Firewalls screen data coming in and out of computer networks, blocking unauthorized access and halting traffic from unsafe Internet sources. On shared networks, firewalls may automatically stop all traffic from an "infected" computer to protect data on any connected computers. Firewalls act as the first defensive shield against hackers, but they aren't invulnerable and have limited ability to detect Trojan viruses or malicious software known as malware.
Hackers design malicious code that covertly invades a computer to weaken its defenses, destroy important files or install harmful software that records personal data. Computers overflowing with malicious content can then be used to attack other network computers.
Firewalls compare incoming and outgoing traffic to a list of security criteria, allowing trusted data to continue. Newer firewalls typically analyze data at multiple inspection points, known as the packet, circuit and application layers. Most firewalls can be configured to perform specific security tasks, and they often contain proxy servers that store data temporarily until it's evaluated more thoroughly.
Many computing devices have built-in firewall software; however, installing software from a CD or setting up external hardware may prevent the firewall from being completely compromised if the computer is overrun with viruses. Firewalls aren't meant to be used alone because they are largely ineffective against malware from spam emails, phishing scams and website links. They should be used as one defensive component in a system that includes anti-virus, anti-spyware and anti-spam protection.