Endpoint Protection

Someone in the forum suggested that is not better to use multiple AVs in the same system. I would like to whether this argument holds good for firewalls too. I am little concerned about the ability of the default Windows Firewall. I tried another ZoneAlarm in my friend and there are lot of blocks alerted and logged.

Is it fine to install ZA Firewall along with WF on my box?

If you have to take my word. The rule applies even to firewall. It is better to have one program managing the firewall of the system.The correct firewall architecture for an organization depends upon a number of variables, including the homogeneity of users, the types of sensitive information being handled and the types of systems on the network.

So whai you can do is have a hardware firewall on the perimeter of the network and then have any firewall application installed on the computer.

Multiple firewalls are most commonly used to segregate networks of different sensitivity levels. Universities, for example, commonly use a series of layered firewalls to provide different zones of security for various types of users. A border firewall forms a loose perimeter around the entire network, providing a basic degree of protection to the entire enterprise. Other firewalls then segment off restricted portions of the network -- such as data centers, research labs, infrastructure systems and similar devices -- providing an added level of security to protect those systems from other campus users.

Thanks Prachand. This is on a standalone laptop hooking onto the corporate VPN. When it is not connected to VPN I believe it is exposed to normal Internet and prevailing threats right? That is where the bone of contention is.

It is best practice that only one software firewall should be run on a computer. Two firewalls that run on one computer at the same time can drain resources, and the firewalls might have rules that conflict with each other. Enabling more than one firewall program is likely to result in conflicts and poor performance.

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009120816110248

Here we have three different things:

1. Multiple Antiviruses on a same system
2. A third party firewall (such as ZA or Symantec Firewall) compared to Windows Firewall
3. A third party firewall along with the windows firewall

Now, the answers:

1. since the antiviruses always put extra concentration and sensitivity on some especial locations in the OS and the system (such as the system registry or the system32 folder), hence having multiple antivirals on a same machine will cause conflict between them since they may react against the other AV impact on that location. Moreover when they try to check a new file while this happens simultaneously, since the AV tries to freeze the file for the inspection then here we may have another point of conflict. Overall it is strongly recommended not to use multiple AV on a system due to many reasons which we named only two important.
2. A firewall is nothing but a port controller. It checks which application is allowed or denied to access and transact data on which port, and that's all! But since there are always bugs and vulnerabilities in a firewall, it is recommended to use a well-known firewall such as Zone Alarm or better than it Symantec Firewall. However this is not the end of the story! One of tho other task that the Firewalls usually perform is the IPS (Intrusion Prevention System). This task is not of the essential capabilities of the Firewall, but since it is very important to protect the system from the intrusions, therefore most of the FW perform this task too, while Windows Firewall is not an IPS. Therefore comparing the Windows Firewall with ZA or Symantec FW is not a correct comparison.
3. Now, refer to the above item, installing and using a third party FW (which usually is equipped with an IPS) along with the window Firewall will protect the system against the intrusion attacks too, but using two Firewalls in parallel will consume a lot of resources and actually waste them. However I recommend using a covering protection system which includes all the Firewall system, IPS and Antivirus. What is more is that installing any kind of IPS will not be wise decision. I recommend to use a perfect one which is undoubtedly the NIS 2010 or Symantec Endpoint Protection. Believe it and trust it!

Thanks for the clarification Prachand and Farzad! I believe Farzad has explained really in deep about going ahead with ZA or SEP thing than WF clarifying the point.

Well you are right about having two firewalls installed that they can't work together. It's correct until you don't balance them well to make both of them working ok. Personally me, i have Norton's firewall in combination with Outpost Firewall Pro 7. I must tell you, they are working just fine. So wonder because there's no any conflicts or slowdowns in my PC. I think everything is in making good balance between two firewalls. E.g. in one Firewall you must adjust protection on weaker protection level in order to accomplish other one to work good, make different rules to programs, or even change the way of protection.

Good Explantion