Firewall and antivirus are the mechanisms to provide the security to our systems. Although the vulnerabilities are different in both cases. The major difference between Firewall and Antivirus is that a Firewall acts as a barrier for the incoming traffic to the system. Conversely, Antivirus protects against the internal attacks like malicious files etc.
Both Firewall and Antivirus functions on different approaches like Firewall emphasizes on inspection of the data flowing from the internet to computer. In contrast, an Antivirus emphasizes on the malicious program inspection steps such as Detection, Identification and Removal.
Content: Firewall Vs Antivirus
|Basis for comparison||Firewall||Antivirus|
|Implemented in||Both hardware and software||Software only|
|Operations performed||Monitoring and Filtering (Specifically IP filtering)||Scanning of infected files and software.
|Deals with||External threats||Internal as well as external threats.
|Inspection of attack is based on||Incoming packets||Malicious software residing on a computer|
|Counter attacks||IP spoofing and routing attacks||No counter attacks are possible once a malware has removed|
Definition of Firewall
A firewall can be considered as a standard approach which protects local computer assets from external threats. A firewall is designed to filter out the IP packets that are coming from the network to the computer. It is also an effective way to protect the local system as well as against the network, and simultaneously you can access internet or wide area network.
Characteristics of a firewall
- Firstly, It ensures that all the traffic coming from outside to inside or vice versa should transfer through it.
- Only authorized traffic is permitted to transfer through the firewall (As described in the security policy).
- It utilizes trusted system with a secure operating system which makes it robust against penetration.
Types of firewall
- Packet filters: Packet filters are also called to as screening router and screening filter. Packet filter passes (forward or discard) the packet after applying some set of rules and decides on the basis of the outcome. Although security of the packet filters can be breached through IP spoofing, source routing attacks and tiny fragment attacks. The advanced type of packet filters are dynamic packet filter and stateful packet filter.
- Application gateway: It is also referred to as the Proxy server. Since it behaves as a proxy or replacement and decides about the flow of the application level traffic and hides the source IP from the outside world.
- Circuit gateway: It is similar to application gateway but has some additional functionality such as creating a new connection between itself and remote host. It is also capable of changing the source IP address in the packets from the end user’s IP. This is how it hides the original IP address of the source.
- Internal attacks cannot be blocked by firewall and also that are not bypassing through it.
- It can not protect against malicious attacks.
Definition of Antivirus
An antivirus is an application software which provides security against the malicious programs coming from the internet. However, it is extremely hard or next to impossible to prevent them altogether from the world connected to the internet.
The antivirus follows an approach in which it performs detection, identification and removal.
- Detection: In detection, the software is aware of the malware attack and locates the infected file or program.
- Identification: After detection, it then, recognize the type of the virus.
- Removal: At last antivirus takes action for removing the infected file and all the traces of it, restore the original backup file/program.
If the detection is successfully completed and it is not possible to perform the identification and removal, in that case, Antivirus discard the infected file and reload the infection-free backup version.
Various generations of Antivirus has evolved due to improvement in the viruses and antivirus technology. Earlier this was not the scenario before viruses were simple code fragments that were identified and removed easily.
Generations of the antivirus
- 1st generation: It involves simple scanners which necessarily needed virus signature to determine the particular virus. These type of scanners were limited to the signature specific virus. If any “wildcard” virus arrives, these were failed to work.
- 2nd generation: These antivirus software programs did not rely on virus signature instead it used the heuristic approach to look for the possible virus attack. The approach was to search for code blocks that were generally related with viruses.
- 3rd generation: These involves memory-resident antivirus software programs that recognize viruses based on their activities, rather than the structure.
- 4th generation: These software programs combine many antivirus techniques together such as scanning, monitoring, etc. These are also known as Behavior-blocking software which incorporates with the operating system of the computer and observes virus-like action in real time. Whenever an uncertain action is detected, it is blocked which prevent further damage. It emphasizes on virus prevention rather than virus detection.
- Antivirus only supports CIFS (Common interface file system) protocol, not NFS file protocol.
- Practically it’s not feasible to deliver the antivirus protection to the files that are being read concurrently while being written.
- It is not possible to perform antivirus checking to the read-only files.
Key Differences Between Firewall and Antivirus
- A firewall can be employed in both software and hardware whereas Antivirus can be implemented only in software.
- Antivirus performs scanning operation which further involves detection, identification and removal. On the contrary, firewall monitors and filters the incoming and outgoing packets.
- Firewalls deal with external attacks only while, Antivirus deals with external as well as internal attacks.
- In firewall inspection of the attack is based on incoming packets by applying some set of rules. As against, in antivirus, the infected malicious files and programs are inspected/scanned.
- IP spoofing and Routing attacks are the techniques that can potentially breach the security especially in case of packet filters (Type of firewall). On the other hand, in antivirus, no counter attacks are possible once a malware is purged.
Firewall and Antivirus both seemingly similar that provides a mechanism to protect a computer from external and internal threats. Although the type of attack may differ in both cases.
A firewall prevents untrusted and unauthorized programs to gain access to communicate with the computer, but it does not perform detection, identification and removal. Rather it restricts and blocks incoming/outgoing traffic from reaching the computer. On the other side, Antivirus detect, identify and remove the malware (malicious program) from the computer.