I always had Zonealarm free firewall...It seemed to do what I wanted,asked me Do you want this program to go online? Do you want to let this program to download something from the internet....If it was something that might frequently need internet access,you checked the little box....
A lot of that was really a false sense of security. Designing a program to access the network without triggering Zone Alarm is not difficult. Basically, if you're running a program on your computer as any type of normal (or admin) user, there's no way to avoid giving them access to the network (short of pulling the network cable). Most programs "behave", so Zone Alarm mostly works. If you really don't trust a program, you need to run it sandboxed in one way or another.
I thought about going with a router,using it as a Hardware firewall.I was always told,as long as you change the Password,and don't run it with the factory passwords...they are more secure...Can use them to block specific programs?
The answer to the last question is NO. You can block specific ports or protocols, even specific destinations (which might accomplish the same thing as blocking a specific program, but is ultimately not very satisfactory). A network packet doesn't (usually) contain information about what program sent or requested it.
Hardware routers aren't firewalls as such, but they can do one thing that is generally very effective at preventing remote attacks: NAT. Short for Network Address Translation, the result (crudely) is that "unsolicited" network traffic is NOT forwarded to your computer. Basically, it's not possible to initiate a network connection from "the Internet" side of your router to your computer (but someone on your local network is unaffected, of course). This is almost perfect protection against the vast majority of remote threats (but those aren't the most common today). The only downside is that you will have to tell your router if you want people on the Internet to connect to your computer in some way (could be online gaming, could be video-conferencing -- especially a problem if BOTH parties are NATed).
Real hardware firewalls do "(deep) packet inspection", not just "packet filtering". That is, they will look at the actual content being transmitted. That allows them, among many other things, to enforce a policy of e.g. not allowing sexually explicit content.
Firewalls are many things and, technically, many routers can be considered firewalls, but the options are usually extremely limited compared to "real" firewalls.
Author