An application firewall is an enhanced firewall that limits access by applications to the operating system (OS) of a computer. Conventional firewalls merely control the flow of data to and from the central processing unit (CPU), examining each packet and determining whether or not to forward it toward a particular destination. An application firewall offers additional protection by controlling the execution of files or the handling of data by specific applications.
For best performance, a conventional firewall must be configured by the user. The user must know which ports unwanted data is likely to enter or leave through. An application firewall prevents the execution of programs or DLL (dynamic link library) files which have been tampered with. Thus, even though an intruder might get past a conventional firewall and gain entry to a computer, server, or network, destructive activity can be forestalled because the application firewall does not allow any suspected malicious code to execute.