Hello all...

Recently I've been thinking quite a bit about software-based firewalls. We know that firewalls can protect us if configured correctly, but can they do more harm than good (or more good than harm)?

I'm mainly thinking in terms of remote exploits/vulnerabilities for software-based firewalls.

For example, in the past, Kerio Personal Firewall just alone has encountered numerous exploits/vulnerabilities, such as:

-Multiple SYN Packet Denial Of Service Vulnerability

-Firewall Filter Bypass Vulnerability

-Replay Attack Vulnerability

-Remote Authentication Packet Buffer Overflow Vulnerability

-Fragmented Packet Filter Bypass Vulnerability


Now with all of this in mind, is a user doing more harm than good by running a software-based firewall which is vulnerable to the list of exploits mentioned above?

The user could always update their firewall, switch to a hardware-based firewall, or even choose to use a different firewall all together, however, the fact remains that software-based firewalls will always be vulnerable to newly discovered/undiscovered exploits.

A firewall is supposed to protect the user from outbound attacks, not open up a handful of vulnerabilities for a malicious person to take advantage of.

Firewalls are essential for everyone, this I understand. However, let's take into account a savvy user who has locked down their computer, closed any unnecesary services/ports, is fully patched (system and anti-virus wise), and practices overall safe-computing. Would this user be doing more harm than good, by installing an insecure firewall to a rather secure system (as far as computer's without firewalls are concerned)?

These are just some abstract thoughts. Is there something I'm missing or don't understand? If anyone can clarify or elaborate, I would really appreciate it!

Thanks!