Jump to content

Recommended Posts

Posted

If you are using a NAT router (D-link, Linksys, Netgear, etc) all you need is Windows Firewall, anything more is overkill.

Posted (edited)
If you are using a NAT router (D-link, Linksys, Netgear, etc) all you need is Windows Firewall, anything more is overkill.

Finally! Somebody who gets it!

I visit dozens of people all sitting behind their firewalled router on a single PC network and I try to tell them YOU DO NOT NEED A ###### PERSONAL FIREWALL but they look at me like I'm telling them to go drive a car wih a blindfold on. You don't even need to run windows firewall (which is actually as good as any third party ones out there, better in some ways).

Companies like the people who distribute Zonelarm are profiting from the disinformation spread by Saturday night experts.

Read my lips, if you are sitting behind a router then there is very little reason for you to run a personal firewall.

Edited by mac.wheeler
Posted (edited)
If you are using a NAT router (D-link, Linksys, Netgear, etc) all you need is Windows Firewall, anything more is overkill.
Read my lips, if you are sitting behind a router then there is very little reason for you to run a personal firewall.

If my PC should become infected with a Trojan / malware, will a router stop it from sending data from my PC?

(This is a rhetorical question. I know the answer.)

Edited by Rice_King
Posted
If you are using a NAT router (D-link, Linksys, Netgear, etc) all you need is Windows Firewall, anything more is overkill.

Finally! Somebody who gets it!

I visit dozens of people all sitting behind their firewalled router on a single PC network and I try to tell them YOU DO NOT NEED A ###### PERSONAL FIREWALL but they look at me like I'm telling them to go drive a car wih a blindfold on. You don't even need to run windows firewall (which is actually as good as any third party ones out there, better in some ways).

Companies like the people who distribute Zonelarm are profiting from the disinformation spread by Saturday night experts.

Read my lips, if you are sitting behind a router then there is very little reason for you to run a personal firewall.

Unless of course the router's firewall software is turned off. :o (I've seen that a lot, along with open wireless setups)

Posted (edited)
If you are using a NAT router (D-link, Linksys, Netgear, etc) all you need is Windows Firewall, anything more is overkill.
Read my lips, if you are sitting behind a router then there is very little reason for you to run a personal firewall.

If my PC should become infected with a Trojan / malware, will a router stop it from sending data from my PC?

(This is a rhetorical question. I know the answer.)

Will a personal firewall?

If you have UDP PnP enabled on your PC then none of the personal firewall solutions are going to stop that outgoing traffic from a dodgy piece of code that uses UDP PnP out of the box. But outgoing traffic is seldom harmful to a PC (if ever) we are talking about blocking possibly intrusive incoming traffic, a well set up router will do this far more elegantly than any piece of software you care to install on your local PC.

And may I take this opportunity to say that discussing a virus/malware (who the heck though up that stupid word anyway?) in a firewall related thread is pretty pointless, the two are in no way related. A firewall is designed to do one thing and one thing only, control TCP/IP traffic regardless of how/where/when that traffic comes from.

This is entirely indicative of the superstition that surrounds the whole firewall/antivirus/antimalware situation, they are far too often seen as the same problem when in fact they are not. Unfortunately we have companies marketing 'security suites' and suchlike that propose to solve all problems. Most of the time these are second rate firewalls (regardless of what you believe from the advertising) combined with AV and malware scanning.

Remember, a jack of all trades is never a master of one.

A firewall by definition sits at the front of the DMZ and filters TCP/IP traffic into the network, personal firewalls are nothing but crutches for paranoid people. Unless your PC is directly connected to the internet there is absolutely no reason to run a local firewall on the PC, NAT itself supplies a huge amount of protection even if your router has no firewall.

Try telling a trading partner that you intend to protect data both yours and theirs with a software firewall for a project and watch yourself be laughed out of the meeting.

Edited by mac.wheeler
Posted

Call me paranoid but you could say that I am a "belt AND suspenders" type.

I employ a router to stealth and secure my network (PnP disabled) and a software firewall to advise me as to what programs are sending data out. (This would hopefully include any virus / malware / Trojans trying to "phone home.")

Posted
Call me paranoid but you could say that I am a "belt AND suspenders" type.

I employ a router to stealth and secure my network (PnP disabled) and a software firewall to advise me as to what programs are sending data out. (This would hopefully include any virus / malware / Trojans trying to "phone home.")

But that's what I am trying to get across, a firewall doesn't need to stop outgoing traffic, why do you care if a virus is 'phoning home' as long as your firewall won't let it make a return call? All you are doing is subjecting yourself to annoying popups and suchlike.

If your router (as you imply) is set up to protect your network then why do you need a firewall behind a firewall to feel safe? It's a complete and utter waste of resources, if you can't trust one firewall how can you trust two?

Posted (edited)

After gettinga a virus last month and MCAfee telling me there was a trojan and then couldnt find it. I had to reinstall XP> also since my MCAFEE was nearly out of date and they wanted money to upgrade. I decided on a free Virsus scanner and free firewall. Avast for virus scanning and Zonealarm for my firewall. I agree that ZA can be annoying at the start. But once it gets used to what you do with the Pc it soon learns. So far so good.

Edited by Jockstar
Posted (edited)
If your router (as you imply) is set up to protect your network then why do you need a firewall behind a firewall to feel safe? It's a complete and utter waste of resources, if you can't trust one firewall how can you trust two?

True.

Without configuring it to provide a log file, my LinkSys router doesn't tell me what data it is allowing to (or NOT allowing) pass. The software version does and provides an immediate response.

Otherwise, I reckon I could configure the router to create a log file, and then commit a time to actually read it once in awhile. But to me, that is "a complete and utter waste of resources."

Edited by Rice_King
Posted
Unless of course the router's firewall software is turned off. :o (I've seen that a lot, along with open wireless setups)

Routers are firewalls, and they don't run on software.

That's the big weakness of a software firewall, the software can be turned off by malware. Routers employ no software and operate independent of the computers they protect, so malware doesn't get to them.

If you have Malware installed on your system phoning home it's probably due more to running a lousy antivirus (AVG, One Care, Panda, etc). Get a decent one that catches it before it's too late.

Windows firewall will stop suspicious outgoing traffic. That is unless malware has disabled it but Zonealarm and Kerio are just as vulnerable to that.

Posted

cdnvic:

Any comments about COMODO firewall? Is it good? I am sorry to direct this question to you. I only did that because I recognize your expertise on this matter.

Thanks...

Posted
cdnvic:

Any comments about COMODO firewall? Is it good? I am sorry to direct this question to you. I only did that because I recognize your expertise on this matter.

Thanks...

I haven't actually used this one myself but the feedback I do get on it and the info I get from the specs rates it better than ZoneAlarm, with better program learning capabilities. One annoyance is that it tries to upsell you to their antivirus, and antispyware which I can't find any decent lab tests on so I'd refrain from using them.

If you use these third party firewalls, make sure you disable Windows Firewall to avoid problems.

Posted

From quick scanning through reviews Comodo Firewall seems fine but their antivirus drew some fire.

If you're on a desktop and have your router firewall properly configured then you're reasonable safe. Personally I prefer to have a software firewall active for a few reasons:

1. It monitors changes to executables and alerts you about it

2. It monitors processes trying to access the network

3. I prefer to see more alerts than less, once you get through the initial setup process then the prompts aren't an issue anymore

4. I'm on a laptop and sometimes connects at airports, coffee places, hotels etc.

The memory and overall resource signature of the leading firewalls out there are so minimal these days that I'd rather err on the cautious side.

Personally I use a Zone Alarm Pro + Antivirus combo purchased at $20 a year. The antivirus is actually a Kaspersky engine which comes highly rated. If were to use free stuff, which I might if I knew I were the only one to use my laptop, then I'd go with the free Zone Alarm + free Antivir. Another free firewall I like and used extensively is Sygate, discontinued but still available at oldversion.com.

http://www.techsupportalert.com/best_46_free_utilities.htm#5

Zone Alarm (prompts for approvals too much) ? Windows' own ?

What works best for you ?

Posted
cdnvic:

Any comments about COMODO firewall? Is it good? I am sorry to direct this question to you. I only did that because I recognize your expertise on this matter.

Thanks...

I use Outpost Firewall Pro

Allows fine control of traffic. Highly customizable. Does everything ZoneAlarm ever did, and more. The best I've ever used.

BTW, BEWARE of ZoneAlarm. It's now owned by Checkpoint Software, an Israeli company that has a reputation for being snoopers. They made some changes to it so that it would compile a large database file on your internet usage and store that on your hard drive, which they were likely retrieving in part when people were online. It didn't have that before. And it seems to 'phone home' whenever it wants. If you don't believe me, go look in the ZA folder or do a Google search on the subject. Maybe they stopped doing it, but I still don't trust them. Sneaky bastards...

I used to swear by ZA years ago, but no more. I'll never use another ZA product ever again...

Also, avoid Comodo. Not up to snuff...

Posted
cdnvic:

Any comments about COMODO firewall? Is it good? I am sorry to direct this question to you. I only did that because I recognize your expertise on this matter.

Thanks...

I haven't actually used this one myself but the feedback I do get on it and the info I get from the specs rates it better than ZoneAlarm, with better program learning capabilities. One annoyance is that it tries to upsell you to their antivirus, and antispyware which I can't find any decent lab tests on so I'd refrain from using them.

If you use these third party firewalls, make sure you disable Windows Firewall to avoid problems.

Thanks for the input. I am using the Comodo Firewall but not its antivirus. I am using NOD32 which is providing me decent protection I haven't gotten anything serious for quite a while now. I also have AVG Antispyware (formerly known as Ewido) which is currently doing a good job by filtering out the unwanted.

Thanks!

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...