Lets' face it: if the 'security' was real then nobody would be pirated.
If people are still pirated everyday then the products sold by 'security' vendors do not make you safe. Let's see the reasons for this to happen.

What is a firewall? In an ideal world, a firewall would be a device that filters all incoming and outgoing traffic in order to allow only what is desired and block the rest. All the rest.

Unfortunately, this is not what happens. Many routers are supposed to do the same job but they fail to do so and that's why 'security experts' tell you: "Get a real firewall". Translate "real" by "expensive" here. Some leading routers just let anything go through if you send packets faster than they can filter them. Shouldn't they block everything instead if they are overwhelmed?...

Are firewalls really safe? Search for "firewall + vulnerability" on Google and see by yourself.
232,000 links are more than enough to show you how bad they fail at not putting you at more risk.

Why firewalls that are supposed to make you safe fail to be safe themselves? There are many kinds of reasons for this -political, technical and commercial reasons. As product updates is the way most security vendors make money there is no real motivation to make a product that does not generate recurring revenues.

What about "personal firewalls"? Most are just exploiting the lack of technical knowledge in order to make easy money from the end-user fear they feed with science. A good "personal firewall" should  not play the Armagedon soundtrack for each packet which hits inbound or outbound interfaces. Since they run on the computer they are supposed to protect they can be compromised very easily -and even remotely- by: 

1. modifying its configuration -allowing a pirate or a virus to go through

2. disabling it or stopping it -allowing a pirate or a virus to go through

3. impersonating a user, a program or a service that is allowed to go through

4. injecting code in it to fool the user -allowing a pirate or a virus to go through

5. using a lower level of the network layer -allowing a pirate or a virus to go through

6. doing all this at boot time or shut-down time (before or after) it is running.

Let's see how "real" firewalls fail to deliver: the market leader exposes more than 15,900 vulnerability links on Google. The sales pitch never pinpointed the fact that your 'security' device had to be patched again and again (at your expense) without never making you safe because patches are always coming AFTER vulnerabilities are publicly published...

If you need to be connected to other networks a firewall alone is not the solution because it just closes some doors and lets other doors opened.

Note: firewalls would be pointless if operating systems and applications had no vulnerable open ports.

An IDS is supposed to filter all incoming and outgoing traffic in order to alert network administrators about unexpected or unauthorized traffic. Unfortunately, this is not what happens.

Search for "IDS + vulnerability" on Google and see by yourself. 118,000 links are more than enough to show you how bad an IDS fails to contribute in hardening your security.

An IDS is not safe because it can be fooled very easily by: 

1. not using visible probes or protocols that are identified as potential treats

2. hiding attacks in a continuous flow of thousands of connections and false alarms

3. using firewalking methods that allow to send probes without raising alarms

4. impersonating a user, a program or a service allowed to transfer data

5. compromising the IDS to hide attacks or penetration attempts

What's wrong with IDS? They bring new vulnerabilities to your systems and only alert you about OLD COMMON AND BASIC threats. This means that if this product is not able to detect a given threat then this threat will have an happy life on your systems. Pirates have the choice of using sophisticated invisible attacks or basic high-profile attacks. Guess what seasoned pirates -the most dangerous kind- will choose to do.

If your goal is only to be watching kids attacks then an IDS will give you a lot of fun but if you want more than this, well, an IDS is simply not the solution. Last but not least, IDS users need to subscribe to IDS vendors maintenance to update threats listings -all their life.

Note: IDS would be pointless if operating systems and applications had no exploitable vulnerabilities.

An anti-virus program is an application that is supposed to check the files integrity on your disks and to filter all executed code (preferably user and system code) in order to allow only what is allowed and block the rest. All the rest. 

Unfortunately, this is not what happens because the system has full access to everything and because anti-virus programs run on the computer they are supposed to protect. This characteristic makes them easy targets -like for "personal firewalls".

Are anti-virus program really safe? Search for "antivirus + vulnerability" on Google and see by yourself. 59,000 links are more than enough to show you how bad they fail in this matter.

Remember when software started to be so big that the CD-ROM totally replaced the floppy disk? This  suddenly prevented viruses to replicate from one PC to another since the CD-ROM was read-only.

Then, Microsoft violated a fundamental law. They mixed data and executable code. Before Outlook emails only contained harmless text but Microsoft added VB-script, ActiveX controls, java applets and many other threats that have created a new very profitable industry 'fighting viruses'. What has been the benefit for end-users? Nobody knows but such a 'progress' has been promptly expended to Excel spreadsheets, Access databases, Word and HTML documents, etc. with the dramatic results we are all facing today.

If your business was primary about selling anti-virus or anti-SPAM products, would you consider virus and SPAM authors as a threat or as a vital resource for the growth of your business? Think twice before you trust what magazines or "security vendors" write because their interests may not match the interests of their customers.

Anti-virus programs are just exploiting the lack of technical knowledge of users to make easy money. An anti-virus program is not safe because it can be compromised very easily by: 

1. modifying its configuration -allowing pirates and viruses to do what they want

2. disabling it or stopping it -allowing pirates and viruses to do what they want

3. impersonating users, programs or services to do anything on your system

4. injecting code in it or in the system -allowing pirates or viruses to do what they want

5. using the system at a lower level -allowing pirates and viruses to do what they want

What's wrong with anti-virus programs? Not only they bring new vulnerabilities to your systems but they 'protect' your system only against OLD COMMON BASIC threats that have been created by Microsoft for God knows obscure reasons. This means that threats that anti-virus do not list -or threats that they are not able to catch- will have happy days on your 'protected' systems. 

Also, anti-virus products need to be updated continuously to offer their 'protection'. This is only an inconvenience for consumers of course -virus writers and anti-virus vendors live at their expense.

Note: anti-virus products would be pointless if operating systems had real access-right policies (why the hell is your Internet Browser allowed to access files on your disks?).

Proxy servers should never be considered as a replacement for firewalls because proxy servers filter the traffic at the application level rather than at the packet level like firewalls. This means that a proxy server cannot protect its host or the hosts behind it against IP-based attacks.

Some proxy servers are limited to one single application like FTP or can be "generic" like SOCKS (http://www.socks.nec.com). In both cases, you cannot rely only on a proxy to secure a network.

VPNs have been created to address specific flaws of the TCP/IP protocol. Some have argued that IPSec will make firewalls obsolete. This is not the case. Considering the price of the packages, that's a pity.

IPSec just authenticates connection endpoints and encrypts data streams. An IPSec VPN complements a firewall but does not act as a firewall which restricts the services allowed between two networks.

Some vendors acknowledged this fact and have combined firewalls with IPSec capabilities. This is a good thing when all the hosts to protect have both, but even this does not make you really safe. Google reports more than 109,000 relevant links to the request "VPN + vulnerability". All the leading vendors are included. Where is the problem with VPNs?

The devil is in the design. VPN servers, gateways and clients are listening on port numbers. This means that they can be attacked. Even if they do not reply to incoming connections that do not match the expected format they are vulnerable to Denial of Service attacks and to malicious connections that exploit security breaches located in the VPN server, clients or gateways:

        in the connection initialization procedure
        in the authentication implementation
        in the packet filtering implementation
        in the packet processing implementation (encapsulation, encryption, relay, etc.).

Security experts tell you to install firewalls in order to protect VPN clients but firewalls will not protect against exploits targeting a specific VPN because if malicious incoming packets succeed in cheating the VPN how could the firewall decide to reject them?

The important question is: "Could this be avoided?"

The answer is yes. The security "by-design" developed by TWD Industries no longer requires VPNs to use gateways and allows VPN clients not to be listening on port numbers. This means no more widely deployed vulnerabilities, no more DoS attacks, no more exploits.

Further, if VPN servers are invisible, if VPN gateways are no longer necessary and if VPN clients no longer listen on port numbers, then firewalls become really obsolete.

The market needs something better and cheaper so everyone can use it without restrictions.
TWD Industries is working on it.