It is true having more than one firewall can sometimes conflict,i have firewall thru router and a firewall thru my A/V service no problems i like the security of having this.Ireally cant tell you to remove or keep it boils down to how secure you feel with it and if you have conflicts with it then remove.

Patrick, the choice is ultimately yours but I'll do the best I can to offer unbiased information:

 

Consider the threats:

 

Bad configuration:  Windows is meant to prevent people from attacking you all on its own without any firewall at all (this includes the standard windows firewall).  If you aren't sharing file or hosting other services, your computer *should* be perfectly fine connected to the internet without any firewall protection at all.  It will be visible to hackers and thus subject to attack, but it should not be vulnerable in an idea world.

 

The problem is bugs and explots:  Sometimes there are bugs in windows that let people exploit your system with no interaction on your part.  If you're connected to the internet, you are vulnerable to infection through no fault or action of your own.  As these exploits are discovered, microsoft (and other vendors) patch them.  The best thing you can do is have all your programs and especially windows fully up to date.  There's often a window of time between discovery and patching, so a firewall is helpful in this situation.

 

Viruses and malware:  Some programs that you install (intentionally or unintentionally) may set up services and either act as servers (potentially allowing others to connect) or may phone information home.

 

Hardware v Software:

 

Your router does act as a basic firewall.  It drops unsolicited incoming connections and creates a private internal network.  By virtue of not being on your (windows) system, it is not very vulnerable to being comprosised or being hacked (in other words, there are very exploits or bugs aimed at hardware routers)

 

The problem is that most hardware firewalls only "look" one way.  The stop stuff from getting in but they generally won't stop stuff from getting out (I say generally because with some configuration, you can somewhat accomplish this).  Software firewalls can help in this regard.  Many commercial software firewalls can be set to inform you whenever a program is connecting to the internet -- and will prompt you to cancel or allow.  The firewall included with windows is an exception to this general rule and only screens inbound traffic.

 

The negative to software firewalls is that they are easier to compromise.  Their main benefit is limiting what programs on your system can do -- but programs installed on your system (especially evil ones) can, by their nature, circumvent other software and security programs.  Once truely bad software is installed, other programs like firewalls or antivirus software may not be able to do much about it.  The very thing that makes it more customizable (being on your windows machine) also makes the software firewall much more prone to being compromised if not shut down completely.

 

Easy of Use  v Security: 

 

1)There are some additional concerns to be aware of.  Some software firewalls in their default configuration block a few things out of hand (blacklists) but otherwise let anything else installed on your system phone home or connect to the internet -- this is because many users dislike seeing popups or being forced to create rules for every program determining what type of network behavior is allowed and what isn't

 

2) Universal Plug and Play -- using UPNP software can request that UPNP enabled routers (software and hardware) allow them to breach the firewall for purposes of allowing incoming connections.  This is very convenient when others need to connect to you (say to video conference or host a gaming server) because you don't have to manually enter firewall rules.  The negative is that "evil" programs can also use the protocol to breach your firewall.  Most routers have this on by default.

 

LAN Attacks:  all other considerations aside, a hardware firewall does nothing to protect you from LAN side attacks (unless you have specially configured it).  This means that if a compromised computer (say a laptop coming in from the wild) connects to your router and there are not software firewalls on the other machines -- the laptop on your local network can infect everything else on your local network.

 

Performance:  There's no doubt about it, but software firerwalls generally due hurt performance.  This isn't usually that noticable though unless you're running a gigabit network where the work is being offloaded directly to the card.  Software firewalls prevent this from happening (the machine needs to do the work instead of the card because each packet must be examined by the software).

 

Hope this helps :)

WOW..................  Ask a $10 question and get a $500 answer!  THANKS

 

I almost feel like I should have had to pay you for that much information.  You covered a few things that I understand and a lot that I was never aware of. After reviewing your answer, I think I'll leave the software firewall in place. 

 

I have a completely "wired network" so wireless intrusion is not a problem, however you cover alot of things an uninformed user like myself could never begin to defend against.

 

Thanks again for taking time to help me solve my dilemma!

 

Patrick

no worries (it was an excuse to avoid writing a paper).  and sorry for all the typos -- it was starting to get late :D

Vista does have a 2-way firewall...though the outbound functionality is questionable

http://reviews.cnet.com/4520-3513_7-6690672-1.html

i suggest sticking with your router firewall, it is more dangerous to do an ip passthrough than uninstall your zonealarm. plus the router firewall is built in the firmware so no need to worry about any charges

agree with your friend,,,you router should have a hardware firewall, which is better than software... i don,t like zone alarm,, and true , slows things up,,just a nagging application t use...but it gets good reviews,,,if you don,t have a problem with it,,leave it on your computer.....you can check you hardware firewall that your router has by going into your router setup page,,,it should be there....