Software Firewalls

Wingco1 · May 02, 2008, 17:09:00

Do we really need them?. I've just bought my wife a new Tosh Lappy and have taken the preloaded cr*p, "Norton" off, and put AVG on. My three other boxes all have ZA on, which she finds a pain to use. Everytime a programme is updated ZA asks for permissions. So bearing in mind we are sitting behind a router and Windows firewall, do we really need a software firewall?.

Rik · May 02, 2008, 17:12:34

I ran a software firewall behind a router for the first six months. It didn't have to do a thing in that time, so I abandoned it. I've never seen a virus or a piece of malware on any of my machines. That said, the risks are dependent on an individual's surfing habits and, for some, it may be a good idea to prevent apps accessing the web without their knowledge.

Others will have different views.

Sebby · May 02, 2008, 17:17:17

Quote from: Wingco1 on May 02, 2008, 17:09:00
Do we really need them?. I've just bought my wife a new Tosh Lappy and have taken the preloaded cr*p, "Norton" off, and put AVG on. My three other boxes all have ZA on, which she finds a pain to use. Everytime a programme is updated ZA asks for permissions. So bearing in mind we are sitting behind a router and Windows firewall, do we really need a software firewall?.

I would say it depends on the user. For myself, I don't feel a software firewall is necessary as I only need inbound protection, which every router using NAT does. For someone that doesn't know so much about computers and may allow malware to be installed, I think it's probably a wise move.

Noreen · May 02, 2008, 17:44:03

I'm using a router and Vista Windows firewall and everything appears to be OK. I understand that the firewall can be configured for outward bound stuff too but I've never understood all the technical instructions.

Wingco1 · May 02, 2008, 17:55:26

QuoteFor someone that doesn't know so much about computers and may allow malware to be installed, I think it's probably a wise move.

Luckily she doesn't download, just browsing and emails.

Rik · May 02, 2008, 17:56:34

Does she click on attachments in emails?

Wingco1 · May 02, 2008, 17:58:46

Only from people she knows, but I agree that's no guarantee.

Rik · May 02, 2008, 18:00:51

How about HTML mail and links?

Wingco1 · May 02, 2008, 18:04:07

What are you saying Rik

Simon · May 02, 2008, 18:31:52

I use F-Secure Internet Security, which obviously includes a firewall. I have this, mainly for my own peace of mind, and I also like to know what's going in and out of my PC. I have never fully understood how router firewalls work, but I get the impression that they work on an 'all or nothing' basis, and can't see how they could detect a specific trojan, for example, if it tried to enter your machine.

Noreen · May 02, 2008, 18:39:43

Quote from: Simon on May 02, 2008, 18:31:52
.........and can't see how they could detect a specific trojan, for example, if it tried to enter your machine.

Wouldn't anti-virus or anti-spyware programs pick that up?

Steve · May 02, 2008, 18:54:32

If choose to run a software firewall behind a router you only need one!! If you using a third party such as Zone Alarm turn windows firewall off.

Noreen · May 02, 2008, 19:07:46

When I used Comodo firewall on my previous computer I believe that it automatically turned Windows firewall off. Don't other firewalls do the same?

Steve · May 02, 2008, 19:35:28

As a rule yes, but Windows and Windows security center is inconsistent in its approach to third party firewalls

Simon · May 02, 2008, 20:25:44

Quote from: Noreen on May 02, 2008, 18:39:43
Wouldn't anti-virus or anti-spyware programs pick that up?

It should do, Noreen, yes. It's just the extra layer of protection I find reassuring.

bob_s · May 02, 2008, 23:54:03

My personal opinion is every PC should have anti virus, firewall and run spyware every so often if not live.

But thats based on people including myself who like to try freeware and trialware. Allot of which comes with spyware, which isnt a virus because you actively installed it by choice, and you may even want its functionality, although it is unlikely.

But if your a safe and web surfer that sticks to basic email and html you should be ok with just the anti virus.

Simon · May 03, 2008, 10:46:36

The trouble is, Bob, even the safest surfer can run into trouble, even on familiar sites these days. The example that springs to mind is the recent trojan ad on Digital Spy. In my opinion, within reason, you can't have too much protection, especially with the ever increasing concerns about identity fraud and general internet security.

Wingco1 · May 03, 2008, 16:28:39

AVG 8 seems a good prog at the mo. It seems to cover all bases.

Niall · May 06, 2008, 22:30:53

AVG8 is awful for a LOT of people. I had to get a refund from them because they've now made it similar to Zone Alarm; bloated with more features than you need. I had to turn off over 50% of them for it to run on my system (which isn't a small system by any means).

As for firewalls, basically you'd be stupid not to use one. If you can guarantee EVERY piece of information that comes in and goes out of your network is safe and always will be, you should go speak with Microsoft, as you've obviously got some sort of knowledge that no one else on the planet has. I imagine you'd be paid well for that knowledge

I'm using a nat router, Windows firewall (it does the job, and all other firewalls you have to pay for, all have something wrong with them in one way or another, to my irritation. I've spent god knows how many hours looking and trying a LOT of them) and Kaspersky AV. Combine that with Spybot, Spyware blaster, peerguardian on my laptop too (no 64bit vista version last time I checked). The most important part is common sense.

Sebby · May 07, 2008, 08:40:38

When I say I don't use a software firewall, the Windows one is enabled.

Dangerjunkie · May 07, 2008, 11:48:34

Quote from: Simon on May 02, 2008, 18:31:52
I have never fully understood how router firewalls work, but I get the impression that they work on an 'all or nothing' basis, and can't see how they could detect a specific trojan, for example, if it tried to enter your machine.

The Internet works on IP addresses (you can think of these as like your computer's phone number) and ports (you can think of these as like extension numbers within an office phone system.)

To send a piece of information the remote system gets your computer's IP address from it's name using a thing called DNS (Domain Name Service.) It then calls the number it gets and asks for the port it needs. A bit like someone dialling the switchboard of a big company and asking for extension 4567. Think of the programs on your computer as people sitting at desks. Some will have no extension on their desk, some will have one, others will have more. When the phone rings the program will answer it and act on whatever the program at the other end says. Most callers are genuine but a few are con artists.

Think of your firewall as the operator that answers the phone when a program calls the switchboard. That operator has been given a list of extensions that they are allowed to connect callers to and told not to connect a caller to any other extension. So when ICQ calls asking to speak to your ICQ the rule you set up says this is OK and the operator puts the call through. When the Hacker's Toolkit calls, asking to speak to the credit card number storage department the operator won't put it through because no rule exists for that, protecting the business. Some firewalls also insist all employees wanting to make a call do it through the operator to make sure nobody within the company is talking to someone they shouldn't.

Some of the best firewalls use a thing called "Stateful Packet Inspection" where the operator connects the calls but continues to listen to the call and disconnects it if they think the caller is up to something bad.

Quote from: Niall on May 06, 2008, 22:30:53

I'm using a nat router, Windows firewall (it does the job, and all other firewalls you have to pay for, all have something wrong with them in one way or another, to my irritation. I've spent god knows how many hours looking and trying a LOT of them) and Kaspersky AV. Combine that with Spybot, Spyware blaster, peerguardian on my laptop too (no 64bit vista version last time I checked). The most important part is common sense.

Not all decent firewalls cost money. The line of IPCop, Smoothwall and Monowall are free. However you do need to find a separate cr*ppy old computer to run them on. This is much better than a software firewall (yes, these are software too) because there is nothing else running on the machine with the firewall that can be used to get a trojan in to bypass the firewall.

Cheers,
Paul.

Rik · May 07, 2008, 11:52:21

Nice explanation, Paul.

madasahatter · May 07, 2008, 12:09:35

Have another

Paul

Brilliant explanation

Ray · May 07, 2008, 16:17:27

Excellent explanation, Paul, and yet another,

Niall · May 07, 2008, 16:26:34

Quote from: Sebby on May 07, 2008, 08:40:38
When I say I don't use a software firewall, the Windows one is enabled.

Heh, I wasn't aiming my comment at anyone. I use the windows firewall too

I just find it irritating how many people post on various forums (not these) saying stupid things like "why bother? I've never had a problem", when in reality they don't know if they have or not!