Open Discussion: Software firewalls

It my recent story on "Patching the Internet" a discussion on how Dan Kaminsky broke, then subsequently helped fix DNS and the Internet, a lot of discussion centered around how the patch was breaking various software firewall applications. Most notably I heard talk of ZoneAlarm having issues.

This brought up an interesting thought for me... with the prevalence of hardware routers in the homes of many Americans these days (and I'm including the hardware routers built into many modems out there), why are so many of us using software firewalls, and on top of that, why not just use the built in Windows firewall (note that I'm assuming if you are a *Nix user you are using iptables)?

I'm making this post as an open discussion of the merits of using such a solution, the decisions that go into such a decision, etc.

For me, I've always just used a router with port forwarding turned off for everything but SSH and I've never had any problems. My laptops use the built-in Windows firewall when I'm away from home (my *Nix boxes use iptables and I don't take my Mac out of the house anymore, for fear that Grossman or Rios will steal and pwn it again).

I open this up to readers to respond in whatever way they like, through the talkback feature is easiest for me, but you can also email me (nate.mcfeters@gmail.com), or chat with me (MyNameOutloud on AIM) if that's easier for you. What I'd like to do is gather some facts and opinions and post another story on the merits (or lack thereof) of software firewall solutions. Best responses will be quoted in my next post with credit given however you see fit.

Looking forward to the discussions!

[poll id=14]

-Nate