included a built-in firewall in the Windows OS for a long time, but sometimes IT shops want to branch out and explore some third-party firewalls.

There are few third-party firewalls out there that can run on Windows. The question admins have to ask is whether it's better to use the built-in Windows Firewall or turn to a third-party firewall.

Windows Firewall is actually pretty secure. It does a good job, and Microsoft fully supports it. Best of all, because Windows Firewall is included with Windows, admins don't have to worry about any separate licensing. Likewise, they don't need to install and maintain a separate piece of software. Windows Firewall is installed by default, and they can force users to enable it with a simple Group Policy setting.

So what do third-party firewalls offer?

Third-party firewall applications provide functionality that goes beyond what Windows Firewall can do.

There are certain advantages to third-party firewalls. One such advantage is that, depending on which third-party firewall admins choose to use, the firewall might not be as big of an attack target as Windows Firewall. Malware authors know that a huge percentage of the world's computers run Windows and that most Windows desktops also run Windows Firewall. As such, it is relatively common for malware authors to disable or otherwise incapacitate Windows Firewall or to silently open firewall ports. Although a malware author could conceivably target any type of firewall, a piece of malicious software specifically designed to target Windows Firewall would be ineffective against a third-party firewall.

Another argument in favor of third-party firewalls is that some third-party firewall applications provide functionality that goes beyond what Windows Firewall can do. One firewall application, for example, produced an audible alarm and an onscreen warning if it detected a port-sniffing attack, which Windows Firewall does not do.

Although this particular firewall no longer exists, it illustrates some of the added features firewall vendors continue to provide that go beyond those of Windows Firewall. ZoneAlarm Pro Firewall, for example, takes steps to protect the boot process and also offers features such as spam filtering and zero-hour protection. AVG, on the other hand, bundles its firewall into its Internet Security suite. In addition to a firewall, AVG customers get data encryption, antivirus and online payment protection.

Next Steps

Complete guide to Windows 10 security

Improve Windows 10 security with hardening

Create the perfect Windows 10 security setup

Dig Deeper on Windows OS and management

Virtual Desktop