Are you trying to improve the cybersecurity of your SMB and trying to figure out which security controls you actually need?
Then you’ll love today’s post.
Because I am going to break down a misunderstanding that some people have.
We’re going to talk about firewalls vs antivirus.
And which do you actually need.

What’s the difference between firewalls and antivirus?
Firewalls regulate network traffic flowing in and out of a network or device. Antivirus, on the other hand, looks at all of the files and processes present on the device to check for malicious intent.

What exactly do firewalls and antivirus do?

To understand the different roles performed by antivirus vs firewalls, you need to understand what exactly each one does.
Let’s talk about it.

Firewall overview

Let’s get a little backstory on firewalls.
You up to it?
You see
The terms firewall is much older than computers.
It actually can be traced back to the 1850s.
You’ve probably seen the images of old row houses, right?
One right next the other.
Builders realized fairly quickly that there was a huge risk of fire spreading from one building to the next very easily and quickly.
So they started building special walls between them.
The walls were built to stop fires from spreading between the buildings.
And that is precisely what computer firewalls do – regulate traffic between devices.

Firewalls are like border guards.
When traffic comes to the firewall, the firewall inspects it for certain characteristics.
Different types of firewalls check for different characteristics.
For simplicity, we’ll use a port-based firewall.
When the firewall gets a packet that is the FTP type, for example, it looks at the rule list to see if it is allowed.

The firewall works through the list of rules to see where FTP falls.

In this case, since FTP is not explicitly allowed, so it’s dropped.
Traffic that is permitted can continue on to the internal network.
Everything else is blocked.
Note: While people have traditionally considered firewalls to be a perimeter security control, they should actually be deployed throughout the network where possible. Each endpoint should have a firewall. For better security, you can even segment your network with firewalls between the segments.

Antivirus overview

Antivirus has a completely different purpose from firewalls.
They work on a file level.
Antivirus software had a very simple start.
Simply put, there was a need for it.
You see:
The Morris worm was one of the first viruses released on the internet (ARPANet back then).
It affected around 6,000 machines or 10% of the devices “online” at the time.
As people created more viruses, the need arose to counteract them.
Early antivirus was a cat-and-mouse game.
Can you guess why?
Antivirus developers waited until a virus was released.
They would then analyze it and create signature that their software would look for to identify the malware.
This forced antivirus to be a step behind attackers.
Of course, antivirus has evolved tremendously over the last few decades.
This is the reason that the line between antivirus systems and firewalls sometimes blur.

Firewalls vs Antivirus: Quick Characteristic Comparison

I thought it might make it super simple for you to see a side-by-side comparison of the characteristics of firewalls vs antivirus.
So, take a look at the graphic, and I’ll see you underneath to explain.

Port blocking is the traditional firewall inspection method. It looked at where traffic was going and what protocol of traffic it was. It then made a decision whether to allow or deny it. Because it’s easy to tunnel traffic through another protocol, next-generation firewalls dig into the traffic more.

Web filtering can be done by both the firewall and antivirus today.

Mail inspection is best done as its own solution, but many next-generation firewalls will work with the antivirus on the system to filter emails for malicious payloads.

Searching for malicious payloads – Both perform this task. However, firewalls are usually looking at traffic coming into the network, while antivirus is searching the systems. Remember, malicious files can come from places other than the internet – USB devices, CDs, etc.

Anti Spam – Like email inspection, ant-spam is best done by an email tool, but some firewalls can inspect for URLs and IP addresses of known attackers.

File inspection – Firewalls inspect files traversing or entering the network. Antivirus inspects files present on a device or soon-to-be on the device.

Scheduled scans – Antivirus can perform this task. Firewalls should always be doing their jobs.

Device Checks – Antivirus or endpoint protection will handle restricting devices allowed to function on the endpoint. You can choose to block USBs for example.

Remove Malicious Code – Antivirus will remove malicious code from a system. Firewalls may identify malicious code while scanning, but they usually either reject the traffic or isolate the endpoint.

Access computer’s health – This is a task that antivirus performs. When antivirus does identify an unhealthy device, it can work with the firewall to isolate it from the network.

Which is right for you? Antivirus or firewall?

The answer is actually both.
No security control will itself stop all attackers.
Simply put, there is a way around every security control your organization can implement.
When we perform penetration tests, we exploit these all the time.
Instead of installing a single security tool – firewall or antivirus – you need to think about a layered approach to security.
This is super important.
The more layers you have to security, the more likely an attacker is to give up and move on to an easier target.

Antivirus & Firewall Solutions for Small Businesses

One of our favorite solutions for small businesses is SOPHOS.
Here’s why:
It’s very affordable and packs a ton of power into just a few tools….
One of the ways that it really shines is its integration between endpoint protection and firewall.
They integrate and communicate with each other.
When the antivirus detects a computer has been compromised, it will notify the firewall and the firewall will isolate the computer until it can be investigated.

About SmartFix

We are a family owned business that provides fast, warrantied repairs for all your mobile devices.

Brooklyn Area

2307 Beverley Rd Brooklyn, New York 11226 United States

1000 101-454555
[email protected]

Store Hours
Mon - Sun 09:00 - 18:00

San Francisco Area

358 Battery Street, 6rd Floor San Francisco, CA 27111

1001 101-454555
[email protected]

Store Hours
Mon - Sun 09:00 - 18:00

121 Resources for you to:

Learn & Master Cyber Security
Send Me the PDF
Get the Exclusive Bonus
Privacy Checklists and My Favorite Resources

Get Instant Access! 
Your information will never be shared

Reasons to Subscribe to the CyberX Email List:


 1. Free Stuff 
You'll get instant access to free resources. 

 2. Content Tailored to You 
Over time, Ill get to learn more about you and deliver content that actually matters

 3. No Hype 
Just real content that's meant to make a difference. 


Download the PDF Version Of This Guide

Want to save this guide for later? I'll email you the PDF for free. 

Would the SMB Cybersecurity Plan Be Helpful?

Do you want a proven plan for security for your SMB? How about a logical plan for reducing the risk of breaches?
Pivot To Infosec Virtual Summit - Are you wanting to pivot to infose?
Check Out Free Event