Posted 22 December 2008 - 07:47 AM
I certainly advise using both firewalls, as each can achieve things the other cannot.
The router firewall has no way to take control of and monitor your computer's ports, or the behavior of software running on your computer. A good software firewall such as Comodo can detect outgoing packets that appear to be legitimate (ie they will be accepted and passed by the router firewall), but have a questionable source (eg an application that has never sought a connection before or has changed since it last connected, or code that is running from within an application but doesn't belong to that application - code injection- suggesting an infection). It can then block the requested port and ask permission to allow the requested connection. However a threat such as a virus can attempt to shut down a software firewall, but has no way to shut down the router firewall, as that firewall is not running on your computer.
So an external firewall such as that in an ADSL router/gateway is a difficult-to-compromise barrier to intrusion, but it relies on your computer giving it uncompromized data to begin with. The addition of a software firewall makes it much harder for any kind of malware to generate compromised data that would appear to be genuine and hence fool the router firewall.
Top 5 things that never get done: